mail: Add me@failco.de

2021-07-17 22:31:16 +02:00 · 2021-07-17 22:31:16 +02:00 · b1f85e15ab
commit b1f85e15ab
parent e55d475467
4 changed files with 67 additions and 14 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,23 @@
 {
  "nodes": {
+    "agenix": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1620877075,
+        "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
    "blobs": {
      "flake": false,
      "locked": {
@ -33,18 +51,15 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1625748371,
-        "narHash": "sha256-gJbFBcYWwv7EXUHjOdatjTxeW/wwXQWQq8naHx+GNv8=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "a6e07df310eddcd037969a0d433b1259b64c3660",
-        "type": "github"
+        "lastModified": 1618628710,
+        "narHash": "sha256-9xIoU+BrCpjs5nfWcd/GlU7XCVdnNKJPffoNTxgGfhs=",
+        "path": "/nix/store/z1rf17q0fxj935cmplzys4gg6nxj1as0-source",
+        "rev": "7919518f0235106d050c77837df5e338fb94de5d",
+        "type": "path"
      },
      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-21.05-small",
-        "repo": "nixpkgs",
-        "type": "github"
+        "id": "nixpkgs",
+        "type": "indirect"
      }
    },
    "nixpkgs-21_05": {
@ -62,9 +77,26 @@
        "type": "indirect"
      }
    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1625748371,
+        "narHash": "sha256-gJbFBcYWwv7EXUHjOdatjTxeW/wwXQWQq8naHx+GNv8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a6e07df310eddcd037969a0d433b1259b64c3660",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-21.05-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
-        "nixpkgs": "nixpkgs",
+        "agenix": "agenix",
+        "nixpkgs": "nixpkgs_2",
        "snm": "snm",
        "utils": "utils_2"
      }
--- a/flake.nix
+++ b/flake.nix
@ -3,13 +3,17 @@
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05-small";
    utils.url = "github:gytis-ivaskevicius/flake-utils-plus/staging";

+    # simple mailserver
    snm = {
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-utils.follows = "utils/flake-utils";
    };
+
+    # age for nix to store encrypted passwords conveniently
+    agenix.url = "github:ryantm/agenix";
  };
-  outputs = { self, nixpkgs, ... }@inputs: {
+  outputs = { self, nixpkgs, agenix, ... }@inputs: {
    inherit self inputs;
    nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
@ -17,6 +21,7 @@
        inputs.snm.nixosModule
 	./modules/security.nix
 	./hosts/thrall
+        agenix.nixosModules.age
      ];
    };
  };
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@ -100,6 +100,8 @@
    tmux

    git
+
+    #agenix.defaultPackage.x86_64-linux
  ];

  # Some programs need SUID wrappers, can be configured further or are
@ -139,12 +141,26 @@
    };
  };

+  age.secrets = {
+    mailPass.file = ../../secrets/mailPass.age;
+  };
+  
  mailserver = {
    enable = true;
    fqdn = "thrall.failco.de";
    domains = [ "failco.de" ];

-    loginAccounts = {};
+    loginAccounts = {
+      "me@failco.de" = {
+        hashedPasswordFile = config.age.secrets.mailPass.path;
+
+	aliases = [
+          "jakalx@failco.de"
+	];
+
+	catchAll = [ "failco.de" ];
+      };
+    };

    certificateScheme = 3;

--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,5 +5,5 @@ let
  users = [];
 in
 {
-  "mailPass.age".publicKeys = users + systems;
+  "mailPass.age".publicKeys = users ++ systems;
 }