add mailer to gitea

2022-12-04 00:07:26 +00:00 · 2022-12-04 00:07:26 +00:00 · b94ed99932
commit b94ed99932
parent abdddc9870
1 changed files with 47 additions and 0 deletions
--- a/nixos/boxes/vpsfree1/gitea.nix
+++ b/nixos/boxes/vpsfree1/gitea.nix
@ -3,11 +3,32 @@ let
  httpPort = 8083;
  sshPort = 22;
  domain = "git.cyplo.dev";
+  emailDomain = "peninsula.industries";
  baseurl = "https://${domain}";
  path = "/var/lib/gitea";
+  mailgunSmtpSecretName = "gitea-mailgun-smtp-password";
+  mailgunSmtpPasswordPath = "/run/secrets/${mailgunSmtpSecretName}";
+  uid = 2051;
+  gid = 3051;
+  systemUserName = "gitea";
+  systemGroupName = "gitea";
+  users = {
+    users."${systemUserName}" = {
+      inherit uid;
+      isSystemUser = true;
+      isNormalUser = false;
+      group = systemGroupName;
+    };
+    groups."${systemGroupName}" = {
+      inherit gid;
+      members = [ "${systemUserName}" "nginx" ];
+    };
+  };
 in {
  imports = [ ../nginx.nix ];

+  inherit users;
+
  boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 0; };
  systemd.services.systemd-sysctl.enable = lib.mkForce true;

@ -24,6 +45,13 @@ in {
    };
  };

+  sops.secrets."${mailgunSmtpSecretName}" = {
+    sopsFile = ./mailgun.sops.yaml;
+    path = mailgunSmtpPasswordPath;
+    owner = systemUserName;
+    group = systemGroupName;
+  };
+
  containers.gitea = {
    autoStart = true;
    forwardPorts = [
@ -41,14 +69,24 @@ in {
        hostPath = "${path}";
        isReadOnly = false;
      };
+      "${mailgunSmtpPasswordPath}" = {
+        hostPath = "${mailgunSmtpPasswordPath}";
+        isReadOnly = true;
+      };
    };
    config = { config, pkgs, lib, ... }: {
      system.stateVersion = "22.05";
+      users = users // {
+        mutableUsers = false;
+        allowNoPasswordLogin = true;
+      };
      services.gitea = {
        inherit domain httpPort;
        enable = true;
        rootUrl = baseurl;
        stateDir = path;
+        user = systemUserName;
+        mailerPasswordFile = mailgunSmtpPasswordPath;
        settings = {
          service.DISABLE_REGISTRATION = true;
          server = {
@ -58,6 +96,15 @@ in {
            DISABLE_SSH = false;
            LFS_START_SERVER = true;
          };
+          mailer = {
+            ENABLED = true;
+            FROM = "git.cyplo.dev <gitea@${emailDomain}>";
+            MAILER_TYPE = "smtp";
+            HOST = "smtp.eu.mailgun.org:465";
+            IS_TLS_ENABLED = true;
+            USER = "postmaster@${emailDomain}";
+          };
+
        };
      };
    };