add forgejo to proxy net

hosts/forgejo/default.nix

@@ -1,19 +1,19 @@
 { config, lib, ... }:
 let
-  mac = "02:00:00:00:00:04";
+  mac = "02:00:00:00:00:05";
 in
 {
-  # imports = [
+  imports = [
-  #   ./forgejo.nix
+    ./forgejo.nix
-  # ];
+  ];
-  # sops.defaultSopsFile = ./secrets.yaml;
+  sops.defaultSopsFile = ./secrets.yaml;
-  # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
-  # sops.secrets = {
+  sops.secrets = {
-  #   "wg/0xa-proxy" = {
+    "wg/0xa-proxy" = {
-  #     owner = config.users.users.systemd-network.name;
+      owner = config.users.users.systemd-network.name;
-  #   };
+    };
-  # };
+  };
 
   microvm = {
     hypervisor = "qemu";
@@ -59,7 +59,7 @@ in
     networks."11-host" = {
       matchConfig.MACAddress = mac;
       networkConfig = {
-        Address = "10.99.99.14/24";
+        Address = "10.99.99.15/24";
         DHCP = "no";
       };
       routes = [

hosts/forgejo/secrets.yaml

@@ -0,0 +1,42 @@
+wg:
+    0xa-proxy: ENC[AES256_GCM,data:DZB/1S2Ev71DbnN+8C/K0mjIf/13Ki1f6vOIOdhsS6qyXKr5OwpbNb9KA0k=,iv:Gnd32DRJtP8LsC1P9GyS98oCLq/MBSCNcxrZngVXF6g=,tag:gyrzJOx9CS+1Kw5JRONIAw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gknaqevzuq7dtqalng3547w5qflk9a0kugymea5h54eg6twu43pqpkr4zt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV0ttcmFIeWtCdTFuS0Y1
+            ZzZHdUJmZ3ZlaUx3d0x5NGVaLzhXZjdtZHk4CkprNUZ5VThydVJ2dTBCdE5OQS8z
+            c0VtY1Vmd2N3bThEdDBFZWMxUC83RXMKLS0tIFluRjRrNG1Qam9MSjVvUWJjbHdq
+            VVRSM2JuOHpTYXRmOVRRSUN0NzlZeDQKcZ6ym4DTJqZjRpAUcWBcYXR/nVYZzhLx
+            vhtZzCmaQc2qYSVtDZE51N3cTqPWJD+l/cr8zp2lo0GCfNWO6BQthg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-02-03T18:25:04Z"
+    mac: ENC[AES256_GCM,data:sSG52AUXjzVo5klAx+t9rhWn/alKAETF6bPUSYP5Dz7WH3vcY5bs87RCm+BdxzlueHMTn4HBQ5iZ2V4e34403GPJsQMYgWSkKapbWGBRurT0xBO5aCJhxZWpvjFSPdehOGNODKGtYFgBVd81PwZRWFdx3MrkwIItyYEq4TAtIyI=,iv:p+t0QmQKDaSiwtuHfLzR31AzmmS39NFq1nn1BAG5YTk=,tag:FSm77zDvPbHCarkGZCgtmg==,type:str]
+    pgp:
+        - created_at: "2025-02-03T18:24:33Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7zUOKwzpAE7AQ//fcUVRBuEFENKNck1l2/QVMIRwfZzxJO5fMy/r0GQzKiR
+            Nl9X4z0HGcxlCwfiUImif1UtQdMWs1RCXQ7HtFK8kKyNgIb07y5306TI/dmkhbP7
+            nWD0EstGEgbSiVGiFRlT/gy4FIVyKhBPxJqfT/dbAuRZb7NXsl8Rv1fsnZZFcJMu
+            MKO1S3DivJUS/YVXteoRf3T5DLobSpO7/5ok5LUXuuSpYKk20hUxFdJqhv1hsljZ
+            kjckGJ2L0OlxVz16nmg8Z1QI0jDfN6dLl/X+di3U2VACDQDMF+K9LCPLfAm295Y5
+            TAtPSv/yE5os9crJ+MCVKHbEI11Khe3mfdRWvVboVZP6jXoD4ZTe/ccXLZCN8pgE
+            KdSZWs/L2Ps66KYuxujk/c8khmmrmLpPk0qJo9zW0mAf9TSC8UPnMYAxbroeijIe
+            PVYOJS2AzySnRtXQY4MBPLqzlQ0tKf8HxaCBpZ6eCMsX0/9IDjJJOhCMuMavL+oJ
+            DnNQQwtSDXAtXcgvwIccEMzawjyPMS5QBx0hYuH8t0rSJtCYutk2op6yKb1vWmOq
+            5EDksdNevT3QzGesjtPErh6s3hu3YUAM2k2h4MqXVCbFdchA//FBIHequPul+UMm
+            JMLsPLAk2FmtWAiOuXxdCPtoY7Jnd8Ziqiemhd961WTiWrCtsv7NSn7x4PIMeLfS
+            XgFpMQ+15G4NNCDpgJWGUUXc1H+OKj3XepY5EoONnhusT/gJAtxT9vnuJ+T9LDTt
+            a0Ye2g3jxugeupJ58vbZUifHy/B0OtSeXKkRHZuycCJd3bzxzNxpXLJ23ds40JA=
+            =/5W1
+            -----END PGP MESSAGE-----
+          fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4

modules/wg/proxy.nix

@@ -55,6 +55,14 @@
           publicKey = "2Lvjzg8k5EIR0Y5mlsCHOs1cJl1+1SL0QMxkKUmliE0=";
           privateKeyFile = config.sops.secrets."wg/0xa-proxy".path;
         };
+        "forgejo" = {
+          address = [
+            "10.89.88.15/24"
+            "fd31:185d:722f::15/48"
+          ];
+          publicKey = "pXiOmI3aspl2IvdvLXLddxw76QYMRTACNm42nq+L4D0=";
+          privateKeyFile = config.sops.secrets."wg/0xa-proxy".path;
+        };
       };
     }
   ];