feat(home-manager/mails): use secrets for passwords

home-manager-modules/mails/default.nix

@@ -14,6 +14,23 @@ with lib;
   };
 
   config = mkIf cfg.enable {
+
+    age.secrets.work-mail-pw = {
+      file = ../../secrets/work-mail-pw.age;
+    };
+
+    age.secrets.dgnum-mail-pw = {
+      file = ../../secrets/dgnum-mail-pw.age;
+    };
+
+    age.secrets.telecom-mail-pw = {
+      file = ../../secrets/telecom-mail-pw.age;
+    };
+
+    age.secrets.ens-mail-pw = {
+      file = ../../secrets/ens-mail-pw.age;
+    };
+
     programs.mbsync.enable = true;
     programs.mbsync.package = pkgs.stable.isync;
     programs.msmtp.enable = true;
@@ -32,7 +49,7 @@ with lib;
         msmtp.enable = true;
         primary = true;
         realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/ens-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.ens-mail-pw.path}";
         smtp = {
           host = "clipper.ens.fr";
         };
@@ -52,7 +69,7 @@ with lib;
         msmtp.enable = true;
         primary = false;
         realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/work-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.work-mail-pw.path}";
         smtp = {
           host = "mail.luj.fr";
         };
@@ -73,7 +90,7 @@ with lib;
         msmtp.enable = true;
         primary = false;
         realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/telecom-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.telecom-mail-pw.path}";
         smtp = {
           host = "z.imt.fr";
         };
@@ -94,7 +111,7 @@ with lib;
         msmtp.enable = true;
         primary = false;
         realName = "Julien Malka";
-        passwordCommand = "${pkgs.coreutils}/bin/cat /home/julien/.config/dgnum-mail-pw";
+        passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.dgnum-mail-pw.path}";
         smtp = {
           host = "kurisu.lahfa.xyz";
         };

modules/hmgr/default.nix

@@ -23,7 +23,10 @@ with lib;
           (map (x: ../../home-manager-modules + "/${x}/default.nix") (
             attrNames (readDir ../../home-manager-modules)
           ))
-          ++ [ "${inputs.impermanence}/home-manager.nix" ];
+          ++ [
+            "${inputs.impermanence}/home-manager.nix"
+            "${inputs.agenix}/modules/age-home.nix"
+          ];
         home.username = "${name}";
         home.homeDirectory = "/home/${name}";
         home.stateVersion = "21.05";

secrets/dgnum-mail-pw.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ UvMqsBcvKPrejXnWVR9SuIxpKo+kddBlSB47fCwHZi8
+v23yuPXzEI+N27VkiAfxQ8+bwe8UtgzSslPaQbR5H0w
+-> ssh-ed25519 AqX2tg 8BfQ2RcIaGCgNCP/kQvjis85PqeDo8pu5ckaO1/nOh0
+FSE/HK0SdJW2yRGJo5Hi0IrUIeHQP4IB4a+fJSo6aHg
+-> ssh-ed25519 eySVIw PGHzluHCyNHZNYnCXtDENJl10d3xaMolcCoIw0kHKUE
+RXu7r793AWjdR/b2a1Jk0jezXeUDUzqdtVfbkxMxPoY
+--- 4cpHlfDM8VY2YPdVastOV1EjNpdtkkjNQgHsZ2IdEsA
+e<EFBFBD>òôPJ>f¨¨•l YÒÆÆç’¥i°»ÔˆòøL—ÞάG>(w´G8 F.1ÛM¿\Á<>.ðE£IóÙî}ns2‹Æº<C382>#S$IjM¯ð‡.g

secrets/ens-mail-pw.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ BiOohWgb2Ab40q0/1xgk40ztCIlkHEYc0XGx/zpCvTw
+kVMM7EFDU5XISQ5H6YHJ68E2uKVrNQwfX3UmiO4lb8k
+-> ssh-ed25519 AqX2tg 9K1CDD/oK4x1ZKGi3Fs0CKfEdb499bGlidPyJcHGD2A
+27EmDJDQ4167g58M+3E+haI8p3g9CmZJr7Q3Zx24MhE
+-> ssh-ed25519 eySVIw V/WYg1kH682lhw2Lsp/C8Krm8k1yOtZ3K1yKa5B06Aw
+KA/sETwxkyRyspYh+cLRV+ZzHv6JXEQfQMBpVkVATwk
+--- mlbwhZrkxEU1cMbcRW5G988a3o7+qLyddmmll72pAk8
+óñä,B¶m6ö_Ž–¶Scþo³Ýý {JŽ¡áÒ7"/ÁÏáBg	À¯Ë

secrets/secrets.nix

@@ -9,6 +9,8 @@ let
   lambda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKluGTi+vGRLU2emYBhTJuEy7Qw0xq1e0Ey7wvU9xYHz";
   nuage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPoZXJKPfSPGYb/H9eWL0tNSpAKM6V/AgeE1Uf2Is6";
   gallifrey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEr9QRD7QTNsAFmuJoX1mFzQ5A2ik1/ogMrvW54JMXeQ";
+  gallifrey_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAa0wll9ildhgPiV0DhgJXXtw3TQr5VkNxxxPspHSbX julien@gallifrey";
+  fisher_home = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADCpuBL/kSZShtXD6p/Nq9ok4w1DnlSoxToYgdOvUqo julien@telecom";
   akhaten = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII5W1rr+VW2TLLytoTExWg4T14lrdLFkSM4YLfbEIb2g";
   servers = [
     gustave
@@ -106,4 +108,32 @@ in
     tower
     lambda
   ];
+  "dgnum-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "work-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "telecom-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
+  "ens-mail-pw.age".publicKeys = [
+    gallifrey
+    tower
+    fischer
+    gallifrey_home
+    fisher_home
+  ];
 }

secrets/telecom-mail-pw.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 u3yXZQ uq2eZt6aMNsakRc9H5cuz7ntj9Xf+g5S4gbEiq4asm0
+Njp8jWpIP0f/sN3B7bi+MGIohUsAQhMl4GqezHjrcmU
+-> ssh-ed25519 AqX2tg i3y6cWFFEVBWPMP0mxiED+NOsKF449SOcL5hW3jIFCE
+UXhtS+OFgO5+Ykm4zf7YEtaZk9qOiRZ0Yur0y/bdJfI
+-> ssh-ed25519 eySVIw 1K2hCEbc6IbId+bqkKEiz57onn779ymmNDfYF2BHaho
+RpVzqOTE0qKbydlUZkzSPNKkOqxI6Aco6XUBgyb5bm0
+--- cdZo4V8S/feGuDWPq2CoC9TTQnLpLyDc/R32qtVYTqY
+þ_UyµÀZð6¡¥Â$7ö°(gÀ—;À¶Îg?Â$Šl•â%z~)>MØŒËDÚ