feat(home-manager/mails): use secrets for passwords

2025-03-23 20:30:52 +01:00 · 2024-11-25 21:12:29 +01:00 · 2024-11-25 21:12:29 +01:00 · 77afc9ae2a
commit 77afc9ae2a
parent 9e09eb8f34
7 changed files with 82 additions and 5 deletions
--- a/home-manager-modules/mails/default.nix
+++ b/home-manager-modules/mails/default.nix
@ -14,6 +14,23 @@ with lib;
  };

  config = mkIf cfg.enable {
+
+    age.secrets.work-mail-pw = {
+      file = ../../secrets/work-mail-pw.age;
+    };
+
+    age.secrets.dgnum-mail-pw = {
+      file = ../../secrets/dgnum-mail-pw.age;
+    };
+
+    age.secrets.telecom-mail-pw = {
+      file = ../../secrets/telecom-mail-pw.age;
+    };
+
+    age.secrets.ens-mail-pw = {
+      file = ../../secrets/ens-mail-pw.age;
+    };
+
    programs.mbsync.enable = true;
    programs.mbsync.package = pkgs.stable.isync;
    programs.msmtp.enable = true;
@ -32,7 +49,7 @@ with lib;
        msmtp.enable = true;
        primary = true;
        realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/ens-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.ens-mail-pw.path}";
        smtp = {
          host = "clipper.ens.fr";
        };
@ -52,7 +69,7 @@ with lib;
        msmtp.enable = true;
        primary = false;
        realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/work-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.work-mail-pw.path}";
        smtp = {
          host = "mail.luj.fr";
        };
@ -73,7 +90,7 @@ with lib;
        msmtp.enable = true;
        primary = false;
        realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/telecom-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.telecom-mail-pw.path}";
        smtp = {
          host = "z.imt.fr";
        };
@ -94,7 +111,7 @@ with lib;
        msmtp.enable = true;
        primary = false;
        realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/dgnum-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.dgnum-mail-pw.path}";
        smtp = {
          host = "kurisu.lahfa.xyz";
        };
--- a/modules/hmgr/default.nix
+++ b/modules/hmgr/default.nix
@ -23,7 +23,10 @@ with lib;
          (map (x: ../../home-manager-modules + "/${x}/default.nix") (
            attrNames (readDir ../../home-manager-modules)
          ))
-          ++ [ "${inputs.impermanence}/home-manager.nix" ];
+          ++ [
+            "${inputs.impermanence}/home-manager.nix"
+            "${inputs.agenix}/modules/age-home.nix"
+          ];
        home.username = "${name}";
        home.homeDirectory = "/home/${name}";
        home.stateVersion = "21.05";
--- a/secrets/dgnum-mail-pw.age
+++ b/secrets/dgnum-mail-pw.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ UvMqsBcvKPrejXnWVR9SuIxpKo+kddBlSB47fCwHZi8
+v23yuPXzEI+N27VkiAfxQ8+bwe8UtgzSslPaQbR5H0w
+-> ssh-ed25519 AqX2tg 8BfQ2RcIaGCgNCP/kQvjis85PqeDo8pu5ckaO1/nOh0
+FSE/HK0SdJW2yRGJo5Hi0IrUIeHQP4IB4a+fJSo6aHg
+-> ssh-ed25519 eySVIw PGHzluHCyNHZNYnCXtDENJl10d3xaMolcCoIw0kHKUE
+RXu7r793AWjdR/b2a1Jk0jezXeUDUzqdtVfbkxMxPoY
+--- 4cpHlfDM8VY2YPdVastOV1EjNpdtkkjNQgHsZ2IdEsA
+e<EFBFBD>òôPJ>f¨¨•l YÒÆÆç’¥i°»ÔˆòøL—ÞÎ¬G>(w´G8 F.1ÛM¿\Á<>.ðE£IóÙî}ns2‹ÆÂº<C382>#S$IjM¯ð‡.g
--- a/secrets/ens-mail-pw.age
+++ b/secrets/ens-mail-pw.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ BiOohWgb2Ab40q0/1xgk40ztCIlkHEYc0XGx/zpCvTw
+kVMM7EFDU5XISQ5H6YHJ68E2uKVrNQwfX3UmiO4lb8k
+-> ssh-ed25519 AqX2tg 9K1CDD/oK4x1ZKGi3Fs0CKfEdb499bGlidPyJcHGD2A
+27EmDJDQ4167g58M+3E+haI8p3g9CmZJr7Q3Zx24MhE
+-> ssh-ed25519 eySVIw V/WYg1kH682lhw2Lsp/C8Krm8k1yOtZ3K1yKa5B06Aw
+KA/sETwxkyRyspYh+cLRV+ZzHv6JXEQfQMBpVkVATwk
+--- mlbwhZrkxEU1cMbcRW5G988a3o7+qLyddmmll72pAk8
+óñä,B¶m6ö_Ž–¶Scþo³Ýý {JŽ¡áÒ7"/ÁÏáBg	À¯Ë
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -9,6 +9,8 @@ let
  lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz";
  nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6";
  gallifrey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEr9QRD7QTNsAFmuJoX1mFzQ5A2ik1/ogMrvW54JMXeQ";
+  gallifrey_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAa0wll9ildhgPiV0DhgJXXtw3TQr5VkNxxxPspHSbX julien@gallifrey";
+  fisher_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo julien@telecom";
  akhaten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g";
  servers = [
    gustave
@ -106,4 +108,32 @@ in
    tower
    lambda
  ];
+  "dgnum-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "work-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "telecom-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "ens-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
 }
--- a/secrets/telecom-mail-pw.age
+++ b/secrets/telecom-mail-pw.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ uq2eZt6aMNsakRc9H5cuz7ntj9Xf+g5S4gbEiq4asm0
+Njp8jWpIP0f/sN3B7bi+MGIohUsAQhMl4GqezHjrcmU
+-> ssh-ed25519 AqX2tg i3y6cWFFEVBWPMP0mxiED+NOsKF449SOcL5hW3jIFCE
+UXhtS+OFgO5+Ykm4zf7YEtaZk9qOiRZ0Yur0y/bdJfI
+-> ssh-ed25519 eySVIw 1K2hCEbc6IbId+bqkKEiz57onn779ymmNDfYF2BHaho
+RpVzqOTE0qKbydlUZkzSPNKkOqxI6Aco6XUBgyb5bm0
+--- cdZo4V8S/feGuDWPq2CoC9TTQnLpLyDc/R32qtVYTqY
+þ_UyµÀZð6¡¥Â$7ö°(gÀ—;À¶Îg?Â$Šl•â%z~)>MØŒËDÚ
--- a/secrets/work-mail-pw.age
+++ b/secrets/work-mail-pw.age