From f9edbcdca5df762f484e636a2ba63bfa63ea1a8e Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Mon, 27 Oct 2025 12:54:20 +0100
Subject: [PATCH] Use specific mail-robot group to send mail

Allows any user to be able to send mail from the robot account as long
as it is added to the mail-robot group.
---
 m/hut/gitea.nix | 3 +++
 m/hut/msmtp.nix | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/m/hut/gitea.nix b/m/hut/gitea.nix
index 02e0d50b..433b2016 100644
--- a/m/hut/gitea.nix
+++ b/m/hut/gitea.nix
@@ -29,6 +29,9 @@
     };
   };
 
+  # Allow gitea user to send mail
+  users.users.gitea.extraGroups = [ "mail-robot" ];
+
   services.gitea-actions-runner.instances = {
     runrun = {
       enable = true;
diff --git a/m/hut/msmtp.nix b/m/hut/msmtp.nix
index aaeaf5d0..73a9a49a 100644
--- a/m/hut/msmtp.nix
+++ b/m/hut/msmtp.nix
@@ -1,8 +1,11 @@
 { config, lib, ... }:
 {
+  # Robot user that can see the password to send mail from jungle-robot
+  users.groups.mail-robot = {};
+
   age.secrets.jungleRobotPassword = {
     file = ../../secrets/jungle-robot-password.age;
-    group = "gitea";
+    group = "mail-robot";
     mode = "440";
   };