Setup vaultwarden smtp

2024-12-14 22:41:34 -08:00 · 2024-12-14 22:41:34 -08:00 · e15bfa0b90
commit e15bfa0b90
parent cee19a8b27
3 changed files with 23 additions and 8 deletions
--- a/common/auths.yaml
+++ b/common/auths.yaml
@ -3,11 +3,13 @@ coturn: ENC[AES256_GCM,data:3JQCzWn3RJcGgMyfS+Wm/IL1cTSh/BFcVHhI,iv:aCmkJJt6wIjL
 mail:
    macronova:
        password: ENC[AES256_GCM,data:wJMS3WqmAMQiOiyDUvmwH6Bes4L8GZC/2MxXP23M+RUrN7esqQsaMXLksY/33TuopuekVAvW9K+D2go5quaxdZhB/cVrhXqIjLVLV6Wa+WkYlbeQvJ5ix3R40X455opndrCQCQslatzcgGxmMS8qj5j0UcOfng==,iv:jfo7REVvIDI9MiWRsBi4MoTHfO6lHY5oQI9WyUecnnQ=,tag:hrSHzh4DK5Skav6A3fwD5A==,type:str]
+    vaultwarden:
+        password: ENC[AES256_GCM,data:2sGDr2TvznpWOr1mVD5gJ4ayU4Fz8rI3m4H5X/eJ/tyIQG5eSyTpqX4MWdA4a8vyRAfwe7OLHAF6kJoHBStDBDTs1rSkXtKw7LG2EgC4hcs+wMMVQ5u0ZmnKd9GzTa4FpqAVvyohFf815a8Dkl1xG29YZRd+Qw==,iv:fgdiHF20+iF2LY86bFnksqGyxxCLO1tO2S9T+attW6k=,tag:8rvzJIy1M+VLm+DW6ZzFzg==,type:str]
 users:
    macronova:
        password: ENC[AES256_GCM,data:GSWsFhbxrUn1/tuURrl+D9wR80PZWzMU8sIjZpDyCyTrsCnbwcyqlsEx6MYSF/bRtAujR/kH2ppLM5O6QcIduETIMfjAMl8th9ZbQLUPiTpXRkfI01GKeUzYuvlATBGbnNHouJ2HJPamG+TJSBrbJJasoe5wUQ==,iv:RZQXTptp9MZejgrhWbeHSk0qgA4lSyo9yFdKZdJfvIk=,tag:38KJZbV19oT+3MH60d/grw==,type:str]
 vaultwarden:
-    environment: ENC[AES256_GCM,data:DKPhavj/WONXkwmvOqAEV03EqWK6nBK3oTva/R23hxeex+IiuLFtHYQwBkNdBVT5enat+w/NBLekv6f9uWIA9pfbL/38Hz7acXtn/r/zmoLaOC1YcZO4Lc5GPjPRdd3or/JMIv9YTiGyynHZ3JJTGPe6cHG+3MFf3aaDpYtN5yL8gGghJQQJR/M1uNpvGoP+tg8=,iv:ScfGqDxJ7sJ+S6OGEN/mrqqmsHBRhKNCOp+WnKfUI+w=,tag:I/Dz9hmskHwMYF1vGCPPNA==,type:str]
+    environment: ENC[AES256_GCM,data:SbAQuXfig3elvxweWQsNzTj+faFAJ+o+gJihYrnPjyWBWn17k1hXkkIyZGcLgS6WdYodYn/hkFts9mnkHUe3yuTY4DLCe1X7zF6wGfRSLyYGrbpZXWI7Mqd71XPhQ7Kr+80movk9PWZ+DfZpUMItZLayb66DYrpkWJLDiIo3YTTkChuL8QslhAbcR3NolzwbUBFDXrCnl/0+3Q7V9YMYvqpKJmwrPITiL/RU2At+ywSKe1Eva4i2pYmv6kEC,iv:LGNRhUetqqne2GWbpA0OGPZYNgQSKEodmb1djdy4lrw=,tag:9KSLpr4X7OxCxgM3uPGZvA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -41,8 +43,8 @@ sops:
            SEZndElYa1NOWnQ1Y3dMUG9WUS9yZE0Ku4sIsnLwt7bPeceWT/fSbJngdLdeVFiL
            qYYzmQOAP/nb1KlZCQjbqxZaMq7An+Iqaat4ILD1i39hmbLAZdxIpA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-15T05:14:38Z"
-    mac: ENC[AES256_GCM,data:uMxR0aIm37ub64O/RjkDAvY98vzkMxu0gqpbP+GoTFicWcyBDhxoOcXZf7ZRzONLWra+y2PS02i4b1odhmIdn8b6Xtse6l6v3GrpatGM6oLxwuEwG7t89bzj8oL9UazSV9MfGWiLMfI/E1bm1/osKEibIEhVkWUJ8KM+GnAZ0/U=,iv:oBW2/uJg3ZJSlb5l7gW+1xJNM+5MAm4pIAed2IHbS7o=,tag:+UQnMiopIvlWymkK8pk7WQ==,type:str]
+    lastmodified: "2024-12-15T06:38:44Z"
+    mac: ENC[AES256_GCM,data:Iy20cL0dv4kHsIjFMbbgt57jFfiluQq2iKGJHcVd4niz6+xUmG5dXRRswbhngN5VCwweKx4DSo1PUXF/4bmWpy+MUSTEVA0QO5Mmmt08+7u0iDfbPtS3+XcwSJfqnsE5I+iIyB+qOD9fslLwUHyeMuHjbjSM1UgAajnXiX2p71Y=,iv:ZLUMs0lu+QIldrKKTEIXqqOWqcBCU+YZFeVb9Uf32j4=,tag:hZH0TONnsESeYuYgmw6S/A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2
--- a/linux/singularity/mailserver.nix
+++ b/linux/singularity/mailserver.nix
@ -1,6 +1,7 @@
 {config, ...}:
 with config.constants; let
-  mailSecret = "mail/${userName}/password";
+  userSecret = "mail/${userName}/password";
+  vaultwardenSecret = "mail/vaultwarden/password";
 in {
  mailserver = {
    enable = true;
@ -10,11 +11,15 @@ in {
    loginAccounts = {
      "${userName}@${domain}" = {
        aliases = [postMaster];
-        hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
+        hashedPasswordFile = config.sops.secrets.${userSecret}.path;
      };
+      ${config.services.vaultwarden.config.SMTP_FROM}.hashedPasswordFile = config.sops.secrets.${vaultwardenSecret}.path;
    };

    certificateScheme = "acme";
  };
-  sops.secrets.${mailSecret} = {};
+  sops.secrets = {
+    ${userSecret} = {};
+    ${vaultwardenSecret} = {};
+  };
 }
--- a/linux/singularity/vaultwarden.nix
+++ b/linux/singularity/vaultwarden.nix
@ -4,11 +4,19 @@ in {
  services.vaultwarden = {
    enable = true;
    config = with config.constants; {
-      # Disable signup
-      SIGNUPS_ALLOWED = false;
+      DOMAIN = "https://vault.${domain}";
      # Specify service port
      ROCKET_ADDRESS = localhost;
      ROCKET_PORT = port.vault;
+      # Disable signup
+      SIGNUPS_ALLOWED = false;
+      # SMTP config
+      SMTP_FROM = "vaultwarden@${domain}";
+      SMTP_FROM_NAME = "vaultwarden";
+      SMTP_HOST = "mail.${domain}";
+      SMTP_USERNAME = "vaultwarden@${domain}";
+      SMTP_PORT = 587;
+      SMTP_SECURITY = "starttls";
    };
    environmentFile = config.sops.secrets.${vaultEnvironment}.path;
  };