vps1: git: mailer stuff

hosts/vps1/secrets/forgejo.yaml

@@ -1,5 +1,6 @@
 forgejo:
     db_password: ENC[AES256_GCM,data:yePN9plDlfuakemqtJAZGscY,iv:M9CB8/Abk93WcSwZYr8l99QWCJDHJ2+k4dikHM9k8tY=,tag:S7I/sJk5RCHqdELDjKKo1Q==,type:str]
+    email_password: ENC[AES256_GCM,data:TzZaBrMnzM1hEWnIozhX,iv:3y21swTeiHWJkP/BpiMxnRlOvxcw/i9b9Jk0ggtqVUw=,tag:g8yJRhisu8fvqGY4i7ElYQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -24,8 +25,8 @@ sops:
             eXdROC8rY2pXd3RLVVRvcWNmeVh0UWcKM6OtW4fEl8zQGMINH6SL4WE8pCh9UDnB
             lwJX5sTaBtCHGApRwQ+nERuV3W9Zzgo01oSqrwZqc5ErUQUwz5pmTA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-11T17:05:14Z"
+    lastmodified: "2024-05-16T01:22:11Z"
-    mac: ENC[AES256_GCM,data:fGEmpM4+akBjB2lxcUFurZO0UmT6GnU+PHDSsEEDzr5sChV+yOtx11FRnWY01FzNrICJxlznsZg5BWzRkiEI+7CKcsgZW9rHBrNGqN/7baM5ecgKYqulKREyn7Mt2A7W3cmfjSiIJ3WpgcMfX4qUzRhQgiz39a6Nxpfn5lCxKKU=,iv:5GJ/NxNB0AYKEzfD9uTG63YERIBeuYp+JIRIsDsjSIM=,tag:KeK84LAkrkVXx0I8r0bxOw==,type:str]
+    mac: ENC[AES256_GCM,data:M47T5Uy5Mvj6PR9cYq4g7dmzklxSNoC5X8N3Uwj+PVMnvHHwuPWgRprHjWIGHNStvTH8cZ+39CUCo5DcpyL7yodpVbdALPsEW4qWPUtHb0c6qkQg9oNsT+CsGrgpMoJMk/UggXyNNNxWCY2KCWZIh0nw4uuIU+HtGl3iuq1sJzk=,iv:4++DtQxiILoj9mZTUKGVH5gOP6Pd625QrZK4KSa5n+I=,tag:U2vJ+XtPq+c6JoupFJ0sBA==,type:str]
     pgp:
         - created_at: "2024-05-11T17:05:09Z"
           enc: |-

hosts/vps1/services/git.nix

@@ -3,6 +3,7 @@
 let
   inherit (data.host) rootDomain;
   inherit (data.services.git) domain sshPort;
+  mailDomain = data.services.mailserver.domain;
 
   cfg = config.services.forgejo;
   srv = cfg.settings.server;
@@ -10,6 +11,13 @@ let
   stateDir = "/var/lib/forgejo";
   customDir = "${stateDir}/custom";
   confDir = "${customDir}/conf";
+
+  sops_opts = {
+    sopsFile = ../secrets/forgejo.yaml;
+    format = "yaml";
+    owner = "forgejo";
+    group = "forgejo";
+  };
 in
 {
   services.nginx.virtualHosts.${domain} = {
@@ -28,6 +36,7 @@ in
     enable = true;
     inherit stateDir;
     inherit customDir;
+    mailerPasswordFile = config.sops.secrets."forgejo/email_password".path;
     database = {
       type = "postgres";
       createDatabase = true;
@@ -76,22 +85,27 @@ in
       };
       mailer = {
         ENABLED = true;
-        PROTOCOL = "sendmail";
+        PROTOCOL = "smtps";
-        FROM = "forgejo@${domain}";
+        SMTP_ADDR = mailDomain;
+        SMTP_PORT = 465;
+        USER = "forgejo@${rootDomain}";
+        FROM = "Lgmrszd's Forgejo <forgejo@${domain}>";
         SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
         SENDMAIL_ARGS = "--";
       };
-      # "email.incoming" = {
+      "email.incoming" = {
-      #   ENABLED = true;
+        ENABLED = true;
-      #   REPLY_TO_ADDRESS = "forgejo+%{token}@${domain}";
+        REPLY_TO_ADDRESS = "forgejo+%{token}@${domain}";
-      # };
+        HOST = mailDomain;
+        PORT = 993;
+        USE_TLS = true;
+        USERNAME = "forgejo@${rootDomain}";
+        PASSWORD = "#mailerpass#";
+      };
     };
   };
 
-  sops.secrets."forgejo/db_password" = {
+  sops.secrets."forgejo/email_password" = sops_opts;
-    sopsFile = ../secrets/forgejo.yaml;
+
-    format = "yaml";
+  sops.secrets."forgejo/db_password" = sops_opts;
-    owner = "forgejo";
-    group = "forgejo";
-  };
 }