diff --git a/users/myuser/default.nix b/users/myuser/default.nix
index 4fddf4d..1409256 100644
--- a/users/myuser/default.nix
+++ b/users/myuser/default.nix
@@ -28,12 +28,6 @@ in
       mode = "640";
     };
 
-    age.secrets.mailpw-206fd3b8 = {
-      rekeyFile = ./secrets/mailpw-206fd3b8.age;
-      group = myuser;
-      mode = "640";
-    };
-
     home-manager.users.${myuser} = {
       imports = [
         ../modules
diff --git a/users/myuser/graphical/thunderbird.nix b/users/myuser/graphical/thunderbird.nix
index 82f7302..5faf4d1 100644
--- a/users/myuser/graphical/thunderbird.nix
+++ b/users/myuser/graphical/thunderbird.nix
@@ -1,31 +1,17 @@
 {
   config,
   lib,
-  nixosConfig,
-  pkgs,
   ...
-}: let
-  rageWrapper = pkgs.writeShellScript "rage-decrypt-yubikey" ''
-    export PATH="${pkgs.age-plugin-yubikey}:$PATH"
-    exec ${pkgs.rage}/bin/rage
-  '';
-in {
-  accounts.email.accounts =
-    lib.flip lib.mapAttrs' config.userSecrets.accounts.email
-    (_n: v:
-      lib.nameValuePair v.address ({
-          # TODO genericize
-          passwordCommand =
-            [rageWrapper.out "-d"]
-            ++ lib.concatMap (x: ["-i" x]) nixosConfig.age.rekey.masterIdentities
-            ++ [nixosConfig.age.secrets.mailpw-206fd3b8.path];
-
-          thunderbird = {
-            enable = true;
-            profiles = ["personal"];
-          };
-        }
-        // v));
+}: {
+  accounts.email.accounts = lib.flip lib.mapAttrs' config.userSecrets.accounts.email (_n: v:
+    lib.nameValuePair v.address (
+      lib.recursiveUpdate v {
+        thunderbird = {
+          enable = true;
+          profiles = ["personal"];
+        };
+      }
+    ));
 
   programs.thunderbird = {
     enable = true;
diff --git a/users/myuser/secrets/user.nix.age b/users/myuser/secrets/user.nix.age
index 025279d..cac5e81 100644
Binary files a/users/myuser/secrets/user.nix.age and b/users/myuser/secrets/user.nix.age differ