From 16b152717dc463b3973c7692f387f439aacba2dc Mon Sep 17 00:00:00 2001 From: sefidel Date: Tue, 1 Aug 2023 21:24:37 +0900 Subject: feat(services/nixos-mailserver): split internal and system mailer --- modules/services/nixos-mailserver.nix | 11 ++++++++++- systems/cobalt/secrets/secrets.yaml | 7 ++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/modules/services/nixos-mailserver.nix b/modules/services/nixos-mailserver.nix index 7a8c5a5..59571bc 100644 --- a/modules/services/nixos-mailserver.nix +++ b/modules/services/nixos-mailserver.nix @@ -17,6 +17,11 @@ in owner = "dovecot2"; group = "dovecot2"; }; + sops.secrets.system-imap-pass = { + mode = "0440"; + owner = "dovecot2"; + group = "dovecot2"; + }; sops.secrets.internal-imap-pass = { mode = "0440"; owner = "dovecot2"; @@ -84,7 +89,11 @@ in hashedPasswordFile = config.sops.secrets.sefidel-imap-pass.path; }; "system@exotic.sh" = { - aliases = [ "system@nand.moe" ]; + aliases = [ "system" "system@nand.moe" ]; + hashedPasswordFile = config.sops.secrets.system-imap-pass.path; + }; + "internal@exotic.sh" = { + aliases = [ "internal" ]; hashedPasswordFile = config.sops.secrets.internal-imap-pass.path; }; }; diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml index 11ac4ea..8fcb206 100644 --- a/systems/cobalt/secrets/secrets.yaml +++ b/systems/cobalt/secrets/secrets.yaml @@ -9,7 +9,8 @@ sliding-sync-secret: ENC[AES256_GCM,data:lNIlUtNbXw1/w44m7RwqmvOTmc4MYfag7Nvo0iz turn-secret: ENC[AES256_GCM,data:JA5/BlGwH6yIjYsFZGa8Nm8XVbOBKpre+NFybniOtlmbSx89ldKBvuqF2ZoPltJS+vzQ/+wxM/VorhF7M+s4jA==,iv:rK5SFj4VOzgfaP/LIzWTVFyCBmklGMSyd9iWbet2CVc=,tag:QycYCHH72bMMX5UubDHTlg==,type:str] openldap-admin-key: ENC[AES256_GCM,data:WBBDPFDW6Q4sJ5+/pK8kAe6iFgJ8gGgi3eCVNvZB,iv:1rnmhu29UGsXLxD9Ptbv7P67EAYgKVk1dlkM6p0L4vA=,tag:yNRrHMI2yT8Oo7qkwxSeUg==,type:str] sefidel-imap-pass: ENC[AES256_GCM,data:rx9hZb+BARs9gB+XLLRMLWDSx67KqkKB1/4nOOtU9i56uagMprFEeDnh8pEaioZbNlqjJRO8kWTBBvWZ,iv:WxKLp0VmwfxVFZt9cnZUbp4wn5WEHubImp8fQy2bXyg=,tag:Vzh0Ntz8iFaSIEf2wjbOKg==,type:str] -internal-imap-pass: ENC[AES256_GCM,data:ydjz/NthnJZFLrR1M+p0xEy5xhM8MbPtqE10r0s1DWDFZoyXwRRrIYefFZheW29EjY3VBfr3zWcRIbNm,iv:6hU/dHADbn4pNi0vlJG8BoyQW1ohByINSO6y+nJddfY=,tag:j67D2stmq2A+ulhFIYkZPA==,type:str] +system-imap-pass: ENC[AES256_GCM,data:T4yuF8+dkLjuiGhZUK33xvVqvyhs6vUL35/EUyue1LE6b1idHOC8/M1hEKfnc7IqTsF7u048Wf0f31/x,iv:xasM8bqRfvMGYW9TJFz4G2qF7nHGAlsclB5CtnERnDA=,tag:P82H/q61rcg6AtJMkKQq5A==,type:str] +internal-imap-pass: ENC[AES256_GCM,data:2+Bk1hxM+veEXvSpqSZw1I9NaNBjE79CpJmLi2WHrMt5fQtfQCECNj0Pvwvj2QUrmt7HKZFT7GNbJopM,iv:nrOWRovsbkk4aIf0lS78daL2Jy6L5fVNkn2ZubK1xEI=,tag:/X8A5YJy3NNSSoV96IXPDg==,type:str] grafana-admin-pass: ENC[AES256_GCM,data:88z+mLcZ5s1u/8LWYcnOOhWTkff8sv1NIhQ=,iv:YdGaKCaq1bCCLsuYIug6NFO2rhqX/Xyt5yQ/hgWOfko=,tag:D+xWcN2bC2Q1Q2mjtpWqLg==,type:str] searx-env: ENC[AES256_GCM,data:FX5CpcDqkpUH2bsS00gFCzPFcInNMbf1Z0mBmoHXk2BJ54AVOVVM1aiVwXDyWnX2wN4gO8nHFypAY451R6UiSt7FAWlkYbBdlv7EsLyaLUR+,iv:c9B+tkipD3IbWTNCzOTvV1MtwJJsOonhxSM+31CHoXg=,tag:hP/BX6TahGqecTtUO3LorQ==,type:str] sops: @@ -36,8 +37,8 @@ sops: cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-29T09:45:09Z" - mac: ENC[AES256_GCM,data:wRAMOQhBZ9vx09tQmEDlPwCWTl9JXxB6CAfv2Ee7G2FBmdFRJbE6PC5Gg3A5VlfD+jkt++slqARiQ1TnnyuJujSL12dzDzGkQc9EH5eETpfxQUYdXdHbkm+XV6mo3MphtCnbuM8+MFHavdg/Y5YsvC3JezzrkSsSYbVCNk7m3bs=,iv:RxEP28o6vm/FtfRLWFuRVwDp9A/KS1QSdXh4ZbKCF/8=,tag:n98Q40PDfnybWAWxuG24ow==,type:str] + lastmodified: "2023-08-01T12:26:34Z" + mac: ENC[AES256_GCM,data:S4K22awHjvAAmAhRR6b7bvCod3viJZ6Q8acWcb7J5GwHET/wPpy8DnMPA5CPghe/k0ytTg/MMX+ht1iVt/8AL4SOIlkdnF6qCr+hNrFaNR0xkkIpQ4Q+i4tncVE9cHPRriq3rMlwLxRMRlNlS+TaYCg7Cw+sp8VlXsEim+/61iQ=,iv:GuPrg68slQQcKaRU8kU9XfGQBpkksQ9wy+Isp+ygug4=,tag:aAElbI2Rz57O6NxHA2+Ksw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 -- cgit 1.4.1