Gitea added, some mail config improvements

nixos/queen/configuration.nix

@@ -22,7 +22,7 @@
     ./webmail.nix
     ./gotosocial.nix
     ../upgrade/postgresql.nix
-    #./akkoma.nix
+    ./akkoma.nix
   ];
 
   boot.tmp.cleanOnBoot = true;
@@ -88,6 +88,7 @@
     docker
     docker-compose
     git
+    gitea
     gotosocial
     alejandra
     exiftool

nixos/queen/gittea.nix

@@ -0,0 +1,43 @@
+{
+  inputs,
+  outputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [];
+  users.users = {
+    gitea = {
+      isSystemUser = true;
+      isNormalUser = false;
+      extraGroups = ["virtualMail"];
+    };
+  };
+  sops.secrets."mailpassunhash".mode = "0440";
+  sops.secrets."mailpassunhash".owner = config.users.users.virtualMail.name;
+
+  services.gitea = {
+    enable = true;
+    #TODO: different mail passwords for different services
+    mailerPasswordFile = config.sops.secrets."mailpassunhash".path;
+    database = {
+      type = "postgres";
+    };
+    domain = "git.lillianviolet.dev";
+    rootUrl = "https://git.lillianviolet.dev/";
+    httpPort = 3218;
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "git.lillianviolet.dev" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:3218";
+        };
+      };
+    };
+  };
+}

nixos/queen/gotosocial.nix

@@ -38,7 +38,7 @@
       smtp-host = "localhost";
       smtp-port = 587;
       smtp-username = "no-reply@social.gladtherescake.eu";
-      smtp-password = config.sops.secrets."mailpass".path;
+      smtp-password = config.sops.secrets."mailpassunhash".path;
       smtp-from = "no-reply@social.gladtherescake.eu";
     };
   };

nixos/queen/postgres.nix

@@ -14,6 +14,7 @@
       "onlyoffice"
       "akkoma"
       "gotosocial"
+      "gitea"
     ];
     ensureUsers = [
       {
@@ -32,6 +33,10 @@
         name = "gotosocial";
         ensureDBOwnership = true;
       }
+      {
+        name = "gitea";
+        ensureDBOwnership = true;
+      }
     ];
   };
 }