chore: make some secrets intermediary

hosts/envoy/idmail.nix

@@ -11,7 +11,7 @@ let
 
   mkRandomSecret = {
     generator.script = "alnum";
-    mode = "000";
+    intermediary = true;
   };
 
   mkArgon2id = secret: {
@@ -65,13 +65,10 @@ in
           inherit (domainCfg) public;
         }
       );
-      mailboxes = lib.flip lib.mapAttrs' globals.mail.domains (
+      mailboxes."catch-all@${primaryDomain}" = {
-        _domain: _domainCfg:
+        password_hash = "%{file:${config.age.secrets.idmail-mailbox-hash_catch-all.path}}%";
-        lib.nameValuePair "catch-all@${primaryDomain}" {
+        owner = "admin";
-          password_hash = "%{file:${config.age.secrets.idmail-mailbox-hash_catch-all.path}}%";
+      };
-          owner = "admin";
-        }
-      );
       # XXX: create mailboxes for git@ vaultwarden@ and simultaneously alias them to the catch all for a send only mail.
     };
   };

hosts/envoy/stalwart-mail.nix

@@ -23,7 +23,7 @@ in
 
   age.secrets.stalwart-admin-pw = {
     generator.script = "alnum";
-    mode = "000";
+    intermediary = true;
   };
 
   age.secrets.stalwart-admin-hash = {
@@ -585,7 +585,6 @@ in
           "${cfg.package}/bin/stalwart-mail --config=/run/stalwart-mail/config.toml"
         ];
         RestartSec = "60"; # Retry every minute
-        CacheDirectory = lib.trace "remove stalwart cache soon, it's upstream" "stalwart-mail";
       };
     };