feat(services/nixos-mailserver): split internal and system mailer

2 files changed, 14 insertions, 4 deletions

diff --git a/modules/services/nixos-mailserver.nix b/modules/services/nixos-mailserver.nix
index 7a8c5a5..59571bc 100644
--- a/modules/services/nixos-mailserver.nix
+++ b/modules/services/nixos-mailserver.nix
@@ -17,6 +17,11 @@ in
       owner = "dovecot2";
       group = "dovecot2";
     };
+    sops.secrets.system-imap-pass = {
+      mode = "0440";
+      owner = "dovecot2";
+      group = "dovecot2";
+    };
     sops.secrets.internal-imap-pass = {
       mode = "0440";
       owner = "dovecot2";
@@ -84,7 +89,11 @@ in
           hashedPasswordFile = config.sops.secrets.sefidel-imap-pass.path;
         };
         "system@exotic.sh" = {
-          aliases = [ "system@nand.moe" ];
+          aliases = [ "system" "system@nand.moe" ];
+          hashedPasswordFile = config.sops.secrets.system-imap-pass.path;
+        };
+        "internal@exotic.sh" = {
+          aliases = [ "internal" ];
           hashedPasswordFile = config.sops.secrets.internal-imap-pass.path;
         };
       };
diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml
index 11ac4ea..8fcb206 100644
--- a/systems/cobalt/secrets/secrets.yaml
+++ b/systems/cobalt/secrets/secrets.yaml
@@ -9,7 +9,8 @@ sliding-sync-secret: ENC[AES256_GCM,data:lNIlUtNbXw1/w44m7RwqmvOTmc4MYfag7Nvo0iz
 turn-secret: ENC[AES256_GCM,data:JA5/BlGwH6yIjYsFZGa8Nm8XVbOBKpre+NFybniOtlmbSx89ldKBvuqF2ZoPltJS+vzQ/+wxM/VorhF7M+s4jA==,iv:rK5SFj4VOzgfaP/LIzWTVFyCBmklGMSyd9iWbet2CVc=,tag:QycYCHH72bMMX5UubDHTlg==,type:str]
 openldap-admin-key: ENC[AES256_GCM,data:WBBDPFDW6Q4sJ5+/pK8kAe6iFgJ8gGgi3eCVNvZB,iv:1rnmhu29UGsXLxD9Ptbv7P67EAYgKVk1dlkM6p0L4vA=,tag:yNRrHMI2yT8Oo7qkwxSeUg==,type:str]
 sefidel-imap-pass: ENC[AES256_GCM,data:rx9hZb+BARs9gB+XLLRMLWDSx67KqkKB1/4nOOtU9i56uagMprFEeDnh8pEaioZbNlqjJRO8kWTBBvWZ,iv:WxKLp0VmwfxVFZt9cnZUbp4wn5WEHubImp8fQy2bXyg=,tag:Vzh0Ntz8iFaSIEf2wjbOKg==,type:str]
-internal-imap-pass: ENC[AES256_GCM,data:ydjz/NthnJZFLrR1M+p0xEy5xhM8MbPtqE10r0s1DWDFZoyXwRRrIYefFZheW29EjY3VBfr3zWcRIbNm,iv:6hU/dHADbn4pNi0vlJG8BoyQW1ohByINSO6y+nJddfY=,tag:j67D2stmq2A+ulhFIYkZPA==,type:str]
+system-imap-pass: ENC[AES256_GCM,data:T4yuF8+dkLjuiGhZUK33xvVqvyhs6vUL35/EUyue1LE6b1idHOC8/M1hEKfnc7IqTsF7u048Wf0f31/x,iv:xasM8bqRfvMGYW9TJFz4G2qF7nHGAlsclB5CtnERnDA=,tag:P82H/q61rcg6AtJMkKQq5A==,type:str]
+internal-imap-pass: ENC[AES256_GCM,data:2+Bk1hxM+veEXvSpqSZw1I9NaNBjE79CpJmLi2WHrMt5fQtfQCECNj0Pvwvj2QUrmt7HKZFT7GNbJopM,iv:nrOWRovsbkk4aIf0lS78daL2Jy6L5fVNkn2ZubK1xEI=,tag:/X8A5YJy3NNSSoV96IXPDg==,type:str]
 grafana-admin-pass: ENC[AES256_GCM,data:88z+mLcZ5s1u/8LWYcnOOhWTkff8sv1NIhQ=,iv:YdGaKCaq1bCCLsuYIug6NFO2rhqX/Xyt5yQ/hgWOfko=,tag:D+xWcN2bC2Q1Q2mjtpWqLg==,type:str]
 searx-env: ENC[AES256_GCM,data:FX5CpcDqkpUH2bsS00gFCzPFcInNMbf1Z0mBmoHXk2BJ54AVOVVM1aiVwXDyWnX2wN4gO8nHFypAY451R6UiSt7FAWlkYbBdlv7EsLyaLUR+,iv:c9B+tkipD3IbWTNCzOTvV1MtwJJsOonhxSM+31CHoXg=,tag:hP/BX6TahGqecTtUO3LorQ==,type:str]
 sops:
@@ -36,8 +37,8 @@ sops:
             cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM
             OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-07-29T09:45:09Z"
-    mac: ENC[AES256_GCM,data:wRAMOQhBZ9vx09tQmEDlPwCWTl9JXxB6CAfv2Ee7G2FBmdFRJbE6PC5Gg3A5VlfD+jkt++slqARiQ1TnnyuJujSL12dzDzGkQc9EH5eETpfxQUYdXdHbkm+XV6mo3MphtCnbuM8+MFHavdg/Y5YsvC3JezzrkSsSYbVCNk7m3bs=,iv:RxEP28o6vm/FtfRLWFuRVwDp9A/KS1QSdXh4ZbKCF/8=,tag:n98Q40PDfnybWAWxuG24ow==,type:str]
+    lastmodified: "2023-08-01T12:26:34Z"
+    mac: ENC[AES256_GCM,data:S4K22awHjvAAmAhRR6b7bvCod3viJZ6Q8acWcb7J5GwHET/wPpy8DnMPA5CPghe/k0ytTg/MMX+ht1iVt/8AL4SOIlkdnF6qCr+hNrFaNR0xkkIpQ4Q+i4tncVE9cHPRriq3rMlwLxRMRlNlS+TaYCg7Cw+sp8VlXsEim+/61iQ=,iv:GuPrg68slQQcKaRU8kU9XfGQBpkksQ9wy+Isp+ygug4=,tag:aAElbI2Rz57O6NxHA2+Ksw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3