From d99819280afb8abe6e90e1a7464ddc019900a0ab Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Thu, 20 Mar 2025 21:09:19 +0000
Subject: [PATCH] feat(ops): configure email for Forgejo

This configures Forgejo to use the "Forgejo" Message Stream on our "Snix"
server in Postmark.

Change-Id: I298966a8b43b55b0f1992a8fedf0fffcd6dde472
Reviewed-on: https://cl.snix.dev/c/snix/+/30206
Autosubmit: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Reviewed-by: Ryan Lahfa <masterancpp@gmail.com>
---
 ops/machines/public01/default.nix   |   1 +
 ops/modules/forgejo.nix             |  21 +++++++++++----------
 ops/secrets/forgejo-smtp-passwd.age | Bin 0 -> 567 bytes
 ops/secrets/secrets.nix             |   2 ++
 4 files changed, 14 insertions(+), 10 deletions(-)
 create mode 100644 ops/secrets/forgejo-smtp-passwd.age

diff --git a/ops/machines/public01/default.nix b/ops/machines/public01/default.nix
index 08e5cf2e3..0e720e8e1 100644
--- a/ops/machines/public01/default.nix
+++ b/ops/machines/public01/default.nix
@@ -128,6 +128,7 @@ in
         mode = "0440";
         group = "git";
       };
+      forgejo-smtp-passwd.file = secretFile "forgejo-smtp-passwd";
       grafana-oauth-secret = {
         file = secretFile "grafana-oauth-secret";
         mode = "0440";
diff --git a/ops/modules/forgejo.nix b/ops/modules/forgejo.nix
index 3ba949fa9..695c68272 100644
--- a/ops/modules/forgejo.nix
+++ b/ops/modules/forgejo.nix
@@ -102,7 +102,7 @@ in
       group = "git";
 
       # Secret mail config.
-      # mailerPasswordFile = config.age.secrets.forgejoSmtpSecret.path;
+      secrets.mailer.PASSWD = config.age.secrets.forgejo-smtp-passwd.path;
 
       # Server and database config.
       settings = {
@@ -198,15 +198,16 @@ in
           DISABLE_GIT_HOOKS = false;
         };
 
-        # Note: PASSWD is set by NixOS up.
-        # mailer = {
-        #   ENABLED = true;
-        #   PROTOCOL = "smtps";
-        #   SMTP_ADDR = "";
-        #   SMTP_PORT = 465;
-        #   USER = "";
-        #   FROM = "";
-        # };
+        # Note: PASSWD is set up by the NixOS module, which sets FORGEJO__MAILER__PASSWD__FILE.
+        # https://forum.gitea.com/t/email-could-not-initiate-smtp-session-error/8164/14
+        mailer = {
+          ENABLED = true;
+          PROTOCOL = "smtp+starttls";
+          SMTP_ADDR = "smtp.postmarkapp.com";
+          SMTP_PORT = 2525;
+          USER = "PM-T-forgejo-48CsFdjTEW5_tALcpact0HG";
+          FROM = "\"Snix Forgejo\" <forgejo@snix.dev>";
+        };
 
         ui = {
           # Add the used emojis from https://volpeon.ink/emojis/ as well as https://github.com/chr-1x/dragn-emoji
diff --git a/ops/secrets/forgejo-smtp-passwd.age b/ops/secrets/forgejo-smtp-passwd.age
new file mode 100644
index 0000000000000000000000000000000000000000..670b7d00ef8f832bdf25dedc34531016680fedab
GIT binary patch
literal 567
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUFE(|NpOIIkZDm2wE
zPfv_=Ec7tXGl<Cci!9f!%*gdg@huE<tn|-{N-7P_4X@I6_2qK$GBeBbOE=5$sq!q&
z$~MaNOLhz@F3$`$2{SD9bg2ySDKC#G@NqTs@C4Zw0kO!*(z!B8KQzg!!pAExw5lrG
z!qD3<tjN$YB*L@O%}rasD&57>z&AhHDUvHMEhIfE-=H!eDWamv-`y<PFfzTYG{h&_
zEGs)8w4$`oEzR9IDly$CuNY(lvVWY7s>1Ue6|($`4a1zx-MsRhoZT&x^vylW5{pWV
zjiaK99sRQXgAGzjjf>1u0-{_(xeBUG0}=~;{0a(EiVa+{%AzWYL-NW~gN@QXJd6^J
zijoVGgVF<hLQGT3(QPY@a<9rPSI8?iv`k7a%r&=k%`1z_$O!e$s7Q1#4R?wNw(!V_
z2#zcauQW_g&hs|R=1QtC&Cd(>$tl;540F<VEiewx4i0rm%1+D5G%YIf%n9+;F9|Ow
z57SNx<<iyFRWLWK)DACnO$>H5^(`&TtBTAtN~y>U&Gy%?EKkm;s`7EpNjA@M2@gy+
z;gZTR{87NgaH(~P*5ivG^%G7m4Y{pfcte+0#Nc-AR;OV0k3tjDO}#=q&itFOf8p!R
akL3#PI%KbF@ih9+Y-cOYbo*7!+s^>ez{HRM

literal 0
HcmV?d00001

diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index e56f23c7a..6876825aa 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -41,6 +41,8 @@ in
   "gerrit-autosubmit.age" = gerrit01Default;
 
   "forgejo-oauth-secret.age" = public01Default;
+  "forgejo-smtp-passwd.age" = public01Default;
+
   "grafana-oauth-secret.age" = public01Default;
 
   "buildkite-agent-token.age" = build01Default;