cloud: Update nixpkgs to 24.11

nki-personal-do/gitea.nix

@@ -180,7 +180,6 @@ in
         MINIO_USE_SSL = "true";
         MINIO_ENDPOINT = "60c0807121eb35ef52cdcd4a33735fa6.r2.cloudflarestorage.com";
         MINIO_ACCESS_KEY_ID = "704c29ade7a8b438b77ab520da2799ca";
-        MINIO_SECRET_ACCESS_KEY = "#miniosecretkey#";
         MINIO_BUCKET = "dtth-gitea";
         MINIO_LOCATION = "auto";
         MINIO_CHECKSUM_ALGORITHM = "md5"; # R2 moment
@@ -192,7 +191,8 @@ in
 
     stateDir = "/mnt/data/gitea";
 
-    mailerPasswordFile = secrets."gitea/mailer-password".path;
+    secrets.mailer.PASSWD = secrets."gitea/mailer-password".path;
+    secrets.storage.MINIO_SECRET_ACCESS_KEY = config.sops.secrets."gitea/minio-secret-key".path;
 
     database = {
       inherit user;
@@ -216,14 +216,7 @@ in
     # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
     serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
     preStart =
-      let
-        configFile = "${config.services.forgejo.customDir}/conf/app.ini";
-      in
       ''
-        # Update minio secret key
-        chmod u+w ${configFile} && \
-        ${lib.getExe pkgs.replace-secret} '#miniosecretkey#' '${config.sops.secrets."gitea/minio-secret-key".path}' '${configFile}' && \
-        chmod u-w ${configFile}
         # Import the signing subkey
         if cat ${config.services.forgejo.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
           echo "Keys already imported"