diff --git a/README.md b/README.md index 17abc5c..fb4e9a3 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,28 @@ Add this to your `configuration.nix` file ```nix environment.etc."eintopf-radar-sync-secrets.yml".text = '' -EINTOPF_AUTHORIZATION_TOKEN=foobar23 +accounts: + - name: Sales + imap_server: mail.example.com + imap_port: 993 + username: sales@example.com + password: secret + + - name: Support + imap_server: mail.example.com + imap_port: 993 + username: support@example.com + password: secret + +mail: + smtp_server: mail.example.com + smtp_port: 587 + smtp_username: monitoring@example.com + smtp_password: secret + from_address: monitoring@example.com + recipients: + - admin1@example.com + - admin2@example.com ''; services.mail-quota-warning = { diff --git a/mail-quota-warning.py b/mail-quota-warning.py index 5b2eea3..08a4d2b 100644 --- a/mail-quota-warning.py +++ b/mail-quota-warning.py @@ -263,8 +263,8 @@ def main(): args = parse_args() config = load_config(args.config) state = load_state() - interval_days = config.get("check_interval_days", 7) - threshold = config.get("quota_warning_threshold_percent", 80) + interval_days = get_config_value(config, "CHECK_INTERVAL_DAYS", "check_interval_days", 7, int) + threshold = get_config_value(config, "QUOTA_WARNING_THRESHOLD_PERCENT", "quota_warning_threshold_percent", 80, int) # For thread-safe state updates state_lock = threading.Lock() diff --git a/module.nix b/module.nix index 63cd1dd..18cdb4f 100644 --- a/module.nix +++ b/module.nix @@ -1,141 +1,153 @@ -{config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.services.mail-quota-warning; -in - { +in +{ - options = { - services.mail-quota-warning = { + options = { + services.mail-quota-warning = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Enable mail-quota-warning daemon. - ''; - }; + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable mail-quota-warning daemon. + ''; + }; - settings = lib.mkOption { - type = lib.types.submodule { - freeformType = with lib.types; attrsOf anything; - options = { - CHECK_INTERVAL_DAYS = lib.mkOption { - default = 7; - type = lib.types.int; - description = '' - Interval of days in which a warning message will be - delivered. - ''; - }; - QUOTA_WARNING_THRESHOLD_PERCENT = lib.mkOption { - default = 80; - type = lib.types.int; - description = '' - Threshold of used mailbox space in percent after which - a warning message will be delivered. - ''; - }; - }; + settings = lib.mkOption { + type = lib.types.submodule { + freeformType = with lib.types; attrsOf anything; + options = { + CHECK_INTERVAL_DAYS = lib.mkOption { + default = 7; + type = lib.types.int; + description = '' + Interval of days in which a warning message will be + delivered. + ''; + }; + QUOTA_WARNING_THRESHOLD_PERCENT = lib.mkOption { + default = 80; + type = lib.types.int; + description = '' + Threshold of used mailbox space in percent after which + a warning message will be delivered. + ''; + }; }; - default = {}; - description = '' - Extra options which should be used by the mailbox quota warning script. - ''; - example = lib.literalExpression '' - { - CHECK_INTERVAL_DAYS = 7; - QUOTA_WARNING_THRESHOLD_PERCENT = 80; - } - ''; }; - - secretFile = lib.mkOption { - type = with lib.types; listOf path; - description = '' - A list of files containing the various secrets. Should be in the - format expected by systemd's `EnvironmentFile` directory. - ''; - default = [ ]; - }; - - interval = lib.mkOption { - type = lib.types.str; - default = "*:00,30:00"; - description = '' - How often we run the sync. Default is half an hour. - - The format is described in - {manpage}`systemd.time(7)`. - ''; - }; - - }; - }; - - config = lib.mkIf cfg.enable { - - systemd.services."mail-quota-warning" = { - description = "mail-quota-warning script"; - after = [ "network.target" ]; - wants = [ "network-online.target" ]; - environment = { - PYTHONUNBUFFERED = "1"; - } // lib.mapAttrs (_: v: toString v) cfg.settings; - serviceConfig = { - Type = "simple"; - ExecStart = lib.getExe pkgs.mail-quota-warning; - - # hardening - AmbientCapabilities = ""; - CapabilityBoundingSet = "" ; - DevicePolicy = "closed"; - DynamicUser = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProcSubset = "pid"; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - ProtectSystem = "strict"; - RemoveIPC = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ "@system-service" "~@privileged" ]; - UMask = "0077"; - } // lib.optionalAttrs (cfg.secretFile != [ ]) { - EnvironmentFile = cfg.secretFile; - }; + default = { }; + description = '' + Extra options which should be used by the mailbox quota warning script. + ''; + example = lib.literalExpression '' + { + CHECK_INTERVAL_DAYS = 7; + QUOTA_WARNING_THRESHOLD_PERCENT = 80; + } + ''; }; - systemd.timers.mail-quota-warning = { - timerConfig = { - OnCalendar = [ - "" - cfg.interval - ]; - }; - wantedBy = [ "timers.target" ]; + secretFile = lib.mkOption { + type = with lib.types; listOf path; + description = '' + A list of files containing the various secrets. Should be in the + format expected by systemd's `EnvironmentFile` directory. + ''; + default = [ ]; + }; + + interval = lib.mkOption { + type = lib.types.str; + default = "*:00,30:00"; + description = '' + How often we run the sync. Default is half an hour. + + The format is described in + {manpage}`systemd.time(7)`. + ''; }; }; + }; - meta = { - maintainers = with lib.maintainers; [ onny ]; + config = lib.mkIf cfg.enable { + + systemd.services."mail-quota-warning" = { + description = "mail-quota-warning script"; + after = [ "network.target" ]; + wants = [ "network-online.target" ]; + environment = { + PYTHONUNBUFFERED = "1"; + } + // lib.mapAttrs (_: v: toString v) cfg.settings; + serviceConfig = { + Type = "simple"; + ExecStart = lib.getExe pkgs.mail-quota-warning; + + # hardening + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + DevicePolicy = "closed"; + DynamicUser = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + UMask = "0077"; + } + // lib.optionalAttrs (cfg.secretFile != [ ]) { + EnvironmentFile = cfg.secretFile; + }; }; - } + systemd.timers.mail-quota-warning = { + timerConfig = { + OnCalendar = [ + "" + cfg.interval + ]; + }; + wantedBy = [ "timers.target" ]; + }; + }; + + meta = { + maintainers = with lib.maintainers; [ onny ]; + }; + +}