From 659333ca9f396b778eba0e5bdf8c0444480cfea6 Mon Sep 17 00:00:00 2001
From: Raphael <rparodi@student.42.fr>
Date: Thu, 16 Oct 2025 16:31:23 +0200
Subject: [PATCH] core(flake): adding agenix to the flake

---
 flake.nix                   |  3 +++
 services/self_host/mail.nix | 23 ++++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/flake.nix b/flake.nix
index 8b2f401..57054f3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,6 +7,7 @@
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    agenix.url = "github:ryantm/agenix";
     hm-config.url = "github:EniumRaphael/home-manager";
     minecraft.url = "github:Infinidoge/nix-minecraft";
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
@@ -23,6 +24,7 @@
       self,
       nixpkgs,
       flake-utils,
+      agenix,
       home-manager,
       hm-config,
       catppuccin,
@@ -61,6 +63,7 @@
           modules = [
             ./hosts/server/configuration.nix
             home-manager.nixosModules.home-manager
+            agenix.nixosModules.default
             {
               home-manager.sharedModules = [ catppuccin.homeModules.catppuccin ];
               home-manager.useGlobalPkgs = true;
diff --git a/services/self_host/mail.nix b/services/self_host/mail.nix
index e19912a..3094616 100644
--- a/services/self_host/mail.nix
+++ b/services/self_host/mail.nix
@@ -7,7 +7,8 @@
 
 let
   cfg = config.service.selfhost.mail;
-  mailjetSecrets = import ../../.mailjetcred.nix;
+  mailjet-user = config.age.secrets."mailjet-user".path;
+  mailjet-pass = config.age.secrets."mailjet-pass".path;
 in
 {
   config = lib.mkIf cfg {
@@ -99,14 +100,20 @@ in
         };
       };
     };
-    environment.etc."postfix-sasl_passwd" = {
-      text = "[in-v3.mailjet.com]:587 ${mailjetSecrets.smtpUser}:${mailjetSecrets.smtpPass}\n";
-      mode = "0600";
-    };
+    # environment.etc."postfix-sasl_passwd" = {
+    #   text = "[in-v3.mailjet.com]:587 ${mailjetSecrets.smtpUser}:${mailjetSecrets.smtpPass}\n";
+    #   mode = "0600";
+    # };
     environment.etc."postfix-recipient_access".text = ''
       no-reply@enium.eu   REJECT 550 Cette adresse n’est pas autorise a recevoir de mail
     '';
     systemd.services.postfix.preStart = lib.mkMerge [
+      (lib.mkBefore ''
+        umask 077
+        install -d -m 0700 /var/lib/postfix
+        echo "[in-v3.mailjet.com]:587 $(cat ${mailjet-user}):$(cat ${mailjet-pass})" > /var/lib/postfix/sasl_passwd
+        ${pkgs.postfix}/bin/postmap /var/lib/postfix/sasl_passwd
+      '')
       (lib.mkAfter ''
         install -Dm600 /etc/postfix-sasl_passwd /var/lib/postfix/sasl_passwd
         ${pkgs.postfix}/bin/postmap /var/lib/postfix/sasl_passwd
@@ -181,6 +188,12 @@ in
       '';
     };
 
+    systemd.services.postfix.requires = [
+      "agenix.service"
+    ];
+    systemd.services.postfix.after = [
+      "agenix.service"
+    ];
     systemd.services.dovecot.after = [
       "postfix-setup.service"
       "postfix.service"