diff options
-rw-r--r-- | ops/modules/depot-inbox.nix | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/ops/modules/depot-inbox.nix b/ops/modules/depot-inbox.nix index b791cc6db730..1accbe3eae84 100644 --- a/ops/modules/depot-inbox.nix +++ b/ops/modules/depot-inbox.nix @@ -3,10 +3,31 @@ # The account itself is a Yandex 360 account in the tvl.su organisation, which # is accessed via IMAP. Yandex takes care of spam filtering for us, so there is # no particular SpamAssassin or other configuration. -{ config, lib, pkgs, ... }: +{ config, depot, lib, pkgs, ... }: let cfg = config.services.depot.inbox; + + imapConfig = pkgs.writeText "offlineimaprc" '' + [general] + accounts = depot + + [Account depot] + localrepository = Local + remoterepository = Remote + + [Repository Local] + type = Maildir + localfolders = /var/lib/public-inbox/depot-imap + + [Repository Remote] + type = IMAP + ssl = yes + sslcacertfile = /etc/ssl/certs/ca-bundle.crt + remotehost = imap.yandex.ru + remoteuser = depot@tvl.su + remotepassfile = /var/run/agenix/depot-inbox-imap + ''; in { options.services.depot.inbox = with lib; { @@ -46,5 +67,31 @@ in settings.publicinbox.wwwlisting = "all"; }; + + age.secrets.depot-inbox-imap = { + file = depot.ops.secrets."depot-inbox-imap.age"; + mode = "0440"; + group = config.users.groups."public-inbox".name; + }; + + systemd.services.offlineimap-depot = { + description = "download mail for depot@tvl.su"; + wantedBy = [ "multi-user.target" ]; + startAt = "minutely"; + + script = '' + mkdir -p /var/lib/public-inbox/depot-imap + ${pkgs.offlineimap}/bin/offlineimap -c ${imapConfig} + ''; + + serviceConfig = { + Type = "oneshot"; + + # Run in the same user context as public-inbox itself to avoid + # permissions trouble. + User = config.users.users."public-inbox".name; + Group = config.users.groups."public-inbox".name; + }; + }; }; } |