From 07b6b0fc08d730bcf7371c8ff4a73d4aec161378 Mon Sep 17 00:00:00 2001
From: janabhumi <dmitriy@ideascup.me>
Date: Thu, 13 Oct 2022 23:11:12 +0300
Subject: [PATCH] add mail server to magenta vps

---
 .gitattributes                               |   2 +
 flake.lock                                   |  57 +++++++++++++++++++
 flake.nix                                    |   7 +++
 machines/asus-gl553vd/default.nix            |   6 +-
 machines/default.nix                         |   4 ++
 machines/magenta/default.nix                 |  19 ++++++-
 machines/magenta/mail-accounts.nix           | Bin 0 -> 865 bytes
 machines/modules/common.nix                  |   9 ---
 secrets.config.nix                           | Bin 1724 -> 1907 bytes
 secrets.nix                                  | Bin 176 -> 199 bytes
 secrets/mailserver-users-family-passfile.age | Bin 0 -> 1469 bytes
 secrets/mailserver-users-jan-passfile.age    | Bin 0 -> 1423 bytes
 users/jan/secrets.nix                        | Bin 1627 -> 2166 bytes
 13 files changed, 93 insertions(+), 11 deletions(-)
 create mode 100644 machines/magenta/mail-accounts.nix
 create mode 100644 secrets/mailserver-users-family-passfile.age
 create mode 100644 secrets/mailserver-users-jan-passfile.age

diff --git a/.gitattributes b/.gitattributes
index 2563acd..f3daf0d 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -2,3 +2,5 @@
 
 secrets.config.nix filter=git-crypt diff=git-crypt
 **/*.age filter=git-crypt diff=git-crypt
+
+machines/magenta/mail-accounts.nix filter=git-crypt diff=git-crypt
diff --git a/flake.lock b/flake.lock
index a1e43dd..bfef15b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -42,6 +42,22 @@
         "type": "github"
       }
     },
+    "blobs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1604995301,
+        "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "blobs",
+        "type": "gitlab"
+      }
+    },
     "cmp-luasnip": {
       "flake": false,
       "locked": {
@@ -246,6 +262,31 @@
         "type": "github"
       }
     },
+    "mailserver": {
+      "inputs": {
+        "blobs": "blobs",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-22_05": "nixpkgs-22_05",
+        "utils": [
+          "flake-utils"
+        ]
+      },
+      "locked": {
+        "lastModified": 1658267644,
+        "narHash": "sha256-NJRe1rnlF112eZwxNASlRL8/ghwD8g+lpHIYRkWQxC8=",
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "rev": "004c229ca44c069d93c92abf67ff1619fb508c6a",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "simple-nixos-mailserver",
+        "repo": "nixos-mailserver",
+        "type": "gitlab"
+      }
+    },
     "myneovim": {
       "inputs": {
         "cmp-luasnip": "cmp-luasnip",
@@ -344,6 +385,21 @@
         "type": "github"
       }
     },
+    "nixpkgs-22_05": {
+      "locked": {
+        "lastModified": 1654936503,
+        "narHash": "sha256-soKzdhI4jTHv/rSbh89RdlcJmrPgH8oMb/PLqiqIYVQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "dab6df51387c3878cdea09f43589a15729cae9f4",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-22.05",
+        "type": "indirect"
+      }
+    },
     "nvim-cmp": {
       "flake": false,
       "locked": {
@@ -451,6 +507,7 @@
         "flake-utils": "flake-utils",
         "hardware": "hardware",
         "home-manager": "home-manager",
+        "mailserver": "mailserver",
         "myneovim": "myneovim",
         "nil": "nil",
         "nixpkgs": "nixpkgs",
diff --git a/flake.nix b/flake.nix
index 44769ac..79b0210 100644
--- a/flake.nix
+++ b/flake.nix
@@ -39,6 +39,13 @@
       url = "git+https://git.pleshevski.ru/pleshevskiy/vnetod";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    mailserver = {
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.utils.follows = "flake-utils";
+
+    };
   };
 
   outputs = inputs @ { self, flake-utils, nixpkgs, hardware, ... }:
diff --git a/machines/asus-gl553vd/default.nix b/machines/asus-gl553vd/default.nix
index 1a729c9..afbd5ac 100644
--- a/machines/asus-gl553vd/default.nix
+++ b/machines/asus-gl553vd/default.nix
@@ -20,7 +20,11 @@ in
 
   # Use the systemd-boot EFI boot loader.
   boot.loader = {
-    systemd-boot.enable = true;
+    systemd-boot = {
+      enable = true;
+      configurationLimit = 10;
+    };
+
     efi.canTouchEfiVariables = true;
   };
 
diff --git a/machines/default.nix b/machines/default.nix
index 2f2e97d..ef936b5 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -34,5 +34,9 @@ in
     system = "x86_64-linux";
 
     targetHost = "45.131.41.215";
+
+    extraModules = [
+      inputs.mailserver.nixosModule
+    ];
   };
 }
diff --git a/machines/magenta/default.nix b/machines/magenta/default.nix
index 252d3e8..fe61b95 100644
--- a/machines/magenta/default.nix
+++ b/machines/magenta/default.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 
 let
   data = import ../../data.nix;
@@ -7,7 +7,9 @@ in
   imports = [
     ./hardware-configuration.nix
     ./networking.nix # generated at runtime by nixos-infect
+    ./mail-accounts.nix
     ../modules/common.nix
+    ../modules/nix.nix
   ];
 
   boot.cleanTmpDir = true;
@@ -16,4 +18,19 @@ in
 
   services.openssh.enable = true;
   users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "dmitriy@pleshevski.ru";
+  };
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.pleshevski.ru";
+    domains = [ "pleshevski.ru" ];
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = 3;
+  };
 }
diff --git a/machines/magenta/mail-accounts.nix b/machines/magenta/mail-accounts.nix
new file mode 100644
index 0000000000000000000000000000000000000000..a7674f9e1b923623fcb9143e6cf9655c832aa901
GIT binary patch
literal 865
zcmV-n1D^Z<M@dveQdv+`03L5A@pmiHmRtw8zb^vg<jP2_)~<+#a~}}F=RAy+rdCjC
z_~UwC9hOSx@z0JqN5$W#Mb09(fCk$i(8yB^ROulZakU?@VXIhSNHqE@U4dD11RJw*
z$_TlS%y&5D0#2it+pTE3*s+w_@IxYcfC<XtktLVs1E}wm92aSZOS$4Ss+OE9y3tF6
zi-@3a6&DLM-P!2zif70kG58(blqYKOj73&!#nY6@@f@mUivN$Whz~%qaNtO)K6^B*
zVd*RV-3IARez1tDFC*!C4EwUh8OFHr0J~q*8dusLb`#Me&MP(NHWwPxm%cib=CkWo
zZkF&xUNPa`z$nV0y+i&cE{!{Ee(!gjCO6L7q{X&ajznsemjalBdha$K#z>mu?y=b$
z5*5L}f|ZGRGRx&K8s>;Aae<-~<`y{rhXAdH<e#LC(%W(J7eX7m9N*za<F-}aIvMaR
ztJw&4Sn)fv>10A0wEWlhkECxq2*=*kd`$_q^&4ouJh~Yot2lj4NQSe(sH-DlN2Ry)
zlyC$uTEwU1an)$iWevw^us(lzB8^KoF&}`C&I{l!J=6aX09bTRnylERSp;x4Kz2?+
zK>5?^_ix2bYmhUJ==@+oD0Q!jlBh^tphOU76iBz3#+v3na>4>Htijlm#AGSGD+DF|
zkK_gT5IG#4Z;RLWN<>^?e=F8h_<Fr}yUPKzWj+io_aFwm=9`)WqmxtMF9HPrsomuA
zx%?cCCSeXmQO=A>6r!GI^*lE{yS%Iu0#M}0V2qS~dCTMbro3UH4cgDf;Lhxei|(rD
z$9ubF$x?C@NZv_t7e652yvzCXM89-0bh`4IozvP`!;r<Rmc%mKHBs&)S0*n1F}T{F
zH2a?x03SnVkUrS0D1>|l7!K6dG=Af$0$}dp!6eLgfMIF`Yv<bdxAnH&*iPv75kGUT
z((hTg&BNdQN=IVwLl=0YW`K?K7MN?uKq|OTeaK-3?&A^|sj{`;q|)oV;(FE(1u_CB
zF!n0m_GiZ0`y~u5;K090TWgtjJJ9w;Q$u8hE3qx^HI|+5+i!5-2R-6cFp}R*^b;7y
rq-!5K8XXn`yD!kch3Sr{)R}`mw#z9ngtgR*S`zH#xuUebAcdgjk0-gx

literal 0
HcmV?d00001

diff --git a/machines/modules/common.nix b/machines/modules/common.nix
index d0b7ce1..4087f7b 100644
--- a/machines/modules/common.nix
+++ b/machines/modules/common.nix
@@ -8,18 +8,9 @@
 
   users.mutableUsers = false;
 
-  programs.zsh.enable = true;
-
-  environment.systemPackages = with pkgs; [
-    gnumake
-    vim
-    wget
-  ];
-
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];
diff --git a/secrets.config.nix b/secrets.config.nix
index 16c5ea6c11027d54a11bd87240a403e86e4d7198..472f409e19147373cc8d148e529f78b5f02577f1 100644
GIT binary patch
literal 1907
zcmV-(2aNatM@dveQdv+`0BhcOU8R~Fk;%CFHgmE?P|6W<J`Ibt?*3xW-3O3~56eOg
z6Zf3I(#!{8f{cP>-XGGQ=6-@z$|C4_*`6UX_`kI->YK?Li(1tq?HdE2A(I>`Qp~`;
z+%ovq6hg=crcd$Y4je>{n~wX@78?!)2jRP*Mv)m`@J+w7gj>KDa8}pUeP6{C=zT15
zAbst9Y1M=JCph^2d3cvc{l%;hfnM=ocARu2RcJIY?b!7816cjlrsk3?>|q}>BWa=M
zC(xV=8G|QF76~+#RjU1))}D!;Pg+Z`Mr{>l(iu7=I%Os5v$s~g=T}XSsL2##=l3&Q
z>MA0ZvI)PmY&_0~OQN8ag2ZA_v>xrrUV*oO>Y{_*5#mq4_ZzEeWF7;q{lt&?mY2j(
zua=$3aL<uk2tR>7KQL9sy#-95&>FwMM5u)2_0sK7`-l3n^gW50!(_2n8u=Mc8LtrT
z|7tdaYHS{wd#``aPCkDl+f&m7{A-<B%XP+5Rr(J}Z?&cdEm%Rn-ZSW!N^OEnwTX79
z13m%nj*Zz-0_SoS$1!!>iI-?R?Tg<S#~$heQN@Z<g#fx&NR$l^-`Pr5@f>_V<M|p{
zqQWN0bh`eQqQY2Nm>IsAQk3uF{a)z*@UL-4g&_Eg-5i*v<8rhT+@gRC#W_p%BMsMo
zIF+^8)sLBy@T~~c(Wu~x5DJ!2k(RDJ2@ts{DzkN~0#~O*Tr~BBOte^wPh^?mz&ONR
zr~=hO+<_|9_^l+P#q+-7D37sFQ1GP<bR``Wx?da>;|ha8^yT9s_1I9SNfnO2&azUf
zzojw(5c%8LDAvRSBZc^y@Ih7$5y|7lZL<C1Afj@5t^Qmss_2BZbmNUbkw;e}Rc0$S
zp5$dR%&#93m6|F*4lH^umpof9)>3Bi7jPD$7_2hQ*2NIA<;MaGVIl!BrY;nIRV@w@
z6FusnQBXDyeSjnpoL3%$1oweuZ}ev*Bk_GjC=xK77l7wcs}7lu=M@%SBWtj1etR7>
zo({aD2gt(oa6{1I2q!;&`cd%1?97q`l10`d=(9~B<#FUCm|o;Rm^Vm9&Fo&p(x^Ko
z^HsKa|F1)f)2e{A7@qYvW&i&<2AoIE9)hkZ?+Qhi`3`^2)Ul3rrfc)pfzGwPlQ9D$
zpcgP$-44$H;#>!rJpT7LwcKvIY(zT%LR%M&Ncm0*n=rvb>{enaI%l5`lhpbpB_X9?
z^xi{`Y%X{F8I`@*06srd(t3?Gmc*Nc`L-5T%aCg=4*s4Si&F1&HYT%gIk1S1XJ&%c
zuAVJp-6|R6O*x-Pfl7p_z+~EaVkkqF`^P*OVFyjMwjzDWu~dhjv5U>fS=O$|mp(KP
z_C|uzE5o??p@}r=J8iLQbLTZ09(fqVaUuU!Ves#=h6i}xWOvm10`vZi1eUuw%zHVK
zhUzKK4b5<ddX;?2ik6!Cn8b-*_pB$<)c{2e&rc{!nz!XgeDP)4YU&0)<F_<Lb9C%z
zzwu3njTkaQiOgXxy&{`4q~norY|%`ve|($JB!)d*YTxdg@?iQjiEsxx#3d}wgH`a~
zyE?jl9Irh#1zKQ<<#)p6bPGB}NkA;yyw+E&1X>OCmSb_H?t(bokd~zsFVrikd9@ro
z0wC^CzJ}d<cJavg^nUBILYO5>{_E&O-POZa_4wwIdhws{`p}`g^-zu9^$CCw3PrKK
zGcOdV;T^1-)Ln^+1|Z`K{&)C7DSsn=hS2vmMfc6ReBwbQXK)xKgqx;`A-14KDzk8>
z6My!ox~q&FA%%j01*-%#_3y$|j}b<_qfhP#o_wX8nrRdS{Z|5^UdpqnZ75o)r!D?B
z)8s%-RmIGb4L7^252jjXc9VavWa;keVc5k>zyW}3?bJ~LbE0vF<_niYFF#o_-XF6w
zy>&DgHvO?>*MC-VJ>kb}S8nM;_R^*nLG+!yNeCb$h74YWN{#0bbkhg-Rci8XPcW#;
z_L7$8veTkos<m_5gx1+rAH8pGtunqQTZ_`YThvGqYZ~C8rdhJq#Z?0YRg>0*Cg~h?
z9?nZ3F)GUBjUCigYDS!RdepSn{5Su&GFCxpjRBmGVE37^kZ?TQ|1~1w2-Irynm_Zp
zV1-ajskOWzp>eOJglx2hb0pFSA9`Irt_P=$cOey9<!&Q;)A(Dj_cHP+&6(1hG%=na
z@`2p<J_a!2wPo|nY@TJMeWWR6<G%%xUK@Kbn+(b1d1kM_@@vLd+~Z^9rW{qHdk~`m
zB^~QtymZfy;JO~gI!bR{jlnkbX)iB*Zv$ZPYuvdTsMkrci~gdUU43kcZykPJO(b0u
ziYrY~u2;nyzp2{SxL+IH2J@kFS`@)Ql0ntnu(^qCF|Ly<U3KdcZ?UcLNy0o+k)nCM
zc+$t2!7w^OELa~r3cL+GD0j$7Dr!@!per5sqerIdkCdbi2z?-aP`167SsqJH_X<Kf
t!E6L;?1n3>f@v&GO&!AwxkeW(sRq(5G->C``3y^&?X=BP87Z#Ec03LVwaowk

literal 1724
zcmV;t21EG(M@dveQdv+`0AtD>;FLA#!i-hT8iUjkwv%9q1t)J`mj51rKOS|5i(uH9
z3`w#r<HW7zID-?l3}c?p3?9QE%7qKaJbl1+D!gzW`YB9|V<GQCtf@k99{Gz9$Y%D2
zbyfpgs^Q#FUE8ks^r9QK5T}GIo|OlAcOmjoT47L+2h!)x#qiLqv12}ZE0!>8Fm_6J
z8sr3M5lXH|A+-D=6bcb{S+I-+bCc1#PO7GKNz=irk}9kyh5ao^%A;q@6)3<KJXASP
zxkZ5J9_KFTs$D_@0`eh|fV@oVb54QKZZ`M>2m58m+L92T3xv%A_*+|n=x7sTY$c<h
zHhM%Q1C$t<zHt-s8|=_&<;D$b8WM{qJI`Qe>PTda>-hv>S9tSN7m`OSNz}w8yg!;7
z?ICqkq>;Az<T++Q>9a2NDPu!Jzo|n(&sfg#<gR!sFR(DO+o;y;Fd5v-?;0xttC%_R
ziDc{%6I$_LChKWX78hg8+kG!GE;M+iQ$)#}fNsE*l7yPxlI`UVqgaxHZwY*N10+Kx
zWSCb^g78TCZ|lhVZ!H8EC3UslpxdMKO<nLL4QL6sJ__qLK?8%QL-4^~p+3*p{l~UN
z6jrvwJrjwWELwBTu-cD|y6D8JOzb2;X^50yz6Rf!{78neaX3a7Rj&~25HiJXs2>7~
zHV9|?0723Dg{9N2KI{92)BQ=Cq--wLC%k-xrtd#uhM!#gYiU96R8cpXXE+3TP>Xj<
z#XXg8BXxhqzUq)`Ze?SbA*IS6{CKGmNuKqNe0ob=$u>_G6-xGG7k~RvHEfJNUUEYX
zjNm76^tEsVTx{YjZ)5F1=)k&5a!DF__{e%RG<MA~6+L|&cBbvew#hUDVZ!qk$Iy%<
zC~D-@=4Q1g!IcyMxq~oBD^)E;{cWr;Z=EZHj#X$2q(<a_rC^>cY2bGrnUk-d39b=a
znK~|@WD6~W8+2sSft?G{)jvOhN9sgvk@i#*u=))#>Agjr{1ZkL-m#Ef`Q>%R2*Qio
z#D5zA2RxP-e>1o)BS>o_&RDW1doQ+{ANy*BETGN)fI{b5=k>1H0KXr6hN=_VF?*q$
z&JD)X2~@l{&L`gK1gzU`B~Z$2XGmyi{srh6wAzDjO+FSQom3kVt1K#B#PRpKQh#r1
zh}VjM&@_5~*tp+3&`fIBBz)yHTeV4RWfOKUd4P_?H8Y%O$_;(=q-mrwWd>xPW?y;-
zf2GyD_wtGJ`9d9I$O%`w5?DPPe<&J%dt8nA^x>J-0FapCxt-2skAg^fp>7@U#&@vF
zbspqd_>qtJp``gb0CMM0ch1#hct~0-7#3I+FgZ=@K&;Ax#JOah!p>WHky&Qg*ckY#
z52t{$8%FtSp>`$BW#Qp#6LQu7Nqs9CkL>DZ%!hMg^MA0*DyaFB4USZh4dYHgGqq>c
z$13Lss9=o|dKs!+kv7?vu$wEOQN0efnBZMXj;2JG6SCTVA3qfDZbuKw<AP1lxv`Ne
zx}*p{RX*^*TYGnrprV(0NOro7L$nH;CruqtjuvXo`TmHUMfgkhy6)mSd=o5H&5AfM
z@un+@KCttVf*5aj+;SgZf)dAy)eFNgR{u_6u72c+UN|J*1*+z$O|;G{f9hMr?fG*o
zb;>mr^;m|7+oFHD;}ZP*dYaWb7&{Z_C9t&}(+1$gqp#WvQ`V3!jsQux=98yizk@Tn
zT1(K{Z_QY|+n+&fs}^Z>OzE9!axA^^*HBaBJ1rG0vTfoIIr1+C9B+}K2X^jrw{ryi
z=rm(&yjoMDENiWW@h>0pbN>YLe?FtC<yBnTkOc3R49u-~(~$ws^0_A@PURW@GRb$o
z+<w5~LK!M+4KYlrrQ;jk^&&S@?5a9I9ao|pba9*KpyP&r12h&$XeNyJU{kHq|H4iM
zjob+X<N8TaWVN!1k}MTu6FB1H*Y`R~>8!~^7si6Xh8cvS-PAPfdG9?6g{fv@1)<8j
z&SaVqt;Z0N0duanNL@c1M#u#TW1_2WDYKc+e7F{LEg+Fa=Eb}6i^1%e{nAZhlfARk
znFG&&BQ96sIVc73*mSU$O)aL#;_q!Q$bQA1p-8>H&C@WtedYdZkTgTxeO1~#{j_3%
zBcX!@E7FV7tI?nLA`IpJ;tK!M`VN|QYkdY7lQhwR@9au(^DcfVie!Az_^ka(keZIR
zjFbMIO0`&li6wW{%aiiv_<hh<A(3yYO5GEIBM?A%&orE#ONdDnTpZI4-?}S`A>AxI
S02F@Bg;-W6I142t^$%h1)=tL&

diff --git a/secrets.nix b/secrets.nix
index 43ba5e04ed18f4a789d03cd1c9167b88f3fcc0f4..00bbe781ff04ae541361e0865bc53218ed49a140 100644
GIT binary patch
literal 199
zcmV;&066~uM@dveQdv+`0I3eYjDA_Bl(67gvW6ie<j?f?@wYd<njJodavmD~AqaG^
zfx}P{jh12)hlz%6W1P-8qtx{2duqGc1!j*mkOc6rXVJ6EoTrPNq1fNI&L}=lJj_!B
z4-t8_6Iww1P2f?f%3?`mtxtwU^afB^yW@87mm?Yyu>`t0xa8D5^bW`x^>PK4be<9^
z2~FyALS)kP9Vf*7SgARRjdBm4+A}zsrL&kz8XT?ZBN!?rgfC@64qtE`hIRDP6kkZb
BU4Z}q

literal 176
zcmV;h08jq_M@dveQdv+`0DSL1)=bp?@ZIpcuOy@95QdhiP+0<_dbJgA9b>`5tBJIM
z?q@KdGiN}qSOOc<_WS`H_DEZ|rjA0yok~h^y4(}eu@9+o@kOO^z+1#Z{>mBLPfO7z
z_+VkF<Z)_K+@YBAnk@gY3&cdA+MUbi6=lhkjYDi7uwVGJB7t;o2cg^^Vno;xM$@yf
e{O(o~L7G$$0~b$e%gP{LW9733S1^wZHGXoCl~)!3

diff --git a/secrets/mailserver-users-family-passfile.age b/secrets/mailserver-users-family-passfile.age
new file mode 100644
index 0000000000000000000000000000000000000000..3e4005069596597076f651d91ee013d9242abcf9
GIT binary patch
literal 1469
zcmV;u1w#4&M@dveQdv+`07fbCtBZyNb0Uo{Z^f)fc1D(!Q%E~^2$A$Mh9{y^SC72q
z|HAV;)w|cyf=5SxI=DPZ(Ad|0%dYV|nsL~)N(~(?O3}Iz&ZU#iwa<9Cg9YD5-vN1g
zd_<b=KohV}N@r*?kgC0G0hNzs?^g=s23IJNcHci_)O1otoOAuf;ewS2w0`$k;+s18
zMw2pulyiAnvV#pV{yPSGOolz(EUtm9?|i{kZ~)(1Da?ei-^i{{de+u3Z)_n}^^Ye%
zpQ!Nn?jq!-sYNy-v&$LVA<tY`{J0PtCdJ0AN`}A6_RJ95Re}1mL9e&HA47aoG##PY
zeR-;^>9F{&tn~^ew+y?5;3IXk`h^|;rRN6fKaW!&KI?F#y0!w|AusLT(x%Jhx7;U)
z$95OvR6OAxDbG%idB8+i(=R}?{A6Whf1rlqXx2vfEN}@0;14NFB2<i7sVzB=|6yM3
zd~UvyrLYLI@;0sLn;~H&@~1$Cf1(L%a;}rg<Z6Ps$6>&E?VX@1YMKKu@&9CmFm`ad
z+ZU`qmNm0tik6++@(M|;e80n<VZ8bhAA1vqf>u?ZfTOOqk5B6V>OIqAJUTL|^PGMK
zqkv!!u*4f6Jw}6Kaz#1~odJ$$cr<=49V1=ewUxnCK;e@EMcZLXzX4AAnTm_;*=!R5
z<^>SE^$h?9K-0I>Y*;amyfQo9V+Lp=Xb&nFl=c>9!(7u3(B$#C>C%H!a@hb2cq$ec
z6NfF;Ep79fnMWiaR=|U_iDFvJ7LGA$X5H2j$BR=g&uBF){g=o(T-n|>ZDkjD(`|{M
z-ti%Brl~T5XV1%@e@zD#=dV5Cw14V0h9oGZKwhc5mbPx6bnd^VV<W8UyCcGI)9flY
zu@4@kZxL}7r45)$-~lEV5|bcN*R_YHZ8Qj3%bZLfs4(Z%PtAZ2xOHY5fRoTOWfE>>
zjoSCKKHx-GotQA3_;cnGtzzoThxwteGkRP5)M?Ch<mh*}<(}EHumh!iFI$bS<D4{o
zY460iHBAbW|Ay@3&u3kL7V{exv`;Prpk!=61xz9~le;7-#bV&(<1wzpJF99h;n;iN
zzjwLrvaICN(KM>$3_$L|EC{cS#c3Uxax8c*u@7wycmG#CtWRJfTtDYVIs^%40DiB5
zU*b(uyRZ}+rgqS?_ik_z?I!3?f}uj0yj4-}BWh(P(nFFg)%Q3dEC5nalb257K~!t<
zp2wXxcY9`WpoFR1KC?oS*}zFadWK7RZo|*g49QqhftT)xU8R~lT6jksi>1_qkl@2r
zpmc*qvxw#t7^nV!Njp=CA~0p#JD9YAN3yB6Te-RW-_r5Cq-32*`%LVOXkCtZ^be<z
z6!C+%iaaahS-m@_w(tKLgdlWKYY<E8Y!u1I)DT?2Kb^t*0;?n2e7GWT4<*+IkZ4eC
zi9Pz0=_*Q1h8S?R<SRZ!ikvBz*^LhpK_5@N70KoAYRb&$TD-F+xPo70OtmbHaaIbe
z4Csbw;xqUEs8;5nTYmbUOc?~ccT;8p`YYez!ir8o$8+yFJ2>0&zZF<V0UK;i*(#}?
z&*L!znNh5w$Gel@pv-J|EHsX)rxg^$pq0!?-9~9uvyk4iv3Z|9Pq`k!u`%wIlM#wB
zY!cr*t<{G}^v1khOseDZt%Q~gk}dFK28ZJHiASq-0yCCTJWCTdu|YZ`iEX@}7`-Sc
zaqY?4=yOX%-H-Tn6pI_)F9Pw#g2w(2f9Wqy3yyX1L$>TqrSz?<^ftVk<WLu>{x~4#
zeapV|OWyoMRRbFe%NjAqeTuwKl{N7c-kMA5S5~{~-I~?wMk>`^sB_Lyo0;aYu>^cn
zdZ7Hs#FU=jBnYcO$ix{?vsb#{DwaEMzD3Sit-$SWgke<8PrWZ%d#Sa?>+%FJx{wxR
XKs+^Q+U<E;`-M<f&ibO3|18It^K|2h

literal 0
HcmV?d00001

diff --git a/secrets/mailserver-users-jan-passfile.age b/secrets/mailserver-users-jan-passfile.age
new file mode 100644
index 0000000000000000000000000000000000000000..af8c67b69c0dde2fa0c6b37f0185c17016169440
GIT binary patch
literal 1423
zcmV;A1#tQRM@dveQdv+`068v65Go2LN#K}qRT*re81u93|2m%FrDS!d`jP2Bv=1gT
zxV!NYuUyDiBf*bcYqFr3<_%FOgABSA1vNcJE!si-WfumXVhzYJDxcTrRZn15ny#qi
z^4PT)yU@oD0atXfX01xkZ`Y=rHRX9I9Ra<Bk9WR3Yq_-~s;Wpm+_OLqoUO{9AA)uR
zAPX&*;7{=%xzHF1t$PzPe;O5#9d|9RTu%zri7%JrMF^9b*90&Mgc?ao*=;V@*Px2P
zXXaRUVsp^gYE_wnEGiT9643ZVw+#Fg5e&SVs3rX^5gQM4Qjzh4-H|R>dsq$l@rGxs
z-p&zSu0g!mS}SU)g^6GGY_f@s<G2Y-(DpN|C9ryEtXO`iQ(U~?Ki|})CgyhDXRd>L
z4(oT#-cqUZIX4GZ*qx8-r8zIYy39)(=zA|NOHu~&zh}r}tfLN3Jklh^{4jSi%CgIO
zuq&hCzU8!Rw#gTCh>jS5QSKRQ!G@_hfr<{^F&+2AI`LbWRk5p?J`d-d&+>O&+%gB1
zt9o54pYU{eLQqjjUeImIAKF{?{~w5Lw{!=$c><>AkHa^(clPqm)im%l-=eh44F(S!
zQ4`clF)MQOVy<N)ZH(9td4$x_ob&3Le<(~_Fap%+;)g8Yfo)>M-keII&RZrg3{WVc
za;AvaBv?J|jlcqJ6Hq>?95SYwV+O;SFUdj$1F3bG%BW%U$bJiN9K;1E3xzv5Y3-Ol
z+{Sk>7nl~)e=Bz~MO4+AiM<aPOy?A8QoGJ<-s1mhx65wZaRG@#z@z()$>OuPq-~Qx
za67p~fD%g&O;Pg6^Ed2zbUnngwI7+ZDU_s`51LT&QH_N~|D#Ll;i?zI%mKcan`;+i
zSTPiZQp@&5InZ_PdrrCzN*qSMHtmzl*H_IEQWFzxBRlUD#TMXdi)+(WJ%q9xy3;F(
zp)VD>ZyWBGiVSksjKk)JJZPLiv4_3<$<Jct?tMQ%1p9PM<3qQbUD1;-sfU(!&#MLQ
zEqBGz|Etqy`=Wa?!F3%B&4eez9eczxdixtP;iiHvJ-fAD7<iqh`pO-C5Ct?0<I%#v
zxH`To^jal%z-MD2cG9oLzPbI@GGb*kcX{XRr^IdmyjeGQ*CUf(LTE45xTY!pMLApU
zCSZMUPhd^YHt1^Za@zku7vT*!#7A9j(UlvDF=-%192NJUYm9S7%o`^5IG=ZaC^w##
z!A-IhJzH4%-n2ROOq3!_bFLHAZ*CEf+n^S+T5Ml|(bC7t!P_KNLs?~C3~Kj5uQrwF
zQI_2nChkm}(U_W-P8x`{C|q?Ew((~m@DJ|GldrVM=6`7yd*>`#S$1PCJPFAp)@+7X
z^*6A<0T|8_0S-HqZO`rgv*0kuND0eQv@YaP8q-e1Am>9`A4c2K$~ec(>lqldSPbUQ
zts_ruF(G0D4LKR+8|kE-;NP`MA^lODZfzJmys)Fj&_A8b_QI>K7SB>LWn6mJ={GM6
z;^)0-piKd6HI3KcW6B9H4@Li&5u<Av$y8=j;}27VgoGVs^lVn5zB3@+wY#0tR?NOO
zt~|KO><4G<pQAQrI_z>6zdb~5G4=efo1oD&e4K>Bn-l&^brl36)J+IBAQvoOn?<ey
zUa1n=BXG4k5SD!B>{okb7@SYN9icp%jpc)qGR%bHYH}}<E~|a#(dSij!(BaQBtxj%
zlvsMozJUZjx-CAs@k)m`edSi%C7`CS;K0h%bDIzA+gg#s#7l{R<N{pmuWVPN|6|!p
zmOGD{k7|T<wx`E8vVp}0a9~gzdj%|EXx1Rl=XXXpQENjC(IGyHLtT=`uMeKFI=Rn@
dUi-WX(_4S^O$y<%x%C~(PauDAA1Tr^G2ZRKxD@~Z

literal 0
HcmV?d00001

diff --git a/users/jan/secrets.nix b/users/jan/secrets.nix
index 41eed1ddfa5d7fed5c70d3c28ef67ebafdf26c57..c38bdc76f31b77fcb2f7b5acd243bce609032e8f 100644
GIT binary patch
literal 2166
zcmV-+2#NOqM@dveQdv+`02f2s^Y~OX?g2XI`TJaR_(kX^I{g_=Y@3UEA@qPA-Pwtm
zoOS56^=Ya(#$ld4H}<Q7j@XmQfY^a)!0AO)p{ldZHtk|(2Av`qwF3lB?0sho@q^B@
z@|@x=T>ngz!nOoSm^3mZT8f(iFClXQ;5&zL#uuhs3J4{Y@l&Gxdv9F$6AZhH>Zgnk
z067i(q6~~(K->xa!_VsjR>4e0NFPK>(J*|UQr&%2MCa|F=QYl(jYR<;;CqWW%6dS!
zV;s<hOgAJU*YkP@r!P2+N?^$)6r_D*+kmb+2){{L;(2NzahROt_FH_bST$bCuD_YU
z<SV+zFi_LUUR;4RioUA&i9cpU6eu4r(s|eKIo?2g?M(EF!`^iW>gEw;YiJY6*I<s*
zs`)BB&SdQrHrgO`ghUG?(xy&}<ebyx*DF1ENE$bSE10P?+{$>oGw_Xyb)i98;}H)i
zN26lacUF$wYjTvv4I)Ce7r%<k8;q}A=w(Jv7IFR25sG)~I-q{a@HsbdU1{&?BwL^4
zX&7pj%XmJE8S+{vAb5;msg7L)&VyVbsY+ChD7ml_%5U+-9n==QSALwM3xGXce5f-o
z6pZdoi($6zoG(e4wgDPNfTGkwD!sl}$@1v;kVrrZVB$DDGIc#ouRNv$u%Q52`6uP3
zl;VC`Yv?ZI6XY>}Yt`=~R;80%0-hWhu9r8JYa<%qTlbblLpQVFr35tP0}#Rm6BNkc
z-2!9B7Ch;H<ozieqk0IswH2|1mwC7okZJcl6Af|w?LdecNW1YC$ys<RV&)IB>BO@R
zw{U=d?Lc@^UF_ooM-pEZzH2#;I^=w6B;y!R9%9rq?k8ekjKYGFov+v%A^Z8)!v%aQ
zS8!|HX$oG>4-ND1m_Pf+1wyRN%8FEj9?pRS3*YAKHj)<%`5_87Gh3~-Dv4D5(W-I9
zB*RoMIJhqH#Q5zON|u981f;ZfJL0yIP*$-A$TwiH<SzF$`4s<pPUniW1;?~?^E3@M
zy2j=(Vr?S6ILjJoMHd)7<a_LuXz>A_UadEY#A`-Fmv=pEIrUupAlQq|kL7VG_PJlt
z&6iX3vpzW7X3Wwc%wldFwdcOe$nlXWM!IBaIU#rg>KX))!>N4Xk@$Ebr`=gHz0}{J
zt|j53uIgewY&k^m+&eSgDGgVa<Fc!&J(**To&TTtZpbfnt;6&s`W6{xHyD*PSewJ8
z3;SD#0Z3u~*Hny_(X+&_q%Z*V_x+VAAs6QKh!TBsV&7;%<}?Ap3a%84j<?>{3{xMS
zM-}wtx`8w#4}Td9JTK4l(%7_lpM&lD%pw7KA??Q3R5_tG6IR-&8!C2O`VW~9zq-y{
zDfEd&>Wa?S!pe8g=1DVt50;`+U1j!u)3V2qF=kPWP%p_X(HxDk#U2=MUu!9%a9D&J
z+`Jp2X-!^rhGyRej9`wY-C`0^E|0dP87Ee;`8vK}r0h%yV^kX3dn{I8YUSs}0EzW@
z>nPJWtPhFmW|Uj={XpZ69l>JtZNyLvG{oyBXl(#B>1`II3$?yo#xx#~db_SESziQH
zZpG3X#636dKsZnLpKDCC{U9sSze`xNJic9Mkp_$Dx4I7j@9%z3d}(TsuRlg*X-Sc4
zvHy%*5nu{-?Rkl@%RO&`%;o#GR#F}2g*mG&534&|&tpVBIx&be0F_LCj(iX|9B(VT
z(Bf-hnS-dl;5NAa-YYlgYmFJEo)HWVhBg&Biv1lC4o_%KC76}=WON6d3sO-$ClX?`
zeyK;`2P>+hOjHn%PD&4LRl{aP*7`q(c3@yM`KA`(trY3yE4NaBh`>HceM*t{tzA3U
ziKO+M+5>qP9ej^dQv?j38w0C3-W@oedORKkzz?=o_;tm45O1nV_~CRO$bmE@5D8qa
zPGJQe9?f$zi8jE#n=(D#$J%7ld+iRQFowdhdgIQrCPBrBDtfoAk;4{h!K8*YKcvft
z$A7q_8A`OUeM`jcmgru|(+zPbS{6+dLKrDh0X~;=o-hNf=n=1mB<$B2fZV_#>|fq$
z*9ctt>RV=-V$eFwVhsBouQbG_rlP(S<B2e)Qxz?D8{q{+d|TY$=uqNu$J+%&oS7Df
zFM{bXGu=C)EpG~s5hcGv7<m30CEQ<RG9+cW>b~rr-^Ld@4!73cjK4}~QGN<^Sk;45
zy%0S6_i*;}*InZ+Hc{)=tAx@BA7ms*Zk#SZ--80OKJ&n%tV(x~of-^Nfj+k$*m^k$
zBrw*raj1DPp>j3M4n*lV@2(IgctH0Ak5JtqgN|8HSptE_rEAht;u>X`poBtNw;tAx
zv%uUyC(d~r7NO#cj6Ja-W3e5Ei1=M6a#ZvY+Ut+YE<2Uq?Or5->+S3E9MfLTtsmU=
zyBu=Kr+sTS16r=PY<EleP5fMK*wzeIs1r~8)Tf`0yZ>*FGE}@;tbHK>5U`zq=cbSB
zH!9@3G%5aZ<}i_rz-eePq)<$cyYikOzq(BjeI2Zn?*D!Or1iTJg({7$-mdXx=+M=I
z$KA;-ovsA-5b1tW#4)Pa;o_d-(o7RjQp~)TQFK5mo$jzeas?p6F=C_i({UyfuE4YM
zwb`A7(JAs#`pDdV+Ih;+MvkuRMTEKyI@n6D2(0k9YdWE@=8T-kLO1pPEEQY?G^(hC
z;%0Z*qE6?hq5>d<@jgRCTtGOHKARtqsPGC5IsHP#KJsa9y*=()Pwz<IhSNSWUln+a
z5D-A@KK6c})#9Jf^8pB85Pk^zfF4p_UGfA*4BF{Z@ZK2>BI9FV_Cb$jq3<AQWc(&W
sA3oRK_|SX;>(sRvWe?s7hVU`Xx^gV3V!#qs3+>33y`IsxWER|I=;x^?CjbBd

literal 1627
zcmV-h2Bi4_M@dveQdv+`0DX<IFa!95{kZE<L}23Ije_JOy=yv>6C!{TA&n_Xg9w?+
zj2jwgoPex~0`sR`Xq<FOd>^mBmr6xkiWHC@Q4+cWD>X47UAq`6*L_Xi!3EQmFnI(<
zOzq*%YtB+<5T`E)sqB1^p0RX>cby%@BoV&XmG2iKaZ?~RLUp#6|HufUM}_O15=pWc
z>(@b0!EHTDVNotU3H~jPrQtnLyatb?=sK5wji0^q1t(eEmSzZ@2SS#LMXV5>uatO6
z_%gFL3S|)t4t~uMt7Po2jGoK^Fr>8>@)M=cV1-dCoK$FjU)hBT*r^?7MP#)zZ|!N*
zk8O<G4JORk9qVJoZpJ46^(pjRQD^Vx)^ETp1zxxymJYN(5U*nmnX<M~K`0QEz=0)G
zrl#;nkF@TXg{&=1k3@9kp@;<ZQ?t?dOe(4`+Mf<7r`dSzN~?Lb5)MdL3Z2}F|D00p
z7MYISEHsx0^jfkEpeCVVe;f;DRY5ZjueaF%9;r$CR+3}_IFLPru+2|BL^1sT*W(s#
z*YL>vZAk?Gb<OhJEKmVG$BM%4CrAy5e~Y<ss~1^*!i1OJg=A)wF9Pk?+?MG(BVO4L
zpJBb`FJRN4lJ%KX4fqnO&a#3*CjFhb8I8M8onU9hS!fhNda@vUdzOT<`?SFl924P>
z{g6mta<mKf2J4DGujOgk54q1=Qs_<Ekkj;=h1*hDb`8MPLWm3RWNpV1*FXdVw2RZH
zYf9}P6$dD0={6SMc-@Z#ZHizQf%^*vNF&sW(Q1p<lUA4$Va=oM$LQanR1LSLIGina
z>r(}5o!tSw<vmRn(crBTEjo(C*j0QrZ=CJidd^#TIWgOCBqx_VDZ#m6ras1QA0e6%
z+~+8h$;@Q@$k)m?(UV1YiUz=0*GOI7Z{NHw75-<f&iY%#avrFbQnHRBQ^5Y-FLxo%
z2I?{oL;p9xxAOr?tLQokI_EY>V1b5ibl#{ICx!aZJ%wJ>e^bEYxlJ(v6i9Y^sa%R3
z{&R_8Gk$n?_?|ikpOj`qOgr;Iumw#3%_HR2wmQ%)De`+GjQiVzXUjssmL_spj~^N&
zuZx|*h=wAN<vc?4L~5x5Z~}^eXz0<W!oLIPM}61q!MJP8LOkFtB#ZaiC#OZA+*<I$
zb7l@W|2HdV*A~M|SXjsKF4MhLoz`12d+%P@CV0l*Ne@9CRCHpl0zQAW?nGJ3own4l
zU?y<H?}Z6MgHQ-Yk_c!PMP0Gl-i+G=MJ(yDd0U&5tw*swCh+8)Q|~M?ZYDKj`K<Mk
z3&cU#>t*x|GR7ohjdfeD7nT56=0RlhUfB`8klIqbJIE6e1Lz82(CiIy78EQr`XnaS
z-~PQUd54YP+IOpf(_sBo-cwjAJ{9Z$$?Drrf{D83^+SJMJ22boz?`n2U*tWPg82`K
z?eNtiT()4_nGz=Mrg7`eqTVpr7m)Sh!{7*;i6=FJZ-$;TB$ruX#6JV6RCCi^5SgvX
z5P!FQ*cYa1Z@iKM{PuTKh*))r2J=gq?6Vky*TY}j4Y{c>3AW}v%6(?-bXuMXreIQa
z@ct|A2T#p;Zkb!Jcuyr<dbIbTKr?vGU#Ma<SeA4)49^=KOUP6Zp?c7)AMWL8L4XvB
zc3}yS#RT5KtJEAl5PejVNa%l4_n+W<O2Ie8ixb^Xsvx5!Wn{r#CHWnFe~qV6;d?cu
zsL15!z&5@0_qHp_EuOWZN93;fh|>XEfndiLDvcy^8<gKE$MfYzo&a;ATnuczRN^>b
zfJH<reD=PsNFYwSs%bV1FcQ{GlHXk&V+ey|`^Wv-&~-6F1=G#VsiQYp?6CSnJ>iyB
zhE*1<|7ARjsNG<g<VUcHqQ<l3;AhTp!-Oho6ZN=8j}mbPw<v4teA+qU$b03$;=MhB
zQeaY<s$xJ+R}=)?SZrYYb2s7%QLt6liUjzE{G=sO&6F^Buy?9Pb<b-^2v}aeMrR4v
zyQQjJr({EswJS9X2Z6YNblEdMazkFqb-oP2?TrK|FQpg%M6#B6c=FRVv%!MIeq5IH
z@{Wk$>0X=2{h&praxhq?&M8WPVOSnJt!Wk4d*6EynS#H+<`FRGp^Tc81>`_j8_XgG
Zi=qB>?#Mgbb<&dLeX5jP)xr?XPT$+cBv$|c