As far as I can tell, there’s no way around hardcoding email adresses, full names, email server addresses,… inside accounts.email.accounts."account name"
.
I feel like this is a bad idea. Ideally, I’d want to treat personal info like any other secret, by storing it in encrypted form with the help of sops-nix
.
I’m using Thunderbird, so where the contents of this config end up is in $HOME/.thunderbird/profilename/user.js
. The closest I can tell could work is letting home-manager generate that file once, then copying it in its entirety into a secrets file, then linking the decrypted file (/run/user/1000/secrets/mail
or whatever) to user.js
.
Trouble is, at that point Thunderbird itself largely stops being configurable via home-manager itself, since programs.thunderbird.profiles.profilename.settings
wants to write to that file as well.
So I guess my problem has to possible solution paths, with the first more preferable than the second:
- is there a way to use
accounts.email.accounts
without putting cleartext info? - or is there a way to append to a nix/hm-generated config file?
Cheers, and thanks in advance to anyone who ansers