feat: add neomutt with agenix secrets

flake.lock

@@ -1,5 +1,32 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": [
+          "nix-darwin"
+        ],
+        "home-manager": [
+          "home-manager"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1723293904,
+        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "apple-firmware": {
       "flake": false,
       "locked": {
@@ -260,7 +287,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -278,7 +305,7 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -296,7 +323,7 @@
     },
     "flake-utils_3": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -726,6 +753,7 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "apple-firmware": "apple-firmware",
         "apple-silicon": "apple-silicon",
         "flake-parts": "flake-parts",
@@ -826,7 +854,7 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems_4",
+        "systems": "systems_5",
         "tinted-foot": "tinted-foot",
         "tinted-kitty": "tinted-kitty",
         "tinted-tmux": "tinted-tmux"
@@ -905,6 +933,21 @@
         "type": "github"
       }
     },
+    "systems_5": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "tinted-foot": {
       "flake": false,
       "locked": {

flake.nix

@@ -86,6 +86,13 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.home-manager.follows = "home-manager";
+      inputs.darwin.follows = "nix-darwin";
+    };
+
     wallpapers = {
       url = "git+https://code.youwen.dev/youwen5/wallpapers";
       flake = false;
@@ -165,6 +172,7 @@
               inputs.home-manager.nixosModules.home-manager
               inputs.nixos-wsl.nixosModules.default
               inputs.stylix.nixosModules.stylix
+              inputs.agenix.nixosModules.age
               ./modules/default.nix
               ./overlays
               (
@@ -179,6 +187,7 @@
                       zen-browser = inputs.zen-browser.packages.${pkgs.system}.default;
                     })
                   ];
+                  environment.systemPackages = [ inputs.agenix.packages.${pkgs.system}.default ];
                 }
               )
             ];
@@ -191,6 +200,7 @@
             imports = [
               inputs.nix-index-database.hmModules.nix-index
               inputs.spicetify.homeManagerModules.default
+              inputs.agenix.homeManagerModules.age
               ./hm/modules/default.nix
             ];
           };

reference/hosts/demeter/default.nix

@@ -7,6 +7,7 @@
   imports =
     [
       ./configuration.nix
+      ../../secrets
       self.nixosModules.liminalOS
       {
         home-manager.users.youwen = {

reference/secrets/default.nix

@@ -0,0 +1,28 @@
+{
+  age.secrets = {
+    youwen_app_password = {
+      file = ./youwenw_app_password.age;
+      owner = "youwen";
+      group = "users";
+      mode = "600";
+    };
+    youwen_ucsb_client_id = {
+      file = ./youwen_ucsb_client_id.age;
+      owner = "youwen";
+      group = "users";
+      mode = "600";
+    };
+    youwen_ucsb_client_secret = {
+      file = ./youwen_ucsb_client_secret.age;
+      owner = "youwen";
+      group = "users";
+      mode = "600";
+    };
+    tincan_app_password = {
+      file = ./tincan_app_password.age;
+      owner = "youwen";
+      group = "users";
+      mode = "600";
+    };
+  };
+}

reference/secrets/mutt_app_password.age

@@ -0,0 +1,26 @@
+age-encryption.org/v1
+-> ssh-rsa 4p6DaQ
+RDWA15a/I8QXTtqtsEXUG145kgOxWVChj0S4cM5TYyjNzFLJ+nam2dExwvPvNafD
+M7fnCzmII5vxmQ2T/EIUEHwk615SnboJA/jq9K1j3+gP6fABB1Zks5/0tKAFUfEC
+6A6IhBs3yr6mQlO08o8kw6tWcVJQyMOVG+7/UwmcXWcCPm5M2Zmk0GeXjcmMCFcy
+lvKUmm2LUkYt27ddaP8IB700GW4E5kx1bnP6xLpbQj61J8DRoKHvTxAaOBQQgvft
+nhX4+ohlVoQ9nA+U90kmGvH1LkwocmzyFpy/0paz9FEhoMPRd18IdfmdPiU7Yt1n
+8HunKk+4Di/jBPXUUAjq+xyh7xSpOHEIL+EiI2WRe1NMhJqkByPIjFlsus6fz8Ep
+TR082K+j5Eu4nWOXhHPAvszXEM+tneiXHzoVtfQeGO0e3YlkTk3GZHo/hDZmCZRo
+SksTEQ75rdtFwlM0f0FtPE5TW4fJbmvl1Kf+RXxpnNV5ma2Y4+t54Y0pgvkU3vs7
+
+-> ssh-rsa pv6HEg
+FcEPfecYlD/kNSmIB98q6lFSlR/zxWnO8tJaMKxOLfGSraunn16eLd++HRMTvt72
+ItLYlLqfSIbA/3XXZxeaurCl9ClAAeAam4aImyuU3tCfhJhPtjQUUepU51yr2O3T
+Lf4Aw3C9RR45WcGiTHk4bvwVq7RpUFSrzUntDjh4WlKBCzNJlV7yI6jEspmLO8Cz
+5Do/CtyKQ/2wJubpgB/SPX7um2zqms+/j5muqugCV6iQ92FOikN1TLtwCP3YH492
+oQ1wE1AZpIu4B2laI3aKymYw1RScWOfrJEGcIEOpVGAmKrnaYisWm5JgcSzraBXx
+I3l3tXUNoXEqvyW4+t7a5vGZ8+xj4zcJou314LSXGS5tLiKgSJKVSMaPYbSPur6f
+6jSejPKt2+hQwMWxcaui3ziTwfPM7Xs95M7Vis0G5cCYSeHIgsVaUe7BL5vFx4lB
+Wr30ChssfZtpFSETi04REZ+O4liUvQkd9VSPMJJbj5ubLVtmdVM61wUfBs3kqw6c
+CpOYcT8xi9qPwldiLjNO15/T5Z34GMN7hPLlY3+y7xq3JBaNlR3gz1CbkGXE34AU
+ZMqX7kOWDGtseKpwBNIaaJxj4ZX6gUVaGbqlnY1IrsbHEXC/ChNF/KxJ7sZf5Qtf
+xCzZAbvUwKWSAkRNPzIASdON4LaC8vgbG3cxC1/jBOY
+--- SxKtf+0V9hOudmN4hyC5NR0v8RWgA3cXKjX/MWbi1FI
+qÑ:ó¾~Ãnë7E)||šGY"m¡”“u÷õ§“¿vpuÕ†a;f
+"¬
n‘ïhËåï

reference/secrets/secrets.nix

@@ -0,0 +1,13 @@
+let
+  youwen = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrIRHcvh0fxYNc0sukl8nSGRU8z1RjRmuc20iuk9TUqAxeew+0pSvY9lU4vshhrcGUe2OKIxgKJ76xdfGRw5ofmmd5Fr4If6tzWAWdE6Jr3J/w58YL6/ISOyRwjTserjWFIaO41y9OuLzf3UtzBF/1zexnGwq2lMJ7MAi0JNJ5O+umgrcnF1BDWyw7ymVkiQTruJ3LV2XgJDpOKQlFnVGKgYyMgVGeGYjiZO9Sj8edq1ZFeEH1jN5TnAdnqsiwhFgZpCrBxFFZKohuQLyH+QaOmBsdgSZwsg4Prndtxp5GTrknupPCgEWJ1rgvykEchYajeWQLxyeW/O/4iSST7VLKS7dgzUHZ5Dxf/QP1iCSeJqCIIJssuIslMK1vYmJZYk098ZDlLrFCLepQqy0YGvZe4OVP4BK4UNu5DKKLTpPNwDnyf1NSNTT2q2TsWXKWBDl1eurX9MBR24ZQEoP0gvcnTKr+2rheOTWJ5asDswEWphp5zQxBjztPGe55H0zjnqk= youwen@demeter";
+  users = [ youwen ];
+
+  demeter = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdcVbgUyQb+W3UjmYb3K9l9jkq/NkTSWAGFUJczJ07kEAg9nUUEfU6RGMCzCEbwWsVpNZysRfef6nxerQBcKiRz/bLUocFl/80ZoylQuxkWU8cvGdImFCtP76YKoVNwuHS0R31Qi90zQLnxs1oLmULSACH6Mw7+suYkVtH1prQdUHdx2bcOPqFk8Qpm8WuRNHxEbrFNuHNarHF3XHo/iIgJh8OeMbwE+MtoZCSfPMEnWGg4nKal3fQ3GO21wUyIZIZrSCMiYKzfvWrlLhd8rkKbGp+VRNe3m5q7k5p+pGSJMYHTRaGwOGY92L+GJOjjr/HrloINiEMC82zmUWctXQhK+4ni3ssPmOesEblfr9tXfwU0Xh0zNhqeljw/ptaZrM3k/yMW4h1DgI9BeBwcNcYqaHLwX6IqG5b8XxI+/JQniQmZIZM+kBx6GyZFrPxM84XWxhwjRKnn4oBU8kVn3RBlNwz3AFIjGpOh86Rd343X8Q6JbrMT/z17bL6StKXZfUFqgOWEs/JJEHT/DWKL2zF2ppqa5ZuJhzevrtKfAxomURXnQ77MPCUtbo2PFHmcl3fUD+yS2GD/8a492rUlCG2d5FS7KfW3L9rQwTnNBqQMGUu1Uc6qz5LWLEF7yoBtdKKZ3Y4lyPP3/lAQPs5j0Jx+coBdySca3xrmmvMj4/aIQ== root@nixos";
+  systems = [ demeter ];
+in
+{
+  "youwenw_app_password.age".publicKeys = users ++ systems;
+  "youwen_ucsb_client_id.age".publicKeys = users ++ systems;
+  "youwen_ucsb_client_secret.age".publicKeys = users ++ systems;
+  "tincan_app_password.age".publicKeys = users ++ systems;
+}

reference/secrets/tincan_app_password.age

@@ -0,0 +1,27 @@
+age-encryption.org/v1
+-> ssh-rsa 4p6DaQ
+LuQPsnk4FXJO4HaSJTB+ndsyPb5MyQWkk0NwFh+RsS1/Xr4N5vHft+sh7EQMOBB4
+6ZCJrnCaHdrv4SxIHebaa57Le3ZHI4kO9LqcVNgIzw8qsTgr0BoEgGh1op4AaR5R
+2iUo32oRYefmT8jyB802RJQxGhu842p4eUGchh9iEiOFLR9B+Q6VOEMA4FeY8d9N
+EWQjO1QnwW0PV0nZGCPpKzLykdbBizf3knU29Kx/r25ngrefigIt+CmQfn5/SdPQ
+raJk40sAmam+KCB7ZLkbYeZB75AfVPOIhdtyXqYRkYurYd88R4tQV94GileAhacU
+ujxiEk2H82WfzwRMjZWnoztlJN8hiAaMXz+DlSmgZhIrpTLrpizOvn8RS0ShFb7Y
+XGvIPI8R+O7+7ml5sDU5d6bKUYClRzBiH34AQ7LHYd5VqQ1+rotZKN+FrauI9Mum
+ld1cvzcK/AsltFpuKi6d6S/vj0NV62Pcueoe6nm91Epk7Tw1OH3uSgwqAnaXxBhw
+
+-> ssh-rsa pv6HEg
+JYivLuz7lB5ClD5VAyAA1Gf6FSuSZjzfxzgqPTf7r9ylMV/zE8m891tC/wICAW1q
+yANcUY/WCvR1FpBT3oN+r+pTcIBzR0z0ygFGjRPR7P1smGXyk7oV/m0fN5Eut4eC
+dtk+6HsF7UppKGczdGeK0NpzFAhbrs9u/eQWG6PGFYm6OKI96Cl99LhjqpDZsNju
+zD4pAtwyMstB7gFjcDNjydb7YbF7hFf+/WEjfV8xcwSZ1/TVIMpvSx5WT/9CMgIr
+yal2hO64WbCFEcHD8LM5HCDn5Q4aNA6zS1SRWcUoB3XFzqX3Pl07Rd7g1VrzDtjJ
+hvfUY4IEWCwTbxB9kIDqcMnZLFU+tXpLbcAdHxe8ixLl/Rk3dttim/O2VTTszISz
+3JRzoaeskvfV2R8K02iyBXhQEEXSCA1y1K2ahaoPVcQWMTJ1659CjiJP0IPr0nbr
+I/cpIVdUIWbRYAWkKwdeZ2VBjNHbBH2FeVU4DiiRobWIw4CiJ4QBuax3HLfG5WKu
+ZHtccomjOXdZztX7Wtfff84Vp1W3RLxFN7mmwPhKrSUacV6Sor7gHatL/R8pqfT/
+tSxf25QiHePqJUuCyV4g7PrH3XpGBT25bIYylmlrzyKTXW8l2rkbzDpQiXJJflMa
+4Oph9CZ50nXPCkPKtexRIzTiK5wjj8Qt/QGIo5BInII
+--- 75amdYVAyVn+3z2tboMcnZ0gzE58YxXsRJ6Qhqr48WY
+uÏñèѦ#úÝF±òë¶;uë$üŠ$´ÄÈhCšj<C5A1>.–&,åÌg+|
+u¨©Ÿ
+ ±G

reference/secrets/youwen_ucsb_client_secret.age

@@ -0,0 +1,26 @@
+age-encryption.org/v1
+-> ssh-rsa 4p6DaQ
+p0c0dK2Vlgj+nPitibtXJuzRr3g5crae4CS/6OH18WQkqb8tzaWRw1ZXxS/7nxGD
+MCk8PcVEhgdysS1cwrgrycpUp02LMxUp1zTc8ML0Cemv93hnaVINgNGb9DWiGBXH
+v8//XUeNpBs4oGkC9RWb9HDgBlgzpTH0XYUwqDBRT9ltn5nki5YvxM4powiOf8IG
+SdUTE2hbRYhaQOEm5A41z4XQ+WAKlehwP2wn0yJDrW8rDXjSK5PEHyhONXJX1QuM
+XvS60Vz/vWqyVnUL5UdsW1XjXdQRu9kn8vzDUINeUeqXN2A89xVlYovH3n9dVzFs
+J2Bq6HhDAMl1TxbEIVcL/ufYjDK+tBkDa66SYtBV/FeIIAMGQ2Kbw+OwLqbjehZN
+p7/TGAlKc+HsMVm455l7rTOqSSfJHKik2iFBGhVXoSF+fZu3stOqdnHAk13164+s
+/9U/50xgyUNEMmVYdebvtBY2DCWqvgwIMXtm3RUItizyrc1gQLLy/3/mlDiWBPu+
+
+-> ssh-rsa pv6HEg
+jpXa6cht5Ys/XSorbSdXKEahM4VgyseILKd2zIDQEF28tbQgpvzojVxctAjK7YFa
+ZVqmwdA+9vK1KEUg/qEfqqkaqo6MlnBgmUTe0VRMbvW45G6eN0/ky5hC3Mz5FUUn
+G1AxOTCkThSx1/4+JjcsvlUZsXrKe627grrgZu2891XsISTjBxu/+Iiaok9f8rvL
+q/JGkg2YL1DlcV4ZecEIHSNq5ysEp9had6SJz9e1/hSAWZVnTCyZc2gYn0ZUUKx5
+gRD/PQpdgIvG1SJcn3snDkiAyolYLzhJ6BQUfnVIX77Q6nkwooUXbYq2fOEUMZVp
+vHhpOrwBC1J+hgr+V6lGUtkui20Uqz6ouVKHxtcLEauxVVJPGiid0mSAsvFbcewx
+my5N9lYJYjMNw45kOAMgOragA246qM3ciVK2r6mq8ZPqY1t3UdmObMkrSysnn8Ks
+yNzB+MG3SHuLtS5q9Ex0epRq6ttKUCLWbfhcRsQ/+1WQSH98xTNR7q+6t/YLnnUj
+OZn09I3ZhLUk5hHraSdpuSB10f+SBqSroC54SChut/9VFk3kcolm4/rnldxwVvAg
+HZ6PGjEszP/qQzqsTivcxAmAZzQ2tJlpUWF6olmEnn8O9Qw/a4uOPhPj406OUJzI
+G6PV6OewbsjoJVKVAkC0BoM2Lg2P0pCilUa4MvlnwR4
+--- pQ2bkSw35IPQjKNrfnj8Uvvb3lVDc6IuJpcbLwFmI7A
+p©'W?ÿ¨F˜
+¶q8»KØ(XÛp@2ŽzàÞu8³r¬œ6þ~(IO@ª¶Öü9÷’qÆKW˃kpªIa‘À

reference/secrets/youwenw_app_password.age

@@ -0,0 +1,27 @@
+age-encryption.org/v1
+-> ssh-rsa 4p6DaQ
+G3vtF60a5f1UJt2RcDTYTQimSLwGKECFJhzHNbtZMc/UGlV0NiEWd2rbr/7OZ8r3
+NEQjex4/Q4xH3cvaorcz2k2cO2smAwO+pDR44HLe7688N4OIYGBSnJ5wYJcpBmWg
+AJMOSaCFPJE5y2R38+9CGPPJIaUZqjvVzhEXjY5bUuiGp+af2sjoWi6PkG3f+7UK
+KjIVcBPyHoUy1IV9teSja9wPjHuaV/hVaPjvz/tTL4RbmsMQ/31VQjjTfX+tGIfO
+VeY87+r/RG5aYcukV5SC9wH1PELKAgtlN98IXofXuy8SlasFkBfFgDgA7ihdNAig
+OL5tInwds3NucozRBKfCSFcn7aOdKoAvuEto9MKpGg4Y78a4ERnL1oktkglir8VS
+0jGl0yb1XBjYNMPAX0EIkQjTpr6D+KQeAI76/JPliVJUZ8Wq1BX2Z+RStB6nDOtt
+HQcCtKxbOVwb64WBn8eb9hMM83PJSardNHNcREwlGbhnkc06CcM49hK/vJrxts99
+
+-> ssh-rsa pv6HEg
+Y+1vBBwaHsCXdZKRbGbYp2mWztFZBguLRbi0bMzvmtBOrxqYCtGJbRhNmBGHMqg5
+EKl8ei/pFgn7n5B34/JCLXvgWko120Wy3kCSDMxm+GnI8n8LKQZQgPlX++fWGsXh
+GUkoR5VPZ6kuWDNpO11ll8cBNKwDD7VwVwUNMGRIen2EC2efKw7GbCdgx9vcmuyZ
+MQnQK2cqq99UjdeIAj0SqcoH+ro6qy+QFafoxOrNCksR9uVG7Kn7AFe/ZKk/DPO5
+CbuaaCrzI9G0qpLwYMf5GkMMrpP/9j8xVgMIHFRi/xxw3hnSTmxTFEpzZtfYboyA
+QXEBWloH70lzukAu2cOslEAzbwSVCkkpm3Sw0LRjl6oXeV5uGWPW/Q929oW9Jqtf
+57FIdPXd3H4xkFVuuFrKXcVdyqU5WRfw/y/Y4mJouQDs1gxYs7zlg2oeoY6nw9Mr
++Yo1cya3bg2DmiIl03VuzU7XDxDQF1/MLDvBfy5fpEapMJC9Rj+scSI75SHSiGOw
+pOQWmN7AkzvLmB7c7oblvShGQ8GULmtTTd/nPe7u/sJcWucVWEOu8EzOnjnWuF1N
+M7uhn+sOXSuJPhrAFq68JpWq7Bu+rWvLnAsXYtwRfrDprFU/On+NT4YiFop314hg
+/IuPprAkYS5okHbnNMri3PNHvfsusIXFDJELkkT3o6k
+--- 6BSSYjyfkhihYDsLHPnwg32tVau6KY6MQ8SIcf6LP3g
+ôc–D%‡Á¬ù4@—=Fsö
+.‰]®x![ŸY´`}1†Í1|2¨
+
²žpÛN¨

reference/users/youwen/default.nix

@@ -1,3 +1,12 @@
+{ osConfig, pkgs, ... }:
+let
+  inherit (osConfig.age) secrets;
+  gpgSig = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3";
+  oauth = pkgs.fetchurl {
+    url = "https://raw.githubusercontent.com/neomutt/neomutt/a3b70e7edf84048e47e002e34388a4bc896e44ac/contrib/oauth2/mutt_oauth2.py";
+    hash = "sha256-5mN+W1q9i9XiEtRTYIH0/qXpvfmkxOs71g9wM5vtfbU=";
+  };
+in
 {
   home = {
     username = "youwen";
@@ -13,7 +22,100 @@
     userEmail = "youwenw@gmail.com";
     signing = {
       signByDefault = true;
-      key = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3";
+      key = gpgSig;
+    };
+  };
+
+  home.packages = [
+    # a script to automatically refresh oauth token for gsuite
+    (pkgs.writeShellScriptBin "activate-neomutt-oauth" ''
+      ${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens \
+        --provider google \
+        --verbose \
+        --test \
+        --authorize \
+        --authflow localhostauthcode \
+        --client-id "''$(cat ${secrets.youwen_ucsb_client_id.path})" \
+        --client-secret "''$(cat ${secrets.youwen_ucsb_client_secret.path})"
+    '')
+  ];
+
+  programs.neomutt = {
+    enable = true;
+    editor = "nvim";
+    sidebar.enable = true;
+    sort = "reverse-date-received";
+    vimKeys = true;
+    checkStatsInterval = 60;
+
+    # without this, neomutt won't use the cache because the messages directory
+    # doesn't exist
+    extraConfig = ''
+      set my_create_cache_folders = `mkdir -p ~/.cache/neomutt/messages`
+
+      macro index,pager \cs "<pipe-message> ${pkgs.urlscan}/bin/urlscan<Enter>" "call urlscan to extract URLs out of a message"
+      macro attach,compose \cs "<pipe-entry> ${pkgs.urlscan}/bin/urlscan<Enter>" "call urlscan to extract URLs out of a message"
+    '';
+  };
+
+  accounts.email.accounts = {
+    "youwenw" = {
+      address = "youwenw@gmail.com";
+      flavor = "gmail.com";
+      userName = "youwenw";
+      primary = true;
+      realName = "Youwen Wu";
+      gpg.encryptByDefault = true;
+      gpg.signByDefault = true;
+      gpg.key = gpgSig;
+      folders.drafts = "[Gmail]/Drafts";
+      neomutt = {
+        enable = true;
+        mailboxType = "imap";
+      };
+      passwordCommand = "cat ${secrets.youwen_app_password.path}";
+    };
+
+    "tincan" = {
+      address = "tincangto@gmail.com";
+      flavor = "gmail.com";
+      userName = "tincangto";
+      realName = "Youwen Wu";
+      folders = {
+        drafts = "[Gmail]/Drafts";
+        trash = "[Gmail]/Trash";
+      };
+      neomutt = {
+        enable = true;
+        mailboxType = "imap";
+      };
+      passwordCommand = "cat ${secrets.tincan_app_password.path}";
+    };
+
+    "youwen_ucsb" = {
+      address = "youwen@ucsb.edu";
+      flavor = "gmail.com";
+      userName = "youwen_ucsb";
+      realName = "Youwen Wu";
+      gpg.encryptByDefault = true;
+      gpg.signByDefault = true;
+      gpg.key = "D26A00824013D524BDF11126093F1185C55B84A2";
+      folders.drafts = "[Gmail]/Drafts";
+      neomutt = {
+        enable = true;
+        mailboxType = "imap";
+
+        extraConfig = ''
+          unset passwordCommand
+          set imap_user = "youwen@ucsb.edu"
+          set imap_authenticators="oauthbearer:xoauth2"
+          set imap_oauth_refresh_command = "${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens"
+
+          set smtp_authenticators = ''${imap_authenticators}
+          set smtp_oauth_refresh_command = ''${imap_oauth_refresh_command}
+        '';
+      };
+      passwordCommand = "";
     };
   };
 }