Daholli/nixos-config
1
0
Fork 0
Code Issues 5 Pull requests Actions Packages Releases Activity

forgejo: setup mailer

Browse source
This commit is contained in:
Christoph Hollizeck 2024-12-03 16:07:59 +01:00
parent fd46cf4c10
commit c98426be42
4 changed files with 167 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

137
flake.lock
View file

@ -52,6 +52,22 @@
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"crane": {
"locked": {
"lastModified": 1727974419,
@ -132,12 +148,28 @@
},
"original": {
"owner": "edolstra",
"ref": "v1.0.1",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"ref": "v1.0.1",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -153,7 +185,7 @@
"type": "github"
}
},
"flake-compat_5": {
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -296,7 +328,7 @@
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
"systems": "systems_8"
},
"locked": {
"lastModified": 1694529238,
@ -848,6 +880,21 @@
"type": "github"
}
},
"nixpkgs-24_05": {
"locked": {
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.05",
"type": "indirect"
}
},
"nixpkgs-latest-factorio": {
"locked": {
"lastModified": 1731242709,
@ -1005,6 +1052,21 @@
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1717602782,
"narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1731763621,
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
@ -1020,7 +1082,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1731319897,
"narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=",
@ -1109,6 +1171,7 @@
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable",
"raspberry-pi-nix": "raspberry-pi-nix",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"snowfall-flake": "snowfall-flake",
"snowfall-lib": "snowfall-lib_2",
"sops-nix": "sops-nix",
@ -1255,9 +1318,32 @@
"type": "github"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_7",
"nixpkgs-24_05": "nixpkgs-24_05",
"utils": "utils"
},
"locked": {
"lastModified": 1718084203,
"narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-24.05",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"snowfall-flake": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"nixpkgs": [
"nixpkgs-unstable"
],
@ -1279,7 +1365,7 @@
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"snowfall-flake",
@ -1303,7 +1389,7 @@
},
"snowfall-lib_2": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_6",
"flake-utils-plus": "flake-utils-plus_2",
"nixpkgs": [
"nixpkgs"
@ -1325,7 +1411,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1731862312,
@ -1446,6 +1532,21 @@
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"u-boot-src": {
"flake": false,
"locked": {
@ -1459,6 +1560,24 @@
"url": "https://ftp.denx.de/pub/u-boot/u-boot-2024.07.tar.bz2"
}
},
"utils": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
@ -1502,7 +1621,7 @@
},
"zen-browser": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1731689537,

6
flake.nix
View file

@ -83,6 +83,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
################
## inputs for dev shells
@ -134,6 +136,10 @@
raspberry-pi-nix.nixosModules.sd-image
];
systems.hosts.loptland.modules = with inputs; [
simple-nixos-mailserver.nixosModules.default
];
systems.hosts.wsl.modules = with inputs; [ nixos-wsl.nixosModules.default ];
}
// {

7
secrets/secrets-loptland.yaml
View file

@ -5,6 +5,9 @@ factorio:
forgejo:
db:
password: ENC[AES256_GCM,data:CicLsCG2WCtiKMcz3DF5eVVaT8A=,iv:SPO1H4AZwo5FjJWkf1OS7aPOrpTGxqsAj4q3cuuWAbA=,tag:0snK8RyAd8heNvui2sbSNw==,type:str]
mail:
password: ENC[AES256_GCM,data:XgQZM0MBUEELyhH7UvyyMEiUABs=,iv:m3Wzs2SAPQ2w6UC02lpTvwd83Dt0LEzqdIj65HeOrbU=,tag:3cr5dnjeyoJ4ze9RFd9K5g==,type:str]
passwordHash: ENC[AES256_GCM,data:hHGJBUEtCi/gErZ5vm0gsEFqyIDNkED4scR4NAOSzbiiZAYTMg++yqf3hfjjwWV3wTPswNpzzw+gYKEH,iv:wDM5IOOamopFpMEkUit4y7LBZi8CJff3+Tc08lK4IXI=,tag:FaaaohtA+vBFwjDugoemQw==,type:str]
netcup:
customer_number: ENC[AES256_GCM,data:9+QboNg1,iv:Tg9ylJUM8L/kzqFmk2uIsD9noqnp5wIxr5GVXMsZwB8=,tag:2qRggSIkPHuCQYDWCfka5Q==,type:str]
api:
@ -34,8 +37,8 @@ sops:
UllqSDR1YWl6aU1jSnY2WE9oczg5Q28KfN15tFxXHrJmOHySK+cyLi2bFqArg244
bNTYyuBUtBW1Y/EuNpbyLjSNQpKZWFz7grE64uxrNQHP865N3wv0gg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-12T14:29:12Z"
mac: ENC[AES256_GCM,data:lKx1qAe689wkWkrMRvqHpE0zmv+ShLwpApBw2C4+JEuuHnoN1W7aoB/GQRkWzmImCCy9odzM2yoUa0mJogl0i+bddblrl+ZS0uPmPQrm3pM0sl876pelogxKuNpQWS8PRNDe24z3m06f0TozhfPF9D2ywH30tFH8naZONfWTTUU=,iv:tDhJVlWnTHnjZak32pgnUZ8XtM6TK9o2gZ0X3tcQD4Q=,tag:PcMS/5DpEkDkk+U0GG918w==,type:str]
lastmodified: "2024-12-03T13:46:57Z"
mac: ENC[AES256_GCM,data:5o/0aL6x4Kc+IwKL4sIZ4gyG4IXZqvL6TqZFnp3GNGjazRyUKvEbTbKTj96C7W1ci+JUv73mO/0IGjPxY/Bbsv06clKxSX40XbSvWVxSOfQp1qfiQaDxswcF+7yw5vA6wsOfZnYCWeyzJHuBD8OvTE+xXE8bNil5q2ZY5OXX7nk=,iv:aR7um7d9fjJxetxj8a0LrK9zs8tAWiSvKMenYBCMWpc=,tag:Zvj+ZiM5uV5HFVwu6ZAd2A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

30
systems/x86_64-linux/loptland/default.nix
View file

@ -26,6 +26,12 @@ in
"forgejo/db/password" = {
inherit sopsFile;
};
"forgejo/mail/password" = {
inherit sopsFile;
};
"forgejo/mail/passwordHash" = {
inherit sopsFile;
};
};
};
@ -83,13 +89,33 @@ in
mailer = {
ENABLED = true;
PROTOCOL = "sendmail";
PROTOCOL = "smtps";
FROM = "no-reply@${domainName}";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
SMTP_ADDR = "mail.${domainName}";
USER = "forgejo@${domainName}";
};
service.DISABLE_REGISTRATION = true;
};
secrets = {
mailer.PASSWD = config.sops.secrets."forgejo/mail/password".path;
};
};
mailserver = {
enable = true;
fqdn = "mail.${domainName}";
domains = [ domainName ];
loginAccounts = {
"forgejo@${domainName}" = {
hashedPasswordFile = config.sops.secrets."forgejo/mail/passwordHash".path;
aliases = [ "no-reply@${domainName}" ];
};
};
certificateScheme = "acme-nginx";
};
networking.firewall.allowedTCPPorts = [