From 971969d8941ec672e0392142807917116ce076bb Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Mon, 17 Feb 2025 17:08:56 +0100
Subject: [PATCH] nextcloud: setup smtp (smtp password in two places, sadly)

---
 machines/gerd/services/nextcloud.nix |  18 +++++++++++++++++-
 secrets/default.nix                  |   1 +
 secrets/nextcloud/secrets.age        | Bin 634 -> 691 bytes
 secrets/nextcloud/smtp-pass.age      |  11 +++++++++++
 secrets/secrets.nix                  |   1 +
 5 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 secrets/nextcloud/smtp-pass.age

diff --git a/machines/gerd/services/nextcloud.nix b/machines/gerd/services/nextcloud.nix
index b703c08..598ce21 100644
--- a/machines/gerd/services/nextcloud.nix
+++ b/machines/gerd/services/nextcloud.nix
@@ -158,7 +158,7 @@ in {
     config.dbtype = "pgsql";
 
     # settings
-    settings = {
+    settings = rec {
       # open connect/oidc
       oidc_login_provider_url = "https://${config.mine.shared.settings.authelia.domain}";
       oidc_login_client_id = AUTHELIA_AUTH_NAME;
@@ -176,9 +176,25 @@ in {
       };
       oidc_login_scope = "openid profile email groups";
       oidc_login_code_challenge_method = "S256";
+
+      # mail
+      mail_from_address = "nextcloud";
+      mail_smtpmode = "smtp";
+      mail_sendmailmode = "smtp";
+      mail_domain = "${config.mine.shared.settings.domain}";
+      mail_smtphost = "${config.mine.shared.settings.mail.domain_smtp}";
+      mail_smtpport = config.mine.shared.settings.mail.ports.submissions;
+      mail_smtpsecure = "ssl";
+      mail_smtpname = mail_from_address;
+      # mail_smtppassword = "defined-in-the-secrets-file-and-in-a-separate-file-for-lldap";
     };
   };
 
+  # setup lldap user for nextcloud that can send emails
+  services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
+    nextcloud = llib.mkProvisionUserSystem "nextcloud" config.age.secrets.nextcloud-smtp-pass.path;
+  });
+
   systemd.services.nextcloud-setup = {
     # runs this after all the main nextcloud-setup stuff
     script = lib.mkAfter ''
diff --git a/secrets/default.nix b/secrets/default.nix
index f4ff9b7..e0b0f92 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -33,6 +33,7 @@
     # nextcloud
     nextcloud-admin-pass.file = ./nextcloud/admin-pass.age;
     nextcloud-secrets.file = ./nextcloud/secrets.age;
+    nextcloud-smtp-pass.file = ./nextcloud/smtp-pass.age;
 
     # stalwart
     stalwart-admin-fallback-password.file = ./stalwart/admin-fallback-password.age;
diff --git a/secrets/nextcloud/secrets.age b/secrets/nextcloud/secrets.age
index 1a588d3ae4e59891d2f764b845c39ff7a1cda901..b07887685828561828e9f51c6c21f1160fa7c7b8 100644
GIT binary patch
delta 659
zcmeyxvYB;)PQ81WqkdUhu31KSs-tIqsA*+DqNjJ1Z%S}Rj*-89RAq>xrGH{lPL^w)
z30G!vzN@LbVWNd^WO+qcuxF8fP*`E1uSHOfb5N*Ta!^UJsaK+7PN7kTE0?aFLWGg2
zsiCEUae-yBS#e@UM3qmTOHsIXj-h^#nR|I+rB|4-etoHaVXC*ekAIe_t7nA;S6Wt;
zVSYtYUWjXybA@(Tpt-YgQf7u@zQ2EBewcHKZ-#GaYNn50zNKk0$cp0P4BgZeh&_20
zd6q7L3c*?a=EbH(*_O#=p{CB+=E;%XVa^3U`JN_D#*Vpp5#=QTDL!tdW~SkuTu#CD
zKKhoWrey&JmHxTm9^oY+PUhNSRY7j%*+q_Co?Zq;mhQ<J-jU&nf#}vbg%p^DIx3jB
zMtOyn1_nB%MuillSom8cmixLSW~C*$_-Y50<(LFH7w07vmboW6J91fO`8(yi80tq9
zTN(!$d0Chw`_{XpxmoHPmY9cy2c?&W`D>T^c;@?rSQK;V>gp<lWTxkum1>8Wm^c+U
zJLabZTbgGEd6t>`g==S*WQ9A1gy)4vxTb{~q=s@$SMb-gyYH)T_SjW-D@J{$&#v56
z6Pd-Yu*z-!f1%qdCpJ=k-f!ddM!_vFn__mGn24{A)OcoHe=dAOw^V-Yqa_K9ISRL1
z1Px*vJr8zww<_<n__eSkHbV9Om!L52ndekhtu{yru-ZGOq}R4ja&~At>F@Knd<BD8
z>YD=PrOg_f)wvQ^I31aC`_+}#VhTAkJ*G1>bUSghXFWK^-)Xt*NXgm2jO<=+p~`8u
f>wR82URJG1U;one7SDzmM;3qVDc-W$(8?PC`hw|E

delta 601
zcmdnY`io_PPQ7JzvPYVJzGG>DN2ytuVOW{3Ye0}+TAsI0QAVPBp|hD|K~iX5g|?Y-
zI#-CFOJPJrQkbW)r@u*&MOIaQT3%VCcT%uZVRBYrUXpgEzEOC2Wp-+?0hg|wLWGg2
zsiCEUlbgOzQMPkQxrbS<n@hgGYn7*$bFi^RM4owoXMLbsky%b^q(yL1T3NX#S5$z3
zL8M1ca!8Vyc|}Q{ahSWSpKGCInqy9Jj+tMviCcwPYIvo#Q$e;X$cp0P4BgZeh&_20
zd6q7L3Pt(3>FI?589AQ*C534wxxQ6N>B0WlCHk4ARVAebnaKqf&c?ZB1`&A{TzLld
z7H$FN0YMSk<!*l3RY~rtmI1CI`Pl`D;pK)YCFvEu#`-}y1-S*T$>`QOg%p^DIx0B&
zN4OWc=NcA;rx=$y2d4UGYkOCOXBhbCr}zgOB&Im0_(iz~xdfI4mvaT0dY7BIWaJoV
zn`xW)x|WwlxYhed`DqtLcxOi>=9=UryLl$1<d=k3hUIhV>gp=!oBQR4<OJ#$B!>H>
zhFfSChnAFBh8KHe7$!#+1RH64Ii+}bxaM1$6h?Aoi7Gt2uxg5pw$#O!pBS~RlPYg5
zSN^qO@!OLDJ*MqNZ*LsDaVE1nL@e{&UbhO?Ezh4z-_p`83fkLPwM+c`ZSG&E!zZUc
z=S*py#TCDREw$S6!|9uo@BazAU{ql8Detgv>9>}Z-wsOJ2I$U6x0pM*LVV*UK_{U$
YFXrv>7Z{jy)IVQ{iF;6xT{Xu904ng=vH$=8

diff --git a/secrets/nextcloud/smtp-pass.age b/secrets/nextcloud/smtp-pass.age
new file mode 100644
index 0000000..a8fe5f7
--- /dev/null
+++ b/secrets/nextcloud/smtp-pass.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 QSDXqg nLdvh4Rh7NRfCpubsUOaSTwL+uQYa9jpiWWHmq8tBzo
+jIgDAQZAmpoOqShDWMZZC3m/go+DImfYbg+gOlbbLu4
+-> X25519 jJ3QUtYdo6FM/xncqZeJMg5JJh2PKhe8rDw46ZrbqWo
+uoDuPBJDplDoRiJGi2NFNJqDlo/fRGUqPiD0Jk6AX1c
+-> ssh-ed25519 n8n9DQ +3vT7Jfx+kUFbHbEAWFN0hiDn0c0m+65brjuM5M4HRI
++jGGD9trmPr0BV2Ev1PvcdTAbzEyrHtHGleuheuYrIY
+-> ssh-ed25519 BTp6UA Da7JqYJiJToDKhRelrwbXCj35URUi9T/Zzr0fLAZX1A
+Kyi0O0Wog/VYlnCezm9qyxHiEU606kVHZfp17NKxXQk
+--- 2t7lCNkYh/E4RyFx7sAtup5z9z/UFcxvk4XHhfJK+4I
+�ʡ
"�V�%�n��]�����hQY�s�Y�9�Y�^�r���6l�6*@G{v�Rf��I���7
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 56b3d1a..1a40ace 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -43,6 +43,7 @@ in
   # nextcloud
   "nextcloud/admin-pass.age".publicKeys = defaultAccess;
   "nextcloud/secrets.age".publicKeys = defaultAccess;
+  "nextcloud/smtp-pass.age".publicKeys = defaultAccess;
 
   # mailserver/stalwart
   "stalwart/admin-fallback-password.age".publicKeys = defaultAccess;