parent
93d18a00d9
commit
606c9d9d1b
@ -0,0 +1,2 @@ |
||||
result |
||||
ext/* |
@ -0,0 +1,8 @@ |
||||
{ config, pkgs, ... }: |
||||
|
||||
{ |
||||
home.packages = with pkgs; |
||||
[ |
||||
msmtp neomutt notmuch thunderbird |
||||
]; |
||||
} |
@ -0,0 +1,35 @@ |
||||
{ pkgs, config, ... } @ args: |
||||
|
||||
let cfg = config.libkookie.workstation.mail; |
||||
in |
||||
{ |
||||
# Might want to run mbsync manually |
||||
environment.systemPackages = with pkgs; [ isync ]; |
||||
|
||||
# Setup user to fetch mail |
||||
users.users.mail-user = { |
||||
createHome = true; |
||||
inherit (cfg.access) group; |
||||
home = "/var/lib/mail"; |
||||
}; |
||||
|
||||
systemd.services.isync = (import ./isync.nix) args; |
||||
|
||||
systemd.timers.isync = { |
||||
timerConfig.Unit = "isync.service"; |
||||
timerConfig.OnCalendar = "*:0/5"; |
||||
timerConfig.Persistent = "true"; |
||||
after = [ "network-online.target" ]; |
||||
wantedBy = [ "timers.target" ]; |
||||
}; |
||||
|
||||
# FIXME: this doesn't work and has never worked |
||||
# This sudoers rule allows anyone in the wheel group to run this |
||||
# particular command without a password. Make sure that 'startISync' |
||||
# is present in a path (environment.systemPackages above)! |
||||
# security.sudo.extraRules = [ |
||||
# { commands = [ { command = "${startISync}/bin/start-isync"; |
||||
# options = [ "NOPASSWD" ]; } ]; |
||||
# groups = [ "wheel" ]; } |
||||
# ]; |
||||
} |
@ -0,0 +1,32 @@ |
||||
{ config, pkgs, ... }: |
||||
|
||||
let cfg = config.libkookie.workstation.mail; |
||||
in |
||||
with pkgs; |
||||
{ |
||||
serviceConfig.Type = "oneshot"; |
||||
|
||||
script = let |
||||
cfgPath = (cfg.configPath + "/mbsyncrc.nix"); |
||||
mbsyncBody = (import cfgPath cfg.mailArchive); |
||||
mbsyncrc = (writeText "mbsyncrc" mbsyncBody); |
||||
in |
||||
'' |
||||
${sudo}/bin/sudo -u mail-user ${isync}/bin/mbsync -a -V -c ${mbsyncrc} |
||||
''; |
||||
|
||||
# This script loops through the mail archive and changes file |
||||
# permissions and ownership to allow the main user to access them. |
||||
# It then also runs `notmuch new` to update applications. |
||||
# |
||||
# Yes this script could use a single `find` invocation, but |
||||
# personally I've found that to be unclear, and this script running |
||||
# in the background means that speed is not of much concearn. |
||||
postStart = '' |
||||
${findutils}/bin/find ${cfg.mailArchive} ! -name .mbsyncstate* | xargs chgrp ${cfg.access.group} |
||||
${findutils}/bin/find ${cfg.mailArchive} -type f | xargs chmod 660 |
||||
${findutils}/bin/find ${cfg.mailArchive} -type d | xargs chmod 770 |
||||
|
||||
${sudo}/bin/sudo -u ${cfg.access.user} ${notmuch}/bin/notmuch new |
||||
''; |
||||
} |
@ -0,0 +1,41 @@ |
||||
{ config, lib, pkgs, home-manager, ... } @ args: |
||||
|
||||
let cfg = config.libkookie.workstation.mail; |
||||
in |
||||
with lib; |
||||
{ |
||||
options.libkookie.workstation.mail = { |
||||
enable = mkEnableOption "libkookie mail system handling"; |
||||
|
||||
configPath = mkOption { |
||||
type = types.path; |
||||
description = '' |
||||
Set of configuration to configure sieve rules, and mail settings |
||||
|
||||
These are not contained in this repository to avoid having to |
||||
make them public. |
||||
''; |
||||
}; |
||||
|
||||
authPath = mkOption { |
||||
type = types.str; |
||||
default = "/var/lib/mail/"; |
||||
description = '' |
||||
Path to the authentication secret. This is not an actual path, |
||||
to avoid it being copied to the nix store for any user to read. |
||||
''; |
||||
}; |
||||
|
||||
mailArchive = mkOption { |
||||
type = types.str; |
||||
description = "Path to the mail archive to sync into"; |
||||
}; |
||||
|
||||
access = mkOption { |
||||
type = types.attrs; |
||||
description = "User and group to give the mail user for permissions"; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf cfg.enable (import ./core args); |
||||
} |
Loading…
Reference in new issue