mail

newinfra/nix/apps/forgejo/default.nix

@@ -1,6 +1,6 @@
 { config, ... }: {
   age.secrets.forgejo_s3_key_secret.file = ../../secrets/forgejo_s3_key_secret.age;
-
+  age.secrets.mail_git_password.file = ../../secrets/mail_git_password.age;
 
   services.forgejo = {
     enable = true;
@@ -34,12 +34,33 @@
         MINIO_LOCATION = "garage";
         MINIO_USE_SSL = false;
       };
+
+      mailer = {
+        ENABLED = true;
+        FROM = "\"Nora's Git Server\" <git@git.noratrieb.dev>";
+        PROTOCOL = "smtp+starttls";
+        SMTP_ADDR = "localhost";
+        SMTP_PORT = 587;
+        USER = "git@git.noratrieb.dev";
+        PASSWD = "Meowmeow";
+        FORCE_TRUST_SERVER_CERT = true; # lol. it's localhost.
+
+        /*ENABLED = true;
+        PROTOCOL = "sendmail";
+        FROM = "git@git.noratrieb.dev";
+        SENDMAIL_PATH = lib.getExe pkgs.system-sendmail;
+        SENDMAIL_ARGS = "--"; # most "sendmail" programs take options, "--" will prevent an email address being interpreted as an option.
+        */
+      };
     };
 
     secrets = {
       storage = {
         MINIO_SECRET_ACCESS_KEY = config.age.secrets.forgejo_s3_key_secret.path;
       };
+      mailer = {
+        # PASSWD = config.age.secrets.mail_git_password.path;
+      };
     };
   };
 

newinfra/nix/apps/mail/default.nix

@@ -0,0 +1,24 @@
+{ config, ... }:
+let release = "nixos-24.11"; in
+{
+  age.secrets.mail_git_password_hashed.file = ../../secrets/mail_git_password_hashed.age;
+
+  imports = [
+    (builtins.fetchTarball {
+      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz";
+      sha256 = "05k4nj2cqz1c5zgqa0c6b8sp3807ps385qca74fgs6cdc415y3qw";
+    })
+  ];
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.noratrieb.dev";
+    domains = [ "git.noratrieb.dev" ];
+
+    loginAccounts = {
+      "git@git.noratrieb.dev" = {
+        hashedPasswordFile = config.age.secrets.mail_git_password_hashed.path;
+      };
+    };
+  };
+}