diff --git a/machines/gerd/services/nextcloud.nix b/machines/gerd/services/nextcloud.nix index b703c08..598ce21 100644 --- a/machines/gerd/services/nextcloud.nix +++ b/machines/gerd/services/nextcloud.nix @@ -158,7 +158,7 @@ in { config.dbtype = "pgsql"; # settings - settings = { + settings = rec { # open connect/oidc oidc_login_provider_url = "https://${config.mine.shared.settings.authelia.domain}"; oidc_login_client_id = AUTHELIA_AUTH_NAME; @@ -176,9 +176,25 @@ in { }; oidc_login_scope = "openid profile email groups"; oidc_login_code_challenge_method = "S256"; + + # mail + mail_from_address = "nextcloud"; + mail_smtpmode = "smtp"; + mail_sendmailmode = "smtp"; + mail_domain = "${config.mine.shared.settings.domain}"; + mail_smtphost = "${config.mine.shared.settings.mail.domain_smtp}"; + mail_smtpport = config.mine.shared.settings.mail.ports.submissions; + mail_smtpsecure = "ssl"; + mail_smtpname = mail_from_address; + # mail_smtppassword = "defined-in-the-secrets-file-and-in-a-separate-file-for-lldap"; }; }; + # setup lldap user for nextcloud that can send emails + services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: { + nextcloud = llib.mkProvisionUserSystem "nextcloud" config.age.secrets.nextcloud-smtp-pass.path; + }); + systemd.services.nextcloud-setup = { # runs this after all the main nextcloud-setup stuff script = lib.mkAfter '' diff --git a/secrets/default.nix b/secrets/default.nix index f4ff9b7..e0b0f92 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -33,6 +33,7 @@ # nextcloud nextcloud-admin-pass.file = ./nextcloud/admin-pass.age; nextcloud-secrets.file = ./nextcloud/secrets.age; + nextcloud-smtp-pass.file = ./nextcloud/smtp-pass.age; # stalwart stalwart-admin-fallback-password.file = ./stalwart/admin-fallback-password.age; diff --git a/secrets/nextcloud/secrets.age b/secrets/nextcloud/secrets.age index 1a588d3..b078876 100644 Binary files a/secrets/nextcloud/secrets.age and b/secrets/nextcloud/secrets.age differ diff --git a/secrets/nextcloud/smtp-pass.age b/secrets/nextcloud/smtp-pass.age new file mode 100644 index 0000000..a8fe5f7 --- /dev/null +++ b/secrets/nextcloud/smtp-pass.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 QSDXqg nLdvh4Rh7NRfCpubsUOaSTwL+uQYa9jpiWWHmq8tBzo +jIgDAQZAmpoOqShDWMZZC3m/go+DImfYbg+gOlbbLu4 +-> X25519 jJ3QUtYdo6FM/xncqZeJMg5JJh2PKhe8rDw46ZrbqWo +uoDuPBJDplDoRiJGi2NFNJqDlo/fRGUqPiD0Jk6AX1c +-> ssh-ed25519 n8n9DQ +3vT7Jfx+kUFbHbEAWFN0hiDn0c0m+65brjuM5M4HRI ++jGGD9trmPr0BV2Ev1PvcdTAbzEyrHtHGleuheuYrIY +-> ssh-ed25519 BTp6UA Da7JqYJiJToDKhRelrwbXCj35URUi9T/Zzr0fLAZX1A +Kyi0O0Wog/VYlnCezm9qyxHiEU606kVHZfp17NKxXQk +--- 2t7lCNkYh/E4RyFx7sAtup5z9z/UFcxvk4XHhfJK+4I +ʡ "V%n]hQYsY9Y^r6l6*@G{vRfI7 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 56b3d1a..1a40ace 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -43,6 +43,7 @@ in # nextcloud "nextcloud/admin-pass.age".publicKeys = defaultAccess; "nextcloud/secrets.age".publicKeys = defaultAccess; + "nextcloud/smtp-pass.age".publicKeys = defaultAccess; # mailserver/stalwart "stalwart/admin-fallback-password.age".publicKeys = defaultAccess;