9 files changed, 233 insertions, 0 deletions

diff --git a/modules/workstation/mail/default.nix b/modules/workstation/mail/default.nix
new file mode 100644
index 000000000000..ff34fab8b98e
--- /dev/null
+++ b/modules/workstation/mail/default.nix
@@ -0,0 +1,11 @@
+{ pkgs, config, ... }:
+
+{
+  imports = [ ./isync ./mutt ./notmuch ./postfix ./rss2email ];
+
+  environment.systemPackages = with pkgs; [ isync ];
+
+  systemd.tmpfiles.rules = [
+    "d ${config.users.users.qyliss.home}/mail 0770 qyliss qyliss"
+  ];
+}
diff --git a/modules/workstation/mail/isync/default.nix b/modules/workstation/mail/isync/default.nix
new file mode 100644
index 000000000000..22d64e45b1ba
--- /dev/null
+++ b/modules/workstation/mail/isync/default.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+let
+  maildir = "${config.users.users.qyliss.home}/mail";
+  mbsyncrc = pkgs.substituteAll { inherit maildir; src = ./mbsyncrc.in; };
+in
+
+{
+  systemd.services.mbsync = {
+    serviceConfig.Type = "oneshot";
+    after = [ "network-online.target" ];
+    before = [ "notmuch.service" ];
+    requires = [ "network-online.target" ];
+    wants = [ "notmuch.service" ];
+    serviceConfig.ExecStart = "${pkgs.isync}/bin/mbsync -a -V -c ${mbsyncrc}";
+    serviceConfig.User = "qyliss";
+    unitConfig.ConditionPathExists = "${maildir}/imappass";
+  };
+
+  systemd.timers.mbsync = {
+    timerConfig.OnCalendar = "*:0/5";
+    timerConfig.Persistent = true;
+    after = [ "network-online.target" ];
+    requires = [ "network-online.target" ];
+    wantedBy = [ "timers.target" ];
+  };
+}
diff --git a/modules/workstation/mail/isync/mbsyncrc.in b/modules/workstation/mail/isync/mbsyncrc.in
new file mode 100644
index 000000000000..4c44891acb46
--- /dev/null
+++ b/modules/workstation/mail/isync/mbsyncrc.in
@@ -0,0 +1,22 @@
+Create Both
+
+MaildirStore local
+  Path @maildir@/
+  Inbox @maildir@/INBOX
+  Subfolders Verbatim
+
+IMAPAccount fastmail
+  Host imap.fastmail.com
+  User alyssa@fastmail.com
+  PassCmd "cat ~/mail/imappass"
+  SSLType IMAPS
+  SSLVersions TLSv1.3
+
+IMAPStore fastmail-remote
+  Account fastmail
+
+Channel fastmail
+  Far :fastmail-remote:
+  Near :local:
+  Patterns *
+  SyncState *
diff --git a/modules/workstation/mail/mutt/default.nix b/modules/workstation/mail/mutt/default.nix
new file mode 100644
index 000000000000..96c0e6867545
--- /dev/null
+++ b/modules/workstation/mail/mutt/default.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+let
+  stateDir = "${config.users.users.qyliss.home}/state/mutt";
+in
+
+{
+  environment.systemPackages = with pkgs; [ neomutt ];
+
+  users.users.qyliss.xdg.config.paths."mutt/muttrc" = pkgs.copyPathToStore ./muttrc;
+
+  systemd.tmpfiles.rules = [
+    "d ${stateDir}              0700 qyliss qyliss"
+    "d ${stateDir}/header_cache 0700 qyliss qyliss"
+  ];
+}
diff --git a/modules/workstation/mail/mutt/muttrc b/modules/workstation/mail/mutt/muttrc
new file mode 100644
index 000000000000..6d80aced3bef
--- /dev/null
+++ b/modules/workstation/mail/mutt/muttrc
@@ -0,0 +1,64 @@
+color index red default ~P
+
+alternates alyssa\.ross@unikie\.com
+alternates @alyssa\.is @hi\.alyssa\.is
+
+unignore List-Id:
+unignore Message-Id:
+ignore User-Agent:
+
+set beep = no
+set beep_new = yes
+set edit_headers = yes
+set fast_reply = yes
+set folder = ~/mail
+set header_cache = ~/state/mutt/header_cache
+set help = no
+set mark_old = no
+set mime_forward = ask-no
+set quit = ask-yes
+set reverse_name = yes
+set sort = last-date-received
+set sort_browser = new
+set strict_threads = yes
+set use_envelope_from = yes
+set use_threads = yes
+set user_agent = no
+
+set newsrc = $XDG_DATA_HOME/mutt/newsrc
+set nntp_context = 32767
+
+unset prompt_after
+
+set spoolfile = +INBOX
+
+# set record = "=[Gmail]/Sent Mail"
+# set postponed = "=[Gmail]/Drafts"
+mailboxes `cd ~/mail; find . -name cur -print0 | sed -z -e 's|^\./||' -e 's|/cur$||' -e 's/\\/\\\\/' -e 's/"/\\"/g' -e 's/^/"=/' -e 's/$/"/' | xargs -0`
+set record = "=Sent"
+set trash = "=Archive"
+set postponed = "=Drafts"
+set sendmail = "sendmail"
+
+set pgp_use_gpg_agent = yes
+set crypt_autosign = yes
+set crypt_opportunistic_encrypt = yes
+set postpone_encrypt = yes
+
+# Required for postpone_encrypt to work
+set pgp_default_key = 757356D779BBB888773E415E736CCDF9EF51BD97
+
+set pgp_decode_command       = "gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - %f"
+set pgp_verify_command       = "gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f"
+set pgp_decrypt_command      = "gpg --status-fd=2 %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --quiet --batch --output - --decrypt %f"
+set pgp_sign_command         = "gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --detach-sign %f"
+set pgp_clearsign_command    = "gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --no-verbose --batch --quiet --output - --armor --textmode %?a?--local-user %a? --clearsign %f"
+set pgp_encrypt_only_command = "pgpewrap gpg --trust-model always --batch --quiet --no-verbose --output - --textmode --armor --encrypt -- --recipient %r -- %f"
+set pgp_encrypt_sign_command = "pgpewrap gpg %?p?--pinentry-mode loopback --passphrase-fd 0? --trust-model always --batch --quiet --no-verbose --textmode --output - %?a?--local-user %a? --armor --sign --encrypt -- --recipient %r -- %f"
+set pgp_import_command       = "gpg --no-verbose --import %f"
+set pgp_export_command       = "gpg --no-verbose --armor --export %r"
+set pgp_verify_key_command   = "gpg --verbose --batch --fingerprint --check-sigs %r"
+set pgp_list_pubring_command = "gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r"
+set pgp_list_secring_command = "gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r"
+set pgp_good_sign            = "^\\[GNUPG:\\] GOODSIG"
+set pgp_decryption_okay      = "^\\[GNUPG:\\] DECRYPTION_OKAY"
diff --git a/modules/workstation/mail/notmuch/config b/modules/workstation/mail/notmuch/config
new file mode 100644
index 000000000000..12b4435f10a2
--- /dev/null
+++ b/modules/workstation/mail/notmuch/config
@@ -0,0 +1,12 @@
+[user]
+other_email=alyssa.ross@freeagent.com;alyssa.ross@unikie.com;
+
+[new]
+tags=unread;inbox;
+ignore=.uidvalidity;.mbsyncstate;.mbsyncstate.new;.mbsyncstate.journal;
+
+[search]
+exclude_tags=
+
+[maildir]
+synchronize_flags=true
\ No newline at end of file
diff --git a/modules/workstation/mail/notmuch/default.nix b/modules/workstation/mail/notmuch/default.nix
new file mode 100644
index 000000000000..cb7ccd877950
--- /dev/null
+++ b/modules/workstation/mail/notmuch/default.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+
+{
+  environment.extraInit = ''
+    export NOTMUCH_CONFIG="/etc/xdg/nixos/per-user/$USER/notmuch/config"
+  '';
+
+  environment.systemPackages = with pkgs; [ notmuch ];
+
+  users.users.qyliss.xdg.config.paths."notmuch/config" =
+    pkgs.copyPathToStore ./config;
+
+  systemd.services.notmuch = {
+    serviceConfig.Type = "oneshot";
+    environment.NOTMUCH_CONFIG = "/etc/xdg/nixos/per-user/qyliss/notmuch/config";
+    serviceConfig.ExecStart = "${pkgs.notmuch}/bin/notmuch new";
+    serviceConfig.IOSchedulingClass = "idle";
+    serviceConfig.Nice = 1;
+    serviceConfig.User = "qyliss";
+  };
+}
diff --git a/modules/workstation/mail/postfix/default.nix b/modules/workstation/mail/postfix/default.nix
new file mode 100644
index 000000000000..db16bced3a5e
--- /dev/null
+++ b/modules/workstation/mail/postfix/default.nix
@@ -0,0 +1,43 @@
+{ pkgs, lib, config, ... }:
+
+{
+  services.postfix.enable = true;
+
+  services.postfix.hostname = with lib; with config.networking;
+    concatStringsSep "." (filter (x: x != null) [ hostName domain ]);
+
+  services.postfix.relayHost = "smtp.fastmail.com";
+  services.postfix.relayPort = 465;
+
+  services.postfix.recipientDelimiter = "+";
+  services.postfix.config.home_mailbox = "mail/INBOX/";
+  services.postfix.canonical = ''
+    qyliss hi@alyssa.is
+  '';
+  services.postfix.virtual = ''
+    hi@alyssa.is qyliss
+  '';
+
+  # NixOS links /var/lib/postfix/conf to /etc/postfix, but
+  # postfix.service deletes /var/lib/postfix in an ExecStartPre, so we
+  # can't keep files there without adding them to the store.
+  #
+  # Work around this with a layer of symlink indirection.
+  services.postfix.mapFiles.sasl_passwd = pkgs.runCommand "sasl_passwd" {} ''
+    ln -s /var/lib/postfix/sasl_passwd $out
+  '';
+  services.postfix.config.smtp_sasl_password_maps = "hash:/etc/postfix/sasl_passwd";
+
+  services.postfix.config.sender_dependent_relayhost_maps = "hash:/etc/postfix/sender_dependent_relayhost";
+  services.postfix.mapFiles.sender_dependent_relayhost = pkgs.writeText "sender_dependent_relayhost" ''
+    @unikie.com [smtp.gmail.com]:465
+  '';
+
+  services.postfix.config.smtp_sasl_auth_enable = true;
+  services.postfix.config.smtp_sasl_tls_security_options = "noanonymous";
+  services.postfix.config.smtp_tls_security_level = "encrypt";
+  services.postfix.config.smtp_tls_wrappermode = true;
+
+  systemd.services.postfix-setup.unitConfig.ConditionPathExists = "/var/lib/postfix/sasl_passwd";
+  systemd.services.postfix.unitConfig.ConditionPathExists = "/var/lib/postfix/sasl_passwd";
+}
diff --git a/modules/workstation/mail/rss2email/default.nix b/modules/workstation/mail/rss2email/default.nix
new file mode 100644
index 000000000000..614b7f9c0cb0
--- /dev/null
+++ b/modules/workstation/mail/rss2email/default.nix
@@ -0,0 +1,17 @@
+{ config, ... }:
+
+{
+  services.rss2email.enable = true;
+  services.rss2email.to = "hi+rss2email@alyssa.is";
+  services.rss2email.config.date-header = true;
+  services.rss2email.config.from =
+    "rss2email@${config.services.postfix.hostname}";
+
+  services.rss2email.feeds = {
+    fading-memories = { url = "https://valdyas.org/fading/feed/"; };
+    flak = { url = "https://flak.tedunangst.com/rss"; };
+    wandering-thoughts =
+      { url = "https://utcc.utoronto.ca/~cks/space/blog/?atom"; };
+    repology = { url = "https://repology.org/maintainer/hi%40alyssa.is/feed-for-repo/nix_unstable/atom"; };
+  };
+}