Merge pull request 'Mailman fixes' (#32) from feat/mailman into main

Reviewed-on: pub-solar/infra-new#32
Reviewed-by: teutat3s <teutates@mailbox.org>
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>

hosts/nachtigall/apps/forgejo.nix

@@ -46,6 +46,7 @@
         HTTP_ADDR = "127.0.0.1";
         HTTP_PORT = 3000;
       };
+      log.LEVEL = "Warn";
       mailer = {
         ENABLED = true;
         PROTOCOL = "smtps";

hosts/nachtigall/apps/mailman.nix

@@ -8,6 +8,19 @@
 {
   networking.firewall.allowedTCPPorts = [25];
 
+  users.users.nginx.extraGroups = [ "mailman" ];
+
+  services.nginx.virtualHosts."list.pub.solar" = {
+    enableACME = true;
+    forceSSL = true;
+  };
+  # Tweak permissions so nginx can read and serve the static assets
+  # (otherwise /var/lib/mailman-web is mode 0600)
+  # https://nixos.wiki/wiki/Mailman
+  systemd.services.mailman-settings.script = ''
+    chmod o+x /var/lib/mailman-web-static
+  '';
+
   services.postfix = {
     enable = true;
     relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];

hosts/nachtigall/apps/mastodon.nix

@@ -32,6 +32,9 @@
     owner = config.services.mastodon.user;
   };
 
+  # Nginx user needs access to mastodon unix sockets
+  users.users.nginx.extraGroups = [ "mastodon" ];
+
   services.mastodon = {
     enable = true;
     # Different from WEB_DOMAIN in our case

hosts/nachtigall/apps/nginx.nix

@@ -17,8 +17,6 @@ in {
     };
     recommendedProxySettings = true;
   };
-  # Nginx user needs access to mastodon unix sockets
-  users.users.nginx.extraGroups = [ "mastodon" ];
   
   security.acme = {
     acceptTerms = true;