Switch mbsync from using secret-tool to password-store

README.org

@@ -1,8 +1,6 @@
-#+TITLE: README
-#+AUTHOR: Evie Litherland-Smith
-#+EMAIL: evie@xenia.me.uk
-
-[[file:./home/emacs/config.org][Emacs (babel) config]]
+#+title: README
+#+author: Evie Litherland-Smith
+#+email: evie@xenia.me.uk
 
 * Password store setup
 ** Transfer GPG key(s)
@@ -34,35 +32,34 @@ systemd unit handles running container on boot after this.
 **** uidvalidity issue
 Remove uid lines from .mbsyncrc (in each mail directory) and delete .uidvalidity, re-run mbsync to fix
 *** Password
-Get password from protonmail-bridge, register with gnome-keyring:
+Get password from protonmail-bridge, save to password-store:
 #+begin_src bash
-secret-tool store --label="Proton mail mbsync" email e.litherlandsmith@proton.me
+  pass insert mbsync/$(hostname)/proton
+  # Insert pass at prompt
 #+end_src
 ** iCloud
 *** Password
-Register app-password with gnome-keyring:
+If not already done, save password to password-store:
 #+begin_src bash
-secret-tool store --label="iCloud mail mbsync" email e.litherlandsmith@icloud.com
+  pass insert mbsync/$(hostname)/icloud
+  # Insert pass at prompt
 #+end_src
+This will be synced across devices so only needs doing once
 ** Outlook
 *** Password
-Register app-password with gnome-keyring:
+If not already done, save password to password-store:
 #+begin_src bash
-secret-tool store --label="Outlook mail mbsync" email evie.litherland-smith@ukaea.uk
+  pass insert mbsync/$(hostname)/outlook
+  # Insert pass at prompt
 #+end_src
+This will be synced across devices so only needs doing once
 *** Configuration
 On first run (or if token expires), stop systemd service and run manually to complete manual auth. Token will stay valid for a little while (no idea how long specifically).
 #+begin_src bash
 # Restart service to ensure ~/.davmail.properties exists
 systemctl --user restart davmail.service
 # Run to use manual authentication
-pkill -f davmail && davmail -notray ~/.davmail.properties
+systemctl --user stop davmail.service && davmail -notray ~/.davmail.properties
 # Restart again so that service picks up available ports
 systemctl --user restart davmail.service
 #+end_src
-* Vdirsyncer
-** Password
-Register app-password with gnome-keyring;
-#+begin_src bash
-secret-tool store --label="NextCloud" url cloud.xenia.me.uk
-#+end_src

flake.nix

@@ -180,6 +180,7 @@
                 };
               };
               home-manager = {
+                extraSpecialArgs = { inherit hostName; };
                 useGlobalPkgs = true;
                 useUserPackages = true;
                 users = {

home/accounts/email.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }: {
+{ config, lib, pkgs, hostName, ... }: {
   home.packages = with pkgs; [ davmail ];
   accounts.email = {
     maildirBasePath = "Mail";
@@ -24,7 +24,7 @@
         aliases = [ "evie@xenia.me.uk" "evie@litherlandsmith.slmail.me" ];
         userName = address;
         passwordCommand =
-          "${pkgs.libsecret}/bin/secret-tool lookup email ${userName}";
+          "${pkgs.pass}/bin/pass show mbsync/${hostName}/proton | head -n1";
         mbsync = {
           enable = lib.mkDefault accountEnabled;
           create = "both";
@@ -53,7 +53,7 @@
         address = "e.litherlandsmith@icloud.com";
         userName = address;
         passwordCommand =
-          "${pkgs.libsecret}/bin/secret-tool lookup email ${userName}";
+          "${pkgs.pass}/bin/pass show mbsync/${hostName}/icloud | head -n1";
         mbsync = {
           enable = lib.mkDefault accountEnabled;
           create = "both";
@@ -85,7 +85,7 @@
         aliases = [ "elitherl@jet.uk" ];
         userName = address;
         passwordCommand =
-          "${pkgs.libsecret}/bin/secret-tool lookup email ${userName}";
+          "${pkgs.pass}/bin/pass show mbsync/${hostName}/outlook | head -n1";
         mbsync = {
           enable = lib.mkDefault accountEnabled;
           create = "both";