Close git registration

Flake lock file updates:

• Updated input 'copyparty':
    'github:9001/copyparty/8a9066c35cd94226ee0e99d5d36e8b630ed8d2a3?narHash=sha256-QDBoepUZNQaIEvOqCGku6XjUp2sSh%2B7xamA8vNe9HlQ%3D' (2026-03-11)
  → 'github:9001/copyparty/26e663d111e39ca96c63702ad27a05b6736607cf?narHash=sha256-mceIHtVMXpLAfr1W0VK9ceTBX5yKu4gGWpVbThWTsAA%3D' (2026-03-25)
• Updated input 'home-manager':
    'github:nix-community/home-manager/3f98e2bbc661ec0aaf558d8a283d6955f05f1d09?narHash=sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k%3D' (2026-03-10)
  → 'github:nix-community/home-manager/9df3a639007cfe0d074433f7fc225ea94f877d08?narHash=sha256-1WelwA45Xm4glTG8R9IX9jYeFKDG2HbR79jAauLezUE%3D' (2026-03-27)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9dcb002ca1690658be4a04645215baea8b95f31d?narHash=sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs%3D' (2026-03-08)
  → 'github:NixOS/nixpkgs/46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9?narHash=sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc%3D' (2026-03-24)

flake.lock

@@ -31,11 +31,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1773190009,
-        "narHash": "sha256-QDBoepUZNQaIEvOqCGku6XjUp2sSh+7xamA8vNe9HlQ=",
+        "lastModified": 1774411715,
+        "narHash": "sha256-mceIHtVMXpLAfr1W0VK9ceTBX5yKu4gGWpVbThWTsAA=",
         "owner": "9001",
         "repo": "copyparty",
-        "rev": "8a9066c35cd94226ee0e99d5d36e8b630ed8d2a3",
+        "rev": "26e663d111e39ca96c63702ad27a05b6736607cf",
         "type": "github"
       },
       "original": {
@@ -129,11 +129,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1773179137,
-        "narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=",
+        "lastModified": 1774626137,
+        "narHash": "sha256-1WelwA45Xm4glTG8R9IX9jYeFKDG2HbR79jAauLezUE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09",
+        "rev": "9df3a639007cfe0d074433f7fc225ea94f877d08",
         "type": "github"
       },
       "original": {
@@ -144,11 +144,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1772963539,
-        "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
+        "lastModified": 1774386573,
+        "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
+        "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
         "type": "github"
       },
       "original": {

hosts/galanthus/configuration.nix

@@ -9,8 +9,15 @@
   imports = [
     inputs.agenix.nixosModules.default
     inputs.copyparty.nixosModules.default
+
     ./hardware-configuration.nix
-    ../../modules/nixos
+
+    ../../modules/nixos/tailscale.nix
+    ../../modules/nixos/jellyfin.nix
+    ../../modules/nixos/immich.nix
+    ../../modules/nixos/paperless.nix
+    ../../modules/nixos/copyparty.nix
+    ../../modules/nixos/samba.nix
   ];
 
   boot = {

hosts/nimbus/configuration.nix

@@ -7,10 +7,13 @@
 {
   imports = [
     inputs.agenix.nixosModules.default
+
     ./hardware-configuration.nix
+
     ../../modules/nixos/tailscale.nix
+    ../../modules/nixos/caddy.nix
     ../../modules/nixos/matrix.nix
-    ../../modules/nixos/website.nix
+    ../../modules/nixos/forgejo.nix
   ];
 
   # Workaround for https://github.com/NixOS/nix/issues/8502
@@ -22,6 +25,13 @@
 
   zramSwap.enable = true;
 
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 1 * 1024; # 1GB
+    }
+  ];
+
   security.sudo.extraConfig = ''
     Defaults lecture = never
     Defaults pwfeedback

modules/nixos/caddy.nix

@@ -0,0 +1,74 @@
+{
+  systemd.tmpfiles.rules = [
+    "d /var/www/jankremer.de 755 jan users -"
+  ];
+
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      "jankremer.de:8448".extraConfig = # caddyfile
+        ''
+          reverse_proxy localhost:6167
+        '';
+
+      "jankremer.de".extraConfig = # caddyfile
+        ''
+          handle /_matrix/* {
+            reverse_proxy localhost:6167
+          }
+
+          handle /.well-known/matrix/server {
+            header Content-Type application/json
+            respond `{"m.server": "jankremer.de:443"}` 200
+          }
+
+          handle /.well-known/matrix/client {
+            header Content-Type application/json
+            header Access-Control-Allow-Origin *
+            respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200
+          }
+
+          handle {
+            root * /var/www/jankremer.de
+            file_server
+
+            @static {
+              path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp
+            }
+            header @static Cache-Control "public, max-age=31536000, immutable"
+
+            @html {
+              path *.html
+            }
+            header @html Cache-Control "no-cache"
+          }
+
+          handle_errors {
+            rewrite * /404.html
+            file_server
+          }
+        '';
+
+      "git.jankremer.de".extraConfig = # caddyfile
+        ''
+          reverse_proxy localhost:3000
+        '';
+
+      "jankremer.eu".extraConfig = # caddyfile
+        ''
+          redir https://jankremer.de{uri} permanent
+        '';
+
+      "git.jankremer.eu".extraConfig = # caddyfile
+        ''
+          redir https://git.jankremer.de{uri} permanent
+        '';
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+    8448
+  ];
+}

modules/nixos/default.nix

@@ -1,12 +0,0 @@
-{
-  imports = [
-    ./copyparty.nix
-    # ./forgejo.nix
-    ./immich.nix
-    ./jellyfin.nix
-    # ./minecraft.nix
-    ./paperless.nix
-    ./samba.nix
-    ./tailscale.nix
-  ];
-}

modules/nixos/forgejo.nix

@@ -1,5 +1,13 @@
 { config, ... }:
+let
+  domain = "git.jankremer.de";
+in
 {
+  age.secrets.forgejo-mailer = {
+    file = ../../modules/secrets/forgejo-mailer.age;
+    owner = "forgejo";
+  };
+
   services = {
     forgejo = {
       enable = true;
@@ -8,14 +16,25 @@
       settings = {
         service.DISABLE_REGISTRATION = true;
         server = {
-          DOMAIN = "git.alpine-centauri.ts.net";
-          ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}";
-          HTTP_PORT = 3010;
+          DOMAIN = domain;
+          ROOT_URL = "https://${domain}";
+          START_SSH_SERVER = false;
+          SSH_PORT = 22;
         };
-        actions = {
+        mailer = {
           ENABLED = true;
-          DEFAULT_ACTIONS_URL = "github";
+          SMTP_ADDR = "smtp.mail.me.com";
+          SMTP_PORT = 587;
+          FROM = "git@jankremer.de";
+          USER = "janurskremer@me.com";
         };
+        # actions = {
+        #   ENABLED = true;
+        #   DEFAULT_ACTIONS_URL = "github";
+        # };
+      };
+      secrets = {
+        mailer.PASSWD = config.age.secrets.forgejo-mailer.path;
       };
     };
   };

modules/nixos/matrix.nix

@@ -17,40 +17,4 @@
       };
     };
   };
-
-  services.caddy = {
-    enable = true;
-    ## Matrix federation
-    virtualHosts = {
-      "jankremer.de:8448" = {
-        extraConfig = ''
-          reverse_proxy localhost:6167
-        '';
-      };
-      "jankremer.de" = {
-        extraConfig = ''
-          handle /_matrix/* {
-            reverse_proxy localhost:6167
-          }
-
-          handle /.well-known/matrix/server {
-            header Content-Type application/json
-            respond `{"m.server": "jankremer.de:443"}` 200
-          }
-
-          handle /.well-known/matrix/client {
-            header Content-Type application/json
-            header Access-Control-Allow-Origin *
-            respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200
-          }
-        '';
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-    8448
-  ];
 }

modules/nixos/website.nix

@@ -1,27 +0,0 @@
-{
-  systemd.tmpfiles.rules = [
-    "d /var/www/jankremer.de 755 jan users -"
-  ];
-
-  services.caddy.virtualHosts."jankremer.de".extraConfig = ''
-    handle {
-      root * /var/www/jankremer.de
-      file_server
-
-      @static {
-        path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp
-      }
-      header @static Cache-Control "public, max-age=31536000, immutable"
-
-      @html {
-        path *.html
-      }
-      header @html Cache-Control "no-cache"
-    }
-  '';
-
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-}

modules/secrets/forgejo-mailer.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 2otpcg 3/3V9NuhhEEvC5Czd52LroF3gb+5R8kVMwUQEdjQPz4
+W69B15eEI4+0v+TRKzS9mCs1+Gwjd2XeS9lykr5pxyQ
+-> ssh-ed25519 40YjXQ Ie0rCVXk2DtsE/V8pcL3o7UXD1U/1Ag/knDrDOr0REw
+Zuc42+JOtssFl7puQvHRdLuPpA51qgykiQ9/9xJlSK0
+-> ssh-ed25519 wbs2Dw qwhCUJQmXljIcEO8ysfSFpFPWqdmW5ysMhYxEW9QmUU
+w5nSiL+pAX36RG2A/V4QijFjqVzIZ+5/HsbS/C2I8S0
+--- Rm8JLyJwpZp1BBfARjKFz7vnJjGagN1VOgpHSmI7zDU
+‚C_.¹¡Ìâ"׋:
`F…ƒ­U¤Ø_ÀŒ_)ÚžŸkRÉ7|I.b±áö)4:

modules/secrets/secrets.nix

@@ -2,6 +2,7 @@ let
   malus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE";
   galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u";
   nimbus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIjr3r9RVTzMPNvfBWxVei8aGMlay3smMhhuGxEMRaj";
+
   all = [
     malus
     galanthus
@@ -13,4 +14,5 @@ in
   "paperless-admin.age".publicKeys = all;
   "tailscale.age".publicKeys = all;
   "matrix-registration-token.age".publicKeys = all;
+  "forgejo-mailer.age".publicKeys = all;
 }