From e15bfa0b90ed3946dd434acab26aaf48916fc8d2 Mon Sep 17 00:00:00 2001 From: macronova Date: Sat, 14 Dec 2024 22:41:34 -0800 Subject: [PATCH] Setup vaultwarden smtp --- common/auths.yaml | 8 +++++--- linux/singularity/mailserver.nix | 11 ++++++++--- linux/singularity/vaultwarden.nix | 12 ++++++++++-- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/common/auths.yaml b/common/auths.yaml index 2b80603..335b2fb 100644 --- a/common/auths.yaml +++ b/common/auths.yaml @@ -3,11 +3,13 @@ coturn: ENC[AES256_GCM,data:3JQCzWn3RJcGgMyfS+Wm/IL1cTSh/BFcVHhI,iv:aCmkJJt6wIjL mail: macronova: password: ENC[AES256_GCM,data:wJMS3WqmAMQiOiyDUvmwH6Bes4L8GZC/2MxXP23M+RUrN7esqQsaMXLksY/33TuopuekVAvW9K+D2go5quaxdZhB/cVrhXqIjLVLV6Wa+WkYlbeQvJ5ix3R40X455opndrCQCQslatzcgGxmMS8qj5j0UcOfng==,iv:jfo7REVvIDI9MiWRsBi4MoTHfO6lHY5oQI9WyUecnnQ=,tag:hrSHzh4DK5Skav6A3fwD5A==,type:str] + vaultwarden: + password: ENC[AES256_GCM,data:2sGDr2TvznpWOr1mVD5gJ4ayU4Fz8rI3m4H5X/eJ/tyIQG5eSyTpqX4MWdA4a8vyRAfwe7OLHAF6kJoHBStDBDTs1rSkXtKw7LG2EgC4hcs+wMMVQ5u0ZmnKd9GzTa4FpqAVvyohFf815a8Dkl1xG29YZRd+Qw==,iv:fgdiHF20+iF2LY86bFnksqGyxxCLO1tO2S9T+attW6k=,tag:8rvzJIy1M+VLm+DW6ZzFzg==,type:str] users: macronova: password: ENC[AES256_GCM,data:GSWsFhbxrUn1/tuURrl+D9wR80PZWzMU8sIjZpDyCyTrsCnbwcyqlsEx6MYSF/bRtAujR/kH2ppLM5O6QcIduETIMfjAMl8th9ZbQLUPiTpXRkfI01GKeUzYuvlATBGbnNHouJ2HJPamG+TJSBrbJJasoe5wUQ==,iv:RZQXTptp9MZejgrhWbeHSk0qgA4lSyo9yFdKZdJfvIk=,tag:38KJZbV19oT+3MH60d/grw==,type:str] vaultwarden: - environment: ENC[AES256_GCM,data:DKPhavj/WONXkwmvOqAEV03EqWK6nBK3oTva/R23hxeex+IiuLFtHYQwBkNdBVT5enat+w/NBLekv6f9uWIA9pfbL/38Hz7acXtn/r/zmoLaOC1YcZO4Lc5GPjPRdd3or/JMIv9YTiGyynHZ3JJTGPe6cHG+3MFf3aaDpYtN5yL8gGghJQQJR/M1uNpvGoP+tg8=,iv:ScfGqDxJ7sJ+S6OGEN/mrqqmsHBRhKNCOp+WnKfUI+w=,tag:I/Dz9hmskHwMYF1vGCPPNA==,type:str] + environment: ENC[AES256_GCM,data:SbAQuXfig3elvxweWQsNzTj+faFAJ+o+gJihYrnPjyWBWn17k1hXkkIyZGcLgS6WdYodYn/hkFts9mnkHUe3yuTY4DLCe1X7zF6wGfRSLyYGrbpZXWI7Mqd71XPhQ7Kr+80movk9PWZ+DfZpUMItZLayb66DYrpkWJLDiIo3YTTkChuL8QslhAbcR3NolzwbUBFDXrCnl/0+3Q7V9YMYvqpKJmwrPITiL/RU2At+ywSKe1Eva4i2pYmv6kEC,iv:LGNRhUetqqne2GWbpA0OGPZYNgQSKEodmb1djdy4lrw=,tag:9KSLpr4X7OxCxgM3uPGZvA==,type:str] sops: kms: [] gcp_kms: [] @@ -41,8 +43,8 @@ sops: SEZndElYa1NOWnQ1Y3dMUG9WUS9yZE0Ku4sIsnLwt7bPeceWT/fSbJngdLdeVFiL qYYzmQOAP/nb1KlZCQjbqxZaMq7An+Iqaat4ILD1i39hmbLAZdxIpA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-15T05:14:38Z" - mac: ENC[AES256_GCM,data:uMxR0aIm37ub64O/RjkDAvY98vzkMxu0gqpbP+GoTFicWcyBDhxoOcXZf7ZRzONLWra+y2PS02i4b1odhmIdn8b6Xtse6l6v3GrpatGM6oLxwuEwG7t89bzj8oL9UazSV9MfGWiLMfI/E1bm1/osKEibIEhVkWUJ8KM+GnAZ0/U=,iv:oBW2/uJg3ZJSlb5l7gW+1xJNM+5MAm4pIAed2IHbS7o=,tag:+UQnMiopIvlWymkK8pk7WQ==,type:str] + lastmodified: "2024-12-15T06:38:44Z" + mac: ENC[AES256_GCM,data:Iy20cL0dv4kHsIjFMbbgt57jFfiluQq2iKGJHcVd4niz6+xUmG5dXRRswbhngN5VCwweKx4DSo1PUXF/4bmWpy+MUSTEVA0QO5Mmmt08+7u0iDfbPtS3+XcwSJfqnsE5I+iIyB+qOD9fslLwUHyeMuHjbjSM1UgAajnXiX2p71Y=,iv:ZLUMs0lu+QIldrKKTEIXqqOWqcBCU+YZFeVb9Uf32j4=,tag:hZH0TONnsESeYuYgmw6S/A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/linux/singularity/mailserver.nix b/linux/singularity/mailserver.nix index de9a53a..0f10e10 100644 --- a/linux/singularity/mailserver.nix +++ b/linux/singularity/mailserver.nix @@ -1,6 +1,7 @@ {config, ...}: with config.constants; let - mailSecret = "mail/${userName}/password"; + userSecret = "mail/${userName}/password"; + vaultwardenSecret = "mail/vaultwarden/password"; in { mailserver = { enable = true; @@ -10,11 +11,15 @@ in { loginAccounts = { "${userName}@${domain}" = { aliases = [postMaster]; - hashedPasswordFile = config.sops.secrets.${mailSecret}.path; + hashedPasswordFile = config.sops.secrets.${userSecret}.path; }; + ${config.services.vaultwarden.config.SMTP_FROM}.hashedPasswordFile = config.sops.secrets.${vaultwardenSecret}.path; }; certificateScheme = "acme"; }; - sops.secrets.${mailSecret} = {}; + sops.secrets = { + ${userSecret} = {}; + ${vaultwardenSecret} = {}; + }; } diff --git a/linux/singularity/vaultwarden.nix b/linux/singularity/vaultwarden.nix index cd8a427..8f2406f 100644 --- a/linux/singularity/vaultwarden.nix +++ b/linux/singularity/vaultwarden.nix @@ -4,11 +4,19 @@ in { services.vaultwarden = { enable = true; config = with config.constants; { - # Disable signup - SIGNUPS_ALLOWED = false; + DOMAIN = "https://vault.${domain}"; # Specify service port ROCKET_ADDRESS = localhost; ROCKET_PORT = port.vault; + # Disable signup + SIGNUPS_ALLOWED = false; + # SMTP config + SMTP_FROM = "vaultwarden@${domain}"; + SMTP_FROM_NAME = "vaultwarden"; + SMTP_HOST = "mail.${domain}"; + SMTP_USERNAME = "vaultwarden@${domain}"; + SMTP_PORT = 587; + SMTP_SECURITY = "starttls"; }; environmentFile = config.sops.secrets.${vaultEnvironment}.path; };