From 0af8898d93d9c3a9ff44e7ff4006d749a4daa8d0 Mon Sep 17 00:00:00 2001
From: Thary <thary@riseup.net>
Date: Thu, 11 Sep 2025 22:38:06 +0300
Subject: [PATCH] fix

---
 module.nix | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/module.nix b/module.nix
index 930531e..fc3b26d 100644
--- a/module.nix
+++ b/module.nix
@@ -17,6 +17,9 @@ let
 
   oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID;
   oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback";
+
+  # emailPassword = pkgs.runCommand "genpassword" {} "echo `head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g'` > $out";
+  # emailPasswordHash = pkgs.runCommand "genpassword" {} "echo `head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g'` > $out";
 in
 {
   options.selfprivacy.modules.mastodon = {
@@ -89,10 +92,47 @@ in
       configureNginx = true;
       database.createLocally = true;
       streamingProcesses = 3;
+
+      smtp = {
+        createLocally = false;
+        user = "noreply.mastodon@${sp.domain}";
+        passwordFile = "/var/lib/mastodon/secrets/smtp-password";
+        authenticate = true;
+      };
     };
 
+    mailserver.loginAccounts."noreply.mastodon@${sp.domain}" = {
+      hashedPassword = "";
+      sendOnly = true;
+    };
+
+    services.postfix.config.virtual_mailbox_maps = [ "hash:/run/postfix/mastodon.cf" ];
 
     systemd = {
+      services.mastodon-email-password-setup = {
+        enable = true;
+        wantedBy = [ "multi-user.target" "mastodon-web.service" "postfix.service" ];
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = pkgs.writeShellScript "gen-mastodon-email-password" ''
+            export password=$(head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g')
+
+            rm -f /run/keys/mastodon/email_password || true
+            mkdir /run/keys/mastodon/ || true # Create /run/keys/mastodon if it doesn't exist
+            echo $password > /run/keys/mastodon/email_password
+            chmod 400 /run/keys/mastodon/email_password
+            chown ${config.services.mastodon.user}:${config.services.mastodon.group} /run/keys/mastodon/email_password
+
+            rm -f /run/postfix/mastodon.cf || true
+            mkdir /run/postfix/ || true # Create /run/postfix if it doesn't exist
+            export hashedPassword=$(mkpasswd -sm bcrypt "$password")
+            echo "noreply.mastodon@${sp.domain}: $hashedPassword" > /run/postfix/mastodon.cf
+            chmod 440 /run/postfix/mastodon.cf
+            chown ${config.services.postfix.user}:${config.services.postfix.group} /run/postfix/mastodon.cf
+          '';
+        };
+      };
+
       services.mastodon-web = {
         unitConfig.RequiresMountsFor = lib.mkIf sp.useBinds "/volumes/${cfg.location}/mastodon";
         serviceConfig = {