diff --git a/hosts/sire/guests/ente.nix b/hosts/sire/guests/ente.nix index b1b3fa0..168253b 100644 --- a/hosts/sire/guests/ente.nix +++ b/hosts/sire/guests/ente.nix @@ -80,6 +80,7 @@ in client.via = "sentinel"; firewallRuleForNode.sentinel.allowedTCPPorts = [ 80 + 8080 9000 ]; }; @@ -88,6 +89,7 @@ in client.via = "ward"; firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ 80 + 8080 9000 ]; }; @@ -173,6 +175,11 @@ in mode = "440"; group = "ente"; }; + age.secrets.ente-smtp-password = { + generator.script = "alnum"; + mode = "440"; + group = "ente"; + }; services.minio = { enable = true; @@ -206,6 +213,15 @@ in rporigins = [ "https://${enteAccountsDomain}" ]; }; + # FIXME: blocked on https://github.com/ente-io/ente/issues/5958 + # smtp = { + # host = config.repo.secrets.local.ente.mail.host; + # port = 465; + # email = config.repo.secrets.local.ente.mail.from; + # username = config.repo.secrets.local.ente.mail.user; + # password._secret = config.age.secrets.ente-smtp-password.path; + # }; + s3 = { use_path_style_urls = true; b2-eu-cen = { diff --git a/hosts/sire/secrets/ente/local.nix.age b/hosts/sire/secrets/ente/local.nix.age new file mode 100644 index 0000000..587ae90 Binary files /dev/null and b/hosts/sire/secrets/ente/local.nix.age differ diff --git a/modules/ente.nix b/modules/ente.nix index 2cceb5e..845932d 100644 --- a/modules/ente.nix +++ b/modules/ente.nix @@ -319,6 +319,9 @@ in locations."/" = { root = webPackage "accounts"; tryFiles = "$uri $uri.html /index.html"; + extraConfig = '' + add_header Access-Control-Allow-Origin 'https://${cfgWeb.domains.api}'; + ''; }; }; virtualHosts.${domainFor "cast"} = { @@ -326,6 +329,9 @@ in locations."/" = { root = webPackage "cast"; tryFiles = "$uri $uri.html /index.html"; + extraConfig = '' + add_header Access-Control-Allow-Origin 'https://${cfgWeb.domains.api}'; + ''; }; }; virtualHosts.${domainFor "photos"} = { @@ -336,6 +342,9 @@ in locations."/" = { root = webPackage "photos"; tryFiles = "$uri $uri.html /index.html"; + extraConfig = '' + add_header Access-Control-Allow-Origin 'https://${cfgWeb.domains.api}'; + ''; }; }; }; diff --git a/secrets/generated/sire-ente/ente-smtp-password.age b/secrets/generated/sire-ente/ente-smtp-password.age new file mode 100644 index 0000000..154bcff --- /dev/null +++ b/secrets/generated/sire-ente/ente-smtp-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 uzx96W3LGgLuzEzAtwPjH+NX2vcv8ubqqX7YZiwQFgk +KlBmy7H6aMxmwulZOlTKZstIksYCO3ZmA5FRqPNRVdw +-> piv-p256 xqSe8Q A5M4BXtJeBxuptSTUikB5VMJKqOezt0LUujl++SkBK++ +J7Qv3r/5PbZtDE3bSDDSrH1hCZAhIfvYYQASnftZiBw +-> ]#ef9-grease uUT +vopjT0SJXs4y/e11dxHdH6Jm4H7fPraQnQ +--- 8eRnzo0sQwqYPdMvoIe+yh7Z0XNz04qqmVDBiOiPuOI +0}*&n4X{f6,!sݬc3 +7j\$m[70:ꚼ3+Hf%QSϖ \ No newline at end of file diff --git a/secrets/rekeyed/sire-ente/5570523ddaedcea15f6024b00755055e-ente-smtp-password.age b/secrets/rekeyed/sire-ente/5570523ddaedcea15f6024b00755055e-ente-smtp-password.age new file mode 100644 index 0000000..cb6df21 --- /dev/null +++ b/secrets/rekeyed/sire-ente/5570523ddaedcea15f6024b00755055e-ente-smtp-password.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 JgWCuA q5Wp7aYyyaEavf6STF9SvQgmzdYXgTyGxGfmw3oSZiQ +NkBSO5mKfWLe191MADiA1/8UCEWYg1Wf19tDQzRKcuY +-> Tmk{-grease 8].Slcf +o7SZB2XURbUUce7EuhTa1K0fd40MXUyuDEu52sxbAO5w8f/o7NKhH0E6gxAomVFI +3+u4q5rBb2CgqJ7Ggu0BZF5pmVjYUZc8K6c4OzK2w5YwiZzmnw +--- CToVXazvableiflSVSRk1gN7L7+//TKkELjn7mJr3qw +aPo֧Ic 6Aw͕R"Y}E>()iDL