summary refs log tree commit diff
path: root/fleet/modules/public-inbox.nix
blob: c263fad2c2361da7f1367ac6317fae69f163f577 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# SPDX-FileCopyrightText: V <v@unfathomable.blue>
# SPDX-License-Identifier: OSL-3.0

# TODO(V): Figure out what the coderepo/cgit stuff is about
# TODO(V): Consider a different architecture to what we're currently using

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.public-inbox;

  root = "/var/lib/public-inbox";

  environment.PI_CONFIG = "${pkgs.writeText "public-inbox-config" (generators.toGitINI public-inbox-config)}";

  # TODO(V): Port this to a Nix type
  # $ng =~ m![^A-Za-z0-9/_\.\-\~\@\+\=:]! and
  # 	die "--newsgroup `$ng' is not valid\n";
  # ($ng =~ m!\A\.! || $ng =~ m!\.\z!) and
  # 	die "--newsgroup `$ng' must not start or end with `.'\n";

  public-inbox-config = recursiveUpdate {
    publicinbox = mapAttrs (inbox: config: {
      address = [ "${inbox}@${config.domain}" ];
      url = "https://${config.domain}/${inbox}";  # TODO(V): Allow using a different location than this
      inboxdir = "${root}/${inbox}";
      inherit (config) watch;
    }) cfg.inboxes;
  } cfg.settings;

  inboxOpts = {
    options = {
      description = mkOption {
        description = "Description of the inbox.";
        type = types.str;
      };

      domain = mkOption {
        description = "Domain of the inbox.";
        type = types.str;
        example = "example.org";
      };

      watch = mkOption {
        description = "Directory to watch for incoming mails in.";
        type = types.str;
      };
    };
  };
in {
  options.services.public-inbox = {
    enable = mkOption {
      type = types.bool;
      default = false;
    };

    inboxes = mkOption {
      type = with types; attrsOf (submodule inboxOpts);
      default = {};
    };

    settings = mkOption {
      type = types.attrs;  # TODO: Use freeformType
      default = {};
    };
  };

  config = mkIf cfg.enable {
    users.users.public-inbox = {
      isSystemUser = true;
      group = "public-inbox";

      home = root;
    };

    users.groups.public-inbox = {};

    systemd.tmpfiles.rules = [
      "d ${root} 0750 public-inbox public-inbox"
    ];

    systemd.services.public-inbox-init = {
      description = "public-inbox mailing-list archive (initialization)";

      wantedBy = [ "public-inbox-watch.service" "multi-user.target" ];
      before = [ "public-inbox-watch.service" ];

      script = concatStrings (mapAttrsToList (inbox: config: let pi-config = public-inbox-config.publicinbox.${inbox}; in ''
        ${pkgs.public-inbox-init-lite}/bin/public-inbox-init-lite ${inbox} ${pi-config.inboxdir} ${head pi-config.address}
        ln -sf ${pkgs.writeText "public-inbox-description" config.description} ${pi-config.inboxdir}/description
        ${pkgs.public-inbox}/bin/public-inbox-index ${pi-config.inboxdir}
      '') cfg.inboxes);

      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
        User = "public-inbox";
      };
    };

    # FIXME(V): Currently, if new mail appears in the mlmmj archive while public-inbox-watch is not running, it never gets added!
    # This directly contradicts what the manpage states: "Upon startup, it scans the mailbox for new messages to be imported while it was not running."
    # This might be a bug in public-inbox!
    # We currently save a copy of all mails received by mlmmj to ensure none are lost if this happens.
    systemd.services.public-inbox-watch = {
      description = "public-inbox mailing-list archive (incoming mail monitor)";
      wantedBy = [ "multi-user.target" ];
      inherit environment;
      serviceConfig = {
        ExecStart = "${pkgs.public-inbox}/bin/public-inbox-watch";
        # TODO(V): ExecReload
        User = "public-inbox";
        SupplementaryGroups = [ "mlmmj" ];
      };
    };

    # TODO(V): Consider using public-inbox.cgi + cgiserver instead?
    systemd.sockets.public-inbox-httpd = {
      description = "public-inbox mailing-list archive (web server)";
      listenStreams = [ "/run/public-inbox/httpd.sock" ];
      wantedBy = [ "sockets.target" ];
    };

    systemd.services.public-inbox-httpd = {
      description = "public-inbox mailing-list archive (web server)";

      requires = [ "public-inbox-httpd.socket" ];
      after = [ "public-inbox-httpd.socket" ];

      # Descriptions are cached for the lifetime of the process, so updates require a restart to get picked up.
      restartTriggers = mapAttrsToList (inbox: config: "${inbox}:${builtins.hashString "sha256" config.description}") cfg.inboxes;

      inherit environment;

      serviceConfig = {
        ExecStart = "${pkgs.public-inbox}/bin/public-inbox-httpd";
        DynamicUser = true;
        SupplementaryGroups = [ "public-inbox" ];
        NonBlocking = true;  # "to avoid stalled processes when multiple service instances start"
      };
    };
  };

  meta.maintainers = with maintainers; [ V ];
}