Encrypt the email secrets

This commit is contained in:
Andreas Zweili 2022-11-04 19:06:14 +01:00
parent 97a32af14d
commit 979f1a6f0b
6 changed files with 79 additions and 38 deletions

View File

@ -7,7 +7,6 @@
"${inputs.self}/home-manager/software/czkawka"
"${inputs.self}/home-manager/software/dunst"
"${inputs.self}/home-manager/software/emacs"
"${inputs.self}/home-manager/software/email"
"${inputs.self}/home-manager/software/evince"
"${inputs.self}/home-manager/software/fzf"
"${inputs.self}/home-manager/software/git"

View File

@ -1,37 +0,0 @@
{ ... }:
{
accounts.email.accounts."personal" = {
address = "andreas@zweili.ch";
realName = "Andreas Zweili";
userName = "andreas@zweili.ch";
primary = true;
# TODO: encrypt with agenix
passwordCommand = "cat /home/andreas/.nixos/secrets/passwords/personal_email.key";
aliases = [
"andreas.zweili@gmail.com"
"andreas@2li.ch"
];
msmtp.enable = true;
mu.enable = true;
offlineimap = {
enable = true;
extraConfig = {
account = { autorefresh = 15; };
local = { sync_deletes = true; };
};
};
imap = {
host = "mail.zweili.org";
port = 993;
tls.enable = true;
};
smtp = {
host = "mail.zweili.org";
port = 465;
tls.enable = true;
};
};
programs.mu.enable = true;
programs.offlineimap.enable = true;
programs.msmtp.enable = true;
}

46
modules/email/default.nix Normal file
View File

@ -0,0 +1,46 @@
{ custom, inputs }: { config, ... }:
{
age.secrets.personalEmailKey =
{
file = "${inputs.self}/scrts/personal_email.key.age";
mode = "600";
owner = custom.username;
group = "users";
};
home-manager.users.${custom.username} = {
accounts.email.accounts."personal" = {
address = "andreas@zweili.ch";
realName = "Andreas Zweili";
userName = "andreas@zweili.ch";
primary = true;
passwordCommand = "cat ${config.age.secrets.personalEmailKey.path}";
aliases = [
"andreas.zweili@gmail.com"
"andreas@2li.ch"
];
msmtp.enable = true;
mu.enable = true;
offlineimap = {
enable = true;
extraConfig = {
account = { autorefresh = 15; };
local = { sync_deletes = true; };
};
};
imap = {
host = "mail.zweili.org";
port = 993;
tls.enable = true;
};
smtp = {
host = "mail.zweili.org";
port = 465;
tls.enable = true;
};
};
programs.mu.enable = true;
programs.offlineimap.enable = true;
programs.msmtp.enable = true;
};
}

View File

@ -0,0 +1,31 @@
age-encryption.org/v1
-> ssh-rsa 7S8lxw
V6036PaCKhBVJ/IDknAx9NAfUbkHgi3puse24+nQrI+zU6e6ayVI/etbji3Kn/5Q
r5nOHGMbgKQOxth/gy+ZklFeuKjD5TNLFrga7Jh3as96GH4hUD0sHlLOexXz7SLB
o73kiKONOVzMR338xHfI8L2vsUrL4fIUmb5aAOD1RwMJkfa+ubThErTrT824tKzp
+QSpl11cUs2IgjsznocMTC/vTMoTu5MlvUeh5iQfFtfLNLV8czyUwXPkn8lQK2Ep
3ELBy3mU5bHKeE2RKGbbzVZ1LXzXKufOy/U/V7SOH/Y9ZkRw7p67ykyAJq9J/Bgc
lt0Xg5h300ul5ZhTId9Ec+6gTyhrJ93C1Hq1JFtyXvWjgpE3XI0vyFBZ8VzCzPV8
vGPwJiYEGRTpGWK0nFdHCC2s4PODfZTueCSycXvgmg+v5WMbZdLRwcgoH2TnMVuL
LESg9qyDtMSm+DRLOrmmlM/J53yzPUCVD/bCJt99Q4Nv79risckWXkMd5v6QhZ2U
-> ssh-rsa Ws+JZA
OguhPBP9phPhKveo2d06OSpqde+xTBY53KbvWCHUnomQHf8h+pYFJKWPCLs4C6kz
6HZ8TujGo6kEpi0eFwk3AKRojVaicu8h/ks/zu/5ZO4vmTdh1AEBM3CwubnTJN5J
c/jc0pZO34J3J1Q84n0nDiHTXhd6vAzuPPW3nC9eAIPdlsjiVCL5NsRPchC+NqzE
wwr5aHXu9rfaqdumqi6VS9F3VfxtCyb3xnij9YBiuk57Y8agKd/SING1GIlKtOlb
Q+tcEW0AZs/DrzS/DmNGDGG4KRUlrcqbBLztgU/SsptIEdWSy2aYMyctkltgly4e
5v2QVwUO4vWRzxCOs3ky2mcWkjF5YAsngwO12kANGpWFgzKSHuIxq84QLLSMfVro
zhfiRDM20ejdznQnlusuonH5q9ch0gtbNGMt5qDNtSo0rytvWCdayTvBBb+XjSDr
StQDZkuGqW3OJiDO6jB9xaYoefxZyWoDVTF0zVCkaHZtZI+FvKrvNdg63D8JTFio
-> ssh-ed25519 skmU/w f3CXnwxPd0EYnH47v5edS81yhHu95tROVPcwGQtfLiQ
2XzA7YpThQOj6qvADOCsSq+/C3lWbh8E5BH3Na05CN0
-> ssh-ed25519 MpFwoA 6WyGoFcW1FQNOPMjh7EKlVnVVH26z7xwYT3WbePFZ2U
L97BTdJ0baPDWMWzH01gh760m1Ft7HzNSqjcelSfJOY
-> ssh-ed25519 KXqA9w AgScCBkFH1idk+pIzQ5ZmyFGATxwOGODXIN0SrjapyU
wDbYnfopVIt1IFOsHnodEHmjVnF8JWlk9ow8x0KQc3I
-> jJg-grease ,o0,V_,Y #
8dXYOAMc6HiaDQQldIMQJ2k
--- CYIwI6/JyZmHlBBDbZamOzqGHE7mZh7DJhBaExYQUko
.<2E>゙捌ニタヌ<EFBE80>ラY。TサネXロ竿<EFBE9B>ュヌヘ濵ォム QQ憙RQ_ソ碵$<24><>

View File

@ -36,6 +36,7 @@ in
"gitea_env.age".publicKeys = defaultKeys ++ [ git ];
"infomaniak_env.age".publicKeys = all;
"pihole_env.age".publicKeys = defaultKeys ++ [ pihole ];
"personal_email.key.age".publicKeys = defaultKeys;
"plex_claim.age".publicKeys = defaultKeys ++ [ plex ];
"restic.key.age".publicKeys = all;
"telegram_notify_env.age".publicKeys = all;

View File

@ -11,6 +11,7 @@
(import "${inputs.self}/modules/desktop" { inherit custom inputs; })
(import "${inputs.self}/modules/docker" { inherit custom; })
(import "${inputs.self}/modules/droidcam" { inherit custom; })
(import "${inputs.self}/modules/email" { inherit custom inputs; })
(import "${inputs.self}/modules/eog" { inherit custom; })
(import "${inputs.self}/modules/espanso" { inherit custom; })
"${inputs.self}/modules/lockscreen"