authentik yay

2025-09-07 00:11:16 +02:00 · 2025-09-07 00:11:16 +02:00 · f2fcbfb679
commit f2fcbfb679
parent d3a93fd115
34 changed files with 612 additions and 363 deletions
--- a/modules/presets/server.nix
+++ b/modules/presets/server.nix
@ -6,22 +6,56 @@
 }:
 let
  cfg = config.xyno.presets.server;
+  msmtpConfigItems = [
+    "host"
+    "port"
+    "from"
+    "user"
+    "password"
+
+  ];
 in
 {
  options.xyno.presets.server.enable =
    lib.mkEnableOption "enables xynos base server config (ssh/smart/email/zed/...)";
  config = lib.mkIf cfg.enable {
    services.openssh.enable = true;
-    users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/oMAi5jyQsNohfhcSH2ItisTpBGB0WtYTVxJYKKqhj"]; # theseus
+    users.users.root.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/oMAi5jyQsNohfhcSH2ItisTpBGB0WtYTVxJYKKqhj"
+    ]; # theseus

    environment.etc."msmtprc".enable = false;
-    sops.secrets."msmtp/rc" = {
+    sops.defaultSopsFile = ../../secrets/common.yaml;
+    sops.secrets = lib.mkMerge (
+      [
+        {
+          "msmtp/aliases" = {
+            path = "/etc/aliases";
+          };
+        }
+      ]
+      ++ (map (x: { "msmtp/${x}" = { }; }) msmtpConfigItems)
+    );
+    sops.templates."msmtprc" = {
      path = "/etc/msmtprc";
+      content = ''
+        defaults
+        allow_from_override off
+        set_from_header on
+        auth on
+        tls on
+        tls_starttls off
+
+        account default
+        ${lib.concatStringsSep "\n" (
+          map (x: "${x} ${config.sops.placeholder."msmtp/${x}"}") msmtpConfigItems
+        )}
+        auth on
+
+        aliases /etc/aliases
+      '';
    };
-    sops.secrets."msmtp/aliases" = {
-      path = "/etc/aliases";
-    };
-    
+
    programs.msmtp = {
      enable = true;
    };