Skip to content

Commit b3413d5

Browse files
mweineltmweinelt
authored
Merge pull request #600 from Erethon/ngi-smtp
Add NGI smtp password and update help text on encrypt-mail.py
2 parents 4dd5ade + 5e1844f commit b3413d5

File tree

3 files changed

+41
-20
lines changed

3 files changed

+41
-20
lines changed

non-critical-infra/modules/mailserver/mailing-lists.nix

+1
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@
101101
../../secrets/erethon-email-address.umbriel # https://github.com/erethon
102102
../../secrets/imincik-email-address.umbriel # https://github.com/imincik
103103
];
104+
loginAccount.encryptedHashedPassword = ../../secrets/ngi-nixos-org-email-login.umbriel;
104105
};
105106

106107
"[email protected]" = {

non-critical-infra/packages/encrypt-email/encrypt-email.py

+12-20
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,12 @@ def find_relative_project_root() -> Path:
2222
return find_project_root(Path.cwd()).relative_to(Path.cwd(), walk_up=True)
2323

2424

25+
PROJECT_ROOT = find_relative_project_root()
26+
NON_CRITICAL_INFRA_DIR = PROJECT_ROOT / "non-critical-infra"
27+
MAILING_LISTS_NIX = NON_CRITICAL_INFRA_DIR / "modules/mailserver/mailing-lists.nix"
28+
assert MAILING_LISTS_NIX.exists()
29+
30+
2531
def encrypt_to_file(plaintext: str, secret_path: Path, force: bool) -> None:
2632
if secret_path.exists():
2733
if not force:
@@ -94,24 +100,18 @@ def address(address_id: str, email: str, force: bool) -> None:
94100
click.secho("Removed whitespace surrounding given email address", fg="yellow")
95101
email = clean_email
96102

97-
project_root = find_relative_project_root()
98-
non_critical_infra_dir = project_root / "non-critical-infra"
99-
100-
secret_path = non_critical_infra_dir / f"secrets/{address_id}-email-address.umbriel"
103+
secret_path = NON_CRITICAL_INFRA_DIR / f"secrets/{address_id}-email-address.umbriel"
101104
encrypt_to_file(email, secret_path, force)
102105

103-
mailing_lists_nix = non_critical_infra_dir / "modules/mailserver/mailing-lists.nix"
104-
assert mailing_lists_nix.exists()
105-
106106
click.secho()
107107
click.secho("Now add `", nl=False)
108108
click.secho(
109-
secret_path.relative_to(mailing_lists_nix.parent, walk_up=True),
109+
secret_path.relative_to(MAILING_LISTS_NIX.parent, walk_up=True),
110110
fg="blue",
111111
nl=False,
112112
)
113113
click.secho("` to the relevant mailing list in '", nl=False)
114-
click.secho(mailing_lists_nix, fg="blue")
114+
click.secho(MAILING_LISTS_NIX, fg="blue")
115115

116116

117117
@main.command()
@@ -136,30 +136,22 @@ def login(address_id: str, force: bool) -> None:
136136

137137
hashed_password = hash_password(password)
138138

139-
project_root = find_relative_project_root()
140-
non_critical_infra_dir = project_root / "non-critical-infra"
141-
142-
secret_path = non_critical_infra_dir / f"secrets/{address_id}-email-login.umbriel"
139+
secret_path = NON_CRITICAL_INFRA_DIR / f"secrets/{address_id}-email-login.umbriel"
143140
encrypt_to_file(hashed_password, secret_path, force)
144141

145-
default_nix = non_critical_infra_dir / "modules/mailserver/default.nix"
146-
assert default_nix.exists()
147-
148142
nix_code = dedent(
149143
f"""\
150144
"{address_id}@nixos.org" = {{
151145
forwardTo = [
152146
# Add emails here
153147
];
154-
loginAccount.encryptedHashedPassword = ../../secrets/test-sender-email-login.umbriel;
148+
loginAccount.encryptedHashedPassword = ../../secrets/{address_id}-email-login.umbriel;
155149
}};
156150
"""
157151
)
158152
click.secho()
159153
click.secho("Now add this login account to ", nl=False)
160-
click.secho(default_nix, fg="blue", nl=False)
161-
click.secho(". Search for '", nl=False)
162-
click.secho("### Mailing lists go here ###", fg="blue", nl=False)
154+
click.secho(MAILING_LISTS_NIX, fg="blue", nl=False)
163155
click.secho("'. Add or edit an entry that looks like this:")
164156
click.secho()
165157
click.secho(indent(nix_code, prefix=" " * 4), fg="blue")

non-critical-infra/secrets/ngi-nixos-org-email-login.umbriel

+28
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
{
2+
"data": "ENC[AES256_GCM,data:UP0vY74lmT1mKadLp+Kiw/Q2ZCjc/Y7Cc/yQ17AumruBHXGqmDOm5H9JjlcdE8DU7k43kspBHqpnxBchUA==,iv:LMaEH59zz8jZ2GfkweAGM7/2LdgQ9HQDpkaUGTZ/SOU=,tag:tIu2rBrCsaFzQsRXJyRNSA==,type:str]",
3+
"sops": {
4+
"kms": null,
5+
"gcp_kms": null,
6+
"azure_kv": null,
7+
"hc_vault": null,
8+
"age": [
9+
{
10+
"recipient": "age15vcp7875xwtf64j4yshyld0a3hpgzv6n2kxky493s3q0swr9hdaqxugpv6",
11+
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNE9Bc0FxOFIzU01kekt4\ndlJZYnBGeFpBMTNvTDUybHNlRFFGd0xZQmdvCjhLR09xWnM1c3R3MEoxMmZKZTFT\nZ2V1ZHFQQ0dlUHpIZVNreExRdG5Ja0kKLS0tIFdrcmExODhTVzh1cXo3REcxZEVi\nNmw5Sm5jcU9BVm14ZVR2djdwejhUd2cKaq53IBfwqonP+nOYQImFSrxUQ9KaejL5\n4ee8QUn+4fcZLF/rOma6Ydx3LN2K0akk96T7XzF7JT/f1cZO8uU3+Q==\n-----END AGE ENCRYPTED FILE-----\n"
12+
},
13+
{
14+
"recipient": "age1j3mkgedmeru63vwww6m44zfw09tg8yw6xdzstaq7ejfkvgcau40qwakm8x",
15+
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTGdCWldkOGRYdk9TSDlu\nejMwaFpDb3BkcUNENVBkSmc1azlBNjZrbmlNCkNnZ295VDJPUmZSU0dpM2RYNjhH\nWmdZZ2pZWlJGcmtMN0tEK1RsbW01NjAKLS0tIEVlekdvT0xldFdiSEw3MjVjUWVP\nZFBUdmc0V0I3SjE5RExUQ2tLMjcvT2sKEMvMayOBvWl3w+ryflSgcNaS830PyqX1\nMol+pupToqIFxXWIz8CCc6q3Xx0iJTfHXMfRp1bjfK8igN+fgPtNng==\n-----END AGE ENCRYPTED FILE-----\n"
16+
},
17+
{
18+
"recipient": "age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h",
19+
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNQTVLSThGMHlMc1hBQVFB\nZXB4Y01rdFNscEJsSDVaOWpvVVFBVFVOUENRCkF4RmFSYXR4dTd4b1o0VGpjZXJS\neCtUcit3Z0I2dUZNWjRvb3RPc2d4bjQKLS0tICsxZ281NE5OVWg5dG9mYjFDOElI\nSWFsV3c0azhISyt0RDNZU1NlRGpmSlUKFe6LRnCY1j20PQGZwbFAjfMStGupbBUN\ntNzo1xi8EK6lyxjEgrzepdTP8nF6p8pHoQuU/V9QQ0Swa6anx73GiQ==\n-----END AGE ENCRYPTED FILE-----\n"
20+
}
21+
],
22+
"lastmodified": "2025-03-28T22:18:06Z",
23+
"mac": "ENC[AES256_GCM,data:DDt0A8oyegeK2LA8eVmvxpSTsii322vpwBqBwcivnLuu/12St1Rnw7lYtHsgNv24mp5L+GhS79USWR8H/tN7ArW198qpWZ1jAs2R9XkK8wSD0W3aZInwTgnwPFxjrpDzmWZ0WC9UXERgG367P/s5aFFN/LTl7zAyfTcLLu08Vbk=,iv:Eqo1xnW6Q5G/84cA04tK6HwOUA5Wh9VL3ZTtkkmovsQ=,tag:qcof1IsOYt7LxEWznmpxsw==,type:str]",
24+
"pgp": null,
25+
"unencrypted_suffix": "_unencrypted",
26+
"version": "3.9.4"
27+
}
28+
}

0 commit comments

Comments
 (0)