diff --git a/config/secrets/secrets.nix b/config/secrets/secrets.nix index ff9dc50..b42d0e9 100644 --- a/config/secrets/secrets.nix +++ b/config/secrets/secrets.nix @@ -17,8 +17,9 @@ in "services/freshrss/admin-credentials.age".publicKeys = default; - "services/forgejo/password-database.age".publicKeys = default; + "services/forgejo/hcaptcha-secret.age".publicKeys = default; "services/forgejo/minio-secretkey.age".publicKeys = default; + "services/forgejo/password-database.age".publicKeys = default; "services/forgejo/runner-token.age".publicKeys = default; "services/geoipupdate/license.age".publicKeys = default; diff --git a/config/secrets/services/forgejo/hcaptcha-secret.age b/config/secrets/services/forgejo/hcaptcha-secret.age new file mode 100644 index 0000000..2eb3a6c --- /dev/null +++ b/config/secrets/services/forgejo/hcaptcha-secret.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> piv-p256 ML6NcA A/LWetki+rd4PS3z7vFuudgbUTEJmJiPtqe7uQuSSheu +uYf8qwp1IeXMVCKQf/0yNbNNY7ybd1lYq1Ub8Jcjp3U +-> ssh-ed25519 zj2A2A 5Ignv1SQF//D7BbvhCxtC4zSYrG/JPuYv6IMzxjeLHM +oRUxhh2pF8kfHcUhMtOaVLaPOG8FCYuMoxT+uj1JDV4 +--- cvybu6VwsRcTSWbt/KMrj2/daFCRtJDvXt9rJooeXC8 +U&éÜFh}ø<Ó/¬ôêEæ •ÒÛT@!ÖKbSÝÙ:£ûËQŸ’´#:ös‚nʳ´,ʛׇ3žý8î·TwoD¢ \ No newline at end of file diff --git a/config/services/forgejo.nix b/config/services/forgejo.nix index 75db013..0bc382e 100644 --- a/config/services/forgejo.nix +++ b/config/services/forgejo.nix @@ -39,6 +39,9 @@ in storage = { MINIO_SECRET_ACCESS_KEY = config.age.secrets."services/forgejo/minio-secretkey".path; }; + service = { + HCAPTCHA_SECRET = config.age.secrets."services/forgejo/hcaptcha-secret".path; + }; }; settings = { @@ -85,6 +88,12 @@ in OFFLINE_MODE = false; }; + service = { + ENABLE_CAPTCHA = true; + CAPTCHA_TYPE = "hcaptcha"; + HCAPTCHA_SITEKEY = "4ec475d2-ed5e-4fa0-b048-793a8ddc2464"; + }; + session = { COOKIE_NAME = "forgejo-session"; COOKIE_SECURE = true;