tvl-depot/ops/modules/depot-inbox.nix

# public-inbox configuration for depot@tvl.su
#
# The account itself is a Yandex 360 account in the tvl.su organisation, which
# is accessed via IMAP. Yandex takes care of spam filtering for us, so there is
# no particular SpamAssassin or other configuration.
{ config, depot, lib, pkgs, ... }:

let
  cfg = config.services.depot.inbox;

  imapConfig = pkgs.writeText "offlineimaprc" ''
    [general]
    accounts = depot

    [Account depot]
    localrepository = Local
    remoterepository = Remote

    [Repository Local]
    type = Maildir
    localfolders = /var/lib/public-inbox/depot-imap

    [Repository Remote]
    type = IMAP
    ssl = yes
    sslcacertfile = /etc/ssl/certs/ca-bundle.crt
    remotehost = imap.yandex.ru
    remoteuser = depot@tvl.su
    remotepassfile = /var/run/agenix/depot-inbox-imap
  '';
in
{
  options.services.depot.inbox = with lib; {
    enable = mkEnableOption "Enable public-inbox for depot@tvl.su";

    depotPath = mkOption {
      description = "path to local depot replica";
      type = types.str;
      default = "/var/lib/depot";
    };
  };

  config = lib.mkIf cfg.enable {
    services.public-inbox = {
      enable = true;

      http.enable = true;
      http.port = 8053;
      # imap.enable = true;
      # nntp.enable = true;

      inboxes.depot = rec {
        address = [
          "depot@tvl.su" # primary address
          "depot@tazj.in" # legacy address
        ];

        description = "TVL depot development";
        coderepo = [ "depot" ];
        url = "https://inbox.tvl.su/depot";
      };

      settings.coderepo.depot = {
        dir = cfg.depotPath;
        cgitUrl = "https://code.tvl.fyi";
      };

      settings.publicinbox.wwwlisting = "all";
    };

    age.secrets.depot-inbox-imap = {
      file = depot.ops.secrets."depot-inbox-imap.age";
      mode = "0440";
      group = config.users.groups."public-inbox".name;
    };

    systemd.services.offlineimap-depot = {
      description = "download mail for depot@tvl.su";
      wantedBy = [ "multi-user.target" ];
      startAt = "minutely";

      script = ''
        mkdir -p /var/lib/public-inbox/depot-imap
        ${pkgs.offlineimap}/bin/offlineimap -c ${imapConfig}
      '';

      serviceConfig = {
        Type = "oneshot";

        # Run in the same user context as public-inbox itself to avoid
        # permissions trouble.
        User = config.users.users."public-inbox".name;
        Group = config.users.groups."public-inbox".name;
      };
    };
  };
}
feat(ops/modules): set up public-inbox at inbox.tvl.su Initial setup which does not yet include fetching mails at all, this is for now only going to display a manually populated view of the existing mailing list while the rest of this stuff is set up. Change-Id: Ie1235bd257c9056fe37d0740dfca771ebdd880eb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7628 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI 2022-12-24 23:58:21 +01:00			`# public-inbox configuration for depot@tvl.su`
			`#`
			`# The account itself is a Yandex 360 account in the tvl.su organisation, which`
			`# is accessed via IMAP. Yandex takes care of spam filtering for us, so there is`
			`# no particular SpamAssassin or other configuration.`
feat(ops/modules): configure offlineimap for depot@tvl.su On the machine running public-inbox, this will start automatically fetching mails from depot@tvl.su and making them available to public-inbox. Change-Id: I2469207bd41d64eba747a74ae5fda9fed548cc83 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7630 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI 2022-12-25 12:22:18 +01:00			`{ config, depot, lib, pkgs, ... }:`
feat(ops/modules): set up public-inbox at inbox.tvl.su Initial setup which does not yet include fetching mails at all, this is for now only going to display a manually populated view of the existing mailing list while the rest of this stuff is set up. Change-Id: Ie1235bd257c9056fe37d0740dfca771ebdd880eb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7628 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI 2022-12-24 23:58:21 +01:00
			`let`
			`cfg = config.services.depot.inbox;`
feat(ops/modules): configure offlineimap for depot@tvl.su On the machine running public-inbox, this will start automatically fetching mails from depot@tvl.su and making them available to public-inbox. Change-Id: I2469207bd41d64eba747a74ae5fda9fed548cc83 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7630 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI 2022-12-25 12:22:18 +01:00
			`imapConfig = pkgs.writeText "offlineimaprc" ''`
			`[general]`
			`accounts = depot`

			`[Account depot]`
			`localrepository = Local`
			`remoterepository = Remote`

			`[Repository Local]`
			`type = Maildir`
			`localfolders = /var/lib/public-inbox/depot-imap`

			`[Repository Remote]`
			`type = IMAP`
			`ssl = yes`
			`sslcacertfile = /etc/ssl/certs/ca-bundle.crt`
			`remotehost = imap.yandex.ru`
			`remoteuser = depot@tvl.su`
			`remotepassfile = /var/run/agenix/depot-inbox-imap`
			`'';`
feat(ops/modules): set up public-inbox at inbox.tvl.su Initial setup which does not yet include fetching mails at all, this is for now only going to display a manually populated view of the existing mailing list while the rest of this stuff is set up. Change-Id: Ie1235bd257c9056fe37d0740dfca771ebdd880eb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7628 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI 2022-12-24 23:58:21 +01:00			`in`
			`{`
			`options.services.depot.inbox = with lib; {`
			`enable = mkEnableOption "Enable public-inbox for depot@tvl.su";`

			`depotPath = mkOption {`
			`description = "path to local depot replica";`
			`type = types.str;`
			`default = "/var/lib/depot";`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`services.public-inbox = {`
			`enable = true;`

			`http.enable = true;`
			`http.port = 8053;`
			`# imap.enable = true;`
			`# nntp.enable = true;`

			`inboxes.depot = rec {`
			`address = [`
			`"depot@tvl.su" # primary address`
			`"depot@tazj.in" # legacy address`
			`];`

			`description = "TVL depot development";`
			`coderepo = [ "depot" ];`
			`url = "https://inbox.tvl.su/depot";`
			`};`

			`settings.coderepo.depot = {`
			`dir = cfg.depotPath;`
			`cgitUrl = "https://code.tvl.fyi";`
			`};`

			`settings.publicinbox.wwwlisting = "all";`
			`};`
feat(ops/modules): configure offlineimap for depot@tvl.su On the machine running public-inbox, this will start automatically fetching mails from depot@tvl.su and making them available to public-inbox. Change-Id: I2469207bd41d64eba747a74ae5fda9fed548cc83 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7630 Reviewed-by: flokli <flokli@flokli.de> Tested-by: BuildkiteCI 2022-12-25 12:22:18 +01:00
			`age.secrets.depot-inbox-imap = {`
			`file = depot.ops.secrets."depot-inbox-imap.age";`
			`mode = "0440";`
			`group = config.users.groups."public-inbox".name;`
			`};`

			`systemd.services.offlineimap-depot = {`
			`description = "download mail for depot@tvl.su";`
			`wantedBy = [ "multi-user.target" ];`
			`startAt = "minutely";`

			`script = ''`
			`mkdir -p /var/lib/public-inbox/depot-imap`
			`${pkgs.offlineimap}/bin/offlineimap -c ${imapConfig}`
			`'';`

			`serviceConfig = {`
			`Type = "oneshot";`

			`# Run in the same user context as public-inbox itself to avoid`
			`# permissions trouble.`
			`User = config.users.users."public-inbox".name;`
			`Group = config.users.groups."public-inbox".name;`
			`};`
			`};`
feat(ops/modules): set up public-inbox at inbox.tvl.su Initial setup which does not yet include fetching mails at all, this is for now only going to display a manually populated view of the existing mailing list while the rest of this stuff is set up. Change-Id: Ie1235bd257c9056fe37d0740dfca771ebdd880eb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7628 Reviewed-by: flokli <flokli@flokli.de> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI 2022-12-24 23:58:21 +01:00			`};`
			`}`