mail: Add me@failco.de

flake.lock

@@ -1,5 +1,23 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1620877075,
+        "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "blobs": {
       "flake": false,
       "locked": {
@@ -33,18 +51,15 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1625748371,
+        "lastModified": 1618628710,
-        "narHash": "sha256-gJbFBcYWwv7EXUHjOdatjTxeW/wwXQWQq8naHx+GNv8=",
+        "narHash": "sha256-9xIoU+BrCpjs5nfWcd/GlU7XCVdnNKJPffoNTxgGfhs=",
-        "owner": "NixOS",
+        "path": "/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source",
-        "repo": "nixpkgs",
+        "rev": "7919518f0235106d050c77837df5e338fb94de5d",
-        "rev": "a6e07df310eddcd037969a0d433b1259b64c3660",
+        "type": "path"
-        "type": "github"
       },
       "original": {
-        "owner": "NixOS",
+        "id": "nixpkgs",
-        "ref": "nixos-21.05-small",
+        "type": "indirect"
-        "repo": "nixpkgs",
-        "type": "github"
       }
     },
     "nixpkgs-21_05": {
@@ -62,9 +77,26 @@
         "type": "indirect"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1625748371,
+        "narHash": "sha256-gJbFBcYWwv7EXUHjOdatjTxeW/wwXQWQq8naHx+GNv8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a6e07df310eddcd037969a0d433b1259b64c3660",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-21.05-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
-        "nixpkgs": "nixpkgs",
+        "agenix": "agenix",
+        "nixpkgs": "nixpkgs_2",
         "snm": "snm",
         "utils": "utils_2"
       }

flake.nix

@@ -3,13 +3,17 @@
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05-small";
     utils.url = "github:gytis-ivaskevicius/flake-utils-plus/staging";
 
+    # simple mailserver
     snm = {
       url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "utils/flake-utils";
     };
+
+    # age for nix to store encrypted passwords conveniently
+    agenix.url = "github:ryantm/agenix";
   };
-  outputs = { self, nixpkgs, ... }@inputs: {
+  outputs = { self, nixpkgs, agenix, ... }@inputs: {
     inherit self inputs;
     nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
@@ -17,6 +21,7 @@
         inputs.snm.nixosModule
 	./modules/security.nix
 	./hosts/thrall
+        agenix.nixosModules.age
       ];
     };
   };

hosts/thrall/default.nix

@@ -100,6 +100,8 @@
     tmux
 
     git
+
+    #agenix.defaultPackage.x86_64-linux
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -139,12 +141,26 @@
     };
   };
 
+  age.secrets = {
+    mailPass.file = ../../secrets/mailPass.age;
+  };
+  
   mailserver = {
     enable = true;
     fqdn = "thrall.failco.de";
     domains = [ "failco.de" ];
 
-    loginAccounts = {};
+    loginAccounts = {
+      "me@failco.de" = {
+        hashedPasswordFile = config.age.secrets.mailPass.path;
+
+	aliases = [
+          "jakalx@failco.de"
+	];
+
+	catchAll = [ "failco.de" ];
+      };
+    };
 
     certificateScheme = 3;
 

secrets/secrets.nix

@@ -5,5 +5,5 @@ let
   users = [];
 in
 {
-  "mailPass.age".publicKeys = users + systems;
+  "mailPass.age".publicKeys = users ++ systems;
 }