From 130d84290f58d546498396b8ff4c0d8de002504d Mon Sep 17 00:00:00 2001
From: Magic_RB <magic_rb@redalder.org>
Date: Sat, 11 Feb 2023 23:19:07 +0100
Subject: [PATCH] getmail move secrets out of rc files

Signed-off-by: Magic_RB <magic_rb@redalder.org>
---
 containers/getmail/default.nix        |  2 +-
 nomad/regions/homelab-1/job/email.hcl | 11 ++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/containers/getmail/default.nix b/containers/getmail/default.nix
index 92a4e99..c8910b9 100644
--- a/containers/getmail/default.nix
+++ b/containers/getmail/default.nix
@@ -62,7 +62,7 @@ nglib.makeSystem {
             shutdownOnExit = true;
             script = pkgs.writeShellScript "getmail-run"
               ''
-                export PATH=${with pkgs; lib.makeBinPath [ busybox runit bash getmail6-fixed maildrop-fixed ]}:${pkgs.opensmtpd}/libexec/opensmtpd:$PATH
+                export PATH=${with pkgs; lib.makeBinPath [ jq busybox runit bash getmail6-fixed maildrop-fixed ]}:${pkgs.opensmtpd}/libexec/opensmtpd:$PATH
 
                 chown vmail:vmail -R /getmail.d
 
diff --git a/nomad/regions/homelab-1/job/email.hcl b/nomad/regions/homelab-1/job/email.hcl
index 026181f..816a1ef 100644
--- a/nomad/regions/homelab-1/job/email.hcl
+++ b/nomad/regions/homelab-1/job/email.hcl
@@ -68,7 +68,16 @@ job "email" {
         entrypoint = [ "init" ]
       }
 
-      env {
+      vault {
+        policies = ["getmail-policy"]
+      }
+
+      template {
+        data = <<EOF
+{{ secret "kv/data/getmail" | toJSON }}
+EOF
+        destination = "secrets/getmail.passwd"
+        change_mode = "restart"
       }
 
       resources {