From 26e81611beb791d04691152c84d517b6c76ba612 Mon Sep 17 00:00:00 2001
From: Thary <thary@riseup.net>
Date: Sat, 20 Sep 2025 00:53:43 +0300
Subject: [PATCH] fix

---
 module.nix | 47 ++++++++++++++++++++++-------------------------
 1 file changed, 22 insertions(+), 25 deletions(-)

diff --git a/module.nix b/module.nix
index 3247fff..91c19d1 100644
--- a/module.nix
+++ b/module.nix
@@ -17,6 +17,12 @@ let
 
   oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID;
   oauthRedirectURL = "https://${cfg.subdomain}.${sp.domain}/auth/auth/openid_connect/callback";
+
+  secrets = rec {
+    dir = "/run/keys/mastodon";
+    hashedPasswordFile = "${dir}/hashed_email_password";
+    passwordFile = "${dir}/email_password";
+  };
 in
 {
   options.selfprivacy.modules.mastodon = {
@@ -75,16 +81,14 @@ in
 
       smtp = {
         createLocally = false;
-        # fromAddress = "noreply.mastodon@${sp.domain}";
-        # user = "noreply.mastodon";
 
-        fromAddress = "noreply.mastodon@${sp.domain}";
-        user = "noreply.mastodon";
+        fromAddress = "mastodon@${sp.domain}";
+        user = "mastodon";
+        passwordFile = secrets.passwordFile;
+        authenticate = true;
 
         host = "hollowness.top";
         port = 465;
-        passwordFile = "/run/keys/mastodon/email_password";
-        authenticate = true;
       };
       extraConfig = {
         # "SMTP_ENABLE_STARTTLS" = "never";
@@ -95,18 +99,10 @@ in
       };
     };
 
-    # services.postfix.config = {
-    #   smtp_sasl_auth_enable = "yes";
-    #   smtp_sasl_security_options = "";
-    #   smtp_sasl_password_maps = "texthash:/run/keys/mastodon/hashed_email_password";
-    #   virtual_mailbox_maps = [ "hash:/run/keys/mastodon/hashed_email_password" ];
-    # };
-    # mailserver.loginAccounts."noreply.mastodon@${sp.domain}" = {
-    # mailserver.loginAccounts."mastodon@${sp.domain}" = {
     selfprivacy.emails."mastodon" = {
-      hashedPasswordFile = "/run/keys/mastodon/hashed_email_password";
+      hashedPasswordFile = secrets.hashedPasswordFile;
       systemdTargets = [ "mastodon-email-password-setup.service" ];
-      sendOnly = false;
+      sendOnly = true;
     };
 
     systemd = {
@@ -117,18 +113,19 @@ in
           Type = "oneshot";
           ExecStart = pkgs.writeShellScript "gen-mastodon-email-password" ''
             export password=$(head -c 32 /dev/urandom | base64 | sed 's/[+=\\/A-Z]//g')
-            mkdir /run/keys/mastodon/ || true # Create /run/keys/mastodon if it doesn't exist
+            mkdir ${secrets.dir} || true # Create ${secrets.dir} if it doesn't exist
 
-            rm -f /run/keys/mastodon/email_password || true
-            echo $password > /run/keys/mastodon/email_password
-            chmod 400 /run/keys/mastodon/email_password
-            chown ${config.services.mastodon.user}:${config.services.mastodon.group} /run/keys/mastodon/email_password
+            rm -f ${secrets.passwordFile} || true
+            echo "$password" > ${secrets.passwordFile}
+            chmod 400 ${secrets.passwordFile}
+            chown ${config.services.mastodon.user}:${config.services.mastodon.group} ${secrets.passwordFile}
 
-            rm -f /run/keys/mastodon/hashed_email_password || true
             export hashedPassword=$(${lib.getExe pkgs.mkpasswd} -sm bcrypt "$password")
-            echo "$hashedPassword" > /run/keys/mastodon/hashed_email_password
-            chmod 440 /run/keys/mastodon/hashed_email_password
-            chown ${config.services.postfix.user}:${config.services.postfix.group} /run/keys/mastodon/hashed_email_password
+
+            rm -f ${secrets.hashedPasswordFile} || true
+            echo "$hashedPassword" > ${secrets.hashedPasswordFile}
+            chmod 440 ${secrets.hashedPasswordFile}
+            chown ${config.services.postfix.user}:${config.services.postfix.group} ${secrets.hashedPasswordFile}
           '';
         };
       };