From 05ac7b8bc47d274e717b175f5f529a72728454d2 Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Thu, 14 May 2026 10:05:41 +0300
Subject: [PATCH 1/2] add mailer creds for forgejo

---
 secrets/forgejo.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 secrets/forgejo.yaml

diff --git a/secrets/forgejo.yaml b/secrets/forgejo.yaml
new file mode 100644
index 0000000..c900964
--- /dev/null
+++ b/secrets/forgejo.yaml
@@ -0,0 +1,17 @@
+forgejo-mailer-user: ENC[AES256_GCM,data:M++19F8ZcQlcqa4qq00a5SZK7VhIFbLLEETEqdKkaKo=,iv:iADeb3SedAj3U/k3ch2se733bsxOoynmylTMyMd6y3A=,tag:MsB4ysgt2iVmLL0K8v0DwA==,type:str]
+forgejo-mailer-passwd: ENC[AES256_GCM,data:YkYrJiBpyjcevgYnMoturP5PKO9pF9gZVTWW7WIIgmI=,iv:vZYh+L85ofoN+6wW6aUbsKplJzm/WmL2pQ8n1kIYRL8=,tag:K/Qi/APK5A1zUDYkqWu/Rg==,type:str]
+sops:
+    age:
+        - recipient: age1haj8v88kjna6ttkdufjpyjcf478kyvclnpdc8jwh97ewhqcc9eqsgrku4v
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQnJsTko5RzVyUzMyQWpW
+            K2kxSTZRRFZDMmNWanBIdFFRY3dUNGxUcVVVCmYzT29KTE8zTmx5dW1samNjUHo1
+            cjdRRjVwWXZWMjM0UEp6amRqaEtIdjgKLS0tIG9Oem04U01aTFUrM2ttT05ib0k5
+            dnJFdXVoWG5vVUtGbkJsWU1XSmpGbGMKpXBag+onGcz55xAEDN1vq4pe4qx6MDYF
+            O9YxT8/EyYqermncHKlkG5ASMyeH/zMWtfJN0dUYkFVCVmi0eEWM8Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-05-14T07:02:00Z"
+    mac: ENC[AES256_GCM,data:njXcE/sgv1tRn8YGied5kMVm8s8FG/wZwsFSlesr53MKUn86+GglctLBAzNMcYEkkZ7P8rdNhSSzTc1eHw88YDZrzskrShLJMOlWoiE952MX8Xlmxeb34GybNWSDqKauzzUwJTGRhf4Cpefy9jpb1De1KJUNJ/R8M4MjS+LyUVI=,iv:hT13jCfxWnTRm4xErd4Sv53MqQvwnrZvkfvCYmCqijU=,tag:RKYAdKkojccDhxkicjozkQ==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.2

From 1837cfacb39d6fc1f65cbf310ed83529c67a38ad Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Thu, 14 May 2026 10:06:05 +0300
Subject: [PATCH 2/2] add mailer settings to forgejo

---
 forgejo.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/forgejo.nix b/forgejo.nix
index 6cb7c07..8cc2880 100644
--- a/forgejo.nix
+++ b/forgejo.nix
@@ -1,5 +1,6 @@
 {
   domainName,
+  config,
   ...
 }:
 {
@@ -16,7 +17,16 @@
         };
         session.COOKIE_SECURE = true;
         service.DISABLE_REGISTRATION = true;
+        mailer = {
+          ENABLED = true;
+          SMTP_ADDR = "in-v3.mailjet.com";
+          SMTP_PORT = 587;
+          FROM = "noreply@forgejo.${domainName}";
+          # USER and PASSWD come from secrets below
+        };
       };
+      secrets.mailer.USER = config.sops.secrets."forgejo-mailer-user".path;
+      secrets.mailer.PASSWD = config.sops.secrets."forgejo-mailer-passwd".path;
     };
     nginx.virtualHosts."git.${domainName}" = {
       forceSSL = true;
@@ -37,4 +47,12 @@
       };
     };
   };
+  sops.secrets."forgejo-mailer-user" = {
+    sopsFile = ./secrets/forgejo.yaml;
+    mode = "0400";
+  };
+  sops.secrets."forgejo-mailer-passwd" = {
+    sopsFile = ./secrets/forgejo.yaml;
+    mode = "0400";
+  };
 }