vps1: git: mailer stuff

2024-11-21 18:57:58 +01:00 · 2024-05-16 04:24:08 +03:00 · 2024-05-16 04:24:08 +03:00 · 9b101618a3
commit 9b101618a3
parent c7981ea564
2 changed files with 29 additions and 14 deletions
--- a/hosts/vps1/secrets/forgejo.yaml
+++ b/hosts/vps1/secrets/forgejo.yaml
@ -1,5 +1,6 @@
 forgejo:
    db_password: ENC[AES256_GCM,data:yePN9plDlfuakemqtJAZGscY,iv:M9CB8/Abk93WcSwZYr8l99QWCJDHJ2+k4dikHM9k8tY=,tag:S7I/sJk5RCHqdELDjKKo1Q==,type:str]
+    email_password: ENC[AES256_GCM,data:TzZaBrMnzM1hEWnIozhX,iv:3y21swTeiHWJkP/BpiMxnRlOvxcw/i9b9Jk0ggtqVUw=,tag:g8yJRhisu8fvqGY4i7ElYQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -24,8 +25,8 @@ sops:
            eXdROC8rY2pXd3RLVVRvcWNmeVh0UWcKM6OtW4fEl8zQGMINH6SL4WE8pCh9UDnB
            lwJX5sTaBtCHGApRwQ+nERuV3W9Zzgo01oSqrwZqc5ErUQUwz5pmTA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-11T17:05:14Z"
-    mac: ENC[AES256_GCM,data:fGEmpM4+akBjB2lxcUFurZO0UmT6GnU+PHDSsEEDzr5sChV+yOtx11FRnWY01FzNrICJxlznsZg5BWzRkiEI+7CKcsgZW9rHBrNGqN/7baM5ecgKYqulKREyn7Mt2A7W3cmfjSiIJ3WpgcMfX4qUzRhQgiz39a6Nxpfn5lCxKKU=,iv:5GJ/NxNB0AYKEzfD9uTG63YERIBeuYp+JIRIsDsjSIM=,tag:KeK84LAkrkVXx0I8r0bxOw==,type:str]
+    lastmodified: "2024-05-16T01:22:11Z"
+    mac: ENC[AES256_GCM,data:M47T5Uy5Mvj6PR9cYq4g7dmzklxSNoC5X8N3Uwj+PVMnvHHwuPWgRprHjWIGHNStvTH8cZ+39CUCo5DcpyL7yodpVbdALPsEW4qWPUtHb0c6qkQg9oNsT+CsGrgpMoJMk/UggXyNNNxWCY2KCWZIh0nw4uuIU+HtGl3iuq1sJzk=,iv:4++DtQxiILoj9mZTUKGVH5gOP6Pd625QrZK4KSa5n+I=,tag:U2vJ+XtPq+c6JoupFJ0sBA==,type:str]
    pgp:
        - created_at: "2024-05-11T17:05:09Z"
          enc: |-
--- a/hosts/vps1/services/git.nix
+++ b/hosts/vps1/services/git.nix
@ -3,6 +3,7 @@
 let
  inherit (data.host) rootDomain;
  inherit (data.services.git) domain sshPort;
+  mailDomain = data.services.mailserver.domain;

  cfg = config.services.forgejo;
  srv = cfg.settings.server;
@ -10,6 +11,13 @@ let
  stateDir = "/var/lib/forgejo";
  customDir = "${stateDir}/custom";
  confDir = "${customDir}/conf";
+
+  sops_opts = {
+    sopsFile = ../secrets/forgejo.yaml;
+    format = "yaml";
+    owner = "forgejo";
+    group = "forgejo";
+  };
 in
 {
  services.nginx.virtualHosts.${domain} = {
@ -28,6 +36,7 @@ in
    enable = true;
    inherit stateDir;
    inherit customDir;
+    mailerPasswordFile = config.sops.secrets."forgejo/email_password".path;
    database = {
      type = "postgres";
      createDatabase = true;
@ -76,22 +85,27 @@ in
      };
      mailer = {
        ENABLED = true;
-        PROTOCOL = "sendmail";
-        FROM = "forgejo@${domain}";
+        PROTOCOL = "smtps";
+        SMTP_ADDR = mailDomain;
+        SMTP_PORT = 465;
+        USER = "forgejo@${rootDomain}";
+        FROM = "Lgmrszd's Forgejo <forgejo@${domain}>";
        SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
        SENDMAIL_ARGS = "--";
      };
-      # "email.incoming" = {
-      #   ENABLED = true;
-      #   REPLY_TO_ADDRESS = "forgejo+%{token}@${domain}";
-      # };
+      "email.incoming" = {
+        ENABLED = true;
+        REPLY_TO_ADDRESS = "forgejo+%{token}@${domain}";
+        HOST = mailDomain;
+        PORT = 993;
+        USE_TLS = true;
+        USERNAME = "forgejo@${rootDomain}";
+        PASSWORD = "#mailerpass#";
+      };
    };
  };

-  sops.secrets."forgejo/db_password" = {
-    sopsFile = ../secrets/forgejo.yaml;
-    format = "yaml";
-    owner = "forgejo";
-    group = "forgejo";
-  };
+  sops.secrets."forgejo/email_password" = sops_opts;
+
+  sops.secrets."forgejo/db_password" = sops_opts;
 }