discourse: add mail config and somme plugins

Signed-off-by: Jeltz <jeltz@federez.net>

profiles/discourse.nix

@@ -1,8 +1,27 @@
-{ config, lib, pkgs, ... }: {
+{ config, lib, pkgs, ... }:
-  age.secrets.discourse-key-base = {
+let
-    file = ../secrets/discourse-key-base.age;
+  discourse-shared-edits = pkgs.discourse.mkDiscoursePlugin {
-    owner = "discourse";
+    name = "discourse-shared-edits";
-    group = "discourse";
+    src = pkgs.fetchFromGitHub {
+      owner = "discourse";
+      repo = "discourse-shared-edits";
+      rev = "586d7c18d331e6430f696c2b5b57363a1ee07736";
+      sha256 = "sha256-1CrUQvVL7utrzYv4onh48JUYp6GaDSzo+HdxhwpMqxU=";
+    };
+  };
+in
+{
+  age.secrets = {
+    discourse-key-base = {
+      file = ../secrets/discourse-key-base.age;
+      owner = "discourse";
+      group = "discourse";
+    };
+    discourse-mail-password = {
+      file = ../secrets/discourse-mail-password.age;
+      owner = "discourse";
+      group = "discourse";
+    };
   };
 
   services.postgresql.package = pkgs.postgresql_13;
@@ -11,8 +30,26 @@
     enable = true;
     hostname = "forum.federez.net";
     secretKeyBaseFile = config.age.secrets.discourse-key-base.path;
-    # TODO(jeltz): mail
+    mail = {
+      outgoing = {
+        serverAddress = "dodecagon.federez.net";
+        port = 465;
+        domain = "federez.net";
+        username = "discourse";
+        authentication = "plain";
+        forceTLS = true;
+        passwordFile = config.age.secrets.discourse-mail-password.path;
+      };
+      notificationEmailAddress = "forum@federez.net";
+    };
     admin.skipCreate = true;
+    plugins = with config.services.discourse.package.plugins; [
+      discourse-calendar
+      discourse-math
+      discourse-shared-edits
+      discourse-solved
+      discourse-voting
+    ];
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];

secrets/discourse-mail-password.age

@@ -0,0 +1,32 @@
+age-encryption.org/v1
+-> ssh-ed25519 oDAQrw +aORlGGz/jqX0t4opGM5vMTgBKtAdL/z1KxfA4C43To
+MNbp/PaSnpvyfZtmWWD6HYG3yHh2uWoXDY8V1Ft7+ac
+-> ssh-rsa krWCLQ
+2Px6I6WuRr10mMWlcUCAbnm6dyQa2hklmnwXtNPWXmKNPzHC6CGoye5dnOvkNKGN
+5ekf2mK2ywzE2FQFVYOtY3Ss/60I4OTXmxNJ3qrCAU2z+f+53nAegguc3tB4Xvh8
+tQVQICaX1oVU/PD2SFX8QcTBORF2+Vc0Nd6fbuGl3dhSeESg7JLj5oaBCsthZD2J
+U1ehTDS/+t6nogt1BdNZK10yFXRGk44jDMADMvvUPkIEW7mbvTFfMtXNhbemOn+X
+oIXt8DNwzn3tF1IdOJ+vjtcU3gqYQYZVFKJV1DtQSA7i46Dl0J0+12+8/zKMX+yu
+NKcaa/L1tz0lPX6ZeXhoOg
+-> ssh-ed25519 /vwQcQ QoEbQ1IA4EKR97Fqa/NQN9RDUEubeZbvxMcd0ZFhwyU
+OAFrGGXCxDFcsalinhG3JcXUj+RJawl6UnSgZkBwBrk
+-> ssh-ed25519 0R97PA VkKhx5oVdrFjjSXwreIiGnH0nZEqY5Ls4OSpgpDn0jI
+FC9SN+Woh6QBWV5r5TjtjFSp8mqw3LxgFJCQPjD8oss
+-> ssh-rsa jL+Elw
+UGQRNdtkdNbRVcoimpZsgBAGp95mtHwJ8V4CwlL82GqdIGM3LQDrCtPgFTC1C4Zx
+lrgVaT/xi4WhRkkHCd0ZTzJ5i9NY9H/gnDaXKeKcTcQezH1yeMBLns92D2z7u0+1
+DyTzu8ZzZLvaej2b7gLU6u2BMC10AnBYP0LFuZlE3ndnr7ro9flKPb5A+IRbX339
+xkNlIOsTBdSfJJ27LKZVIOUS2Pxg1Kos9Wtbg1QsgeikdrA++QD0GhrRd+X4sFrf
+Xfjq12XDakCfLmvi9QLJ2hy4X1glCO1lsBocDEaa2dGQMa2yVQi72z/92w83g98C
+UO25VkpKwdGFBf8PfhKeEkdSQEJUNOe3mlTEvtpr5S3BM+//fSFHlaS1UMEeamC2
+OrcvTwdby9f4l0++9dEuPcgQYvMzbUndwFn2HI7a8fGSIF6iXeVdrl5zuR3Wgugr
+ksMiQ6IyItrv/XlR5945dTxragWIwDeNJFE5EEYU3F7ryhT1FMKUWlt3lDazVuuj
+PoLjUnXNhi7I+3XZ22e5P2BW7UmMbsPg3M9l+u+1U1vk/o28cZxrWV6VW4MB1Aiv
+TXFXZSl123ag32PdKZ/dV7p4VC4hXEqyLA7qIrE9rFduEI5WQHqd1iL/pGxEOnuM
+AOe/acgmB1hhVLCAwCCpERWyC1+Bn7UWRjrPKCLfqFc
+-> ssh-ed25519 jIXfPA NaF9Sg7UkShfSzE59iFwKF4WMsc0xtAejl+20EQBNzc
+4CJqeGTxwcG0ObXeWATVKQkqlyaKZEaHFfGBOc6Xpok
+-> ssh-ed25519 um7xWA rlZ0xF57VNq1KHijaV9csD+Sq6cfp5DM9k1uuVOhLyY
+7uYk1RIET7bkdXTHJdocqOiEtc6vqY4iOBB4cMJ7CyQ
+--- FiH1HnZbKHvI9kclq8TrOFlQN6hvNd9M0mxdqjYM5gw
+õõkjŠüª—p[ÉtäÏ–UÎ9Þdc–Ú—<C39A>N«•E#™²c|’Òۃ䋷`¡û§GWMy€v$àdü–±

secrets/secrets.nix

@@ -28,4 +28,5 @@ in
     "keycloak-password-file.age".publicKeys = [ lagon ] ++ keycloak-admins;
     "ldap-bind-password.age".publicKeys = servers ++ ldap-bind-admins;
     "discourse-key-base.age".publicKeys = [ pendragon ] ++ discourse-admins;
+    "discourse-mail-password.age".publicKeys = [ pendragon ] ++ discourse-admins;
   }