diff options
author | Vincent Ambo <mail@tazj.in> | 2022-12-25T11·22+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2022-12-27T19·46+0000 |
commit | aa0197ab83011b3aa5c07c76c24771311704e09b (patch) | |
tree | c99024f38247c7c1014a4d3573473383aaef8c61 /ops/modules/depot-inbox.nix | |
parent | 477873d7eac0247fda2420809b4533c0aa6c084e (diff) |
feat(ops/modules): configure offlineimap for depot@tvl.su r/5505
On the machine running public-inbox, this will start automatically fetching mails from depot@tvl.su and making them available to public-inbox. Change-Id: I2469207bd41d64eba747a74ae5fda9fed548cc83 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7630 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI
Diffstat (limited to 'ops/modules/depot-inbox.nix')
-rw-r--r-- | ops/modules/depot-inbox.nix | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/ops/modules/depot-inbox.nix b/ops/modules/depot-inbox.nix index b791cc6db730..1accbe3eae84 100644 --- a/ops/modules/depot-inbox.nix +++ b/ops/modules/depot-inbox.nix @@ -3,10 +3,31 @@ # The account itself is a Yandex 360 account in the tvl.su organisation, which # is accessed via IMAP. Yandex takes care of spam filtering for us, so there is # no particular SpamAssassin or other configuration. -{ config, lib, pkgs, ... }: +{ config, depot, lib, pkgs, ... }: let cfg = config.services.depot.inbox; + + imapConfig = pkgs.writeText "offlineimaprc" '' + [general] + accounts = depot + + [Account depot] + localrepository = Local + remoterepository = Remote + + [Repository Local] + type = Maildir + localfolders = /var/lib/public-inbox/depot-imap + + [Repository Remote] + type = IMAP + ssl = yes + sslcacertfile = /etc/ssl/certs/ca-bundle.crt + remotehost = imap.yandex.ru + remoteuser = depot@tvl.su + remotepassfile = /var/run/agenix/depot-inbox-imap + ''; in { options.services.depot.inbox = with lib; { @@ -46,5 +67,31 @@ in settings.publicinbox.wwwlisting = "all"; }; + + age.secrets.depot-inbox-imap = { + file = depot.ops.secrets."depot-inbox-imap.age"; + mode = "0440"; + group = config.users.groups."public-inbox".name; + }; + + systemd.services.offlineimap-depot = { + description = "download mail for depot@tvl.su"; + wantedBy = [ "multi-user.target" ]; + startAt = "minutely"; + + script = '' + mkdir -p /var/lib/public-inbox/depot-imap + ${pkgs.offlineimap}/bin/offlineimap -c ${imapConfig} + ''; + + serviceConfig = { + Type = "oneshot"; + + # Run in the same user context as public-inbox itself to avoid + # permissions trouble. + User = config.users.users."public-inbox".name; + Group = config.users.groups."public-inbox".name; + }; + }; }; } |