diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-01-13 07:24:18 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-01-13 07:31:03 +0000 |
commit | 1fb3ddfe362432c508409a81060dfd4bbb2ce31f (patch) | |
tree | 2fdac9088745559d1cbfb461d4320911d4636428 /modules/workstation/mail | |
parent | 772684d785b1eb5b1fc1a453770b5f0b03de045f (diff) | |
download | nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.gz nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.bz2 nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.lz nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.xz nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.zst nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.zip |
modules/workstation/mail: get rid of qyliss-mail
Fetching mail as a different user provided a pretty negligible security benefit. It protects my IMAP password, but my IMAP password only allows fetching mail, and all my mail is sitting right there unprotected anyway. Also, split mbsync and notmuch into multiple units. This would make it possible to trigger notmuch at other times without having to fetch mail first.
Diffstat (limited to 'modules/workstation/mail')
-rw-r--r-- | modules/workstation/mail/default.nix | 37 | ||||
-rw-r--r-- | modules/workstation/mail/isync/default.nix | 25 | ||||
-rw-r--r-- | modules/workstation/mail/isync/mbsyncrc.in (renamed from modules/workstation/mail/mbsyncrc.in) | 2 | ||||
-rw-r--r-- | modules/workstation/mail/notmuch/default.nix | 7 |
4 files changed, 34 insertions, 37 deletions
diff --git a/modules/workstation/mail/default.nix b/modules/workstation/mail/default.nix index c53128520812..8132a88bcc4e 100644 --- a/modules/workstation/mail/default.nix +++ b/modules/workstation/mail/default.nix @@ -1,45 +1,10 @@ { pkgs, config, ... }: -let - maildir = "${config.users.users.qyliss.home}/mail"; - mbsyncrc = pkgs.substituteAll { inherit maildir; src = ./mbsyncrc.in; }; - -in - { - imports = [ ./mutt ./notmuch ./postfix ./rss2email ]; + imports = [ ./isync ./mutt ./notmuch ./postfix ./rss2email ]; environment.systemPackages = with pkgs; [ isync ]; - systemd.services.mail = { - path = with pkgs; [ coreutils findutils isync notmuch sudo ]; - serviceConfig.Type = "oneshot"; - after = [ "network-online.target" ]; - script = "sudo -u qyliss-mail mbsync -a -V -c ${mbsyncrc}"; - postStart = '' - find "${maildir}" \! -name .mbsyncstate* \ - \( \( \! -user qyliss -o \! -group qyliss \) , \ - -type f \! -perm 660 -exec chmod 0660 '{}' \; , \ - -type d \! -perm 770 -exec chmod 0770 '{}' \; \) - sudo -u qyliss \ - env NOTMUCH_CONFIG=/etc/xdg/nixos/per-user/qyliss/notmuch/config \ - notmuch new - ''; - }; - - systemd.timers.mail = { - timerConfig.OnCalendar = "*:0/5"; - timerConfig.Persistent = true; - after = [ "network-online.target" ]; - wantedBy = [ "timers.target" ]; - }; - - users.users.qyliss-mail = { - home = "/var/home/qyliss-mail"; - group = "qyliss"; - createHome = true; - }; - home.qyliss.dirs.mail = { group = "qyliss"; permissions = "0770"; diff --git a/modules/workstation/mail/isync/default.nix b/modules/workstation/mail/isync/default.nix new file mode 100644 index 000000000000..685951af13e4 --- /dev/null +++ b/modules/workstation/mail/isync/default.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: + +let + maildir = "${config.users.users.qyliss.home}/mail"; + mbsyncrc = pkgs.substituteAll { inherit maildir; src = ./mbsyncrc.in; }; +in + +{ + systemd.services.mbsync = { + serviceConfig.Type = "oneshot"; + after = [ "network-online.target" ]; + before = [ "notmuch.service" ]; + requires = [ "network-online.target" ]; + wants = [ "notmuch.service" ]; + serviceConfig.ExecStart = "${pkgs.isync}/bin/mbsync -a -V -c ${mbsyncrc}"; + serviceConfig.User = "qyliss"; + }; + + systemd.timers.mbsync = { + timerConfig.OnCalendar = "*:0/5"; + timerConfig.Persistent = true; + after = [ "network-online.target" ]; + wantedBy = [ "timers.target" ]; + }; +} diff --git a/modules/workstation/mail/mbsyncrc.in b/modules/workstation/mail/isync/mbsyncrc.in index 987646dd9e66..7cda8b6150c5 100644 --- a/modules/workstation/mail/mbsyncrc.in +++ b/modules/workstation/mail/isync/mbsyncrc.in @@ -8,7 +8,7 @@ MaildirStore local IMAPAccount fastmail Host imap.fastmail.com User alyssa@fastmail.com - PassCmd "cat ~/imappass" + PassCmd "cat ~/mail/imappass" SSLType IMAPS SSLVersions TLSv1.2 diff --git a/modules/workstation/mail/notmuch/default.nix b/modules/workstation/mail/notmuch/default.nix index 46aa17374a0e..418a4b5ff666 100644 --- a/modules/workstation/mail/notmuch/default.nix +++ b/modules/workstation/mail/notmuch/default.nix @@ -9,4 +9,11 @@ users.users.qyliss.xdg.config.paths."notmuch/config" = pkgs.copyPathToStore ./config; + + systemd.services.notmuch = { + serviceConfig.Type = "oneshot"; + environment.NOTMUCH_CONFIG = "/etc/xdg/nixos/per-user/qyliss/notmuch/config"; + serviceConfig.ExecStart = "${pkgs.notmuch}/bin/notmuch new"; + serviceConfig.User = "qyliss"; + }; } |