3 files changed, 84 insertions, 0 deletions

diff --git a/third_party/lieer/api_client.patch b/third_party/lieer/api_client.patch
new file mode 100644
index 000000000000..cbde914a6ba8
--- /dev/null
+++ b/third_party/lieer/api_client.patch
@@ -0,0 +1,20 @@
+diff --git a/lieer/remote.py b/lieer/remote.py
+index 6e3973a..62728f7 100644
+--- a/lieer/remote.py
++++ b/lieer/remote.py
+@@ -25,12 +25,12 @@ class Remote:
+   # * https://stackoverflow.com/questions/19615372/client-secret-in-oauth-2-0?rq=1
+   #
+   OAUTH2_CLIENT_SECRET = {
+-        "client_id":"753933720722-ju82fu305lii0v9rdo6mf9hj40l5juv0.apps.googleusercontent.com",
+-        "project_id":"capable-pixel-160614",
++        "client_id":"${CLIENT_ID}",
++        "project_id":"${PROJECT_ID}",
+         "auth_uri":"https://accounts.google.com/o/oauth2/auth",
+         "token_uri":"https://accounts.google.com/o/oauth2/token",
+         "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
+-        "client_secret":"8oudEG0Tvb7YI2V0ykp2Pzz9",
++        "client_secret":"${CLIENT_SECRET}",
+         "redirect_uris":["urn:ietf:wg:oauth:2.0:oob", "http://localhost"]
+     }
+ 
diff --git a/third_party/lieer/default.nix b/third_party/lieer/default.nix
new file mode 100644
index 000000000000..6dd4cecd1d3f
--- /dev/null
+++ b/third_party/lieer/default.nix
@@ -0,0 +1,51 @@
+# Lieer is a small tool to synchronise a Gmail account with a local
+# maildir.
+#
+# Lieer is packaged in nixpkgs, but as of 2019-12-23 it is an old
+# version using the previous branding (gmailieer).
+{ pkgs, ... }:
+
+# For a variety of reasons (specific to my setup), custom OAuth2
+# scopes are used.
+#
+# The below client ID is the default for *@tazj.in and is overridden
+# in a private repository for my work account. Publishing it here is
+# not a security issue.
+{
+  clientId ? "515965513093-7b4bo4gm0q09ccsmikkuaas9a40j0jcj.apps.googleusercontent.com",
+  clientSecret ? "3jVbpfT4GmubFD64svctJSdQ",
+  project ? "tazjins-infrastructure"
+}:
+
+with pkgs;
+
+let
+  authPatch = runCommand "client_secret.patch" {} ''
+    export CLIENT_ID='${clientId}'
+    export CLIENT_SECRET='${clientSecret}'
+    export PROJECT_ID='${project}'
+    cat ${./api_client.patch} | ${gettext}/bin/envsubst > $out
+  '';
+in python3Packages.buildPythonApplication rec {
+  name = "lieer-${version}";
+  version = "1.0";
+
+  src = fetchFromGitHub {
+    owner = "gauteh";
+    repo = "lieer";
+    rev = "v${version}";
+    sha256 = "1zzylv8xbcrh34bz0s29dawzcyx39lai8y8wk0bl4x75v1jfynvf";
+  };
+
+  patches = [
+    authPatch
+    ./send_scope.patch
+  ];
+
+  propagatedBuildInputs = with python3Packages; [
+    notmuch
+    oauth2client
+    google_api_python_client
+    tqdm
+  ];
+}
diff --git a/third_party/lieer/send_scope.patch b/third_party/lieer/send_scope.patch
new file mode 100644
index 000000000000..c882a79ac518
--- /dev/null
+++ b/third_party/lieer/send_scope.patch
@@ -0,0 +1,13 @@
+diff --git a/lieer/remote.py b/lieer/remote.py
+index 6e3973a..ade1082 100644
+--- a/lieer/remote.py
++++ b/lieer/remote.py
+@@ -9,7 +9,7 @@ from oauth2client.file import Storage
+ from pathlib import Path
+ 
+ class Remote:
+-  SCOPES = 'https://www.googleapis.com/auth/gmail.readonly https://www.googleapis.com/auth/gmail.labels https://www.googleapis.com/auth/gmail.modify'
++  SCOPES = 'https://www.googleapis.com/auth/gmail.readonly https://www.googleapis.com/auth/gmail.labels https://www.googleapis.com/auth/gmail.modify https://mail.google.com/'
+   APPLICATION_NAME   = 'Lieer'
+   CLIENT_SECRET_FILE = None
+   authorized         = False