feat : Add mailer in forgejo

2025-12-24 20:17:53 +01:00 · 2025-12-24 20:17:53 +01:00 · efdb1794be
commit efdb1794be
parent 7506073727
5 changed files with 63 additions and 34 deletions
--- a/module/default.nix
+++ b/module/default.nix
@ -51,7 +51,10 @@ in {
      desc = "Roundcube webapp";
      extraOpts = {
        port = mkPortOption 1984;
-        subdomain = "mail";
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          default = "mail";
+        };
      };
    };

@ -60,7 +63,10 @@ in {
      extraOpts = {
        externalPort = mkPortOption 8000;
        internalPort = mkPortOption 8222;
-        subdomain = "vault";
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          default = "vault";
+        };
      };
    };

@ -69,7 +75,10 @@ in {
      extraOpts = {
        externalPort = mkPortOption 3000;
        internalPort = mkPortOption 8500;
-        subdomain = "git";
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          default = "git";
+        };
      };
    };

@ -77,7 +86,10 @@ in {
      desc = "SearXNG meta-search engine";
      extraOpts = {
        port = mkPortOption 1692;
-        subdomain = "search";
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          default = "search";
+        };
      };
    };
  };
--- a/module/forgejo.nix
+++ b/module/forgejo.nix
@ -1,20 +1,40 @@
 { config, lib, ... }:
 let
  cfg = config.services.forgejo;
-  srv = cfg.settings.server;
 in
 {
+  age.secrets = lib.mkIf config.services.forgejo.enable {
+    # Keep your secret definitions as they are
+    YfDrVBDJcVoYNZeJ.file = ../secrets/cache/YfDrVBDJcVoYNZeJ;
+    kuc8wgd09HbRU99u.file = ../secrets/cache/kuc8wgd09HbRU99u;
+    XNkwPolezNRELmWu.file = ../secrets/cache/XNkwPolezNRELmWu;
+  };
+
  services.forgejo = {
+    enable = true;
    database.type = "postgres";
-    # Enable support for Git Large File Storage
    lfs.enable = true;
+
+    secrets.mailer = {
+      PASSWD = config.age.secrets.XNkwPolezNRELmWu.path;
+      USER = config.age.secrets.kuc8wgd09HbRU99u.path;
+      SMTP_ADDR = config.age.secrets.YfDrVBDJcVoYNZeJ.path;
+    };
+
    settings = {
+      service.DISABLE_REGISTRATION = true;
+
      server = {
        DOMAIN = "git.${config.module.domain}";
-        # You need to specify this to remove the port from URLs in the web UI.
-        ROOT_URL = "https://${srv.DOMAIN}/";
+        ROOT_URL = "https://git.${config.module.domain}/";
        HTTP_PORT = config.module.forgejo.internalPort;
      };
+
+      mailer = {
+        ENABLED = true;
+        SMTP_PORT = 465;
+        PROTOCOL = "smtps";
+      };
    };
  };
 }
--- a/module/roundcube.nix
+++ b/module/roundcube.nix
@ -4,34 +4,32 @@
  age.secrets = {
    YfDrVBDJcVoYNZeJ = {
      file = ../secrets/cache/YfDrVBDJcVoYNZeJ;
+      owner = "roundcube";
    };
    LtnxWKwZdDIxAKzp = {
      file = ../secrets/cache/LtnxWKwZdDIxAKzp;
+      owner = "roundcube";
    };
  };

-
  services.roundcube = {
+    enable = true;
    hostName = "${config.module.roundcube.subdomain}.${config.module.domain}";
-
    plugins = [ "multiple_accounts" ];
    configureNginx = false;

    extraConfig = ''
-      $config['default_host'] = trim(
-        file_get_contents('${config.age.secrets.LtnxWKwZdDIxAKzp.path}')
-      );
+      // Concatenate the protocol string with the file contents in PHP
+      $config['default_host'] = 'ssl://' . trim(file_get_contents('${config.age.secrets.LtnxWKwZdDIxAKzp.path}'));
      $config['default_port'] = 993;
-      $config['smtp_server'] = trim(
-        file_get_contents('${config.age.secrets.YfDrVBDJcVoYNZeJ.path}')
-      );
+
+      $config['smtp_server'] = 'tls://' . trim(file_get_contents('${config.age.secrets.YfDrVBDJcVoYNZeJ.path}'));
      $config['smtp_port'] = 465;
+
      $config['smtp_user'] = '%u';
      $config['smtp_pass'] = '%p';
    '';
-
  };

-  systemd.services.nginx.serviceConfig.ProtectHome = false;
-  users.groups.roundcube.members = [ "nginx" ];
+  users.groups.roundcube.members = [ "nginx" "phpfpm" ];
 }
--- a/secrets/cache/LtnxWKwZdDIxAKzp
+++ b/secrets/cache/LtnxWKwZdDIxAKzp
@ -1,8 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 ZX/yJA 5o3VZvF6R5omfRGu8f5C6YA287n58Gqcl/cA1tR2dwo
-PUxVDLsvhukxgRdiFOHNN4W1kzCvpJ4eZ6quX/ZxCK8
-> ssh-ed25519 5AyMyw LT2QCekJV3Hb9CGnZDHtQmGbVEgx96jZ3dU1oWxUL1g
-SFq7UXIjL67blDFU/n7LcwbZAYzMqzL5Eos2n14J++M
--- I8lQdNHSL27BXd0WQ2SGwDhVQcI/cL3N3LFIhyc/ycA
-öáø"(…Tú¡=êEGóFÜ¹J>—ãsüŽÂ9
Y/»<C2AD>lVL‚
-yz¿Ù\"‘|FY@dÇªj"9
+-> ssh-ed25519 ZX/yJA jxYq45sqBCgO+eFPmJILHHN0seVXTjwIC/XmXkcSWBY
+ANagQjWKb/kbLnC/4qfiqcth1WnTVBDZ13iL2jdePls
+-> ssh-ed25519 5AyMyw 9aQ9rpUkzmFM9RJVPKC6ZLZEtNvaKrNV9gecAxsPcws
+/Z5IWQtqA/ZgcWizLEtu7Y6XayN3WYcviBk9eBgNcZE
+--- dE0aXIe03KT/HqiVshlnoHaJYu9W5jNo64F1I04wuyw
+“ì(§Ñ°€ÄQ³.†$pÇd³bãY³Ã9±öå÷<C3A5>œ5›]åËóÊ<C3B3>_vÎ_„#ºu$ä
--- a/secrets/cache/YfDrVBDJcVoYNZeJ
+++ b/secrets/cache/YfDrVBDJcVoYNZeJ
@ -1,8 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 ZX/yJA IQ2va+9dYf1sKZMjafovBZLLyjRgkf+WbWWVmNZ14kA
-4k2NcxL4NT7og8ad+2i1FQC20OzXJG4mVGvZz2Kb5M4
-> ssh-ed25519 5AyMyw meaQCKCXiEwA+E2gijD41gWou73/s4RGWEVJX55JnS8
-GUX7WzSIzLVfQUViJfeudUh6eeIOMfMRMFgL2JwEIoY
--- jsp7cV2mL6r7A3RlsHmK9LmLHsRrZGG0EKloktB63as
-]"		v%TCçßgÖ³
-€>uZä&<jhœ'€GÛB/|³à#(,V‘”Ü×þÈ
BCVS<13>ý£ƒG
+-> ssh-ed25519 ZX/yJA lQMC4W7wJYUYZS6ZieuN55sYvgTy+zD4aUH1fAwZZ2A
+7rroEL3kTn6SnoY6tguNf7JB2RW3LS9LRwOH08XC6hs
+-> ssh-ed25519 5AyMyw pVrsI0/R7s4R5xaxcgzqIdaH3csptMha+cMGkFimMGI
+3eZZtG9HI8K3woAqEM528cB46Ecv2nFc3++mHtvQfTw
+--- Wlkf3vghYpcFpkzzAE1eHo3Cd3d6uTkeDuYDNRgcrLQ
+ì¾U†×Äýº½)x«ÅšœÒ¦A» (K›UÍB¿ 2ieþ®Í]‡Ý*•ØÔE
+