fix: website to working webhooks version

configuration.nix

@@ -38,6 +38,7 @@
       owner = "matrix-synapse";
     };
     ntfy-admin-hash.file = ./secrets/ntfy-admin-hash.age;
+    webhook-secret.owner = "stalwart-mail";
   };
 
   # Bootloader
@@ -146,6 +147,8 @@
   services.jetpham-website = {
     enable = true;
     tor.enable = true;
+    qaMailDomain = "jetpham.com";
+    qaReplyDomain = "jetpham.com";
   };
 
   # Allow Tailscale traffic

flake.lock

@@ -470,11 +470,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1773803479,
+        "lastModified": 1774581174,
-        "narHash": "sha256-GD6i1F2vrSxbsmbS92+8+x3DbHOJ+yrS78Pm4xigW4M=",
+        "narHash": "sha256-258qgkMkYPkJ9qpIg63Wk8GoIbVjszkGGPU1wbVHYTk=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "f17186f52e82ec5cf40920b58eac63b78692ac7c",
+        "rev": "a313afc75b85fc77ac154bf0e62c36f68361fd0b",
         "type": "github"
       },
       "original": {
@@ -553,11 +553,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1774078882,
+        "lastModified": 1774581798,
-        "narHash": "sha256-0ABtMFWqKsESSX2E4Z+uY1VXCNb9PzZ/ke7HmpTkflE=",
+        "narHash": "sha256-WimRZfiKOR8/yxxpmEx1kFP4IM/Ahq692fSvPLhxUek=",
         "ref": "refs/heads/main",
-        "rev": "ede986080a538eced16490e47c638398c2e4c49f",
+        "rev": "38af26d959bf4934155d85f15345f0d83252dab9",
-        "revCount": 39,
+        "revCount": 48,
         "type": "git",
         "url": "https://git.extremist.software/jet/website"
       },

modules/caddy.nix

@@ -1,18 +1,9 @@
 { config, pkgs, ... }:
 
-let
-  caddyPkg = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" {
-    buildGo125Module = pkgs.buildGo126Module;
-  };
-  caddyWithPlugins = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/plugins.nix" {
-    caddy = caddyPkg;
-  };
-in
-
 {
   services.caddy = {
     enable = true;
-    package = caddyWithPlugins {
+    package = pkgs.caddy.withPlugins {
       plugins = [ "github.com/mholt/caddy-ratelimit@v0.1.0" ];
       hash = "sha256-Ko4kJJiBUGX/2x6O+Q0f7hrf6r7YkVCQPRV04Adgedw=";
     };

modules/mail.nix

@@ -45,11 +45,28 @@
         user = "admin";
         secret = "%{file:/run/agenix/stalwart-admin}%";
       };
+
+      session.hook."qa-webhook" = {
+        enable = "contains(recipients, 'qa@jetpham.com')";
+        url = "http://127.0.0.1:3003/api/webhook";
+        stages = [ "data" ];
+        auth = {
+          username = "qa-webhook";
+          secret = "%{file:${config.age.secrets.webhook-secret.path}}%";
+        };
+        options = {
+          "tempfail-on-error" = true;
+          "max-response-size" = 1048576;
+        };
+      };
     };
   };
 
   # Allow Stalwart to read the ACME certificate procured for Caddy and the agenix secret
   systemd.services.stalwart.serviceConfig.SupplementaryGroups = [ "acme" ];
-  systemd.services.stalwart.serviceConfig.ReadOnlyPaths = [ "/run/agenix/stalwart-admin" ];
+  systemd.services.stalwart.serviceConfig.ReadOnlyPaths = [
+    "/run/agenix/stalwart-admin"
+    config.age.secrets.webhook-secret.path
+  ];
 
 }