Use hashed passwordfile just to be safe

common/server/mailserver.nix

@@ -43,7 +43,7 @@ in
             "robot@neet.dev"
           ];
           sendOnly = true;
-          hashedPassword = "$2b$05$hkmwXGJSKuG/1.SmLecWSuzlq1F5pjp2ScoipQoVLR0ssSN5MgRs.";
+          hashedPasswordFile = "/run/agenix/hashed-robots-email-pw";
         };
       };
       rejectRecipients = [
@@ -55,6 +55,7 @@ in
       certificateScheme = 3; # use let's encrypt for certs
     };
     age.secrets.email-pw.file = ../../secrets/email-pw.age;
+    age.secrets.hashed-robots-email-pw.file = ../../secrets/hashed-robots-email-pw.age;
 
     # sendmail to use xxx@domain instead of xxx@mail.domain
     services.postfix.origin = "$mydomain";

secrets/secrets.nix

@@ -15,6 +15,7 @@ in
   # email
   "email-pw.age".publicKeys = all;
   "sasl_relay_passwd.age".publicKeys = all;
+  "hashed-robots-email-pw.age".publicKeys = all;
   "robots-email-pw.age".publicKeys = all;
 
   # vpn