Use secret seed for internal mail passwords
diff --git a/mail/config/user-patches.sh b/mail/config/user-patches.sh
index 5a10bbd..4879036 100644
--- a/mail/config/user-patches.sh
+++ b/mail/config/user-patches.sh
@@ -2,6 +2,11 @@
set -e
+secret() {
+ seed=$(cat /run/secrets/seed)
+ printf "%s:%40s" "${seed}" "$*" | sha256sum | sed 's/[[:space:]].*//'
+}
+
# Add local containers as trusted for postfix relaying.
add_mynetworks_hosts() {
myhosts=
@@ -12,23 +17,13 @@
postconf "mynetworks =${myhosts}"
}
-# Create given users, requiring a plain-text password in `/tmp/passwd/`.
+# Create given users, requires a seed file for secret()
add_users_with_passwd() {
for user in "$@"; do
- i=0
- while [ -z "$(cat /tmp/passwd/${user}/secret 2>/dev/null)" ]; do
- if [ ${i} -eq 10 ]; then
- echo "ERROR: No password file for '${user}' after ${i}s."
- exit 1
- fi
- sleep 1
- i=$((i+1))
- done
-
if [ ! -d /var/mail/${HOSTNAME#mail.}/${user} ]; then
- setup email add gerrit@${HOSTNAME#mail.} $(cat /tmp/passwd/${user}/secret)
+ setup email add ${user}@${HOSTNAME#mail.} $(secret mail:${user})
else
- setup email update gerrit@${HOSTNAME#mail.} $(cat /tmp/passwd/${user}/secret)
+ setup email update ${user}@${HOSTNAME#mail.} $(secret mail:${user})
fi
done
}