Use hashed passwordfile just to be safe

2023-04-09 23:00:10 -06:00 · 2023-04-09 23:00:10 -06:00 · 3412d5caf9
commit 3412d5caf9
parent 1065cc4b59
4 changed files with 3 additions and 1 deletions
--- a/common/server/mailserver.nix
+++ b/common/server/mailserver.nix
@ -43,7 +43,7 @@ in
            "robot@neet.dev"
          ];
          sendOnly = true;
-          hashedPassword = "$2b$05$hkmwXGJSKuG/1.SmLecWSuzlq1F5pjp2ScoipQoVLR0ssSN5MgRs.";
+          hashedPasswordFile = "/run/agenix/hashed-robots-email-pw";
        };
      };
      rejectRecipients = [
@ -55,6 +55,7 @@ in
      certificateScheme = 3; # use let's encrypt for certs
    };
    age.secrets.email-pw.file = ../../secrets/email-pw.age;
+    age.secrets.hashed-robots-email-pw.file = ../../secrets/hashed-robots-email-pw.age;

    # sendmail to use xxx@domain instead of xxx@mail.domain
    services.postfix.origin = "$mydomain";
--- a/secrets/hashed-robots-email-pw.age
+++ b/secrets/hashed-robots-email-pw.age
--- a/secrets/robots-email-pw.age
+++ b/secrets/robots-email-pw.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -15,6 +15,7 @@ in
  # email
  "email-pw.age".publicKeys = all;
  "sasl_relay_passwd.age".publicKeys = all;
+  "hashed-robots-email-pw.age".publicKeys = all;
  "robots-email-pw.age".publicKeys = all;

  # vpn