diff options
| author | Preston Pan <ret2pop@nullring.xyz> | 2026-04-11 15:06:41 -0700 |
|---|---|---|
| committer | Preston Pan <ret2pop@nullring.xyz> | 2026-04-11 15:06:41 -0700 |
| commit | 689785c0cbd465e2d04e7816666955e868ff4fb0 (patch) | |
| tree | 5e71b833e926181ed0d59c684de8d4dbb1e4c8d0 | |
| parent | f1264fc7a1a484c6b1a188c2adce0d0f133e4e64 (diff) | |
public inbox fix
| -rw-r--r-- | config/nix.org | 19 | ||||
| m--------- | nix | 0 |
2 files changed, 16 insertions, 3 deletions
diff --git a/config/nix.org b/config/nix.org index 29de532..24a4c3f 100644 --- a/config/nix.org +++ b/config/nix.org @@ -1890,7 +1890,7 @@ I need CUDA on some computers because I run local LLMs. ** Maddy There is a non declarative part of setting dkims and spf. #+begin_src nix :tangle ../nix/modules/maddy.nix -{ lib, config, options, ... }: +{ lib, config, options, pkgs, ... }: let emailServerName = "mail.${config.monorepo.vars.orgHost}"; serverName = "list.${config.monorepo.vars.orgHost}"; @@ -1905,12 +1905,22 @@ in }; }; templates = lib.mkIf config.services.public-inbox.enable { + "public-inbox-git-credentials" = { + owner = "public-inbox"; + group = "public-inbox"; + mode = "0400"; + content = (builtins.concatStringsSep "\n" (builtins.map (x: + "imaps://${x}%40${config.monorepo.vars.orgHost}:${config.sops.placeholder."mail_monorepo_password_pi"}@${emailServerName}" + ) config.monorepo.vars.projects)) + "\n" + '' + imaps://discussion%40${config.monorepo.vars.orgHost}:${config.sops.placeholder."mail_monorepo_password_pi"}@${emailServerName}''; + }; + "public-inbox-netrc" = { owner = "public-inbox"; group = "public-inbox"; mode = "0400"; - content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine ${emailServerName} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' - machine ${emailServerName} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; + content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine ${emailServerName} login ${x}%40${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + '' + machine ${emailServerName} login discussion%40${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}''; }; }; }; @@ -1978,16 +1988,19 @@ in systemd.services.public-inbox-watch = if config.services.public-inbox.enable then { after = [ "sops-nix.service" ]; confinement.enable = lib.mkForce false; + path = [ pkgs.git ]; preStart = '' mkdir -p /var/lib/public-inbox/.tmp chmod 0700 /var/lib/public-inbox/.tmp ln -sfn ${config.sops.templates."public-inbox-netrc".path} /var/lib/public-inbox/.netrc + git config --global credential.helper 'store --file /run/secrets/public-inbox-git-credentials' ''; environment = { PUBLIC_INBOX_FORCE_IPV4 = "1"; NETRC = config.sops.templates."public-inbox-netrc".path; HOME = "/var/lib/public-inbox"; TMPDIR = "/var/lib/public-inbox/.tmp"; + GIT_TERMINAL_PROMPT = "0"; }; serviceConfig = { diff --git a/nix b/nix -Subproject 279acb1b8a384a72f0e242078d3744de3fd3d14 +Subproject 106f924831a4fa8dbbd3bf065547c26c0e429d7 |