diff options
| author | Franck Cuny <franck@fcuny.net> | 2023-03-11 13:24:35 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2023-03-11 13:41:15 -0800 |
| commit | 784ac3fd221a477cccc168e90baea2a22509d7c2 (patch) | |
| tree | 1cac0bfc8ff1e2b8015cbfb547073e2aeee7d3ae /home/mail/accounts | |
| parent | home/gnome: no more keyring (diff) | |
| download | infra-784ac3fd221a477cccc168e90baea2a22509d7c2.tar.gz | |
secrets: use homeage to manage secrets for home-manager
Instead of using agenix for all the secrets, I can use homeage for
secrets that are related to my user sessions.
Secrets by default will be store under `~/.secrets'. They are encrypted
using `age' and to decrypt them, a key is expected to be located under
`~/.age/key.txt'.
The last place where I was using `pass' (and so GPG too) was for the
secrets for `mbsync': this change adds a secret for fastmail to the
repository and update `mbsync' configuration to use it.
Diffstat (limited to 'home/mail/accounts')
| -rw-r--r-- | home/mail/accounts/default.nix | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/home/mail/accounts/default.nix b/home/mail/accounts/default.nix index 5ebba2c..de735b5 100644 --- a/home/mail/accounts/default.nix +++ b/home/mail/accounts/default.nix @@ -1,8 +1,14 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, self, ... }: let cfg = config.my.home.mail; in { config = lib.mkIf cfg.enable { + # to replace the secret go to + # https://app.fastmail.com/settings/security/devicekeys + homeage.file."fastmail-imap" = { + source = "${self}/home/secrets/fastmail/imap.age"; + }; + accounts.email = { accounts = { Fastmail = rec { @@ -11,7 +17,7 @@ in userName = address; realName = "Franck Cuny"; aliases = [ "franck.cuny@gmail.com" ]; - passwordCommand = "pass email/imap.fastmail.com"; + passwordCommand = "${pkgs.coreutils}/bin/cat '${config.homeage.mount}/fastmail-imap'"; imap.host = "imap.fastmail.com"; smtp.host = "smtp.fastmail.com"; mbsync = { @@ -66,9 +72,6 @@ in Unit = { Description = "mbsync synchronization"; }; Service = { Type = "oneshot"; - Environment = [ - "PASSWORD_STORE_DIR=${config.programs.password-store.settings.PASSWORD_STORE_DIR}" - ]; ExecStartPre = [ "${pkgs.notmuch}/bin/notmuch tag '-inbox' 'tag:inbox AND tag:archive'" "${pkgs.afew}/bin/afew -m -v --notmuch-config=${config.xdg.configHome}/notmuch/default/config" |