diff --git a/nixos/machines/frumar/default.nix b/nixos/machines/frumar/default.nix index cd4dcfe..0c5c011 100644 --- a/nixos/machines/frumar/default.nix +++ b/nixos/machines/frumar/default.nix @@ -233,6 +233,7 @@ }; age.secrets = { grafana.file = ../../../secrets/grafana.env.age; + frumar-mail-pass.file = ../../../secrets/frumar-mail-pass.age; transip-key = { file = ../../../secrets/transip-key.age; mode = "770"; @@ -333,4 +334,15 @@ TRANSIP_Username = "yorickvp"; TRANSIP_Key_File = config.age.secrets.transip-key.path; }; + programs.msmtp = { + enable = true; + accounts.default = { + auth = true; + tls = true; + from = "frumar@yori.cc"; + host = "pennyworth.yori.cc"; + user = "frumar@yori.cc"; + passwordeval = "cat ${config.age.secrets.frumar-mail-pass.path}"; + }; + }; } diff --git a/nixos/services/email.nix b/nixos/services/email.nix index d7f4dc2..c91542e 100644 --- a/nixos/services/email.nix +++ b/nixos/services/email.nix @@ -2,6 +2,7 @@ { imports = [ inputs.nixos-mailserver.nixosModule ]; age.secrets.yorick-mail-pass.file = ../../secrets/yorick-mail-pass.age; + age.secrets.frumar-mail-pass-hash.file = ../../secrets/frumar-mail-pass-hash.age; mailserver = rec { enable = true; @@ -13,6 +14,10 @@ catchAll = domains; aliases = [ "@yori.cc" "@yorickvanpelt.nl" ]; }; + "frumar@yori.cc" = { + hashedPasswordFile = config.age.secrets.frumar-mail-pass-hash.path; + sendOnly = true; + }; }; certificateScheme = "acme-nginx"; enableImapSsl = true; diff --git a/secrets/frumar-mail-pass-hash.age b/secrets/frumar-mail-pass-hash.age new file mode 100644 index 0000000..2400ccd Binary files /dev/null and b/secrets/frumar-mail-pass-hash.age differ diff --git a/secrets/frumar-mail-pass.age b/secrets/frumar-mail-pass.age new file mode 100644 index 0000000..2ee6c28 --- /dev/null +++ b/secrets/frumar-mail-pass.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 ooa5Z+FO+K6p4YDkKIIFsLOgZ88ZTNF/0XugZHz5U20 +sbZvaxb8wXvjT/6UHIM2VZfsyXw2FQvLqsrVtf3gENc +-> ssh-ed25519 n7yA6g C4/H2clrDieAE/W9A+ggdm5i1m+BEJb/GNFztOBXKjE +hO4lrUuEBdy0w3yfCeadwL4Cf9kC3272V5kQgWMaPR8 +-> B-grease p8R-v * +C+LKVBUkOeT3McXCE2RJMIGLM3an97FWaP760kZ5EX/RIYaX3U0yL6aEWA +--- OCvQzDRqhmVVSGC3bsmrERokBSzJ12dqEEth6GmHI+k +·’ÌJ÷J®ƒûKú!_¿Ðµ’èÛjkt¿ãóœ‰Ô‡¥¦`B'‘9 ú¢2ùíEÓ\} +>‡äé \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ab3e374..23c07ca 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,4 +23,6 @@ in "yorick-mail-pass.age".publicKeys = [ yorick pennyworth ]; "yorick-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ]; "root-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ]; + "frumar-mail-pass-hash.age".publicKeys = [ yorick pennyworth ]; + "frumar-mail-pass.age".publicKeys = [ yorick frumar ]; }