From db487bab193938af7c2c8cc75c34d2674805cee9 Mon Sep 17 00:00:00 2001
From: uku <hi@uku.moe>
Date: Thu, 31 Oct 2024 10:12:03 +0100
Subject: [PATCH] feat(etna): add smtp to vaultwarden

---
 secrets/etna/vaultwardenEnv.age | 19 +++++++++++++++++++
 secrets/secrets.nix             |  1 +
 systems/etna/vaultwarden.nix    | 14 ++++++++++++++
 3 files changed, 34 insertions(+)
 create mode 100644 secrets/etna/vaultwardenEnv.age

diff --git a/secrets/etna/vaultwardenEnv.age b/secrets/etna/vaultwardenEnv.age
new file mode 100644
index 0000000..e4f9117
--- /dev/null
+++ b/secrets/etna/vaultwardenEnv.age
@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSFJieU9lQnZOQy81VzJK
+V0MwTGFpdWtGenpuWE4xdDR4dWJhQkRwRlZvCm8rMkloMEVhdkkybFhWUmxuekF0
+cm04b1hqTGx6V1Nuelg0TVdYK0R5ZEUKLT4gWDI1NTE5IDdxb0x5ZTNnSDV0b3I0
+Zm5PUE1SelNtbm5pRTV6Zk5PSEo1KzJTckdoUzAKWkZVdTlKRnJYMmpLWlhiSXBX
+QzJKaTVxNkNxYk8ydGFtT3NrUEdtRytvMAotPiBYMjU1MTkgWW1UOWdLU3V6Zkhi
+Q0E2QlhHN0huSGs0ZDhmb0pwMzV4MGVzVVViOE9FTQpHSkFvQlNVVDRhS0FiTlR5
+UmZOOGc5ejc2RzgxSHo4ZXRJbzBkeitsT2NRCi0+IFgyNTUxOSBsMVpFdER6MXJ4
+RlRHSG91TDFMai8vTm1zS1FaSk1HQmEzMDJDbnpaZ0UwCm51MzRWblNNeHBCWHFk
+Z05FT0ZjNHZjdXljTmlpeVJVNGpVRExPYkVZbmsKLS0tIGJzTkRzVE9GMFJDdStO
+Tkg3cTVuY0RCWEhlbUhwNGZiMHBCUThlQXRtcFEKcydfFV97p3gVuFaGXP+8l54y
+v6R0EtjFjbFp7DhWY9Hut1viI0ogstBMilehmjKGrZ6bofWEFEoOod9tiLeQsP3S
+AmLrJ+Uj0Wz/xLdxydZDVFR51fnJ7KSDOMPbPcIKcryFsuJntRq4g5tEJo2TiuwI
+DSQjwrQ69KiH1BXFOYexeKbrfLgIPmU+oYGx/kYGQqcoTu3YegpRQgbShdAZSYJB
+X713AuYtAxCmPPcoJIMhsuG/TrLlVAPm+3+Y7RogjleubZ3T4OJCtrvz7X0Yllam
+mjGOXxm4AVsee6vOJMo1suGKYalnDU3cEyt0lF7aUv7DdLhkRLosvAaa/yL/Veae
+cdckvQfLqB6yVYQNP6z1ss8Ry7UhMNjASSSXMZx49rQX1sebCSzYeOVFDbupaCqM
+LWv3nr8=
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1535ecf..555a2db 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -29,4 +29,5 @@ in {
   "etna/turnstileSecret.age".publicKeys = main ++ [etna];
   "etna/navidromeEnv.age".publicKeys = main ++ [etna];
   "etna/forgejoRunnerSecret.age".publicKeys = main ++ [etna];
+  "etna/vaultwardenEnv.age".publicKeys = main ++ [etna];
 }
diff --git a/systems/etna/vaultwarden.nix b/systems/etna/vaultwarden.nix
index ed28c09..c5035e9 100644
--- a/systems/etna/vaultwarden.nix
+++ b/systems/etna/vaultwarden.nix
@@ -1,14 +1,28 @@
 {
+  config,
+  _utils,
+  ...
+}: let
+  envFile = _utils.setupSingleSecret config "vaultwardenEnv" {};
+in {
+  imports = [envFile.generate];
+
   cfTunnels."bw.uku3lig.net" = "http://localhost:8222";
 
   services.vaultwarden = {
     enable = true;
+    environmentFile = envFile.path;
     config = {
       DOMAIN = "https://bw.uku3lig.net";
       SIGNUPS_ALLOWED = false;
 
       ROCKET_ADDRESS = "::1";
       ROCKET_PORT = 8222;
+
+      SMTP_HOST = "in-v3.mailjet.com";
+      SMTP_FROM = "vaultwarden@uku3lig.net";
+      SMTP_PORT = 587;
+      SMTP_SECURITY = "starttls";
     };
   };
 }