feat: robin can have some infra access

modules/nixos/services/selfhosted/kanidm.nix

@@ -19,8 +19,6 @@ let
 
   cfg = config.garden.services.kanidm;
   cfg' = config.garden.services;
-
-  inherit (config.garden.system) mainUser;
 in
 {
   options.garden.services.kanidm = mkServiceOption "kanidm" {
@@ -89,17 +87,27 @@ in
           idmAdminPasswordFile = config.age.secrets.kanidm-idm-admin-password.path;
 
           persons = {
-            ${mainUser} = {
-              displayName = mainUser;
-              legalName = mainUser;
-              mailAddresses = [ "${mainUser}@${rdomain}" ];
+            isabel = {
+              displayName = "isabel";
+              legalName = "isabel";
+              mailAddresses = [ "isabel@${rdomain}" ];
               groups = [
                 "grafana.access"
                 "grafana.admins"
                 "forgejo.access"
                 "forgejo.admins"
               ];
             };
+
+            robin = {
+              displayName = "robin";
+              legalName = "robin";
+              mailAddresses = [ "robin@${rdomain}" ];
+              groups = [
+                "grafana.access"
+                "forgejo.access"
+              ];
+            };
           };
 
           groups = {

modules/nixos/services/selfhosted/mailserver.nix

@@ -28,6 +28,7 @@ in
 
     age.secrets = {
       mailserver-isabel = mkSecret { file = "mailserver/isabel"; };
+      mailserver-robin = mkSecret { file = "mailserver/robin"; };
       mailserver-vaultwarden = mkSecret { file = "mailserver/vaultwarden"; };
       mailserver-database = mkSecret { file = "mailserver/database"; };
       mailserver-grafana = mkSecret { file = "mailserver/grafana"; };
@@ -103,6 +104,19 @@ in
           ];
         };
 
+        "robin@${rdomain}" = {
+          hashedPasswordFile = config.age.secrets.mailserver-robin.path;
+          aliases = [
+            "robin"
+            "robinwobin"
+            "robinwobin@${rdomain}"
+            "comfy"
+            "comfy@${rdomain}"
+            "comfysage"
+            "comfysage@${rdomain}"
+          ];
+        };
+
         "git@${rdomain}" = {
           aliases = [
             "git"

secrets/mailserver/robin.age

@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 +i3g8Q 8EHEZvrUS/E/YqoozZzs3NfNKd5IHui9WL6xnY6nnF4
+rpMhNxbHKRHS/rs2aNckxUblQIf59yT0cWv5Mh+QFoI
+-> ssh-ed25519 i6kcDQ IsCsZSDUK7+leOjaYEF4borZ6gMXTYrnZXQQmxPnwF4
+HtVBgkd+N6vNzSUUs5rc4caYqYB8oNxAvIXM4F0Po10
+-> ssh-ed25519 95443g 34rFAkuKdOEDy4yr+lUK1QG9yfn5E8tRzpkwkJj8mzE
+ZEZ657apb2FOsrdZmcjHDKnY+bBNZOo7v4CqJi52X0Q
+-> ssh-ed25519 YLWSMA y0mpHrBQ55HJqttitH5RVCIrs7JhrPKii2VemDmN40U
+afXVWviwNc3oAa6i1GARd4ug4LEuKpdTN57kO0CemYo
+--- fAcmE43B5I6EndW91iuY2ARH7en+jTDd3dCF60n0CVA
+��ll$�tE�m�ƛ5�|䈬)�A��O��-�j�}f��a��
?١�{{K��v�I[Lc��s{�s��$�GQ
+�ζK�V:d�Vw�lo�p�

secrets/secrets.nix

@@ -62,6 +62,7 @@ let
 
   defAccessIsabel = list: defAccess list [ "isabel" ];
   defAccessRobin = list: defAccess list [ "robin" ];
+  defAccessAll = list: defAccess list (builtins.attrNames users);
 in
 {
   # isabel's secrets
@@ -92,6 +93,7 @@ in
 
   # mailserver
   "mailserver/isabel.age" = defAccessIsabel types.servers;
+  "mailserver/robin.age" = defAccessAll types.servers;
   "mailserver/vaultwarden.age" = defAccessIsabel types.servers;
   "mailserver/database.age" = defAccessIsabel types.servers;
   "mailserver/grafana.age" = defAccessIsabel types.servers;
@@ -124,7 +126,7 @@ in
   "plausible/key.age" = defAccessIsabel types.servers;
   "plausible/admin.age" = defAccessIsabel types.servers;
 
-  #wakapi
+  # wakapi
   "wakapi.age" = defAccessIsabel types.servers;
   "wakapi-mailer.age" = defAccessIsabel types.servers;