From 4e9a9de8587639d0d8610b53807cd3792a729db2 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Fri, 29 Nov 2024 14:03:54 +0100
Subject: [PATCH] chore: make some secrets intermediary

---
 hosts/envoy/idmail.nix        | 13 +++++--------
 hosts/envoy/stalwart-mail.nix |  3 +--
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/hosts/envoy/idmail.nix b/hosts/envoy/idmail.nix
index df2dd32..f5dd09e 100644
--- a/hosts/envoy/idmail.nix
+++ b/hosts/envoy/idmail.nix
@@ -11,7 +11,7 @@ let
 
   mkRandomSecret = {
     generator.script = "alnum";
-    mode = "000";
+    intermediary = true;
   };
 
   mkArgon2id = secret: {
@@ -65,13 +65,10 @@ in
           inherit (domainCfg) public;
         }
       );
-      mailboxes = lib.flip lib.mapAttrs' globals.mail.domains (
-        _domain: _domainCfg:
-        lib.nameValuePair "catch-all@${primaryDomain}" {
-          password_hash = "%{file:${config.age.secrets.idmail-mailbox-hash_catch-all.path}}%";
-          owner = "admin";
-        }
-      );
+      mailboxes."catch-all@${primaryDomain}" = {
+        password_hash = "%{file:${config.age.secrets.idmail-mailbox-hash_catch-all.path}}%";
+        owner = "admin";
+      };
       # XXX: create mailboxes for git@ vaultwarden@ and simultaneously alias them to the catch all for a send only mail.
     };
   };
diff --git a/hosts/envoy/stalwart-mail.nix b/hosts/envoy/stalwart-mail.nix
index 12f31ff..bf36c5f 100644
--- a/hosts/envoy/stalwart-mail.nix
+++ b/hosts/envoy/stalwart-mail.nix
@@ -23,7 +23,7 @@ in
 
   age.secrets.stalwart-admin-pw = {
     generator.script = "alnum";
-    mode = "000";
+    intermediary = true;
   };
 
   age.secrets.stalwart-admin-hash = {
@@ -585,7 +585,6 @@ in
           "${cfg.package}/bin/stalwart-mail --config=/run/stalwart-mail/config.toml"
         ];
         RestartSec = "60"; # Retry every minute
-        CacheDirectory = lib.trace "remove stalwart cache soon, it's upstream" "stalwart-mail";
       };
     };