feat : Add mailer in forgejo

module/default.nix

@@ -51,7 +51,10 @@ in {
       desc = "Roundcube webapp";
       extraOpts = {
         port = mkPortOption 1984;
-        subdomain = "mail";
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          default = "mail";
+        };
       };
     };
 
@@ -60,7 +63,10 @@ in {
       extraOpts = {
         externalPort = mkPortOption 8000;
         internalPort = mkPortOption 8222;
-        subdomain = "vault";
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          default = "vault";
+        };
       };
     };
 
@@ -69,7 +75,10 @@ in {
       extraOpts = {
         externalPort = mkPortOption 3000;
         internalPort = mkPortOption 8500;
-        subdomain = "git";
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          default = "git";
+        };
       };
     };
 
@@ -77,7 +86,10 @@ in {
       desc = "SearXNG meta-search engine";
       extraOpts = {
         port = mkPortOption 1692;
-        subdomain = "search";
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          default = "search";
+        };
       };
     };
   };

module/forgejo.nix

@@ -1,20 +1,40 @@
-{ config,lib, ... }:
+{ config, lib, ... }:
 let
   cfg = config.services.forgejo;
-  srv = cfg.settings.server;
 in
 {
+  age.secrets = lib.mkIf config.services.forgejo.enable {
+    # Keep your secret definitions as they are
+    YfDrVBDJcVoYNZeJ.file = ../secrets/cache/YfDrVBDJcVoYNZeJ;
+    kuc8wgd09HbRU99u.file = ../secrets/cache/kuc8wgd09HbRU99u;
+    XNkwPolezNRELmWu.file = ../secrets/cache/XNkwPolezNRELmWu;
+  };
+
   services.forgejo = {
+    enable = true;
     database.type = "postgres";
-    # Enable support for Git Large File Storage
     lfs.enable = true;
+
+    secrets.mailer = {
+      PASSWD = config.age.secrets.XNkwPolezNRELmWu.path;
+      USER = config.age.secrets.kuc8wgd09HbRU99u.path;
+      SMTP_ADDR = config.age.secrets.YfDrVBDJcVoYNZeJ.path;
+    };
+
     settings = {
+      service.DISABLE_REGISTRATION = true;
+
       server = {
         DOMAIN = "git.${config.module.domain}";
-        # You need to specify this to remove the port from URLs in the web UI.
-        ROOT_URL = "https://${srv.DOMAIN}/";
+        ROOT_URL = "https://git.${config.module.domain}/";
         HTTP_PORT = config.module.forgejo.internalPort;
       };
+
+      mailer = {
+        ENABLED = true;
+        SMTP_PORT = 465;
+        PROTOCOL = "smtps";
+      };
     };
   };
 }

module/roundcube.nix

@@ -4,34 +4,32 @@
   age.secrets = {
     YfDrVBDJcVoYNZeJ = {
       file = ../secrets/cache/YfDrVBDJcVoYNZeJ;
+      owner = "roundcube";
     };
     LtnxWKwZdDIxAKzp = {
       file = ../secrets/cache/LtnxWKwZdDIxAKzp;
+      owner = "roundcube";
     };
   };
 
-
   services.roundcube = {
+    enable = true;
     hostName = "${config.module.roundcube.subdomain}.${config.module.domain}";
-
     plugins = [ "multiple_accounts" ];
     configureNginx = false;
 
     extraConfig = ''
-      $config['default_host'] = trim(
-        file_get_contents('${config.age.secrets.LtnxWKwZdDIxAKzp.path}')
-      );
+      // Concatenate the protocol string with the file contents in PHP
+      $config['default_host'] = 'ssl://' . trim(file_get_contents('${config.age.secrets.LtnxWKwZdDIxAKzp.path}'));
       $config['default_port'] = 993;
-      $config['smtp_server'] = trim(
-        file_get_contents('${config.age.secrets.YfDrVBDJcVoYNZeJ.path}')
-      );
+
+      $config['smtp_server'] = 'tls://' . trim(file_get_contents('${config.age.secrets.YfDrVBDJcVoYNZeJ.path}'));
       $config['smtp_port'] = 465;
+
       $config['smtp_user'] = '%u';
       $config['smtp_pass'] = '%p';
     '';
-
   };
 
-  systemd.services.nginx.serviceConfig.ProtectHome = false;
-  users.groups.roundcube.members = [ "nginx" ];
+  users.groups.roundcube.members = [ "nginx" "phpfpm" ];
 }