diff --git a/hosts/proxima/default.nix b/hosts/proxima/default.nix index 6586956..2daff9a 100644 --- a/hosts/proxima/default.nix +++ b/hosts/proxima/default.nix @@ -15,6 +15,9 @@ ssh.enable = true; exitNode.enable = true; }; - nextcloud.enable = true; + nextcloud = { + enable = true; + emailServer.enable = true; + }; }; } diff --git a/hosts/proxima/secrets.yaml b/hosts/proxima/secrets.yaml index bf897ab..e7d2c84 100644 --- a/hosts/proxima/secrets.yaml +++ b/hosts/proxima/secrets.yaml @@ -1,6 +1,8 @@ seb-password: ENC[AES256_GCM,data:N3w7niUZsyFmF2gF+gMhlDb6XfoYZ8yNrZvv2J0Cb3zDhstW7LsgYZVcM3+MXPbTDE9xJ00VGBayOT7fW+5IYYWdGgbRWvOH0w==,iv:rLCKJ9wUL+3sjIaqwV89pYJtt/ERuoR4AAgbt9H4oHg=,tag:nuh9rT0W500w8+y76MqC1Q==,type:str] tailscale-auth-key: ENC[AES256_GCM,data:zKjJsG23GYrAIAoTe9pRI/b9w6JPB/0EDrdtspQq1/dw7eQq7BuzYMT5O5EAy+5A9ZP3fDaleO5nFXRFvg==,iv:p7Dpq30TZyb20E5TfscycxMiN1XUx66DbNPhwuZkwaA=,tag:V/fc99Zv4xJ6PDxNIWHRew==,type:str] -nextcloud-admin-pass: ENC[AES256_GCM,data:Cmt6EUQCLAaqeXgvDC+G0t3PEp424BNvYvZpuLv5,iv:npzjc213z4tLmMWognC52oXf2yPtKsOw2WenK5HSZN0=,tag:VA3gjMA2TT50i1jaxxrWSg==,type:str] +nextcloud: + admin-pass: ENC[AES256_GCM,data:XpJwcxY3QoooM8ZzKlFWXvoexm4ej3qzdgb+KUwF,iv:f8VLb+OO1mC6KWIReuDtUivypG+thns5Z+dToDT42+0=,tag:jr+vvkX2JpNsSgJ4iozzKA==,type:str] + gmail-password: ENC[AES256_GCM,data:lbdSZPEmXx1zU0fdaXHle9by9rk=,iv:SSN379SVvonVQjEpopFe8O6tY30k1l9YxKPB6a+xo6U=,tag:jiWy3b16i0zXTyaOhY+5Vw==,type:str] sops: kms: [] gcp_kms: [] @@ -25,8 +27,8 @@ sops: aW00MUpGdXpYam5LYVFUenh2VndzcE0KT6Hfx1CYJFseFaEZxwi4Fds4v1HEFzBo FdSC6pzpZkfXso8EtSftq0lPx10GfJ6GZXYb+bCB2S9ROvUMPYDH3A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-24T20:34:04Z" - mac: ENC[AES256_GCM,data:bh9jVLtd97Zt0O1LlJWYXQHvNzr6vxpPEzduZa+XvLnf+NjcJv71DuR1ZzjW5nV0+63I1zKRDhcVq4IDFW/oHSLylCir17h5n4ZQR98i3B09fMETv0fJBtcadFCEJgOY/IBI0BDO8qeF8tMXFsXXqIGarScu4vJzLqh1MywvLkQ=,iv:gQbqrVVpto3aVHP86lOMHfDZ9kcdoIuJHojigRT8VII=,tag:3s/DYA/DMPm2CiDvv7vJLw==,type:str] + lastmodified: "2024-08-25T20:49:58Z" + mac: ENC[AES256_GCM,data:g/rGVy6BgrHXNWg2ivjLZ8JPvS2T/JedZo4rxsBQncQvnM/xYg5Ncm5VmYLF5YUOsWQhaOwKaTm1elJ0fJWslya+gMG72X4A0izWi/xnUq0YlA6jSrFIAqhq6MqlKTbwkl9QOuppylNezr5DoipTrpKFlexF/z8WQvqO3W8DbSA=,iv:3sWTqijBkdRHGwDoj9GtpAtEa+KwBdChOffvzccf04E=,tag:eoNckfFE+6nT3vGOIIdSqA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/modules/system/nextcloud.nix b/modules/system/nextcloud/default.nix similarity index 84% rename from modules/system/nextcloud.nix rename to modules/system/nextcloud/default.nix index 2ed1b72..4b04042 100644 --- a/modules/system/nextcloud.nix +++ b/modules/system/nextcloud/default.nix @@ -8,7 +8,7 @@ options.myConfig.nextcloud.enable = lib.mkEnableOption ""; config = lib.mkIf config.myConfig.nextcloud.enable { - sops.secrets.nextcloud-admin-pass = { + sops.secrets."nextcloud/admin-pass" = { owner = config.services.nextcloud.config.dbname; group = config.services.nextcloud.config.dbuser; }; @@ -23,7 +23,7 @@ config = { dbtype = "pgsql"; adminuser = "admin"; - adminpassFile = config.sops.secrets.nextcloud-admin-pass.path; + adminpassFile = config.sops.secrets."nextcloud/admin-pass".path; }; settings = { diff --git a/modules/system/nextcloud/email-server.nix b/modules/system/nextcloud/email-server.nix new file mode 100644 index 0000000..3d71df9 --- /dev/null +++ b/modules/system/nextcloud/email-server.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +{ + options.myConfig.nextcloud.emailServer.enable = lib.mkEnableOption ""; + + config = lib.mkIf config.myConfig.nextcloud.emailServer.enable { + sops.secrets."nextcloud/gmail-password" = { + owner = config.services.nextcloud.config.dbname; + group = config.services.nextcloud.config.dbuser; + }; + + programs.msmtp = { + enable = true; + accounts.default = { + auth = true; + tls = true; + host = "smtp.gmail.com"; + port = "587"; + user = "nextcloud.stork"; + from = "nextcloud.stork@gmail.com"; + passwordeval = "cat ${config.sops.secrets."nextcloud/gmail-password".path}"; + }; + }; + + services.nextcloud.settings = { + mail_smtpmode = "sendmail"; + mail_sendmailmode = "pipe"; + }; + }; +}