3 files changed, 24 insertions, 6 deletions

diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix
index 9fc638b..028905b 100644
--- a/machines/nixos/x86_64-linux/synology-vm/default.nix
+++ b/machines/nixos/x86_64-linux/synology-vm/default.nix
@@ -36,6 +36,7 @@
     "${self}/profiles/services/podman.nix"
     "${self}/profiles/programs/fish.nix"
     ./profiles/git-server.nix
+    ./profiles/forgejo.nix
   ];
 
   boot.loader.efi.canTouchEfiVariables = true;
diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix
new file mode 100644
index 0000000..b9dac30
--- /dev/null
+++ b/machines/nixos/x86_64-linux/synology-vm/profiles/forgejo.nix
@@ -0,0 +1,23 @@
+{ ... }:
+{
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    lfs.enable = false;
+    settings = {
+      session.COOKIE_SECURE = true;
+      server = {
+        DOMAIN = "code.fcuny.net";
+        ROOT_URL = "https://code.fcuny.net";
+        HTTP_PORT = 3000;
+        HTTP_ADDR = "10.100.0.40";
+      };
+      metrics = {
+        ENABLED = true;
+        ENABLED_ISSUE_BY_LABEL = true;
+        ENABLED_ISSUE_BY_REPOSITORY = true;
+      };
+      service.DISABLE_REGISTRATION = true;
+    };
+  };
+}
diff --git a/machines/nixos/x86_64-linux/synology-vm/secrets.nix b/machines/nixos/x86_64-linux/synology-vm/secrets.nix
index 1b927ae..e323097 100644
--- a/machines/nixos/x86_64-linux/synology-vm/secrets.nix
+++ b/machines/nixos/x86_64-linux/synology-vm/secrets.nix
@@ -8,12 +8,6 @@
       restic_password = {
         file = "${self}/secrets/restic_password.age";
       };
-      cloudflared-tunnel = {
-        file = "${self}/secrets/cloudflared_cragmont.age";
-      };
-      cloudflared-cert = {
-        file = "${self}/secrets/cloudflared_cert.age";
-      };
       nas_client_credentials = {
         file = "${self}/secrets/nas_client.age";
       };