about summary refs log tree commit diff stats
path: root/modules/home.legacy/conf/mail/default.nix
diff options
Diffstat (limited to '')
1 files changed, 38 insertions, 0 deletions
diff --git a/modules/home.legacy/conf/mail/default.nix b/modules/home.legacy/conf/mail/default.nix
index 0ecbe40a..46526173 100644
--- a/modules/home.legacy/conf/mail/default.nix
+++ b/modules/home.legacy/conf/mail/default.nix
@@ -1,15 +1,53 @@
+  lib,
 }: let
   benedikt = import ./accounts/benedikt.nix {inherit pkgs;};
   soispha = import ./accounts/soispha.nix {inherit pkgs;};
   accounts = {inherit soispha benedikt;};
+  mkHelper = {
+    userName,
+    passwordCommand,
+    ...
+  }:
+    builtins.toString (pkgs.writeShellScript "git-credential-keepassxc-libsecret"
+      # bash
+      ''
+        [ "$1" = "get" ] || {
+          exit 1
+        }
+        output="$(cat)"
+        if echo "$output" | grep "username=${userName}" -q; then
+          if password="$(${passwordCommand})"; then
+            printf "%s\npassword=%s\n\n" "$output" "$password"
+          else
+            # The password command failed (for whatever reason)
+            exit 1
+          fi
+        else
+          # Not our business.
+          exit 1
+        fi
+      '');
+  accountCredentials =
+    # TODO: This will result in only one of them being defined, as we duplicate the
+    # attribute key <2025-02-03>
+    lib.mapAttrs' (_: value: {
+      name = "credential.smtp://${value.smtp.host}:${builtins.toString value.smtp.port}";
+      value = {
+        "helper" = mkHelper value;
+      };
+    })
+    accounts;
 in {
   accounts.email = {
     maildirBasePath = "${config.xdg.dataHome}/maildir";
     inherit accounts;
+  programs.git.extraConfig = accountCredentials;