nextcloud: setup smtp (smtp password in two places, sadly)

2025-02-17 17:08:56 +01:00 · 2025-02-17 17:08:56 +01:00 · 971969d894
commit 971969d894
parent d53f145586
5 changed files with 30 additions and 1 deletions
--- a/machines/gerd/services/nextcloud.nix
+++ b/machines/gerd/services/nextcloud.nix
@ -158,7 +158,7 @@ in {
    config.dbtype = "pgsql";

    # settings
-    settings = {
+    settings = rec {
      # open connect/oidc
      oidc_login_provider_url = "https://${config.mine.shared.settings.authelia.domain}";
      oidc_login_client_id = AUTHELIA_AUTH_NAME;
@ -176,9 +176,25 @@ in {
      };
      oidc_login_scope = "openid profile email groups";
      oidc_login_code_challenge_method = "S256";
+
+      # mail
+      mail_from_address = "nextcloud";
+      mail_smtpmode = "smtp";
+      mail_sendmailmode = "smtp";
+      mail_domain = "${config.mine.shared.settings.domain}";
+      mail_smtphost = "${config.mine.shared.settings.mail.domain_smtp}";
+      mail_smtpport = config.mine.shared.settings.mail.ports.submissions;
+      mail_smtpsecure = "ssl";
+      mail_smtpname = mail_from_address;
+      # mail_smtppassword = "defined-in-the-secrets-file-and-in-a-separate-file-for-lldap";
    };
  };

+  # setup lldap user for nextcloud that can send emails
+  services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
+    nextcloud = llib.mkProvisionUserSystem "nextcloud" config.age.secrets.nextcloud-smtp-pass.path;
+  });
+
  systemd.services.nextcloud-setup = {
    # runs this after all the main nextcloud-setup stuff
    script = lib.mkAfter ''
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -33,6 +33,7 @@
    # nextcloud
    nextcloud-admin-pass.file = ./nextcloud/admin-pass.age;
    nextcloud-secrets.file = ./nextcloud/secrets.age;
+    nextcloud-smtp-pass.file = ./nextcloud/smtp-pass.age;

    # stalwart
    stalwart-admin-fallback-password.file = ./stalwart/admin-fallback-password.age;
--- a/secrets/nextcloud/secrets.age
+++ b/secrets/nextcloud/secrets.age
--- a/secrets/nextcloud/smtp-pass.age
+++ b/secrets/nextcloud/smtp-pass.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 QSDXqg nLdvh4Rh7NRfCpubsUOaSTwL+uQYa9jpiWWHmq8tBzo
+jIgDAQZAmpoOqShDWMZZC3m/go+DImfYbg+gOlbbLu4
+-> X25519 jJ3QUtYdo6FM/xncqZeJMg5JJh2PKhe8rDw46ZrbqWo
+uoDuPBJDplDoRiJGi2NFNJqDlo/fRGUqPiD0Jk6AX1c
+-> ssh-ed25519 n8n9DQ +3vT7Jfx+kUFbHbEAWFN0hiDn0c0m+65brjuM5M4HRI
+jGGD9trmPr0BV2Ev1PvcdTAbzEyrHtHGleuheuYrIY
+-> ssh-ed25519 BTp6UA Da7JqYJiJToDKhRelrwbXCj35URUi9T/Zzr0fLAZX1A
+Kyi0O0Wog/VYlnCezm9qyxHiEU606kVHZfp17NKxXQk
+--- 2t7lCNkYh/E4RyFx7sAtup5z9z/UFcxvk4XHhfJK+4I
+òÊ¡
"<22>V˜%µnê¢ú]«„þ·ÁhQYŽs¡Y‚9ÎY®^€rã®ÔÑ6lƒ6*@G{vœRf÷°I–Ðù7
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -43,6 +43,7 @@ in
  # nextcloud
  "nextcloud/admin-pass.age".publicKeys = defaultAccess;
  "nextcloud/secrets.age".publicKeys = defaultAccess;
+  "nextcloud/smtp-pass.age".publicKeys = defaultAccess;

  # mailserver/stalwart
  "stalwart/admin-fallback-password.age".publicKeys = defaultAccess;