forgejo: setup mailer

2024-12-03 16:07:59 +01:00 · 2024-12-03 16:07:59 +01:00 · 472e83c56e
commit 472e83c56e
parent 76b9ed327e
4 changed files with 167 additions and 13 deletions
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@ -26,6 +26,12 @@ in
      "forgejo/db/password" = {
        inherit sopsFile;
      };
+      "forgejo/mail/password" = {
+        inherit sopsFile;
+      };
+      "forgejo/mail/passwordHash" = {
+        inherit sopsFile;
+      };
    };
  };

@ -83,13 +89,33 @@ in

      mailer = {
        ENABLED = true;
-        PROTOCOL = "sendmail";
+        PROTOCOL = "smtps";
        FROM = "no-reply@${domainName}";
-        SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
+        SMTP_ADDR = "mail.${domainName}";
+        USER = "forgejo@${domainName}";
      };

      service.DISABLE_REGISTRATION = true;
    };
+
+    secrets = {
+      mailer.PASSWD = config.sops.secrets."forgejo/mail/password".path;
+    };
+  };
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.${domainName}";
+    domains = [ domainName ];
+
+    loginAccounts = {
+      "forgejo@${domainName}" = {
+        hashedPasswordFile = config.sops.secrets."forgejo/mail/passwordHash".path;
+        aliases = [ "no-reply@${domainName}" ];
+      };
+    };
+
+    certificateScheme = "acme-nginx";
  };

  networking.firewall.allowedTCPPorts = [