chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use secret-tool to fetch passwords for mail and other syncing

Browse source
This commit is contained in:
Charlotte Van Petegem 2023-06-09 16:12:37 +02:00
parent 23f848205b
commit c6db16da29
No known key found for this signature in database
GPG key ID: 019E764B7184435A
2 changed files with 11 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

20
modules/graphical/mail/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
passwordScript = pkgs.writeShellScript "get_mail_password" ''${pkgs.pass}/bin/pass show "$@" | ${pkgs.coreutils}/bin/head -n1 | ${pkgs.coreutils}/bin/tr -d "\n"''; passwordScript = pkgs.writeShellScript "get_mail_password" ''${pkgs.libsecret}/bin/secret-tool lookup secret-tool-id $1 | ${pkgs.coreutils}/bin/tr -d "\n"'';
notifyScript = name: pkgs.writeShellScript "notify_${name}_mail" '' notifyScript = name: pkgs.writeShellScript "notify_${name}_mail" ''
unseen_count=$(${pkgs.mblaze}/bin/mlist -N ~/mail/*/INBOX | ${pkgs.coreutils}/bin/wc -l) unseen_count=$(${pkgs.mblaze}/bin/mlist -N ~/mail/*/INBOX | ${pkgs.coreutils}/bin/wc -l)
@ -13,7 +13,7 @@ let
${pkgs.libnotify}/bin/notify-send -t 5000 'New ${name} mail arrived' "$unseen_count unseen mails" ${pkgs.libnotify}/bin/notify-send -t 5000 'New ${name} mail arrived' "$unseen_count unseen mails"
fi fi
''; '';
makeAccount = { name, address, host ? "", imapHost ? host, smtpHost ? host, useStartTls ? false, passFile, extraConfig ? { } }: (lib.recursiveUpdate makeAccount = { name, address, host ? "", imapHost ? host, smtpHost ? host, useStartTls ? false, secretToolId, extraConfig ? { } }: (lib.recursiveUpdate
{ {
inherit address; inherit address;
gpg = { gpg = {
@ -41,7 +41,7 @@ let
}; };
msmtp.enable = true; msmtp.enable = true;
mu.enable = true; mu.enable = true;
passwordCommand = "${passwordScript} ${passFile}"; passwordCommand = "${passwordScript} ${secretToolId}";
realName = "Charlotte Van Petegem"; realName = "Charlotte Van Petegem";
signature = { signature = {
showSignature = "none"; showSignature = "none";
@ -265,7 +265,7 @@ in
name = "personal"; name = "personal";
address = "charlotte@vanpetegem.me"; address = "charlotte@vanpetegem.me";
host = "mail.vanpetegem.me"; host = "mail.vanpetegem.me";
passFile = "mail/Personal"; secretToolId = "personal-mail";
extraConfig = { extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; }; folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
primary = true; primary = true;
@ -275,7 +275,7 @@ in
name = "work"; name = "work";
address = "charlotte.vanpetegem@ugent.be"; address = "charlotte.vanpetegem@ugent.be";
host = "mail.vanpetegem.me"; host = "mail.vanpetegem.me";
passFile = "work/UGentNet"; secretToolId = "work-mail";
useStartTls = true; useStartTls = true;
extraConfig = { extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; }; folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
@ -286,7 +286,7 @@ in
name = "posteo"; name = "posteo";
address = "chvp@posteo.net"; address = "chvp@posteo.net";
host = "posteo.de"; host = "posteo.de";
passFile = "mail/Posteo"; secretToolId = "posteo";
extraConfig = { extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; }; folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
}; };
@ -295,7 +295,7 @@ in
name = "postbot"; name = "postbot";
address = "postbot@vanpetegem.me"; address = "postbot@vanpetegem.me";
host = "mail.vanpetegem.me"; host = "mail.vanpetegem.me";
passFile = "mail/Postbot"; secretToolId = "postbot";
extraConfig = { extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; }; folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
}; };
@ -306,7 +306,7 @@ in
imapHost = "imap.gmail.com"; imapHost = "imap.gmail.com";
smtpHost = "smtp.gmail.com"; smtpHost = "smtp.gmail.com";
useStartTls = true; useStartTls = true;
passFile = "rodekruis/EersteHulpAppMail"; secretToolId = "eerstehulp-mail";
extraConfig = { extraConfig = {
folders = { drafts = "[Gmail].Concepten"; inbox = "INBOX"; sent = "INBOX"; trash = "[Gmail].Prullenbak"; }; folders = { drafts = "[Gmail].Concepten"; inbox = "INBOX"; sent = "INBOX"; trash = "[Gmail].Prullenbak"; };
flavor = "gmail.com"; flavor = "gmail.com";
@ -316,7 +316,7 @@ in
name = "webmaster"; name = "webmaster";
address = "webmaster@vanpetegem.me"; address = "webmaster@vanpetegem.me";
host = "mail.vanpetegem.me"; host = "mail.vanpetegem.me";
passFile = "mail/Webmaster"; secretToolId = "webmaster";
extraConfig = { extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; }; folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
}; };
@ -376,7 +376,7 @@ in
inherit type; inherit type;
url = "https://nextcloud.vanpetegem.me/remote.php/dav/"; url = "https://nextcloud.vanpetegem.me/remote.php/dav/";
username = "chvp"; username = "chvp";
"password.fetch" = [ "command" "${passwordScript}" "social/Nextcloud" ]; "password.fetch" = [ "command" "${passwordScript}" "nextcloud" ];
}; };
in in
lib.generators.toINI lib.generators.toINI

2
modules/graphical/pass/default.nix
View file

@ -7,11 +7,11 @@
}; };
config = lib.mkIf config.chvp.graphical.pass.enable { config = lib.mkIf config.chvp.graphical.pass.enable {
chvp.base.zfs.homeLinks = [ chvp.base.zfs.homeLinks = [
{ path = ".config/keepassxc"; type = "data"; } { path = ".config/keepassxc"; type = "data"; }
{ path = ".cache/keepassxc"; type = "cache"; } { path = ".cache/keepassxc"; type = "cache"; }
]; ];
chvp.base.emacs.extraConfig = [ chvp.base.emacs.extraConfig = [
'' ''
(use-package secrets (use-package secrets