From 3412d5caf92f053be12c11821dd221ca83a81f9e Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Sun, 9 Apr 2023 23:00:10 -0600
Subject: [PATCH] Use hashed passwordfile just to be safe

---
 common/server/mailserver.nix       |   3 ++-
 secrets/hashed-robots-email-pw.age | Bin 0 -> 1101 bytes
 secrets/robots-email-pw.age        | Bin 1133 -> 1155 bytes
 secrets/secrets.nix                |   1 +
 4 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 secrets/hashed-robots-email-pw.age

diff --git a/common/server/mailserver.nix b/common/server/mailserver.nix
index b58cc9d..319c0bf 100644
--- a/common/server/mailserver.nix
+++ b/common/server/mailserver.nix
@@ -43,7 +43,7 @@ in
             "robot@neet.dev"
           ];
           sendOnly = true;
-          hashedPassword = "$2b$05$hkmwXGJSKuG/1.SmLecWSuzlq1F5pjp2ScoipQoVLR0ssSN5MgRs.";
+          hashedPasswordFile = "/run/agenix/hashed-robots-email-pw";
         };
       };
       rejectRecipients = [
@@ -55,6 +55,7 @@ in
       certificateScheme = 3; # use let's encrypt for certs
     };
     age.secrets.email-pw.file = ../../secrets/email-pw.age;
+    age.secrets.hashed-robots-email-pw.file = ../../secrets/hashed-robots-email-pw.age;
 
     # sendmail to use xxx@domain instead of xxx@mail.domain
     services.postfix.origin = "$mydomain";
diff --git a/secrets/hashed-robots-email-pw.age b/secrets/hashed-robots-email-pw.age
new file mode 100644
index 0000000000000000000000000000000000000000..0044c1876d847b117382342cef64fdb734f70d9e
GIT binary patch
literal 1101
zcmZY6z3bz20D$oW!6CQYq$tP*kpqo2&1+K-A#ZJ(CQZ_$Z4&X0G;d9lCTWuPn*??B
zcI7x6MED_yizwm?3J1FA;^LyaDB{Z|sFS$Xzu?2e<Hg}1%>Ak>o21B}E2<bhW6<CQ
zxUP4DFu*Aa8^dkE9!3C`w`&&*7Na>rM}3AR$35<h$CI(;X{}g#F5g7RMwl^}37~8Z
zNL$H4rSm<>g;AOU%v0^*H0%=5^sqX0DB7oUpCvD~!xk_t3)?bf>jK7zv+&GeTSZ$3
zd1cGZ85t2)CxCNWVhF7+j;Rkh6A&(YL21J>jZjiflgjG1fiLEz?6%X6;!nv)sY}%r
zFE!l5ogIKztD#Bey5||eYB)aG+uj^Dt+G)hc`{p=G}TywvIHEL%pf##&ebqZfL}M!
z(a3orwU?$!GrH#0a${7LXHDJ7QCvBfTA&(E5yPob#_YuK4@~YX*y6+(+0Nh_D=av)
zPmq!C3Pdkgdx>BnoC7<>45`BcYf(KR*^QcUG%oUyUlV=>WL`VQVZ=r_d#TZ^g`+Vn
zG9s(b6s6bpEvgDUZq%E&R?vJCX_T*wWplbZv|7}#GpHbsk~61wIV%|akdLP+t;P(l
zv;JYn$V=(0F9Y_Ni3R<?Z=EEt27oQ$To|hmA5|;KZ7f6$P_h-QR&|Fb0%-I?Uoyc$
z&JnDDhMpBMoY>7Xxhk6Yj0k2ObeKqnMLj=kcd^k<Cwds7RD9XC?i>j<;GQLR$75>F
zwjPh`N+gcQ=aq~i>-ixmr(KNiPGgr}1op&-(hO|6RGn4aieUH67A!Fb<<mqt^i#=N
zf>4VYUY=|<M7`8@dWq!#KAi|9K08{o&%ywkcCEqNM3GY>M@!6<%eKc%v*IGECM?vH
zL(7c_fo|IAcnd&rE_sHmDP-g%wA#cevj_9WGLACypZ2soh^x@6L)bN5dFt60pLrgB
zaso@XkU%WqrFuRp+$8a42v;h#sa6>a7-a?x1_OARd2@=SQe(q+Xd^WyCXow3tqHy;
zH@iH+6t=G#aySA28s2++<h=XR{p(*p`s*Wqyl3C>a`c_o7I%KQpFQ;DU)2X6{lfqL
z@ppGI?ETmO{6zh{XCA)s*k{XIKi&NC_8VWl`oz`jntbD*>)(Iz_P4*i`SV*ZUtRn3
Ro4Z$kKe+WFee>Rfe*v#cZdd>S

literal 0
HcmV?d00001

diff --git a/secrets/robots-email-pw.age b/secrets/robots-email-pw.age
index ff9a7250e6d74ce5167cce0ccd9362df2a912fc8..9935f577bea2481b1a1900f4458fe52d8a1583d5 100644
GIT binary patch
literal 1155
zcmZ9_I}76k007`c9Wve|3R+R8*vq?3;5be5PLsB2UQIah(&n8ukLDd*<p$AFklWqd
zZWQDY2M4zk5ky7hCIxpFaqag9J}(O9L4LZ9Ws?;7-QpTS9Rken&+0m!2R=#=2sIlD
z`m*e26A}((2+9|tr4FcPO+7vZC)VI)EIT_rfgQFs0>PDtn!w&_sv=bP%^(z4YS{UT
z5J0;!y-=d&E97cnMF|gcJPWJ0+vV7k13hbFWh3qt&?||IrX;vVS`};51TK4q#~EjH
zJ<}x5s(oAlVI$EzLGFEF*{67=9r=A;b&bnyspANOqn)t0ZHbzrYPTEep-$Y-NSDJL
zxOCf%Au>CXpgMGcWD~Ydjrz2)k8!5M4Q#s|N&@LwQ-Z}Hr?_Cb-PKt)yA75|#iT>n
zz?-3+k*7)QTxM_HZoaBHMKqhtknM@dW}>Z96el|tG;rDMcVg=yxxww=+Ekf<A#A|`
zK&PTRZjqK++m<}Uf%Y`X>>2DiC6wZg%cf1QE4Xqt>f3EW8z>abdX+hJ#%73USY8=r
zbA-pV&RcD>?rKVn*Cr@u>}q#j3KEcaioRfTM)Gk{SW8@MsjQKqonLE*B1s9)<t~`L
zuZO(2-A0k6wSK1LM6|NJ-mCV<GnF5*)El??b!CxhNj5=c@_8loNt`7(kohJX(=2td
z&`b)XZj`!>;+?g?K{JOyN`%sgl;o-tk=<_A=!lRuOWD&}q_+)pNNkp@mK`GFyr%3H
zw&>7ddN8S0UtL9~&`-d=BRI(o&9V~_$MNuGm2*NOx~j!S-Le>v0Uqs|w6$%2yT!W_
z$@|$At|+*1e6krDoflS7HTrt%8#tdVR&u2?ZXgtcmTn9a0E<{~vSWurh(i<#i>ZNT
z8$*^SmO9mRVoqFWAD0LMk^gTGjsBiBkFJ4N2Y_4?q?fNOW{sMq!#gEtj(n+S$<DXX
zV~J#4ulwynQ&!6=ZIIzIDsW%>#W|_A(AtlI6U9~HfUBe{rQn)6hbEMCysr}_E~7NT
z#1UCe>xBi(=kwYAGWgkwHya)jt;LR1)r})4dyrG?AdsB03!_n#b(TK&z#rd!_0vnt
zkH1b|e*OE?-<~}F=&#eu&p!C<-{;sXpT7QyH-4zxeHDA-@x42k@uax(^z%pW{rTX*
ni@=*7KYK@hm;U1U^84!#f4}|9<440c@Bj1K{h!}@;k*9;l(2vU

literal 1133
zcmZY7z3by-0KjpVL&ze6?l~8S&};M7G%8Bo`pbLsq|HmSXqxvlP12<8lN9uSa1c%o
z2N85ua5xa$TpR>nK!=+=5gZiJ$w55V-~9z2zVHpRWRlcTH@2susqZyiHof4;<aM;~
z^GOmDG>x<9&~OI^qTG5N`Eo!SggAP=Y&0iU-zh6*vllLBX$|;8!8SFcWFtVjjJIMh
z9pkxB*JlmVq2SvqL+P#2bRkp>{aS5KncSMnZSAmwi-ALN+7VQ79WUC8dBO`SqK{_N
zh_dfk`Z0_tYVf@)jFnJ`5K%o7ltg2>w;=jrP^P_Q*Ot+So<*$OM3SHf%#Kv?!&4d&
z65AZ2{&K;2KsYR!I5j;>Un`tB!%CM4OmIVnW0i1CJ2Latut0K7t(W?+<ITOfq_Iu0
zb!m;?0!~ks$^p0%EYst#<RP`c-4+{Q+hnNj3KY;daP6%)<F+<b1KZO<>=9NrElQm>
z7<+*G^fE-qmAtvx2YQ|P-LPR?Hn;NgZYy8LE@zKATd{M}&FYI}>C|m)&TWWkhR#iq
zH+;%vRIhC^fgXciueG?Xb!O&s@vt-PHKuipQ8mbctVK@h7F|Po&cW2nRL&gUxN6so
zEi4{)vMOfBBSEIoZEciA4nPzalhvl04<T_NN<ot-eeP`ws8%bSjQhCp<x6gQnF2tB
zj3%y~a(L;Vn3W7eXVCa=4k)<gJPK=j6<ow7+^Z{Vc3X4Dtvm&2c5LxvdQFlN^0n(}
z7VdfyRStmlBi_h@rN5}@t<a}VkEoU~4H;i(k4848O5i1~HBGCnSJK5rgi>X?1dVCw
z8GouRw_3c0C=Ey{kxkJOPOBQD<hI`orb5s5J`T>z*<3|I4Ne>1Ati+NXFH=4;o4f4
zrBj6UW?^J23D_7mhlwPBNDp?h9b%&Me_KA0-@f}2H_5sr>=Oh}{7bwEXHiTj?S87a
z1F?^^;CzD64vJpy&k@_`=|MH}j#qbQwq`PtcH<}8O7^U;5H>$}y1fVl@}#n`G?2+;
zg4znTV40i7H5WHp<#~?5w(<}b<6PO}OfQS1iS2Bju2v56@ZG=fncUq6KXsox`r`4O
zZ~uAa%}2k!QF{+Qe)+ji(ck|3S$S4l{*}JJd*_4S-z%PZ75nk)*B(Fr(Kny@<@f*o
c@%fkE{gQq~h4+7$ym;r~hcCQER^9#o078p-G5`Po

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 33f40c3..344c0cf 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,6 +15,7 @@ in
   # email
   "email-pw.age".publicKeys = all;
   "sasl_relay_passwd.age".publicKeys = all;
+  "hashed-robots-email-pw.age".publicKeys = all;
   "robots-email-pw.age".publicKeys = all;
 
   # vpn