Only prepend {CRYPT} scheme if there is no scheme present

2026-04-23 10:09:09 +02:00
parent 0b1ca54241
commit 6e9a4420b3
2 changed files with 42 additions and 1 deletions
@@ -65,6 +65,13 @@ let
        # Prevent world-readable password files, even temporarily.
        umask 077

+        prepend_scheme() {
+          case "$1" in
+            {*}*) printf '%s' "$1" ;;
+            *) printf '{CRYPT}%s' "$1" ;;
+          esac
+        }
+
        for f in ${
          builtins.toString (lib.mapAttrsToList (name: _: passwordFiles."${name}") cfg.accounts)
        }; do
@@ -81,7 +88,7 @@ let
            if lib.elem name accountsWithPlaintextPasswordFiles then
              "${name}:${"$(sed -n '1{p;p;q}' ${passwordFiles."${name}"} | ${lib.getExe' config.services.dovecot2.package "doveadm"} pw)"}::::::"
            else
-              "${name}:{CRYPT}${"$(head -n 1 ${passwordFiles."${name}"})"}::::::"
+              "${name}:${"$(prepend_scheme \"$(head -n 1 ${passwordFiles."${name}"})\")"}::::::"
          ) cfg.accounts
        )}
        EOF