From 5d1d3c3195bbaf0609bcf91ea713fe8b927c858f Mon Sep 17 00:00:00 2001
From: Till <till@ktiu.net>
Date: Wed, 14 Jan 2026 16:52:29 +0100
Subject: [PATCH] postfix, forgejo

---
 system/web-server/forgejo.nix      | 26 ++++----------------------
 system/web-server/mail/postfix.nix |  9 ++++-----
 2 files changed, 8 insertions(+), 27 deletions(-)

diff --git a/system/web-server/forgejo.nix b/system/web-server/forgejo.nix
index 8761e74..77ba42b 100644
--- a/system/web-server/forgejo.nix
+++ b/system/web-server/forgejo.nix
@@ -10,10 +10,10 @@ in
 {
 
   security.acme.certs."${config.networking.domain}".extraDomainNames = [
-    "git.ktiu.net"
+    "git.${config.networking.domain}"
   ];
 
-  services.nginx.virtualHosts."git.ktiu.net" = {
+  services.nginx.virtualHosts."git.${config.networking.domain}" = {
     onlySSL = true;
     useACMEHost = config.networking.domain;
     locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
@@ -32,25 +32,18 @@ in
     settings = {
 
       server = {
-        # DOMAIN = "git.${config.networking.domain}";
-        # # You need to specify this to remove the port from URLs in the web UI.
-        # ROOT_URL = "https://git.ktiu.net/"; 
+        DOMAIN = "git.${config.networking.domain}";
+        ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
         HTTP_PORT = 3080;
       };
 
-      # You can temporarily allow registration to create an admin user.
       service.DISABLE_REGISTRATION = true; 
-      # Add support for actions, based on act: https://github.com/nektos/act
 
       actions = {
         ENABLED = true;
         DEFAULT_ACTIONS_URL = "github";
       };
 
-      # Sending emails is completely optional
-      # You can send a test email from the web UI at:
-      # Profile Picture > Site Administration > Configuration >  Mailer Configuration 
-
       mailer = {
         ENABLED = true;
         SMTP_ADDR = "localhost";
@@ -58,17 +51,6 @@ in
         FROM = "Forgejo <git@${config.networking.domain}>";
       };
     };
-
-    # secrets = {
-    #   mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path;
-    # };
-
   };
-
-  # age.secrets.forgejo-mailer-password = {
-  #   file = ../secrets/forgejo-mailer-password.age;
-  #   mode = "400";
-  #   owner = "forgejo";
-  # };
 }
 
diff --git a/system/web-server/mail/postfix.nix b/system/web-server/mail/postfix.nix
index 16017dc..bd7cc26 100644
--- a/system/web-server/mail/postfix.nix
+++ b/system/web-server/mail/postfix.nix
@@ -64,6 +64,10 @@ in {
           "[::ffff:127.0.0.0]/104"
           "[::1]/128"
         ];
+        smtpd_tls_chain_files = [
+          "${config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/key.pem"}"
+          "${config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/cert.pem"}"
+        ];
       };
 
       master = {
@@ -77,11 +81,6 @@ in {
         };
       };
 
-      smtpd_tls_chain_files = [
-        "${config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/key.pem"}"
-        "${config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/cert.pem"}"
-      ];
-
     };
   };
 }