chore: make some secrets intermediary

2024-11-29 14:03:54 +01:00 · 2024-11-29 14:03:54 +01:00 · 4e9a9de858
commit 4e9a9de858
parent 3becfbbf19
2 changed files with 6 additions and 10 deletions
--- a/hosts/envoy/idmail.nix
+++ b/hosts/envoy/idmail.nix
@ -11,7 +11,7 @@ let

  mkRandomSecret = {
    generator.script = "alnum";
-    mode = "000";
+    intermediary = true;
  };

  mkArgon2id = secret: {
@ -65,13 +65,10 @@ in
          inherit (domainCfg) public;
        }
      );
-      mailboxes = lib.flip lib.mapAttrs' globals.mail.domains (
-        _domain: _domainCfg:
-        lib.nameValuePair "catch-all@${primaryDomain}" {
-          password_hash = "%{file:${config.age.secrets.idmail-mailbox-hash_catch-all.path}}%";
-          owner = "admin";
-        }
-      );
+      mailboxes."catch-all@${primaryDomain}" = {
+        password_hash = "%{file:${config.age.secrets.idmail-mailbox-hash_catch-all.path}}%";
+        owner = "admin";
+      };
      # XXX: create mailboxes for git@ vaultwarden@ and simultaneously alias them to the catch all for a send only mail.
    };
  };
--- a/hosts/envoy/stalwart-mail.nix
+++ b/hosts/envoy/stalwart-mail.nix
@ -23,7 +23,7 @@ in

  age.secrets.stalwart-admin-pw = {
    generator.script = "alnum";
-    mode = "000";
+    intermediary = true;
  };

  age.secrets.stalwart-admin-hash = {
@ -585,7 +585,6 @@ in
          "${cfg.package}/bin/stalwart-mail --config=/run/stalwart-mail/config.toml"
        ];
        RestartSec = "60"; # Retry every minute
-        CacheDirectory = lib.trace "remove stalwart cache soon, it's upstream" "stalwart-mail";
      };
    };