From efdb1794be1a2ea6399170937f9a922e875aa78a Mon Sep 17 00:00:00 2001 From: Wateir Date: Wed, 24 Dec 2025 20:17:53 +0100 Subject: [PATCH] feat : Add mailer in forgejo --- module/default.nix | 20 ++++++++++++++++---- module/forgejo.nix | 30 +++++++++++++++++++++++++----- module/roundcube.nix | 20 +++++++++----------- secrets/cache/LtnxWKwZdDIxAKzp | 13 ++++++------- secrets/cache/YfDrVBDJcVoYNZeJ | 14 +++++++------- 5 files changed, 63 insertions(+), 34 deletions(-) diff --git a/module/default.nix b/module/default.nix index bba167b..01bb7c6 100644 --- a/module/default.nix +++ b/module/default.nix @@ -51,7 +51,10 @@ in { desc = "Roundcube webapp"; extraOpts = { port = mkPortOption 1984; - subdomain = "mail"; + subdomain = lib.mkOption { + type = lib.types.str; + default = "mail"; + }; }; }; @@ -60,7 +63,10 @@ in { extraOpts = { externalPort = mkPortOption 8000; internalPort = mkPortOption 8222; - subdomain = "vault"; + subdomain = lib.mkOption { + type = lib.types.str; + default = "vault"; + }; }; }; @@ -69,7 +75,10 @@ in { extraOpts = { externalPort = mkPortOption 3000; internalPort = mkPortOption 8500; - subdomain = "git"; + subdomain = lib.mkOption { + type = lib.types.str; + default = "git"; + }; }; }; @@ -77,7 +86,10 @@ in { desc = "SearXNG meta-search engine"; extraOpts = { port = mkPortOption 1692; - subdomain = "search"; + subdomain = lib.mkOption { + type = lib.types.str; + default = "search"; + }; }; }; }; diff --git a/module/forgejo.nix b/module/forgejo.nix index 087f7d9..54b0ed3 100644 --- a/module/forgejo.nix +++ b/module/forgejo.nix @@ -1,20 +1,40 @@ -{ config,lib, ... }: +{ config, lib, ... }: let cfg = config.services.forgejo; - srv = cfg.settings.server; in { + age.secrets = lib.mkIf config.services.forgejo.enable { + # Keep your secret definitions as they are + YfDrVBDJcVoYNZeJ.file = ../secrets/cache/YfDrVBDJcVoYNZeJ; + kuc8wgd09HbRU99u.file = ../secrets/cache/kuc8wgd09HbRU99u; + XNkwPolezNRELmWu.file = ../secrets/cache/XNkwPolezNRELmWu; + }; + services.forgejo = { + enable = true; database.type = "postgres"; - # Enable support for Git Large File Storage lfs.enable = true; + + secrets.mailer = { + PASSWD = config.age.secrets.XNkwPolezNRELmWu.path; + USER = config.age.secrets.kuc8wgd09HbRU99u.path; + SMTP_ADDR = config.age.secrets.YfDrVBDJcVoYNZeJ.path; + }; + settings = { + service.DISABLE_REGISTRATION = true; + server = { DOMAIN = "git.${config.module.domain}"; - # You need to specify this to remove the port from URLs in the web UI. - ROOT_URL = "https://${srv.DOMAIN}/"; + ROOT_URL = "https://git.${config.module.domain}/"; HTTP_PORT = config.module.forgejo.internalPort; }; + + mailer = { + ENABLED = true; + SMTP_PORT = 465; + PROTOCOL = "smtps"; + }; }; }; } diff --git a/module/roundcube.nix b/module/roundcube.nix index b5f08ea..1e668fc 100644 --- a/module/roundcube.nix +++ b/module/roundcube.nix @@ -4,34 +4,32 @@ age.secrets = { YfDrVBDJcVoYNZeJ = { file = ../secrets/cache/YfDrVBDJcVoYNZeJ; + owner = "roundcube"; }; LtnxWKwZdDIxAKzp = { file = ../secrets/cache/LtnxWKwZdDIxAKzp; + owner = "roundcube"; }; }; - services.roundcube = { + enable = true; hostName = "${config.module.roundcube.subdomain}.${config.module.domain}"; - plugins = [ "multiple_accounts" ]; configureNginx = false; extraConfig = '' - $config['default_host'] = trim( - file_get_contents('${config.age.secrets.LtnxWKwZdDIxAKzp.path}') - ); + // Concatenate the protocol string with the file contents in PHP + $config['default_host'] = 'ssl://' . trim(file_get_contents('${config.age.secrets.LtnxWKwZdDIxAKzp.path}')); $config['default_port'] = 993; - $config['smtp_server'] = trim( - file_get_contents('${config.age.secrets.YfDrVBDJcVoYNZeJ.path}') - ); + + $config['smtp_server'] = 'tls://' . trim(file_get_contents('${config.age.secrets.YfDrVBDJcVoYNZeJ.path}')); $config['smtp_port'] = 465; + $config['smtp_user'] = '%u'; $config['smtp_pass'] = '%p'; ''; - }; - systemd.services.nginx.serviceConfig.ProtectHome = false; - users.groups.roundcube.members = [ "nginx" ]; + users.groups.roundcube.members = [ "nginx" "phpfpm" ]; } diff --git a/secrets/cache/LtnxWKwZdDIxAKzp b/secrets/cache/LtnxWKwZdDIxAKzp index 0e0faef..08bf32d 100644 --- a/secrets/cache/LtnxWKwZdDIxAKzp +++ b/secrets/cache/LtnxWKwZdDIxAKzp @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 ZX/yJA 5o3VZvF6R5omfRGu8f5C6YA287n58Gqcl/cA1tR2dwo -PUxVDLsvhukxgRdiFOHNN4W1kzCvpJ4eZ6quX/ZxCK8 --> ssh-ed25519 5AyMyw LT2QCekJV3Hb9CGnZDHtQmGbVEgx96jZ3dU1oWxUL1g -SFq7UXIjL67blDFU/n7LcwbZAYzMqzL5Eos2n14J++M ---- I8lQdNHSL27BXd0WQ2SGwDhVQcI/cL3N3LFIhyc/ycA -"(T=EGFܹJ>s9 Y/lVL -yz\"|FY@dǪj"9 \ No newline at end of file +-> ssh-ed25519 ZX/yJA jxYq45sqBCgO+eFPmJILHHN0seVXTjwIC/XmXkcSWBY +ANagQjWKb/kbLnC/4qfiqcth1WnTVBDZ13iL2jdePls +-> ssh-ed25519 5AyMyw 9aQ9rpUkzmFM9RJVPKC6ZLZEtNvaKrNV9gecAxsPcws +/Z5IWQtqA/ZgcWizLEtu7Y6XayN3WYcviBk9eBgNcZE +--- dE0aXIe03KT/HqiVshlnoHaJYu9W5jNo64F1I04wuyw +(ѰQ.$pdbY95]ʍ_v_#u$ \ No newline at end of file diff --git a/secrets/cache/YfDrVBDJcVoYNZeJ b/secrets/cache/YfDrVBDJcVoYNZeJ index ed19a16..037726b 100644 --- a/secrets/cache/YfDrVBDJcVoYNZeJ +++ b/secrets/cache/YfDrVBDJcVoYNZeJ @@ -1,8 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 ZX/yJA IQ2va+9dYf1sKZMjafovBZLLyjRgkf+WbWWVmNZ14kA -4k2NcxL4NT7og8ad+2i1FQC20OzXJG4mVGvZz2Kb5M4 --> ssh-ed25519 5AyMyw meaQCKCXiEwA+E2gijD41gWou73/s4RGWEVJX55JnS8 -GUX7WzSIzLVfQUViJfeudUh6eeIOMfMRMFgL2JwEIoY ---- jsp7cV2mL6r7A3RlsHmK9LmLHsRrZGG0EKloktB63as -]" v%TCgֳ ->uZ& ssh-ed25519 ZX/yJA lQMC4W7wJYUYZS6ZieuN55sYvgTy+zD4aUH1fAwZZ2A +7rroEL3kTn6SnoY6tguNf7JB2RW3LS9LRwOH08XC6hs +-> ssh-ed25519 5AyMyw pVrsI0/R7s4R5xaxcgzqIdaH3csptMha+cMGkFimMGI +3eZZtG9HI8K3woAqEM528cB46Ecv2nFc3++mHtvQfTw +--- Wlkf3vghYpcFpkzzAE1eHo3Cd3d6uTkeDuYDNRgcrLQ +U)xŚҦA(KUB 2ie]*E + \ No newline at end of file