diff options
author | Mx Kookie <kookie@spacekookie.de> | 2020-12-23 16:41:20 +0100 |
---|---|---|
committer | Mx Kookie <kookie@spacekookie.de> | 2020-12-23 16:41:20 +0100 |
commit | 606c9d9d1bc41b9ed3b188758109bd44450c90da (patch) | |
tree | 5a02f5e376eeb46b86deb5df0f8d702464297359 /infra/libkookie | |
parent | 93d18a00d9d6ec81ea3f0e1790c80a7ffe879585 (diff) |
libkookie: implement mail module handling via external configuration
Diffstat (limited to 'infra/libkookie')
-rw-r--r-- | infra/libkookie/.gitignore | 2 | ||||
-rw-r--r-- | infra/libkookie/configuration/workstation/mail/default.nix | 8 | ||||
-rw-r--r-- | infra/libkookie/modules/harness/users.nix | 7 | ||||
-rw-r--r-- | infra/libkookie/modules/workstation/default.nix | 1 | ||||
-rw-r--r-- | infra/libkookie/modules/workstation/mail/core/default.nix | 35 | ||||
-rw-r--r-- | infra/libkookie/modules/workstation/mail/core/isync.nix | 32 | ||||
-rw-r--r-- | infra/libkookie/modules/workstation/mail/default.nix | 41 | ||||
-rw-r--r-- | infra/libkookie/roots/tempest.nix | 9 |
8 files changed, 134 insertions, 1 deletions
diff --git a/infra/libkookie/.gitignore b/infra/libkookie/.gitignore new file mode 100644 index 000000000000..28c665d6e092 --- /dev/null +++ b/infra/libkookie/.gitignore @@ -0,0 +1,2 @@ +result +ext/* diff --git a/infra/libkookie/configuration/workstation/mail/default.nix b/infra/libkookie/configuration/workstation/mail/default.nix new file mode 100644 index 000000000000..54f0e41ff19f --- /dev/null +++ b/infra/libkookie/configuration/workstation/mail/default.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + home.packages = with pkgs; + [ + msmtp neomutt notmuch thunderbird + ]; +} diff --git a/infra/libkookie/modules/harness/users.nix b/infra/libkookie/modules/harness/users.nix index 1fd2600d4eb2..525c7d6ead2a 100644 --- a/infra/libkookie/modules/harness/users.nix +++ b/infra/libkookie/modules/harness/users.nix @@ -29,6 +29,11 @@ in config = { users.mutableUsers = false; users.users = builtins.listToAttrs (map ({ name, cfg, ... }: - nameValuePair "${name}" cfg) config.libkookie.activeUsers); + nameValuePair "${name}" + (cfg // { group = "${name}"; })) config.libkookie.activeUsers); + + users.groups = builtins.listToAttrs (map ({ name, ... }: + nameValuePair "${name}" {}) config.libkookie.activeUsers); + }; } diff --git a/infra/libkookie/modules/workstation/default.nix b/infra/libkookie/modules/workstation/default.nix index 3f793ec0d2d8..b17678e1665f 100644 --- a/infra/libkookie/modules/workstation/default.nix +++ b/infra/libkookie/modules/workstation/default.nix @@ -4,5 +4,6 @@ # Exposes both a nixos, and home-manager module ./ui/i3 ./audio + ./mail ]; } diff --git a/infra/libkookie/modules/workstation/mail/core/default.nix b/infra/libkookie/modules/workstation/mail/core/default.nix new file mode 100644 index 000000000000..58d372ffa122 --- /dev/null +++ b/infra/libkookie/modules/workstation/mail/core/default.nix @@ -0,0 +1,35 @@ +{ pkgs, config, ... } @ args: + +let cfg = config.libkookie.workstation.mail; +in +{ + # Might want to run mbsync manually + environment.systemPackages = with pkgs; [ isync ]; + + # Setup user to fetch mail + users.users.mail-user = { + createHome = true; + inherit (cfg.access) group; + home = "/var/lib/mail"; + }; + + systemd.services.isync = (import ./isync.nix) args; + + systemd.timers.isync = { + timerConfig.Unit = "isync.service"; + timerConfig.OnCalendar = "*:0/5"; + timerConfig.Persistent = "true"; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + }; + + # FIXME: this doesn't work and has never worked + # This sudoers rule allows anyone in the wheel group to run this + # particular command without a password. Make sure that 'startISync' + # is present in a path (environment.systemPackages above)! + # security.sudo.extraRules = [ + # { commands = [ { command = "${startISync}/bin/start-isync"; + # options = [ "NOPASSWD" ]; } ]; + # groups = [ "wheel" ]; } + # ]; +} diff --git a/infra/libkookie/modules/workstation/mail/core/isync.nix b/infra/libkookie/modules/workstation/mail/core/isync.nix new file mode 100644 index 000000000000..a736925058a1 --- /dev/null +++ b/infra/libkookie/modules/workstation/mail/core/isync.nix @@ -0,0 +1,32 @@ +{ config, pkgs, ... }: + +let cfg = config.libkookie.workstation.mail; +in +with pkgs; +{ + serviceConfig.Type = "oneshot"; + + script = let + cfgPath = (cfg.configPath + "/mbsyncrc.nix"); + mbsyncBody = (import cfgPath cfg.mailArchive); + mbsyncrc = (writeText "mbsyncrc" mbsyncBody); + in + '' + ${sudo}/bin/sudo -u mail-user ${isync}/bin/mbsync -a -V -c ${mbsyncrc} + ''; + + # This script loops through the mail archive and changes file + # permissions and ownership to allow the main user to access them. + # It then also runs `notmuch new` to update applications. + # + # Yes this script could use a single `find` invocation, but + # personally I've found that to be unclear, and this script running + # in the background means that speed is not of much concearn. + postStart = '' + ${findutils}/bin/find ${cfg.mailArchive} ! -name .mbsyncstate* | xargs chgrp ${cfg.access.group} + ${findutils}/bin/find ${cfg.mailArchive} -type f | xargs chmod 660 + ${findutils}/bin/find ${cfg.mailArchive} -type d | xargs chmod 770 + + ${sudo}/bin/sudo -u ${cfg.access.user} ${notmuch}/bin/notmuch new + ''; +} diff --git a/infra/libkookie/modules/workstation/mail/default.nix b/infra/libkookie/modules/workstation/mail/default.nix new file mode 100644 index 000000000000..fd46a8a1f9dd --- /dev/null +++ b/infra/libkookie/modules/workstation/mail/default.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, home-manager, ... } @ args: + +let cfg = config.libkookie.workstation.mail; +in +with lib; +{ + options.libkookie.workstation.mail = { + enable = mkEnableOption "libkookie mail system handling"; + + configPath = mkOption { + type = types.path; + description = '' + Set of configuration to configure sieve rules, and mail settings + + These are not contained in this repository to avoid having to + make them public. + ''; + }; + + authPath = mkOption { + type = types.str; + default = "/var/lib/mail/"; + description = '' + Path to the authentication secret. This is not an actual path, + to avoid it being copied to the nix store for any user to read. + ''; + }; + + mailArchive = mkOption { + type = types.str; + description = "Path to the mail archive to sync into"; + }; + + access = mkOption { + type = types.attrs; + description = "User and group to give the mail user for permissions"; + }; + }; + + config = mkIf cfg.enable (import ./core args); +} diff --git a/infra/libkookie/roots/tempest.nix b/infra/libkookie/roots/tempest.nix index 35d55cc0b84d..a3d24a09027d 100644 --- a/infra/libkookie/roots/tempest.nix +++ b/infra/libkookie/roots/tempest.nix @@ -41,6 +41,7 @@ in (loadModule <configuration/workstation/audio> "default") (loadModule <configuration/workstation/kitty> "default") (loadModule <configuration/workstation/office> "default") + (loadModule <configuration/workstation/mail> "default") (loadModule <configuration/workstation/firefox> "default") # Development tools @@ -63,6 +64,14 @@ in # Enable fish shell handling on the system libkookie.base.fish.enable = true; + # Configure mail handling + libkookie.workstation.mail = { + enable = true; + configPath = ../ext/mail; + mailArchive = "/home/Office/mail"; + access = { user = "spacekookie"; group = "spacekookie"; }; + }; + # Enable desired users libkookie.activeUsers = [ (klib.load <configuration/users/spacekookie>) ]; |