diff --git a/flake.lock b/flake.lock index 7a1f93c..37a728a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,32 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": [ + "nix-darwin" + ], + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "apple-firmware": { "flake": false, "locked": { @@ -260,7 +287,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -278,7 +305,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1710146030, @@ -296,7 +323,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1710146030, @@ -726,6 +753,7 @@ }, "root": { "inputs": { + "agenix": "agenix", "apple-firmware": "apple-firmware", "apple-silicon": "apple-silicon", "flake-parts": "flake-parts", @@ -826,7 +854,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_4", + "systems": "systems_5", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-tmux": "tinted-tmux" @@ -905,6 +933,21 @@ "type": "github" } }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index b46058d..4577477 100755 --- a/flake.nix +++ b/flake.nix @@ -86,6 +86,13 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; + inputs.darwin.follows = "nix-darwin"; + }; + wallpapers = { url = "git+https://code.youwen.dev/youwen5/wallpapers"; flake = false; @@ -165,6 +172,7 @@ inputs.home-manager.nixosModules.home-manager inputs.nixos-wsl.nixosModules.default inputs.stylix.nixosModules.stylix + inputs.agenix.nixosModules.age ./modules/default.nix ./overlays ( @@ -179,6 +187,7 @@ zen-browser = inputs.zen-browser.packages.${pkgs.system}.default; }) ]; + environment.systemPackages = [ inputs.agenix.packages.${pkgs.system}.default ]; } ) ]; @@ -191,6 +200,7 @@ imports = [ inputs.nix-index-database.hmModules.nix-index inputs.spicetify.homeManagerModules.default + inputs.agenix.homeManagerModules.age ./hm/modules/default.nix ]; }; diff --git a/reference/hosts/demeter/default.nix b/reference/hosts/demeter/default.nix index 906fbef..5d89278 100644 --- a/reference/hosts/demeter/default.nix +++ b/reference/hosts/demeter/default.nix @@ -7,6 +7,7 @@ imports = [ ./configuration.nix + ../../secrets self.nixosModules.liminalOS { home-manager.users.youwen = { diff --git a/reference/secrets/default.nix b/reference/secrets/default.nix new file mode 100644 index 0000000..5257833 --- /dev/null +++ b/reference/secrets/default.nix @@ -0,0 +1,28 @@ +{ + age.secrets = { + youwen_app_password = { + file = ./youwenw_app_password.age; + owner = "youwen"; + group = "users"; + mode = "600"; + }; + youwen_ucsb_client_id = { + file = ./youwen_ucsb_client_id.age; + owner = "youwen"; + group = "users"; + mode = "600"; + }; + youwen_ucsb_client_secret = { + file = ./youwen_ucsb_client_secret.age; + owner = "youwen"; + group = "users"; + mode = "600"; + }; + tincan_app_password = { + file = ./tincan_app_password.age; + owner = "youwen"; + group = "users"; + mode = "600"; + }; + }; +} diff --git a/reference/secrets/mutt_app_password.age b/reference/secrets/mutt_app_password.age new file mode 100644 index 0000000..c14a539 --- /dev/null +++ b/reference/secrets/mutt_app_password.age @@ -0,0 +1,26 @@ +age-encryption.org/v1 +-> ssh-rsa 4p6DaQ +RDWA15a/I8QXTtqtsEXUG145kgOxWVChj0S4cM5TYyjNzFLJ+nam2dExwvPvNafD +M7fnCzmII5vxmQ2T/EIUEHwk615SnboJA/jq9K1j3+gP6fABB1Zks5/0tKAFUfEC +6A6IhBs3yr6mQlO08o8kw6tWcVJQyMOVG+7/UwmcXWcCPm5M2Zmk0GeXjcmMCFcy +lvKUmm2LUkYt27ddaP8IB700GW4E5kx1bnP6xLpbQj61J8DRoKHvTxAaOBQQgvft +nhX4+ohlVoQ9nA+U90kmGvH1LkwocmzyFpy/0paz9FEhoMPRd18IdfmdPiU7Yt1n +8HunKk+4Di/jBPXUUAjq+xyh7xSpOHEIL+EiI2WRe1NMhJqkByPIjFlsus6fz8Ep +TR082K+j5Eu4nWOXhHPAvszXEM+tneiXHzoVtfQeGO0e3YlkTk3GZHo/hDZmCZRo +SksTEQ75rdtFwlM0f0FtPE5TW4fJbmvl1Kf+RXxpnNV5ma2Y4+t54Y0pgvkU3vs7 + +-> ssh-rsa pv6HEg +FcEPfecYlD/kNSmIB98q6lFSlR/zxWnO8tJaMKxOLfGSraunn16eLd++HRMTvt72 +ItLYlLqfSIbA/3XXZxeaurCl9ClAAeAam4aImyuU3tCfhJhPtjQUUepU51yr2O3T +Lf4Aw3C9RR45WcGiTHk4bvwVq7RpUFSrzUntDjh4WlKBCzNJlV7yI6jEspmLO8Cz +5Do/CtyKQ/2wJubpgB/SPX7um2zqms+/j5muqugCV6iQ92FOikN1TLtwCP3YH492 +oQ1wE1AZpIu4B2laI3aKymYw1RScWOfrJEGcIEOpVGAmKrnaYisWm5JgcSzraBXx +I3l3tXUNoXEqvyW4+t7a5vGZ8+xj4zcJou314LSXGS5tLiKgSJKVSMaPYbSPur6f +6jSejPKt2+hQwMWxcaui3ziTwfPM7Xs95M7Vis0G5cCYSeHIgsVaUe7BL5vFx4lB +Wr30ChssfZtpFSETi04REZ+O4liUvQkd9VSPMJJbj5ubLVtmdVM61wUfBs3kqw6c +CpOYcT8xi9qPwldiLjNO15/T5Z34GMN7hPLlY3+y7xq3JBaNlR3gz1CbkGXE34AU +ZMqX7kOWDGtseKpwBNIaaJxj4ZX6gUVaGbqlnY1IrsbHEXC/ChNF/KxJ7sZf5Qtf +xCzZAbvUwKWSAkRNPzIASdON4LaC8vgbG3cxC1/jBOY +--- SxKtf+0V9hOudmN4hyC5NR0v8RWgA3cXKjX/MWbi1FI +q:~n7E)||GY"muvpuՆa;f +" nh \ No newline at end of file diff --git a/reference/secrets/secrets.nix b/reference/secrets/secrets.nix new file mode 100644 index 0000000..dbb3414 --- /dev/null +++ b/reference/secrets/secrets.nix @@ -0,0 +1,13 @@ +let + youwen = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrIRHcvh0fxYNc0sukl8nSGRU8z1RjRmuc20iuk9TUqAxeew+0pSvY9lU4vshhrcGUe2OKIxgKJ76xdfGRw5ofmmd5Fr4If6tzWAWdE6Jr3J/w58YL6/ISOyRwjTserjWFIaO41y9OuLzf3UtzBF/1zexnGwq2lMJ7MAi0JNJ5O+umgrcnF1BDWyw7ymVkiQTruJ3LV2XgJDpOKQlFnVGKgYyMgVGeGYjiZO9Sj8edq1ZFeEH1jN5TnAdnqsiwhFgZpCrBxFFZKohuQLyH+QaOmBsdgSZwsg4Prndtxp5GTrknupPCgEWJ1rgvykEchYajeWQLxyeW/O/4iSST7VLKS7dgzUHZ5Dxf/QP1iCSeJqCIIJssuIslMK1vYmJZYk098ZDlLrFCLepQqy0YGvZe4OVP4BK4UNu5DKKLTpPNwDnyf1NSNTT2q2TsWXKWBDl1eurX9MBR24ZQEoP0gvcnTKr+2rheOTWJ5asDswEWphp5zQxBjztPGe55H0zjnqk= youwen@demeter"; + users = [ youwen ]; + + demeter = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdcVbgUyQb+W3UjmYb3K9l9jkq/NkTSWAGFUJczJ07kEAg9nUUEfU6RGMCzCEbwWsVpNZysRfef6nxerQBcKiRz/bLUocFl/80ZoylQuxkWU8cvGdImFCtP76YKoVNwuHS0R31Qi90zQLnxs1oLmULSACH6Mw7+suYkVtH1prQdUHdx2bcOPqFk8Qpm8WuRNHxEbrFNuHNarHF3XHo/iIgJh8OeMbwE+MtoZCSfPMEnWGg4nKal3fQ3GO21wUyIZIZrSCMiYKzfvWrlLhd8rkKbGp+VRNe3m5q7k5p+pGSJMYHTRaGwOGY92L+GJOjjr/HrloINiEMC82zmUWctXQhK+4ni3ssPmOesEblfr9tXfwU0Xh0zNhqeljw/ptaZrM3k/yMW4h1DgI9BeBwcNcYqaHLwX6IqG5b8XxI+/JQniQmZIZM+kBx6GyZFrPxM84XWxhwjRKnn4oBU8kVn3RBlNwz3AFIjGpOh86Rd343X8Q6JbrMT/z17bL6StKXZfUFqgOWEs/JJEHT/DWKL2zF2ppqa5ZuJhzevrtKfAxomURXnQ77MPCUtbo2PFHmcl3fUD+yS2GD/8a492rUlCG2d5FS7KfW3L9rQwTnNBqQMGUu1Uc6qz5LWLEF7yoBtdKKZ3Y4lyPP3/lAQPs5j0Jx+coBdySca3xrmmvMj4/aIQ== root@nixos"; + systems = [ demeter ]; +in +{ + "youwenw_app_password.age".publicKeys = users ++ systems; + "youwen_ucsb_client_id.age".publicKeys = users ++ systems; + "youwen_ucsb_client_secret.age".publicKeys = users ++ systems; + "tincan_app_password.age".publicKeys = users ++ systems; +} diff --git a/reference/secrets/tincan_app_password.age b/reference/secrets/tincan_app_password.age new file mode 100644 index 0000000..7aa0c20 --- /dev/null +++ b/reference/secrets/tincan_app_password.age @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-rsa 4p6DaQ +LuQPsnk4FXJO4HaSJTB+ndsyPb5MyQWkk0NwFh+RsS1/Xr4N5vHft+sh7EQMOBB4 +6ZCJrnCaHdrv4SxIHebaa57Le3ZHI4kO9LqcVNgIzw8qsTgr0BoEgGh1op4AaR5R +2iUo32oRYefmT8jyB802RJQxGhu842p4eUGchh9iEiOFLR9B+Q6VOEMA4FeY8d9N +EWQjO1QnwW0PV0nZGCPpKzLykdbBizf3knU29Kx/r25ngrefigIt+CmQfn5/SdPQ +raJk40sAmam+KCB7ZLkbYeZB75AfVPOIhdtyXqYRkYurYd88R4tQV94GileAhacU +ujxiEk2H82WfzwRMjZWnoztlJN8hiAaMXz+DlSmgZhIrpTLrpizOvn8RS0ShFb7Y +XGvIPI8R+O7+7ml5sDU5d6bKUYClRzBiH34AQ7LHYd5VqQ1+rotZKN+FrauI9Mum +ld1cvzcK/AsltFpuKi6d6S/vj0NV62Pcueoe6nm91Epk7Tw1OH3uSgwqAnaXxBhw + +-> ssh-rsa pv6HEg +JYivLuz7lB5ClD5VAyAA1Gf6FSuSZjzfxzgqPTf7r9ylMV/zE8m891tC/wICAW1q +yANcUY/WCvR1FpBT3oN+r+pTcIBzR0z0ygFGjRPR7P1smGXyk7oV/m0fN5Eut4eC +dtk+6HsF7UppKGczdGeK0NpzFAhbrs9u/eQWG6PGFYm6OKI96Cl99LhjqpDZsNju +zD4pAtwyMstB7gFjcDNjydb7YbF7hFf+/WEjfV8xcwSZ1/TVIMpvSx5WT/9CMgIr +yal2hO64WbCFEcHD8LM5HCDn5Q4aNA6zS1SRWcUoB3XFzqX3Pl07Rd7g1VrzDtjJ +hvfUY4IEWCwTbxB9kIDqcMnZLFU+tXpLbcAdHxe8ixLl/Rk3dttim/O2VTTszISz +3JRzoaeskvfV2R8K02iyBXhQEEXSCA1y1K2ahaoPVcQWMTJ1659CjiJP0IPr0nbr +I/cpIVdUIWbRYAWkKwdeZ2VBjNHbBH2FeVU4DiiRobWIw4CiJ4QBuax3HLfG5WKu +ZHtccomjOXdZztX7Wtfff84Vp1W3RLxFN7mmwPhKrSUacV6Sor7gHatL/R8pqfT/ +tSxf25QiHePqJUuCyV4g7PrH3XpGBT25bIYylmlrzyKTXW8l2rkbzDpQiXJJflMa +4Oph9CZ50nXPCkPKtexRIzTiK5wjj8Qt/QGIo5BInII +--- 75amdYVAyVn+3z2tboMcnZ0gzE58YxXsRJ6Qhqr48WY +uѦ#F;u$$hCj.&,g+| +u + G \ No newline at end of file diff --git a/reference/secrets/youwen@ucsb.edu.tokens b/reference/secrets/youwen@ucsb.edu.tokens new file mode 100644 index 0000000..8bc597f Binary files /dev/null and b/reference/secrets/youwen@ucsb.edu.tokens differ diff --git a/reference/secrets/youwen_ucsb_client_id.age b/reference/secrets/youwen_ucsb_client_id.age new file mode 100644 index 0000000..bd7f847 Binary files /dev/null and b/reference/secrets/youwen_ucsb_client_id.age differ diff --git a/reference/secrets/youwen_ucsb_client_secret.age b/reference/secrets/youwen_ucsb_client_secret.age new file mode 100644 index 0000000..e74ad9a --- /dev/null +++ b/reference/secrets/youwen_ucsb_client_secret.age @@ -0,0 +1,26 @@ +age-encryption.org/v1 +-> ssh-rsa 4p6DaQ +p0c0dK2Vlgj+nPitibtXJuzRr3g5crae4CS/6OH18WQkqb8tzaWRw1ZXxS/7nxGD +MCk8PcVEhgdysS1cwrgrycpUp02LMxUp1zTc8ML0Cemv93hnaVINgNGb9DWiGBXH +v8//XUeNpBs4oGkC9RWb9HDgBlgzpTH0XYUwqDBRT9ltn5nki5YvxM4powiOf8IG +SdUTE2hbRYhaQOEm5A41z4XQ+WAKlehwP2wn0yJDrW8rDXjSK5PEHyhONXJX1QuM +XvS60Vz/vWqyVnUL5UdsW1XjXdQRu9kn8vzDUINeUeqXN2A89xVlYovH3n9dVzFs +J2Bq6HhDAMl1TxbEIVcL/ufYjDK+tBkDa66SYtBV/FeIIAMGQ2Kbw+OwLqbjehZN +p7/TGAlKc+HsMVm455l7rTOqSSfJHKik2iFBGhVXoSF+fZu3stOqdnHAk13164+s +/9U/50xgyUNEMmVYdebvtBY2DCWqvgwIMXtm3RUItizyrc1gQLLy/3/mlDiWBPu+ + +-> ssh-rsa pv6HEg +jpXa6cht5Ys/XSorbSdXKEahM4VgyseILKd2zIDQEF28tbQgpvzojVxctAjK7YFa +ZVqmwdA+9vK1KEUg/qEfqqkaqo6MlnBgmUTe0VRMbvW45G6eN0/ky5hC3Mz5FUUn +G1AxOTCkThSx1/4+JjcsvlUZsXrKe627grrgZu2891XsISTjBxu/+Iiaok9f8rvL +q/JGkg2YL1DlcV4ZecEIHSNq5ysEp9had6SJz9e1/hSAWZVnTCyZc2gYn0ZUUKx5 +gRD/PQpdgIvG1SJcn3snDkiAyolYLzhJ6BQUfnVIX77Q6nkwooUXbYq2fOEUMZVp +vHhpOrwBC1J+hgr+V6lGUtkui20Uqz6ouVKHxtcLEauxVVJPGiid0mSAsvFbcewx +my5N9lYJYjMNw45kOAMgOragA246qM3ciVK2r6mq8ZPqY1t3UdmObMkrSysnn8Ks +yNzB+MG3SHuLtS5q9Ex0epRq6ttKUCLWbfhcRsQ/+1WQSH98xTNR7q+6t/YLnnUj +OZn09I3ZhLUk5hHraSdpuSB10f+SBqSroC54SChut/9VFk3kcolm4/rnldxwVvAg +HZ6PGjEszP/qQzqsTivcxAmAZzQ2tJlpUWF6olmEnn8O9Qw/a4uOPhPj406OUJzI +G6PV6OewbsjoJVKVAkC0BoM2Lg2P0pCilUa4MvlnwR4 +--- pQ2bkSw35IPQjKNrfnj8Uvvb3lVDc6IuJpcbLwFmI7A +p'W? F +q8K(Xp@2zu8r6~(IO@9qKW˃kpIa \ No newline at end of file diff --git a/reference/secrets/youwenw_app_password.age b/reference/secrets/youwenw_app_password.age new file mode 100644 index 0000000..b28afdb --- /dev/null +++ b/reference/secrets/youwenw_app_password.age @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-rsa 4p6DaQ +G3vtF60a5f1UJt2RcDTYTQimSLwGKECFJhzHNbtZMc/UGlV0NiEWd2rbr/7OZ8r3 +NEQjex4/Q4xH3cvaorcz2k2cO2smAwO+pDR44HLe7688N4OIYGBSnJ5wYJcpBmWg +AJMOSaCFPJE5y2R38+9CGPPJIaUZqjvVzhEXjY5bUuiGp+af2sjoWi6PkG3f+7UK +KjIVcBPyHoUy1IV9teSja9wPjHuaV/hVaPjvz/tTL4RbmsMQ/31VQjjTfX+tGIfO +VeY87+r/RG5aYcukV5SC9wH1PELKAgtlN98IXofXuy8SlasFkBfFgDgA7ihdNAig +OL5tInwds3NucozRBKfCSFcn7aOdKoAvuEto9MKpGg4Y78a4ERnL1oktkglir8VS +0jGl0yb1XBjYNMPAX0EIkQjTpr6D+KQeAI76/JPliVJUZ8Wq1BX2Z+RStB6nDOtt +HQcCtKxbOVwb64WBn8eb9hMM83PJSardNHNcREwlGbhnkc06CcM49hK/vJrxts99 + +-> ssh-rsa pv6HEg +Y+1vBBwaHsCXdZKRbGbYp2mWztFZBguLRbi0bMzvmtBOrxqYCtGJbRhNmBGHMqg5 +EKl8ei/pFgn7n5B34/JCLXvgWko120Wy3kCSDMxm+GnI8n8LKQZQgPlX++fWGsXh +GUkoR5VPZ6kuWDNpO11ll8cBNKwDD7VwVwUNMGRIen2EC2efKw7GbCdgx9vcmuyZ +MQnQK2cqq99UjdeIAj0SqcoH+ro6qy+QFafoxOrNCksR9uVG7Kn7AFe/ZKk/DPO5 +CbuaaCrzI9G0qpLwYMf5GkMMrpP/9j8xVgMIHFRi/xxw3hnSTmxTFEpzZtfYboyA +QXEBWloH70lzukAu2cOslEAzbwSVCkkpm3Sw0LRjl6oXeV5uGWPW/Q929oW9Jqtf +57FIdPXd3H4xkFVuuFrKXcVdyqU5WRfw/y/Y4mJouQDs1gxYs7zlg2oeoY6nw9Mr ++Yo1cya3bg2DmiIl03VuzU7XDxDQF1/MLDvBfy5fpEapMJC9Rj+scSI75SHSiGOw +pOQWmN7AkzvLmB7c7oblvShGQ8GULmtTTd/nPe7u/sJcWucVWEOu8EzOnjnWuF1N +M7uhn+sOXSuJPhrAFq68JpWq7Bu+rWvLnAsXYtwRfrDprFU/On+NT4YiFop314hg +/IuPprAkYS5okHbnNMri3PNHvfsusIXFDJELkkT3o6k +--- 6BSSYjyfkhihYDsLHPnwg32tVau6KY6MQ8SIcf6LP3g +cD%4@=Fs +.]x![Y`}11|2 + pN \ No newline at end of file diff --git a/reference/users/youwen/default.nix b/reference/users/youwen/default.nix index 4271851..804f9fd 100644 --- a/reference/users/youwen/default.nix +++ b/reference/users/youwen/default.nix @@ -1,3 +1,12 @@ +{ osConfig, pkgs, ... }: +let + inherit (osConfig.age) secrets; + gpgSig = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3"; + oauth = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/neomutt/neomutt/a3b70e7edf84048e47e002e34388a4bc896e44ac/contrib/oauth2/mutt_oauth2.py"; + hash = "sha256-5mN+W1q9i9XiEtRTYIH0/qXpvfmkxOs71g9wM5vtfbU="; + }; +in { home = { username = "youwen"; @@ -13,7 +22,100 @@ userEmail = "youwenw@gmail.com"; signing = { signByDefault = true; - key = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3"; + key = gpgSig; + }; + }; + + home.packages = [ + # a script to automatically refresh oauth token for gsuite + (pkgs.writeShellScriptBin "activate-neomutt-oauth" '' + ${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens \ + --provider google \ + --verbose \ + --test \ + --authorize \ + --authflow localhostauthcode \ + --client-id "''$(cat ${secrets.youwen_ucsb_client_id.path})" \ + --client-secret "''$(cat ${secrets.youwen_ucsb_client_secret.path})" + '') + ]; + + programs.neomutt = { + enable = true; + editor = "nvim"; + sidebar.enable = true; + sort = "reverse-date-received"; + vimKeys = true; + checkStatsInterval = 60; + + # without this, neomutt won't use the cache because the messages directory + # doesn't exist + extraConfig = '' + set my_create_cache_folders = `mkdir -p ~/.cache/neomutt/messages` + + macro index,pager \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" + macro attach,compose \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" + ''; + }; + + accounts.email.accounts = { + "youwenw" = { + address = "youwenw@gmail.com"; + flavor = "gmail.com"; + userName = "youwenw"; + primary = true; + realName = "Youwen Wu"; + gpg.encryptByDefault = true; + gpg.signByDefault = true; + gpg.key = gpgSig; + folders.drafts = "[Gmail]/Drafts"; + neomutt = { + enable = true; + mailboxType = "imap"; + }; + passwordCommand = "cat ${secrets.youwen_app_password.path}"; + }; + + "tincan" = { + address = "tincangto@gmail.com"; + flavor = "gmail.com"; + userName = "tincangto"; + realName = "Youwen Wu"; + folders = { + drafts = "[Gmail]/Drafts"; + trash = "[Gmail]/Trash"; + }; + neomutt = { + enable = true; + mailboxType = "imap"; + }; + passwordCommand = "cat ${secrets.tincan_app_password.path}"; + }; + + "youwen_ucsb" = { + address = "youwen@ucsb.edu"; + flavor = "gmail.com"; + userName = "youwen_ucsb"; + realName = "Youwen Wu"; + gpg.encryptByDefault = true; + gpg.signByDefault = true; + gpg.key = "D26A00824013D524BDF11126093F1185C55B84A2"; + folders.drafts = "[Gmail]/Drafts"; + neomutt = { + enable = true; + mailboxType = "imap"; + + extraConfig = '' + unset passwordCommand + set imap_user = "youwen@ucsb.edu" + set imap_authenticators="oauthbearer:xoauth2" + set imap_oauth_refresh_command = "${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens" + + set smtp_authenticators = ''${imap_authenticators} + set smtp_oauth_refresh_command = ''${imap_oauth_refresh_command} + ''; + }; + passwordCommand = ""; }; }; }