From 58804b24bce7ef62a351c3e83e5ab2e6b96662b8 Mon Sep 17 00:00:00 2001
From: Milan <me@pbb.lc>
Date: Sat, 20 Mar 2021 15:05:29 +0100
Subject: [PATCH] nixos/gitlab: add option for tls wrapper-mode smtp (#116801)

---
 nixos/modules/services/misc/gitlab.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix
index 1d45af36349..c9dd10ec557 100644
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@@ -196,6 +196,7 @@ let
         domain: "${cfg.smtp.domain}",
         ${optionalString (cfg.smtp.authentication != null) "authentication: :${cfg.smtp.authentication},"}
         enable_starttls_auto: ${boolToString cfg.smtp.enableStartTLSAuto},
+        tls: ${boolToString cfg.smtp.tls},
         ca_file: "/etc/ssl/certs/ca-certificates.crt",
         openssl_verify_mode: '${cfg.smtp.opensslVerifyMode}'
       }
@@ -463,6 +464,12 @@ in {
           description = "Whether to try to use StartTLS.";
         };
 
+        tls = mkOption {
+          type = types.bool;
+          default = false;
+          description = "Whether to use TLS wrapper-mode.";
+        };
+
         opensslVerifyMode = mkOption {
           type = types.str;
           default = "peer";