magpie/gitea: replace smtp with sendmail, fix pass reset bug

magpie/configuration.nix

@@ -4,6 +4,7 @@
 {
   config,
   pkgs,
+  lib,
   ...
 }: {
   imports = [];
@@ -20,16 +21,6 @@
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  # users.users.alice = {
-  #   isNormalUser = true;
-  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-  #   packages = with pkgs; [
-  #     firefox
-  #     thunderbird
-  #   ];
-  # };
-
   users.users.root.initialHashedPassword = "";
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0gyN7DzF7+sinneq7++fT93dNWe9ttKnLZJEb0LVs7UxPtz/ovlxnktAgEtSh7NUUGKPILGG6+YG/Jz3pb4cLuQHtavIQ2mIzIbiNl+c80gLNPulfOrC3KyCacYnlcEpoV+4yvMPLDf+5ySilYoF30CSIo8B7B4PSwO3/I20oXXY0zeVmYKs65BY8OrR8PDdtPpuqGcTdPpVSrooZQoykriFeejBb0Jn7qWO7vmsTyUZZIP4nKKUyqE6iFZ2zv+J3mYfuoglQKO1+kqcCYCef0sheLZGD4/QIIL8HJ9yNWb6OQhu7MEv1NowuHkviImwVO3actZ1/x4lrWt4mY+bGglVwA90u1KZUQ10qKQ2xCG2ZHE9DSxWxpI/Yq2P4pLA/XSkYFPpzmoD9c6cpv0WLAvmQrEVkqK0xXo+KszUlyGy5sVJl7/h1fZ8YhWsWUnU1XJFmKLaomUZflL3h7X6xJNVPzZmso8l1INdCvIBDu+G84kAp1/aFalSJMyjTgvCc1hxhAVYhmrc3msGH0Jk8CcPBwYa0BH4EryacdupOS/c5VxAbdyuizEgitP1ylRmydVVDEItPNXFvpWdyEehf/VmsUXqL48mBzfvi6feD5AzKjPaQNaATpxLs9Sl9CMxSy27ahHwEK6dek1wm7nkoSIDSRWfGhYKr3lUg0emAYQ=="
@@ -85,6 +76,7 @@
       BASE_URL = "https://miniflux.project-cloud.net";
     };
   };
+
   services.restya-board = {
     enable = true;
     /*
@@ -93,6 +85,7 @@
     virtualHost.listenHost = "localhost";
     virtualHost.listenPort = 4001;
   };
+
   services.nextcloud = {
     enable = true;
     hostName = "project-cloud.net";
@@ -169,22 +162,21 @@
       type = "postgres";
       passwordFile = config.sops.secrets."postgres/gitea_dbpass".path;
     };
-    settings.server.DOMAIN = "git.project-cloud.net";
-    settings.server.HTTP_PORT = 3001;
+    settings.server = {
+      DOMAIN = "git.project-cloud.net";
+      ROOT_URL = "https://git.project-cloud.net";
+      HTTP_PORT = 3001;
+    };
+    settings.mailer = {
+      ENABLED = true;
+      FROM = "gitea@project-cloud.net";
+      PROTOCOL = "sendmail";
+      SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
+    };
     extraConfig = let
       docutils =
         pkgs.python3.withPackages (ps: with ps; [docutils pygments]);
     in ''
-      [mailer]
-      ENABLED        = true
-      FROM 	     = project.cloud@gmx.com
-      PROTOCOL       = smtp
-      SMTP_ADDR      = mail.gmx.com
-      HOST           = mail.gmx.com:587
-      SMTP_PORT      = 587
-      IS_TLS_ENABLED = false
-      USER           = project.cloud@gmx.com
-      PASSWD         = TS0obCMiuktEAS2x6lQ3
       [service]
       REGISTER_EMAIL_CONFIRM = true
       [markup.restructuredtext]
@@ -195,12 +187,22 @@
     '';
   };
 
+  /*
+  needed for sendmail mail functionality
+  */
+  users.users.gitea.extraGroups = ["postdrop"];
+  systemd.services.gitea.serviceConfig = {
+    RestrictAddressFamilies = ["AF_NETLINK"];
+    ProtectSystem = lib.mkForce false;
+  };
+
   security.acme = {
     acceptTerms = true;
     defaults.email = "asmir.abdulahovic@gmail.com";
   };
 
   sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+
   sops.secrets."postgres/gitea_dbpass" = {
     sopsFile = ./secrets/postgres.yaml;
     owner = config.users.users.gitea.name;
@@ -216,7 +218,7 @@
 
   networking.hostName = "magpie";
   networking.wireless.enable = false;
-  networking.firewall.enable = false;
+  networking.firewall.enable = true;
   networking.firewall.allowedTCPPorts = [80 443 587];
   networking.firewall.allowedUDPPorts = [];
   networking.networkmanager.enable = true;