use systemd credentials

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>

default.nix

@@ -2,7 +2,7 @@
 
 pkgs.python3Packages.buildPythonPackage rec {
   pname = "smtprd-ng";
-  version = "0.1.0";
+  version = "0.2.0";
   pyproject = true;
 
   src = lib.cleanSource ./.;

module.nix

@@ -13,12 +13,18 @@ let
       hostname = cfg.client.hostname;
       port = cfg.client.port;
       username = cfg.client.username;
-      password_file = cfg.client.password_file;
+      password_file = if cfg.client.password_file != "" then
+        "/run/credentials/smtprd-ng.service/password_file"
+      else
+        "";
       sender = cfg.client.sender;
       use_tls = cfg.client.use_tls;
       start_tls = cfg.client.start_tls;
       smime_cert = cfg.client.smime_cert;
-      smime_cert_private = cfg.client.smime_cert_private;
+      smime_cert_private = if cfg.client.smime_cert_private != "" then
+        "/run/credentials/smtprd-ng.service/smime_cert_private"
+      else
+        "";
     };
     emails = cfg.emails;
   };
@@ -159,6 +165,10 @@ in {
         wantedBy = [ "multi-user.target" ];
         requires = [ "network.target" ];
         serviceConfig = {
+          LoadCredential = [
+            "smime_cert_private:${cfg.client.smime_cert_private}"
+            "password_file:${cfg.client.password_file}"
+          ];
           DynamicUser = true;
           User = "smtprd-ng";
           Group = "smtprd-ng";

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "smtprd-ng"
-version = "0.1.0"
+version = "0.2.0"
 description = "SMTP forwarding relay daemon with signing and encryption"
 authors = [{ name = "Florian Brandes", email = "dev@mail.flo-the.dev" }]
 classifiers = [