From a41a3da7ce8d548f837c70d924e496eabec37496 Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Tue, 4 Mar 2025 09:50:47 -0500
Subject: Add Monica configuration for Omni/Cloud

Configure Monica on Omni/Cloud. I had to setup PHP FastCGI so that nginx handles
the PHP requests properly, and setup an email address for the service.
---
 Omni/Cloud.nix        |  1 +
 Omni/Cloud/Mail.nix   |  6 +++++-
 Omni/Cloud/Monica.nix | 31 +++++++++++++++++++++++++++++++
 Omni/Cloud/Web.nix    | 12 ++++++++++++
 4 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 Omni/Cloud/Monica.nix

diff --git a/Omni/Cloud.nix b/Omni/Cloud.nix
index 9d1712f..6f52850 100755
--- a/Omni/Cloud.nix
+++ b/Omni/Cloud.nix
@@ -14,6 +14,7 @@ bild.os {
     ./Cloud/Networking.nix
     ./Cloud/Web.nix
     ./Cloud/Znc.nix
+    ./Cloud/Monica.nix
     "${bild.sources.nixos-mailserver}"
   ];
   networking.hostName = "simatime";
diff --git a/Omni/Cloud/Mail.nix b/Omni/Cloud/Mail.nix
index d3f70bc..787c7cb 100644
--- a/Omni/Cloud/Mail.nix
+++ b/Omni/Cloud/Mail.nix
@@ -15,7 +15,7 @@ Known issues:
     };
     fqdn = "simatime.com";
     domains = ["simatime.com" "bsima.me"];
-    certificateScheme = 3; # let's encrypt
+    certificateScheme = "acme-nginx"; # let's encrypt, using named scheme instead of number
     enableImap = true;
     enablePop3 = true;
     enableImapSsl = true;
@@ -47,6 +47,10 @@ Known issues:
         aliases = ["nicolai@simatime.com"];
         quota = "1G";
       };
+      "monica@simatime.com" = {
+        hashedPasswordFile = "/home/ben/hashed-mail-password";
+        quota = "1G";
+      };
     };
   };
 }
diff --git a/Omni/Cloud/Monica.nix b/Omni/Cloud/Monica.nix
new file mode 100644
index 0000000..0d6ca65
--- /dev/null
+++ b/Omni/Cloud/Monica.nix
@@ -0,0 +1,31 @@
+{config, ...}: let
+  rootDomain = config.networking.domain;
+in {
+  services.monica = {
+    enable = true;
+    hostname = "monica.${rootDomain}";
+    appKeyFile = "/run/keys/monica-appkey";
+    database = {
+      createLocally = true;
+    };
+    # Configure nginx properly for Monica
+    nginx = {
+      enableACME = false; # We'll use the main domain's certificate
+      forceSSL = true; # Force SSL
+      useACMEHost = rootDomain; # Use the main domain's certificate
+    };
+
+    # Configure email settings to use the local mail server
+    mail = {
+      driver = "smtp";
+      host = "localhost";
+      port = 25; # Standard SMTP port
+      fromName = "Monica CRM";
+      from = "monica@simatime.com";
+      encryption = null; # No encryption for local mail server
+    };
+  };
+
+  # The Monica service will create its own nginx virtual host
+  # We've added monica.${rootDomain} to the ACME cert list in Web.nix
+}
diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix
index 1225247..79886c3 100644
--- a/Omni/Cloud/Web.nix
+++ b/Omni/Cloud/Web.nix
@@ -103,6 +103,14 @@ in {
       user = "nginx";
       group = "nginx";
 
+      # Add PHP configuration for Monica
+      appendHttpConfig = ''
+        # PHP FastCGI configuration for Monica
+        upstream php-handler {
+          server unix:/run/phpfpm/monica.sock;
+        }
+      '';
+
       virtualHosts = {
         ${rootDomain} = {
           serverName = rootDomain;
@@ -149,6 +157,9 @@ in {
           useACMEHost = rootDomain;
         };
 
+        # Monica virtual host configuration is handled by the Monica service
+        # Don't add a manual entry here to avoid conflicts
+
         "hoogle.${rootDomain}" = {
           locations."/".proxyPass = "http://${ports.bensIp}:${toString ports.hoogle}";
           forceSSL = true;
@@ -288,6 +299,7 @@ in {
         "sd"
         "gerrit"
         "git"
+        "monica"
         # xmpp stuff
         "upload"
         "conference"
-- 
cgit v1.2.3