From 62f99a75dc1a439329ffaab1621eb467f2e2b869 Mon Sep 17 00:00:00 2001
From: Superredstone <patrickcanal3@gmail.com>
Date: Sun, 5 Apr 2026 08:21:59 +0200
Subject: [PATCH] feat(service): replace ntfy with maddy

feat(service): remove ntfy
---
 machines/bomba/networking.nix       |  5 ++++
 machines/bomba/secrets.nix          |  4 +--
 machines/bomba/services/default.nix |  1 +
 machines/bomba/services/maddy.nix   | 41 +++++++++++++++++++++++++++++
 machines/bomba/services/ntfy.nix    | 26 +++++++++---------
 5 files changed, 62 insertions(+), 15 deletions(-)
 create mode 100644 machines/bomba/services/maddy.nix

diff --git a/machines/bomba/networking.nix b/machines/bomba/networking.nix
index 806c4f4..c427343 100644
--- a/machines/bomba/networking.nix
+++ b/machines/bomba/networking.nix
@@ -10,8 +10,13 @@ in
       enable = true;
       allowedTCPPorts = [
         22
+        25
         80
+        143
         443
+        465
+        587
+        993
       ];
       allowedUDPPorts = [
         80
diff --git a/machines/bomba/secrets.nix b/machines/bomba/secrets.nix
index 3826266..509cbc3 100644
--- a/machines/bomba/secrets.nix
+++ b/machines/bomba/secrets.nix
@@ -7,11 +7,11 @@
         sopsFile = ../../secrets/bomba.sops.yaml;
       };
       ntfy_users = {
-        owner = "ntfy-sh";
+        # owner = "ntfy-sh";
         sopsFile = ../../secrets/bomba.sops.yaml;
       };
       ntfy_access = {
-        owner = "ntfy-sh";
+        # owner = "ntfy-sh";
         sopsFile = ../../secrets/bomba.sops.yaml;
       };
     };
diff --git a/machines/bomba/services/default.nix b/machines/bomba/services/default.nix
index 60d816c..54b6c82 100644
--- a/machines/bomba/services/default.nix
+++ b/machines/bomba/services/default.nix
@@ -5,6 +5,7 @@
     ./gitea.nix
     ./nextcloud.nix
     ./ntfy.nix
+    ./maddy.nix
     ./octoprint.nix
     ./vaultwarden.nix
   ];
diff --git a/machines/bomba/services/maddy.nix b/machines/bomba/services/maddy.nix
new file mode 100644
index 0000000..6a1b6c7
--- /dev/null
+++ b/machines/bomba/services/maddy.nix
@@ -0,0 +1,41 @@
+{
+  pkgs,
+  config,
+  options,
+  currentSystemEmail,
+  ...
+}:
+{
+  services.maddy = {
+    enable = true;
+    primaryDomain = "patrickcanal.it";
+    ensureAccounts = [
+      "postmaster@patrickcanal.it"
+      "test@patrickcanal.it"
+    ];
+    ensureCredentials = {
+      "postmaster@patrickcanal.it".passwordFile = "${pkgs.writeText "postmaster" "test"}";
+      "test@patrickcanal.it".passwordFile = "${pkgs.writeText "test" "test"}";
+    };
+    tls = {
+      loader = "file";
+      certificates = [
+        {
+          keyPath = "/etc/ssl/certs/privkey.pem";
+          certPath = "/etc/ssl/certs/fullchain.pem";
+        }
+      ];
+    };
+    config =
+      builtins.replaceStrings
+        [
+          "imap tcp://0.0.0.0:143"
+          "submission tcp://0.0.0.0:587"
+        ]
+        [
+          "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
+          "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+        ]
+        options.services.maddy.config.default;
+  };
+}
diff --git a/machines/bomba/services/ntfy.nix b/machines/bomba/services/ntfy.nix
index 47e7673..cde5c9d 100644
--- a/machines/bomba/services/ntfy.nix
+++ b/machines/bomba/services/ntfy.nix
@@ -1,16 +1,16 @@
 { config, ... }:
 {
-  services.ntfy-sh = {
-    enable = true;
-    environmentFile = config.sops.templates."ntfy.env".path;
-    settings = {
-      listen-http = ":8005";
-      base-url = "https://ntfy.patrickcanal.it";
-      smtp-server-listen = ":25";
-      smtp-server-domain = "patrickcanal.it";
-      behind-proxy = true;
-      enable-login = true;
-      require-login = true;
-    };
-  };
+  # services.ntfy-sh = {
+  #   enable = false;
+  #   environmentFile = config.sops.templates."ntfy.env".path;
+  #   settings = {
+  #     listen-http = ":8005";
+  #     base-url = "https://ntfy.patrickcanal.it";
+  #     smtp-server-listen = ":25";
+  #     smtp-server-domain = "patrickcanal.it";
+  #     behind-proxy = true;
+  #     enable-login = true;
+  #     require-login = true;
+  #   };
+  # };
 }