chore: add postmaster account

config/services/idmail.nix

@@ -36,6 +36,8 @@ in
     idmail-user-hash_admin = mkArgon2id "idmail-user-pw_admin";
     idmail-mailbox-pw_catch-all = mkRandomSecret;
     idmail-mailbox-hash_catch-all = mkArgon2id "idmail-mailbox-pw_catch-all";
+    idmail-mailbox-pw_postmaster = mkRandomSecret;
+    idmail-mailbox-hash_postmaster = mkArgon2id "idmail-mailbox-pw_postmaster";
   };
 
   services.idmail = {
@@ -63,10 +65,16 @@ in
           public = false;
         };
       };
-      mailboxes."catch-all@${domain}" = {
+      mailboxes = {
+        "catch-all@${domain}" = {
           password_hash = "%{file:${config.age.secrets.idmail-mailbox-hash_catch-all.path}}%";
           owner = "admin";
         };
+        "postmaster@${domain}" = {
+          password_hash = "%{file:${config.age.secrets.idmail-mailbox-hash_postmaster.path}}%";
+          owner = "admin";
+        };
+      };
       # XXX: create mailboxes for git@ vaultwarden@ and simultaneously alias them to the catch all for a send only mail.
     };
   };

config/services/nextcloud.nix

@@ -13,6 +13,7 @@ in
   age.secrets.mailnix-passwd = {
     generator.script = "alnum";
     group = "nextcloud";
+    mode = "440";
   };
 
   age.secrets.mailnix-passwd-hash = {

config/services/vaultwarden.nix

@@ -56,7 +56,6 @@ in
   };
   age.secrets.mailnix-passwd = {
     generator.script = "alnum";
-    group = "vaultwarden";
   };
 
   age.secrets.mailnix-passwd-hash = {

flake.lock

@@ -1641,13 +1641,13 @@
         "treefmt-nix": "treefmt-nix_3"
       },
       "locked": {
-        "lastModified": 1733348187,
-        "narHash": "sha256-B0PMTlkWm5o+Fi1Z4XO35zbU2k9NUMDq3g02EbPbXm4=",
+        "lastModified": 1733348844,
+        "narHash": "sha256-glufwHZDCoXjPrfvYSw8PrwQLyFVsg933gt/Gg4hlLE=",
         "ref": "refs/heads/main",
-        "rev": "803f8ba1f252220a4016b04a90862369d8e242f2",
-        "revCount": 21,
+        "rev": "3052ba7b255b8e3c333fcb318e79ce15c88dd2a7",
+        "revCount": 22,
         "type": "git",
-        "url": "file:///home/patrick/repos/nixp-meta"
+        "url": "https://forge.lel.lol/patrick/nixp-meta.git"
       },
       "original": {
         "type": "git",

hosts/mailnix/secrets/generated/idmail-mailbox-hash_postmaster.age

@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> X25519 7aevFsnisTj16MQ8hrnMJqoVdO2GdqFa61VF5Qmhd3s
+JDDOotDICHFT5GDsWICL42WdRPvOIudHWFtKFR8X3gI
+-> piv-p256 ZFgiIw Auh3jBccqVLTB9T8SWR9QhzzorSR80yiqZiJnPp85IBm
+Pqz90kaTApoMhsu1K+O6pz6AlxwCYwNKFAudgwZTlyw
+-> piv-p256 XTQkUA AzRKffAsl84k42bDdToF8VBH7+udjxjR4fVk1QzhnRgT
+GC+YxTrur4HOW1ISAklzLAi0r96oeKmDi9m7PZHLyPY
+-> piv-p256 ZFgiIw Ajo2bYvV62xdgqdN6yNDR4wAxU8eDEnJabHMWFHpeIXC
+gdAzE5yyjjXhvnpKQ1bjBHrvHRtzpHWVTCuf3Ch0/4M
+-> piv-p256 5vmPtQ Ali5/tb0SlcXv5DlTkiXM1YZdwT70QthX4sPBsa8M4E/
+WkCVnNcEa8y0i0quAFVBFp6LHJlqfgZLrfaBBStmNIg
+-> ~s6Dx@-grease
+xpqWvkuk7DHascA6kA
+--- K9fl8KcOT03MwDzk3WQR+ydPyM0lZ9xs+WKH17mO5Ls
+;潧³½*5<>nëSIç‰)<29>T€2}¡^1>ŽßbÄÄõS‹;ódËŠj¬­X1ɬôò2Kó‰qû*Åti°–ÊôPÍï\ïýZãg·`•´tvÉCTAãÑåú¥
^,µÅ<C2B5>FÔI5<1F>5†¤ÖÖaêÐÅV>¡<#¸âÜVz7ì™O.•zâº<>

hosts/mailnix/secrets/generated/idmail-mailbox-pw_postmaster.age

@@ -0,0 +1,18 @@
+age-encryption.org/v1
+-> X25519 oVLzhepmXagwDGJUWwHmXEZlGFJvWteOUpqG7gpZ5gc
+cRAXzInCcjbfN/L0fyGZLkJtj3bubTVIpaVkm3D9OVQ
+-> piv-p256 ZFgiIw Aj+RnCjs5L7obYYMCLwhubhwpZ4BW2gOlD6aCq0jzcrw
+/8m8naEm6nmQt+RP3SRVnYlzuw7v/BQr5JPe/MYIy1c
+-> piv-p256 XTQkUA A2TMBzo6mb1xzAnYENiOkNP0jhEe5yZJ/hrA6EK5awGF
+qOuFgeuGUfChycgoqvNEulUUc6PWL5m2LUdFtXogTFg
+-> piv-p256 ZFgiIw AujM2On+RI50CxXcOMRBFDavXd6rzlXd+ttOWuo1+Xv+
+PrJihyDyBROiW1DHCLNIX7vHWZ868u4RycjYMRDYolw
+-> piv-p256 5vmPtQ A5ODZJZcFoY/wKWu+zkG2vdVWdcd3Xxh75bnX29Tb+WD
+qwiBddu8JJ9O0nMv/kZFNn/20mD9mU7lBHeLkfYgsW4
+-> n-grease cr|`xZ ;[qy]j zr)E>J T`&$=u-
+cOxU3bUSgmPe3bXW5La8vJi2tmXDbNj3vRLd8CWfzPXdbeMd6OqheJO91mZ4S4OP
+3vRQ0OcoSgJADpKl3ekYhoHcK6WKO5bUyRtSNF9UOOZubdDQfJBKxCPX0FITHw
+--- jRPZAVo7C0sNfvxJL1nlRAMTyX8eYwbQ/GZu2FLGrWE
+2÷~-}œ±Ý¦8¤œsÂÂø¡Ð¯ñ‹»<E280B9>\·
+%øŒFB+L<>«ÌÊø;/üª-Ê’§èÈ®*°:÷øάÝévfÀ{ÒÞ)ôñææiPôã<C3B4>6¿
+H