From b1982c595cb8bcaeb313a5c96e16a56b9836f238 Mon Sep 17 00:00:00 2001 From: Kyren223 Date: Wed, 20 Aug 2025 14:25:18 +0300 Subject: [PATCH] Added cloudflare email token for stalwart --- nixosModules/secrets.yaml | 5 +++-- nixosModules/stalwart.nix | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/nixosModules/secrets.yaml b/nixosModules/secrets.yaml index 0a706b4..5acef12 100644 --- a/nixosModules/secrets.yaml +++ b/nixosModules/secrets.yaml @@ -1,5 +1,6 @@ github-access-token: ENC[AES256_GCM,data:VXzObn7doHiMzHzzLaBp8Awe3lO256zUoC8u06APR2WQitvJZs1EIqJs92rA5aORny4J6EahBaKRlcrur8oxBfRSAYkzXrECNm6E8mDYFelKv3sjXlPC3KHvHWtNewkkOA8yDOjdvw7kQVWsqZcO73GxZtN6/LgNiZfW7HMC,iv:3jr6uz+3ZUmIXP9aeqzOtvrHZhbc7Wpbdi1ZA0L8r+I=,tag:4eaV7GsdGrP7sLZAPVIDyQ==,type:str] cloudflare-dns-api-token: ENC[AES256_GCM,data:NtHjCIgY3O3hMdscGeBHLTzgxnW3uvIdf4Pin/v41ZV1YdsPtz2rXA==,iv:r5jOfkYFUgadCePCTCGeoRtmnrSfRCPytxwUBdLX290=,tag:Fq69nnShzj7QcGT4cPGftA==,type:str] +cloudflare-email-token: ENC[AES256_GCM,data:twot+HuzODJ12M19hLpyRItmDGOGh05cdhC7T0fonkNUXlMf/AO3Bw==,iv:0MVLBxS5y1UV7qd7+SiFgu+3GEe3ynrt84PUA9MkFoU=,tag:U5eA9q+LVZjMfKn0g/c57w==,type:str] gitea-db-password: ENC[AES256_GCM,data:LHru7hpuT9dmEsfEfcsejfcyoNo2JHITmDzxcqHsj+XCBgQOroi9t+I57QN/Qs6+0Eq4wkSq3o2E,iv:mM9xzbXZK9JUMh078TvsNoMtb4g6dffQmRnYqC7UFf4=,tag:k3v1lKhdYSejoFgs3HTk2g==,type:str] syncthing-gui-password: ENC[AES256_GCM,data:CSQuswlhnCX1ChRTffWvIFodQ3vU4PmlDj8H7MjtQ7aWEok330V2Cqs/4EV0PnVtFd3uBCQ=,iv:TqNYonoB7ygN3PT67MFjythf8a+gNPEwDNdtNadMHQk=,tag:hnGs0Z59EGOUKtit9wGD+A==,type:str] nextcloud-admin-password: ENC[AES256_GCM,data:qLpqlcZtXt5q1U0okGplawLP/9xK0M8rM7uMdu6j1ld8G4rT8QhM8dyBTJWQPdopoCbjaOE=,iv:iMZqEOq/zDbCXwAr838SNAi0OyLOaN6RXC6XM4ttNF8=,tag:m7I2Lj0ykm5U9mWr4f/tXA==,type:str] @@ -17,7 +18,7 @@ sops: b254YjZLRm9odks2Y1Erdk1NSU1CVncKnhMnBLjSLfMO3A7gTUI9vIRQvaK07I7k mQdtsGZM+1FqlbxsFIoqji+xrqAvcBQENott5+tuFM+ePT5EjQUYGg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-07-06T21:25:00Z" - mac: ENC[AES256_GCM,data:+Ci6U61xgNN2sF+w+XEytr4Yavp41kkHy6PjBa/kiyazBPt761vkikGHeXdecRJWhbr72La9BrcXehI+FjSvFKdmozXlIXWCe/mOeNc4qB4Klcr34WmiCJsJ/XlHOnod9ZdM3Ftr2sAyJ7UjiniLYT+alph5sz/P1TJRjkplK1A=,iv:/sL1NZSKNC20Wc/WJmBCj0u2tnJZxcQqHCpTd/iBtGs=,tag:/CkMG5vIiOqC8pnmISBEpg==,type:str] + lastmodified: "2025-08-20T11:21:33Z" + mac: ENC[AES256_GCM,data:dX3unBFbr/wxZ7Bktlrn5F/Eq6jniNcACKGo0SCqkmCEGCypDTiEGYQUgA/1DUWKsmIHR6E8IVLZtEReQ62F8us/UkfNlBTf9A/01rkylEGBmWYzXTjeBVz2u/iQ2TjH6CYCMDddqhbQQ+HjXJObsMAGELrqHTb3RhFT+/6y3MA=,iv:PIKJT3d2Xr6VQ8yVHUnQcb8VcdOxwgil+/W+S44G5Rg=,tag:IHBd9iysvsTaEj23ThW8pQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/nixosModules/stalwart.nix b/nixosModules/stalwart.nix index bf1fa01..df58a3f 100644 --- a/nixosModules/stalwart.nix +++ b/nixosModules/stalwart.nix @@ -23,6 +23,8 @@ "stalwart/acme-secret".text = "secret123"; }; + sops.secrets.cloudflare-email-token = { owner = "stalwart-mail"; group = "stalwart-mail"; }; + services.nginx.virtualHosts."webadmin.kyren.codes" = { useACMEHost = "kyren.codes"; # enableACME = true; @@ -110,7 +112,7 @@ contact = "user1@kyren.codes"; domains = [ "kyren.codes" "mx1.kyren.codes" ]; provider = "cloudflare"; - secret = "%{file:/etc/stalwart/acme-secret}%"; + secret = "%{file:${config.sops.secrets.cloudflare-email-token.path}}%"; }; session.auth = { mechanisms = "[plain]";