feat(mail): Import email configuration into Nix

This moves my email configuration into NixOS, including the following
features:

1. Replaced the NixOS-builtin offlineimap user service with a custom
   one that runs notmuch-indexing as part of the systemd unit instead
   of a postsynchook, which is significantly more reliable.
2. Adds configuration for notmuch and its tagging.
3. Adds configuration for OfflineIMAP & MSMTP.

Relevant emacs configuration has also been added to my emacs.d
repository.

configuration.nix

@@ -7,11 +7,12 @@
 {
   imports =
     [
-    ./hardware-configuration.nix
-    ./local-configuration.nix
-    ./packages.nix
     ./desktop.nix
     ./dotfiles.nix
+    ./hardware-configuration.nix
+    ./local-configuration.nix
+    ./mail.nix
+    ./packages.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -61,12 +62,6 @@
   # Enable GNOME keyring (required for Evolution)
   services.gnome3.gnome-keyring.enable = true;
 
-  # Enable OfflineIMAP (configuration itself is user-data)
-  services.offlineimap = {
-    install = true;
-    path    = with pkgs; [ pass notmuch ];
-  };
-
   virtualisation = {
     # Configure Docker (with socket activation):
     # Side note: ... why is this in virtualisation? ...

dotfiles/msmtprc

@@ -0,0 +1,24 @@
+defaults
+
+port 587
+tls on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+# Aprila mail
+account aprila
+from vincent@aprila.no
+host smtp.office365.com
+auth on
+user vincent@aprila.no
+passwordeval pass show aprila/office365-mail
+
+# Runbox mail
+account runbox
+from mail@tazj.in
+host mail.runbox.com
+auth on
+user mail@tazj.in
+passwordeval pass show general/runbox-tazjin
+
+# Use Runbox as default
+account default : runbox

dotfiles/notmuch-config

@@ -0,0 +1,21 @@
+# .notmuch-config - Configuration file for the notmuch mail system
+#
+# For more information about notmuch, see https://notmuchmail.org
+
+[database]
+path=/home/vincent/mail
+
+[user]
+name=Vincent Ambo
+primary_email=mail@tazj.in
+other_email=vincent@aprila.no;tazjin@gmail.com;
+
+[new]
+tags=unread;inbox;
+ignore=
+
+[search]
+exclude_tags=deleted;spam;
+
+[maildir]
+synchronize_flags=true

dotfiles/offlineimaprc

@@ -0,0 +1,61 @@
+[general]
+accounts = aprila, tazjin, gmail
+
+[DEFAULT]
+ssl = yes
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+# Main work account:
+[Account aprila]
+localrepository = aprila-local
+remoterepository = aprila-remote
+
+[Repository aprila-local]
+type = Maildir
+localfolders = ~/mail/aprila
+
+[Repository aprila-remote]
+type = IMAP
+remotehost = outlook.office365.com
+remoteuser = vincent@aprila.no
+remotepassfile = ~/.config/mail/aprila-pass
+# Office365 is a naughty boy when it comes to IMAP. Even worse, they
+# also seem to have decided that they should change IMAP folder names
+# based on the UI language.
+#
+# I can't be bothered to implement the entire (relatively long)
+# blacklist, so I'll instead whitelist relevant folders:
+folderfilter = lambda folder: folder in ['INBOX', 'Arkiv', 'Sende element']
+
+# Private GMail account (old):
+[Account gmail]
+# maxage = 30 # otherwise the volume is too high ...
+localrepository = gmail-local
+remoterepository = gmail-remote
+synclabels = yes
+
+[Repository gmail-local]
+type = GmailMaildir
+localfolders = ~/mail/gmail
+
+[Repository gmail-remote]
+type = Gmail
+remoteuser = tazjin@gmail.com
+remotepassfile = ~/.config/mail/gmail-pass
+folderfilter = lambda folder: folder == 'INBOX'
+
+# Main private account:
+[Account tazjin]
+localrepository = tazjin-local
+remoterepository = tazjin-remote
+
+[Repository tazjin-local]
+type = Maildir
+localfolders = ~/mail/tazjin
+
+[Repository tazjin-remote]
+type = IMAP
+remotehost = mail.runbox.com
+remoteuser = mail@tazj.in
+remotepassfile = ~/.config/mail/tazjin-pass
+auth_mechanisms = LOGIN

mail.nix

@@ -0,0 +1,73 @@
+# This file configures offlineimap, notmuch and MSMTP.
+#
+# Some manual configuration is required the first time this is
+# applied:
+#
+# 1. Credential setup.
+# 2. Linking of MSMTP config (ln -s /etc/msmtprc ~/.msmtprc)
+# 3. Linking of notmuch config (ln -s /etc/notmuch-config ~/.notmuch-config)
+
+{ config, lib, pkgs, ... }:
+
+let offlineImapConfig = pkgs.writeText "offlineimaprc"
+  (builtins.readFile ./dotfiles/offlineimaprc);
+
+msmtpConfig = pkgs.writeText "msmtprc"
+  (builtins.readFile ./dotfiles/msmtprc);
+
+notmuchConfig = pkgs.writeText "notmuch-config"
+  (builtins.readFile ./dotfiles/notmuch-config);
+
+tagConfig = pkgs.writeText "notmuch-tags" ''
+  # Tag emacs-devel mailing list:
+  -inbox +emacs-devel -- to:emacs-devel@gnu.org OR cc:emacs-devel@gnu.org
+
+  # Filter out Gitlab mails:
+  -inbox +gitlab -- from:gitlab@aprila.no
+
+  # Tag my own mail (from other devices) as sent:
+  -inbox +sent -- folder:"aprila/Sende element" OR from:vincent@aprila.no OR from:mail@tazj.in
+'';
+
+notmuchIndex = pkgs.writeShellScriptBin "notmuch-index" ''
+  echo "Indexing new mails in notmuch"
+
+  # Index new mail
+  ${pkgs.notmuch}/bin/notmuch new
+
+  # Apply tags
+  cat ${tagConfig} | ${pkgs.notmuch}/bin/notmuch tag --batch
+
+  echo "Done indexing new mails"
+'';
+in {
+  # Enable OfflineIMAP timer & service:
+  systemd.user.timers.offlineimap = {
+    description = "OfflineIMAP timer";
+    wantedBy    = [ "default.target" ];
+
+    timerConfig = {
+      Unit       = "offlineimap.service";
+      OnCalendar = "*:0/2"; # every 2 minutes
+      Persistent = "true"; # persist timer state after reboots
+    };
+  };
+
+  systemd.user.services.offlineimap = {
+    description = "OfflineIMAP service";
+    path = with pkgs; [ pass notmuch ];
+    serviceConfig = {
+      Type            = "oneshot";
+      ExecStart       = "${pkgs.offlineimap}/bin/offlineimap -u syslog -o -c ${offlineImapConfig}";
+      ExecStartPost   = "${notmuchIndex}/bin/notmuch-index";
+      TimeoutStartSec = "2min";
+    };
+  };
+
+  # Link configuration files to /etc/ (from where they will be linked
+  # further):
+  environment.etc = {
+    "msmtprc".source = msmtpConfig;
+    "notmuch-config".source = notmuchConfig;
+  };
+}