about summary refs log tree commit diff
path: root/ops
diff options
context:
space:
mode:
Diffstat (limited to 'ops')
-rw-r--r--ops/modules/depot-inbox.nix49
1 files changed, 48 insertions, 1 deletions
diff --git a/ops/modules/depot-inbox.nix b/ops/modules/depot-inbox.nix
index b791cc6db730..1accbe3eae84 100644
--- a/ops/modules/depot-inbox.nix
+++ b/ops/modules/depot-inbox.nix
@@ -3,10 +3,31 @@
 # The account itself is a Yandex 360 account in the tvl.su organisation, which
 # is accessed via IMAP. Yandex takes care of spam filtering for us, so there is
 # no particular SpamAssassin or other configuration.
-{ config, lib, pkgs, ... }:
+{ config, depot, lib, pkgs, ... }:
 
 let
   cfg = config.services.depot.inbox;
+
+  imapConfig = pkgs.writeText "offlineimaprc" ''
+    [general]
+    accounts = depot
+
+    [Account depot]
+    localrepository = Local
+    remoterepository = Remote
+
+    [Repository Local]
+    type = Maildir
+    localfolders = /var/lib/public-inbox/depot-imap
+
+    [Repository Remote]
+    type = IMAP
+    ssl = yes
+    sslcacertfile = /etc/ssl/certs/ca-bundle.crt
+    remotehost = imap.yandex.ru
+    remoteuser = depot@tvl.su
+    remotepassfile = /var/run/agenix/depot-inbox-imap
+  '';
 in
 {
   options.services.depot.inbox = with lib; {
@@ -46,5 +67,31 @@ in
 
       settings.publicinbox.wwwlisting = "all";
     };
+
+    age.secrets.depot-inbox-imap = {
+      file = depot.ops.secrets."depot-inbox-imap.age";
+      mode = "0440";
+      group = config.users.groups."public-inbox".name;
+    };
+
+    systemd.services.offlineimap-depot = {
+      description = "download mail for depot@tvl.su";
+      wantedBy = [ "multi-user.target" ];
+      startAt = "minutely";
+
+      script = ''
+        mkdir -p /var/lib/public-inbox/depot-imap
+        ${pkgs.offlineimap}/bin/offlineimap -c ${imapConfig}
+      '';
+
+      serviceConfig = {
+        Type = "oneshot";
+
+        # Run in the same user context as public-inbox itself to avoid
+        # permissions trouble.
+        User = config.users.users."public-inbox".name;
+        Group = config.users.groups."public-inbox".name;
+      };
+    };
   };
 }