From 802de6967f4684b5395b9305d4265aa776d0838b Mon Sep 17 00:00:00 2001 From: Jet Date: Wed, 25 Mar 2026 22:47:11 -0700 Subject: [PATCH 1/2] fix: caddy override --- modules/caddy.nix | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/modules/caddy.nix b/modules/caddy.nix index d2f2617..7af168e 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -1,18 +1,9 @@ { config, pkgs, ... }: -let - caddyPkg = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" { - buildGo125Module = pkgs.buildGo126Module; - }; - caddyWithPlugins = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/plugins.nix" { - caddy = caddyPkg; - }; -in - { services.caddy = { enable = true; - package = caddyWithPlugins { + package = pkgs.caddy.withPlugins { plugins = [ "github.com/mholt/caddy-ratelimit@v0.1.0" ]; hash = "sha256-Ko4kJJiBUGX/2x6O+Q0f7hrf6r7YkVCQPRV04Adgedw="; }; From 85ec8e01fe8cfb935f7e9649dd7e228f2f5acfc7 Mon Sep 17 00:00:00 2001 From: Jet Date: Wed, 25 Mar 2026 23:26:21 -0700 Subject: [PATCH 2/2] fix: website to working webhooks version --- configuration.nix | 3 +++ flake.lock | 14 +++++++------- modules/mail.nix | 19 ++++++++++++++++++- 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/configuration.nix b/configuration.nix index 917e52e..9a74c91 100644 --- a/configuration.nix +++ b/configuration.nix @@ -38,6 +38,7 @@ owner = "matrix-synapse"; }; ntfy-admin-hash.file = ./secrets/ntfy-admin-hash.age; + webhook-secret.owner = "stalwart-mail"; }; # Bootloader @@ -146,6 +147,8 @@ services.jetpham-website = { enable = true; tor.enable = true; + qaMailDomain = "jetpham.com"; + qaReplyDomain = "jetpham.com"; }; # Allow Tailscale traffic diff --git a/flake.lock b/flake.lock index 032fe1e..05b4482 100644 --- a/flake.lock +++ b/flake.lock @@ -470,11 +470,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1773803479, - "narHash": "sha256-GD6i1F2vrSxbsmbS92+8+x3DbHOJ+yrS78Pm4xigW4M=", + "lastModified": 1774581174, + "narHash": "sha256-258qgkMkYPkJ9qpIg63Wk8GoIbVjszkGGPU1wbVHYTk=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "f17186f52e82ec5cf40920b58eac63b78692ac7c", + "rev": "a313afc75b85fc77ac154bf0e62c36f68361fd0b", "type": "github" }, "original": { @@ -553,11 +553,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1774078882, - "narHash": "sha256-0ABtMFWqKsESSX2E4Z+uY1VXCNb9PzZ/ke7HmpTkflE=", + "lastModified": 1774581798, + "narHash": "sha256-WimRZfiKOR8/yxxpmEx1kFP4IM/Ahq692fSvPLhxUek=", "ref": "refs/heads/main", - "rev": "ede986080a538eced16490e47c638398c2e4c49f", - "revCount": 39, + "rev": "38af26d959bf4934155d85f15345f0d83252dab9", + "revCount": 48, "type": "git", "url": "https://git.extremist.software/jet/website" }, diff --git a/modules/mail.nix b/modules/mail.nix index d3c373e..eb7b921 100644 --- a/modules/mail.nix +++ b/modules/mail.nix @@ -45,11 +45,28 @@ user = "admin"; secret = "%{file:/run/agenix/stalwart-admin}%"; }; + + session.hook."qa-webhook" = { + enable = "contains(recipients, 'qa@jetpham.com')"; + url = "http://127.0.0.1:3003/api/webhook"; + stages = [ "data" ]; + auth = { + username = "qa-webhook"; + secret = "%{file:${config.age.secrets.webhook-secret.path}}%"; + }; + options = { + "tempfail-on-error" = true; + "max-response-size" = 1048576; + }; + }; }; }; # Allow Stalwart to read the ACME certificate procured for Caddy and the agenix secret systemd.services.stalwart.serviceConfig.SupplementaryGroups = [ "acme" ]; - systemd.services.stalwart.serviceConfig.ReadOnlyPaths = [ "/run/agenix/stalwart-admin" ]; + systemd.services.stalwart.serviceConfig.ReadOnlyPaths = [ + "/run/agenix/stalwart-admin" + config.age.secrets.webhook-secret.path + ]; }