sj-srv1,containers: debug and streamline networking config; update and track forgejo here

after an update to nixpkgs on sj-srv1 the networking for the `webserver`
container wasn't working. this caused me to debug the situation and
changing lots of things around. the culprit was most likely some impure
state file on the server that caused the `ve-webserver` interface not to
persist its IP. after renaming the webserver container the problem went
away.

i reverted all the IP changes and am keeping the other changes as opporunistic
improvements

nix/os/containers/mailserver.nix

@@ -14,7 +14,7 @@
     repoFlake,
     ...
   }: {
-    system.stateVersion = "21.11"; # Did you read the comment?
+    system.stateVersion = "22.05"; # Did you read the comment?
 
     imports = [
       ../profiles/containers/configuration.nix
@@ -23,7 +23,6 @@
       ../profiles/common/user.nix
     ];
 
-    networking.firewall.enable = true;
     networking.firewall.allowedTCPPorts = [
       imapsPort
       sievePort
@@ -211,8 +210,6 @@
     };
   };
 
-  # extraFlags = ["--resolv-conf=bind-host"];
-
   privateNetwork = true;
   forwardPorts = [
     {

nix/os/containers/syncthing.nix

@@ -16,7 +16,6 @@
 
     imports = [../profiles/containers/configuration.nix];
 
-    networking.firewall.enable = true;
     networking.firewall.allowedTCPPorts = [
       # syncthing gui
       8384
@@ -38,8 +37,6 @@
     };
   };
 
-  extraFlags = ["--resolv-conf=bind-host"];
-
   privateNetwork = true;
   forwardPorts = [
     {

nix/os/containers/webserver.nix

@@ -15,6 +15,7 @@ in {
     pkgs,
     lib,
     repoFlake,
+    nodeFlake,
     ...
   }: {
     system.stateVersion = "22.05"; # Did you read the comment?
@@ -24,7 +25,7 @@ in {
     ];
 
     imports = [
-      "${repoFlake.inputs.nixpkgs_forgejo}/nixos/modules/services/misc/forgejo.nix"
+      "${nodeFlake.inputs.nixpkgs-unstable}/nixos/modules/services/misc/forgejo.nix"
 
       ../profiles/containers/configuration.nix
 
@@ -33,7 +34,6 @@ in {
 
     sops.defaultSopsFile = ./webserver_secrets.yaml;
 
-    networking.firewall.enable = true;
     networking.firewall.allowedTCPPorts = [
       httpPort
       httpsPort
@@ -48,11 +48,11 @@ in {
 
     services.caddy = {
       enable = true;
+      logFormat = ''
+        level ERROR
+      '';
       virtualHosts."${domain}" = {
-        extraConfig = let
-          port = "${builtins.toString config.services.authelia.instances.default.settings.server.port}";
-          path = "${config.services.authelia.instances.default.settings.server.path}";
-        in ''
+        extraConfig = ''
           redir /hedgedoc* https://hedgedoc.${domain}
 
           file_server /*/* {
@@ -245,7 +245,7 @@ in {
 
     services.forgejo = {
       enable = true;
-      package = repoFlake.inputs.nixpkgs_forgejo.legacyPackages.${pkgs.system}.forgejo;
+      package = nodeFlake.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.forgejo;
       settings = {
         service.DISABLE_REGISTRATION = true;
         server.HTTP_ADDR = "127.0.0.1";
@@ -307,9 +307,6 @@ in {
     };
   };
 
-  # extraFlags = ["--resolv-conf=bind-host"];
-  # networking.useHostResolvConf = true;
-
   privateNetwork = true;
   forwardPorts = [
     {