diff --git a/hosts/vps1/secrets/forgejo.yaml b/hosts/vps1/secrets/forgejo.yaml index 46c49aa..ce7ac2f 100644 --- a/hosts/vps1/secrets/forgejo.yaml +++ b/hosts/vps1/secrets/forgejo.yaml @@ -1,5 +1,6 @@ forgejo: db_password: ENC[AES256_GCM,data:yePN9plDlfuakemqtJAZGscY,iv:M9CB8/Abk93WcSwZYr8l99QWCJDHJ2+k4dikHM9k8tY=,tag:S7I/sJk5RCHqdELDjKKo1Q==,type:str] + email_password: ENC[AES256_GCM,data:TzZaBrMnzM1hEWnIozhX,iv:3y21swTeiHWJkP/BpiMxnRlOvxcw/i9b9Jk0ggtqVUw=,tag:g8yJRhisu8fvqGY4i7ElYQ==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +25,8 @@ sops: eXdROC8rY2pXd3RLVVRvcWNmeVh0UWcKM6OtW4fEl8zQGMINH6SL4WE8pCh9UDnB lwJX5sTaBtCHGApRwQ+nERuV3W9Zzgo01oSqrwZqc5ErUQUwz5pmTA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-11T17:05:14Z" - mac: ENC[AES256_GCM,data:fGEmpM4+akBjB2lxcUFurZO0UmT6GnU+PHDSsEEDzr5sChV+yOtx11FRnWY01FzNrICJxlznsZg5BWzRkiEI+7CKcsgZW9rHBrNGqN/7baM5ecgKYqulKREyn7Mt2A7W3cmfjSiIJ3WpgcMfX4qUzRhQgiz39a6Nxpfn5lCxKKU=,iv:5GJ/NxNB0AYKEzfD9uTG63YERIBeuYp+JIRIsDsjSIM=,tag:KeK84LAkrkVXx0I8r0bxOw==,type:str] + lastmodified: "2024-05-16T01:22:11Z" + mac: ENC[AES256_GCM,data:M47T5Uy5Mvj6PR9cYq4g7dmzklxSNoC5X8N3Uwj+PVMnvHHwuPWgRprHjWIGHNStvTH8cZ+39CUCo5DcpyL7yodpVbdALPsEW4qWPUtHb0c6qkQg9oNsT+CsGrgpMoJMk/UggXyNNNxWCY2KCWZIh0nw4uuIU+HtGl3iuq1sJzk=,iv:4++DtQxiILoj9mZTUKGVH5gOP6Pd625QrZK4KSa5n+I=,tag:U2vJ+XtPq+c6JoupFJ0sBA==,type:str] pgp: - created_at: "2024-05-11T17:05:09Z" enc: |- diff --git a/hosts/vps1/services/git.nix b/hosts/vps1/services/git.nix index f34cb4b..315c519 100644 --- a/hosts/vps1/services/git.nix +++ b/hosts/vps1/services/git.nix @@ -3,6 +3,7 @@ let inherit (data.host) rootDomain; inherit (data.services.git) domain sshPort; + mailDomain = data.services.mailserver.domain; cfg = config.services.forgejo; srv = cfg.settings.server; @@ -10,6 +11,13 @@ let stateDir = "/var/lib/forgejo"; customDir = "${stateDir}/custom"; confDir = "${customDir}/conf"; + + sops_opts = { + sopsFile = ../secrets/forgejo.yaml; + format = "yaml"; + owner = "forgejo"; + group = "forgejo"; + }; in { services.nginx.virtualHosts.${domain} = { @@ -28,6 +36,7 @@ in enable = true; inherit stateDir; inherit customDir; + mailerPasswordFile = config.sops.secrets."forgejo/email_password".path; database = { type = "postgres"; createDatabase = true; @@ -76,22 +85,27 @@ in }; mailer = { ENABLED = true; - PROTOCOL = "sendmail"; - FROM = "forgejo@${domain}"; + PROTOCOL = "smtps"; + SMTP_ADDR = mailDomain; + SMTP_PORT = 465; + USER = "forgejo@${rootDomain}"; + FROM = "Lgmrszd's Forgejo "; SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; SENDMAIL_ARGS = "--"; }; - # "email.incoming" = { - # ENABLED = true; - # REPLY_TO_ADDRESS = "forgejo+%{token}@${domain}"; - # }; + "email.incoming" = { + ENABLED = true; + REPLY_TO_ADDRESS = "forgejo+%{token}@${domain}"; + HOST = mailDomain; + PORT = 993; + USE_TLS = true; + USERNAME = "forgejo@${rootDomain}"; + PASSWORD = "#mailerpass#"; + }; }; }; - sops.secrets."forgejo/db_password" = { - sopsFile = ../secrets/forgejo.yaml; - format = "yaml"; - owner = "forgejo"; - group = "forgejo"; - }; + sops.secrets."forgejo/email_password" = sops_opts; + + sops.secrets."forgejo/db_password" = sops_opts; }