about summary refs log tree commit diff
path: root/modules/workstation/mail
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2021-01-13 07:24:18 +0000
committerAlyssa Ross <hi@alyssa.is>2021-01-13 07:31:03 +0000
commit1fb3ddfe362432c508409a81060dfd4bbb2ce31f (patch)
tree2fdac9088745559d1cbfb461d4320911d4636428 /modules/workstation/mail
parent772684d785b1eb5b1fc1a453770b5f0b03de045f (diff)
downloadnixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar
nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.gz
nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.bz2
nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.lz
nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.xz
nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.tar.zst
nixlib-1fb3ddfe362432c508409a81060dfd4bbb2ce31f.zip
modules/workstation/mail: get rid of qyliss-mail
Fetching mail as a different user provided a pretty negligible
security benefit.  It protects my IMAP password, but my IMAP password
only allows fetching mail, and all my mail is sitting right there
unprotected anyway.

Also, split mbsync and notmuch into multiple units.  This would make
it possible to trigger notmuch at other times without having to fetch
mail first.
Diffstat (limited to 'modules/workstation/mail')
-rw-r--r--modules/workstation/mail/default.nix37
-rw-r--r--modules/workstation/mail/isync/default.nix25
-rw-r--r--modules/workstation/mail/isync/mbsyncrc.in (renamed from modules/workstation/mail/mbsyncrc.in)2
-rw-r--r--modules/workstation/mail/notmuch/default.nix7
4 files changed, 34 insertions, 37 deletions
diff --git a/modules/workstation/mail/default.nix b/modules/workstation/mail/default.nix
index c53128520812..8132a88bcc4e 100644
--- a/modules/workstation/mail/default.nix
+++ b/modules/workstation/mail/default.nix
@@ -1,45 +1,10 @@
 { pkgs, config, ... }:
 
-let
-  maildir = "${config.users.users.qyliss.home}/mail";
-  mbsyncrc = pkgs.substituteAll { inherit maildir; src = ./mbsyncrc.in; };
-
-in
-
 {
-  imports = [ ./mutt ./notmuch ./postfix ./rss2email ];
+  imports = [ ./isync ./mutt ./notmuch ./postfix ./rss2email ];
 
   environment.systemPackages = with pkgs; [ isync ];
 
-  systemd.services.mail = {
-    path = with pkgs; [ coreutils findutils isync notmuch sudo ];
-    serviceConfig.Type = "oneshot";
-    after = [ "network-online.target" ];
-    script = "sudo -u qyliss-mail mbsync -a -V -c ${mbsyncrc}";
-    postStart = ''
-      find "${maildir}" \! -name .mbsyncstate* \
-                        \( \( \! -user qyliss -o \! -group qyliss \) , \
-                           -type f \! -perm 660 -exec chmod 0660 '{}' \; , \
-                           -type d \! -perm 770 -exec chmod 0770 '{}' \; \)
-      sudo -u qyliss \
-          env NOTMUCH_CONFIG=/etc/xdg/nixos/per-user/qyliss/notmuch/config \
-          notmuch new
-    '';
-  };
-
-  systemd.timers.mail = {
-    timerConfig.OnCalendar = "*:0/5";
-    timerConfig.Persistent = true;
-    after = [ "network-online.target" ];
-    wantedBy = [ "timers.target" ];
-  };
-
-  users.users.qyliss-mail = {
-    home = "/var/home/qyliss-mail";
-    group = "qyliss";
-    createHome = true;
-  };
-
   home.qyliss.dirs.mail = {
     group = "qyliss";
     permissions = "0770";
diff --git a/modules/workstation/mail/isync/default.nix b/modules/workstation/mail/isync/default.nix
new file mode 100644
index 000000000000..685951af13e4
--- /dev/null
+++ b/modules/workstation/mail/isync/default.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, ... }:
+
+let
+  maildir = "${config.users.users.qyliss.home}/mail";
+  mbsyncrc = pkgs.substituteAll { inherit maildir; src = ./mbsyncrc.in; };
+in
+
+{
+  systemd.services.mbsync = {
+    serviceConfig.Type = "oneshot";
+    after = [ "network-online.target" ];
+    before = [ "notmuch.service" ];
+    requires = [ "network-online.target" ];
+    wants = [ "notmuch.service" ];
+    serviceConfig.ExecStart = "${pkgs.isync}/bin/mbsync -a -V -c ${mbsyncrc}";
+    serviceConfig.User = "qyliss";
+  };
+
+  systemd.timers.mbsync = {
+    timerConfig.OnCalendar = "*:0/5";
+    timerConfig.Persistent = true;
+    after = [ "network-online.target" ];
+    wantedBy = [ "timers.target" ];
+  };
+}
diff --git a/modules/workstation/mail/mbsyncrc.in b/modules/workstation/mail/isync/mbsyncrc.in
index 987646dd9e66..7cda8b6150c5 100644
--- a/modules/workstation/mail/mbsyncrc.in
+++ b/modules/workstation/mail/isync/mbsyncrc.in
@@ -8,7 +8,7 @@ MaildirStore local
 IMAPAccount fastmail
   Host imap.fastmail.com
   User alyssa@fastmail.com
-  PassCmd "cat ~/imappass"
+  PassCmd "cat ~/mail/imappass"
   SSLType IMAPS
   SSLVersions TLSv1.2
 
diff --git a/modules/workstation/mail/notmuch/default.nix b/modules/workstation/mail/notmuch/default.nix
index 46aa17374a0e..418a4b5ff666 100644
--- a/modules/workstation/mail/notmuch/default.nix
+++ b/modules/workstation/mail/notmuch/default.nix
@@ -9,4 +9,11 @@
 
   users.users.qyliss.xdg.config.paths."notmuch/config" =
     pkgs.copyPathToStore ./config;
+
+  systemd.services.notmuch = {
+    serviceConfig.Type = "oneshot";
+    environment.NOTMUCH_CONFIG = "/etc/xdg/nixos/per-user/qyliss/notmuch/config";
+    serviceConfig.ExecStart = "${pkgs.notmuch}/bin/notmuch new";
+    serviceConfig.User = "qyliss";
+  };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-30 06:23:47 +0000