move encrypted secrets near relevant files

2025-07-06 23:40:15 +00:00 · 2025-03-09 17:09:33 +00:00
parent f59ac536a2
commit 37d1d7724a
60 changed files with 27 additions and 94 deletions
--- a/platforms/nixos/modules/nmasur/presets/programs/msmtp/mailpass-system.age
+++ b/platforms/nixos/modules/nmasur/presets/programs/msmtp/mailpass-system.age
@ -0,0 +1,16 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBHZTF6
+RlExdGpEOXVodFV0R1FEeis0b1FJM0l3dGxnVjFQRm1jNjZXMmpFCmVWdmVtaE4v
+T3JaMkpocHlNYXVlai9jeEsvWXJJQUVPcUtKS3N2ZVUzajgKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIGVtT24vYWlkWldsOUNSNVk5UEsvRWZEb2pvK01ndk5NeE5FbzVj
+bEhta1EKc09ZUUZseEllcndOUzYyS2paZ205SmtSUUg1UVRKVDJLY1pXcHZkdlNr
+QQotPiBzc2gtZWQyNTUxOSBuanZYNUEgd1Nnbk9GVWFNZDRsd1VpVm9WOHpUaFp0
+ckdJR3N2UEFUbGMySGNTem5nYwp1OTVtVWg0dlZlL3h3Ty9ZQnA5NTJ4Y1ZVZHU3
+R0d4V0R5OHFZcDQ2TnZvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSB6OEt2SWl2cXFN
+ek5iMWNrcllVZ0o2K0Z0clI2QXlUdE1tWDE2NW8xdDNzClltWjhKaHNOWFpjSmFG
+WFRZVktvR2E4UUFEMVFkTzVuR3lMVDdRVGs4Y00KLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IE55VWFKVlFKK3RCalg3RDFwQTBIaWpvay9iTW9RRXV3SVgrUXhtZHV5MDAK
+RFEzMGtUZmRIQTlyRHcvSDBnbGlsRDBXVHh3amY4bzM0QmE0aU8vbnpnTQotLS0g
+Q2NxNlBWT0ZmMm1MNnJvaUl5dGlUQUt2aStrdkRXRWZ6TDVOdzU0VHFDVQqTaee+
+qfaK5T6tjcv7LawzcztJbdKCqFecw/BEAicpyrkGmOfr1J5PmOxOFM/Rkk2HpLuP
+-----END AGE ENCRYPTED FILE-----
--- a/platforms/nixos/modules/nmasur/presets/programs/msmtp/msmtp.nix
+++ b/platforms/nixos/modules/nmasur/presets/programs/msmtp/msmtp.nix
@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  lib,
+  hostnames,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.programs.msmtp;
+in
+
+{
+
+  options.nmasur.presets.programs.msmtp = {
+    enable = lib.mkEnableOption "System outgoing mail";
+    host = lib.mkOption {
+      type = lib.types.str;
+      description = "Hostname for SMTP server";
+      default = hostnames.smtp;
+    };
+    domain = lib.mkOption {
+      type = lib.types.str;
+      description = "Domain name for SMTP email";
+      default = hostnames.mail;
+    };
+    user = lib.mkOption {
+      type = lib.types.str;
+      description = "Username (email address) for SMTP";
+      default = "system@${cfg.domain}";
+    };
+    passwordFile = lib.mkOption {
+      type = lib.types.path;
+      description = "Password file for SMTP";
+      default = ./mailpass-system.age;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    programs.msmtp = {
+      enable = true;
+      setSendmail = true;
+      accounts = {
+        # The system user for sending automatic notifications
+        default = {
+          auth = true;
+          host = cfg.host;
+          passwordeval = "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${pkgs.writeText "mailpass-system.age" (builtins.readFile cfg.passwordFile)}";
+          user = cfg.user;
+          from_full_name = "${config.networking.hostName} System";
+          port = 465;
+          tls = true;
+        };
+      };
+    };
+
+  };
+}