From b96139868ce98696ed70c850f3451188346b9834 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Sat, 22 Jul 2023 12:28:50 +0200 Subject: [PATCH] frumar: enable sending mail --- nixos/machines/frumar/default.nix | 12 ++++++++++++ nixos/services/email.nix | 5 +++++ secrets/frumar-mail-pass-hash.age | Bin 0 -> 467 bytes secrets/frumar-mail-pass.age | 10 ++++++++++ secrets/secrets.nix | 2 ++ 5 files changed, 29 insertions(+) create mode 100644 secrets/frumar-mail-pass-hash.age create mode 100644 secrets/frumar-mail-pass.age diff --git a/nixos/machines/frumar/default.nix b/nixos/machines/frumar/default.nix index cd4dcfe..0c5c011 100644 --- a/nixos/machines/frumar/default.nix +++ b/nixos/machines/frumar/default.nix @@ -233,6 +233,7 @@ }; age.secrets = { grafana.file = ../../../secrets/grafana.env.age; + frumar-mail-pass.file = ../../../secrets/frumar-mail-pass.age; transip-key = { file = ../../../secrets/transip-key.age; mode = "770"; @@ -333,4 +334,15 @@ TRANSIP_Username = "yorickvp"; TRANSIP_Key_File = config.age.secrets.transip-key.path; }; + programs.msmtp = { + enable = true; + accounts.default = { + auth = true; + tls = true; + from = "frumar@yori.cc"; + host = "pennyworth.yori.cc"; + user = "frumar@yori.cc"; + passwordeval = "cat ${config.age.secrets.frumar-mail-pass.path}"; + }; + }; } diff --git a/nixos/services/email.nix b/nixos/services/email.nix index d7f4dc2..c91542e 100644 --- a/nixos/services/email.nix +++ b/nixos/services/email.nix @@ -2,6 +2,7 @@ { imports = [ inputs.nixos-mailserver.nixosModule ]; age.secrets.yorick-mail-pass.file = ../../secrets/yorick-mail-pass.age; + age.secrets.frumar-mail-pass-hash.file = ../../secrets/frumar-mail-pass-hash.age; mailserver = rec { enable = true; @@ -13,6 +14,10 @@ catchAll = domains; aliases = [ "@yori.cc" "@yorickvanpelt.nl" ]; }; + "frumar@yori.cc" = { + hashedPasswordFile = config.age.secrets.frumar-mail-pass-hash.path; + sendOnly = true; + }; }; certificateScheme = "acme-nginx"; enableImapSsl = true; diff --git a/secrets/frumar-mail-pass-hash.age b/secrets/frumar-mail-pass-hash.age new file mode 100644 index 0000000000000000000000000000000000000000..2400ccd8898c8244f4b78188edc810599aebe2d3 GIT binary patch literal 467 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR2FFfuhYv{Z05OvyC0EI09tO7wC!3ky!w zPA&4(4-Bo!2nZ@E@i$NRH#G=>jH*oZNe9_bT%4hsngX#Vs;boAGEku`yfU}Ksj}QWMcW{_qQca; zDpxy0+bzvK&&$n{TLTxkYJ;Z>mRueqfYoX<>v{ zlt-S4S9YR#TCRRsgljREuCA^^sY|X`zF$g&uUSs9ad1INKuE5yw@-;{R$!%XTAI0G zpi^l^luv|fQiTE6RoVY7M|~xCKXOhn37RnH=cI1)IevwIEM`P(;C!{Ych-cLy3sSI zH+S65W4~Q1zjy(YX-C-CEqj$tcU=8oD?DY6d`mlPOd=<*{yRgC|BbzE2{nQuy>pl* z{5un;qr)&q?9Gwd#NYR}%+osB(L9?Y`Fb_O|K(PXqGeb8x%S8F+dNxK=?=rUU!%Nq F;sEIIuATq@ literal 0 HcmV?d00001 diff --git a/secrets/frumar-mail-pass.age b/secrets/frumar-mail-pass.age new file mode 100644 index 0000000..2ee6c28 --- /dev/null +++ b/secrets/frumar-mail-pass.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 ooa5Z+FO+K6p4YDkKIIFsLOgZ88ZTNF/0XugZHz5U20 +sbZvaxb8wXvjT/6UHIM2VZfsyXw2FQvLqsrVtf3gENc +-> ssh-ed25519 n7yA6g C4/H2clrDieAE/W9A+ggdm5i1m+BEJb/GNFztOBXKjE +hO4lrUuEBdy0w3yfCeadwL4Cf9kC3272V5kQgWMaPR8 +-> B-grease p8R-v * +C+LKVBUkOeT3McXCE2RJMIGLM3an97FWaP760kZ5EX/RIYaX3U0yL6aEWA +--- OCvQzDRqhmVVSGC3bsmrERokBSzJ12dqEEth6GmHI+k +·’ÌJ÷J®ƒûKú!_¿Ðµ’èÛjkt¿ãóœ‰Ô‡¥¦`B'‘9 ú¢2ùíEÓ\} +>‡äé \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ab3e374..23c07ca 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -23,4 +23,6 @@ in "yorick-mail-pass.age".publicKeys = [ yorick pennyworth ]; "yorick-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ]; "root-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ]; + "frumar-mail-pass-hash.age".publicKeys = [ yorick pennyworth ]; + "frumar-mail-pass.age".publicKeys = [ yorick frumar ]; }