From cadaede0eebe4097ecc5eb6474ae6c88eca6587a Mon Sep 17 00:00:00 2001 From: Asmir A Date: Tue, 17 Oct 2023 22:41:22 +0200 Subject: [PATCH] magpie/gitea: replace smtp with sendmail, fix pass reset bug --- magpie/configuration.nix | 48 +++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/magpie/configuration.nix b/magpie/configuration.nix index 5ff3a23..6463818 100644 --- a/magpie/configuration.nix +++ b/magpie/configuration.nix @@ -4,6 +4,7 @@ { config, pkgs, + lib, ... }: { imports = []; @@ -20,16 +21,6 @@ # Set your time zone. time.timeZone = "Europe/Berlin"; - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # firefox - # thunderbird - # ]; - # }; - users.users.root.initialHashedPassword = ""; users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0gyN7DzF7+sinneq7++fT93dNWe9ttKnLZJEb0LVs7UxPtz/ovlxnktAgEtSh7NUUGKPILGG6+YG/Jz3pb4cLuQHtavIQ2mIzIbiNl+c80gLNPulfOrC3KyCacYnlcEpoV+4yvMPLDf+5ySilYoF30CSIo8B7B4PSwO3/I20oXXY0zeVmYKs65BY8OrR8PDdtPpuqGcTdPpVSrooZQoykriFeejBb0Jn7qWO7vmsTyUZZIP4nKKUyqE6iFZ2zv+J3mYfuoglQKO1+kqcCYCef0sheLZGD4/QIIL8HJ9yNWb6OQhu7MEv1NowuHkviImwVO3actZ1/x4lrWt4mY+bGglVwA90u1KZUQ10qKQ2xCG2ZHE9DSxWxpI/Yq2P4pLA/XSkYFPpzmoD9c6cpv0WLAvmQrEVkqK0xXo+KszUlyGy5sVJl7/h1fZ8YhWsWUnU1XJFmKLaomUZflL3h7X6xJNVPzZmso8l1INdCvIBDu+G84kAp1/aFalSJMyjTgvCc1hxhAVYhmrc3msGH0Jk8CcPBwYa0BH4EryacdupOS/c5VxAbdyuizEgitP1ylRmydVVDEItPNXFvpWdyEehf/VmsUXqL48mBzfvi6feD5AzKjPaQNaATpxLs9Sl9CMxSy27ahHwEK6dek1wm7nkoSIDSRWfGhYKr3lUg0emAYQ==" @@ -85,6 +76,7 @@ BASE_URL = "https://miniflux.project-cloud.net"; }; }; + services.restya-board = { enable = true; /* @@ -93,6 +85,7 @@ virtualHost.listenHost = "localhost"; virtualHost.listenPort = 4001; }; + services.nextcloud = { enable = true; hostName = "project-cloud.net"; @@ -169,22 +162,21 @@ type = "postgres"; passwordFile = config.sops.secrets."postgres/gitea_dbpass".path; }; - settings.server.DOMAIN = "git.project-cloud.net"; - settings.server.HTTP_PORT = 3001; + settings.server = { + DOMAIN = "git.project-cloud.net"; + ROOT_URL = "https://git.project-cloud.net"; + HTTP_PORT = 3001; + }; + settings.mailer = { + ENABLED = true; + FROM = "gitea@project-cloud.net"; + PROTOCOL = "sendmail"; + SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; + }; extraConfig = let docutils = pkgs.python3.withPackages (ps: with ps; [docutils pygments]); in '' - [mailer] - ENABLED = true - FROM = project.cloud@gmx.com - PROTOCOL = smtp - SMTP_ADDR = mail.gmx.com - HOST = mail.gmx.com:587 - SMTP_PORT = 587 - IS_TLS_ENABLED = false - USER = project.cloud@gmx.com - PASSWD = TS0obCMiuktEAS2x6lQ3 [service] REGISTER_EMAIL_CONFIRM = true [markup.restructuredtext] @@ -195,12 +187,22 @@ ''; }; + /* + needed for sendmail mail functionality + */ + users.users.gitea.extraGroups = ["postdrop"]; + systemd.services.gitea.serviceConfig = { + RestrictAddressFamilies = ["AF_NETLINK"]; + ProtectSystem = lib.mkForce false; + }; + security.acme = { acceptTerms = true; defaults.email = "asmir.abdulahovic@gmail.com"; }; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.secrets."postgres/gitea_dbpass" = { sopsFile = ./secrets/postgres.yaml; owner = config.users.users.gitea.name; @@ -216,7 +218,7 @@ networking.hostName = "magpie"; networking.wireless.enable = false; - networking.firewall.enable = false; + networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [80 443 587]; networking.firewall.allowedUDPPorts = []; networking.networkmanager.enable = true;