onny/mail-quota-warning
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

reformat, fix load env vars, update README

Browse source
This commit is contained in:
Jonas Heinrich 2025-08-18 16:00:51 +02:00
parent 9a76430181
commit e658def798
3 changed files with 159 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -44,7 +44,28 @@ Add this to your `configuration.nix` file
```nix ```nix
environment.etc."eintopf-radar-sync-secrets.yml".text = '' environment.etc."eintopf-radar-sync-secrets.yml".text = ''
EINTOPF_AUTHORIZATION_TOKEN=foobar23 accounts:
- name: Sales
imap_server: mail.example.com
imap_port: 993
username: sales@example.com
password: secret
- name: Support
imap_server: mail.example.com
imap_port: 993
username: support@example.com
password: secret
mail:
smtp_server: mail.example.com
smtp_port: 587
smtp_username: monitoring@example.com
smtp_password: secret
from_address: monitoring@example.com
recipients:
- admin1@example.com
- admin2@example.com
''; '';
services.mail-quota-warning = { services.mail-quota-warning = {

4
mail-quota-warning.py
View file

@ -263,8 +263,8 @@ def main():
args = parse_args() args = parse_args()
config = load_config(args.config) config = load_config(args.config)
state = load_state() state = load_state()
interval_days = config.get("check_interval_days", 7) interval_days = get_config_value(config, "CHECK_INTERVAL_DAYS", "check_interval_days", 7, int)
threshold = config.get("quota_warning_threshold_percent", 80) threshold = get_config_value(config, "QUOTA_WARNING_THRESHOLD_PERCENT", "quota_warning_threshold_percent", 80, int)
# For thread-safe state updates # For thread-safe state updates
state_lock = threading.Lock() state_lock = threading.Lock()

256
module.nix
View file

@ -1,141 +1,153 @@
{config, lib, pkgs, ...}: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.services.mail-quota-warning; cfg = config.services.mail-quota-warning;
in in
{ {
options = { options = {
services.mail-quota-warning = { services.mail-quota-warning = {
enable = lib.mkOption { enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Enable mail-quota-warning daemon. Enable mail-quota-warning daemon.
''; '';
}; };
settings = lib.mkOption { settings = lib.mkOption {
type = lib.types.submodule { type = lib.types.submodule {
freeformType = with lib.types; attrsOf anything; freeformType = with lib.types; attrsOf anything;
options = { options = {
CHECK_INTERVAL_DAYS = lib.mkOption { CHECK_INTERVAL_DAYS = lib.mkOption {
default = 7; default = 7;
type = lib.types.int; type = lib.types.int;
description = '' description = ''
Interval of days in which a warning message will be Interval of days in which a warning message will be
delivered. delivered.
''; '';
}; };
QUOTA_WARNING_THRESHOLD_PERCENT = lib.mkOption { QUOTA_WARNING_THRESHOLD_PERCENT = lib.mkOption {
default = 80; default = 80;
type = lib.types.int; type = lib.types.int;
description = '' description = ''
Threshold of used mailbox space in percent after which Threshold of used mailbox space in percent after which
a warning message will be delivered. a warning message will be delivered.
''; '';
}; };
};
}; };
default = {};
description = ''
Extra options which should be used by the mailbox quota warning script.
'';
example = lib.literalExpression ''
{
CHECK_INTERVAL_DAYS = 7;
QUOTA_WARNING_THRESHOLD_PERCENT = 80;
}
'';
}; };
default = { };
secretFile = lib.mkOption { description = ''
type = with lib.types; listOf path; Extra options which should be used by the mailbox quota warning script.
description = '' '';
A list of files containing the various secrets. Should be in the example = lib.literalExpression ''
format expected by systemd's `EnvironmentFile` directory. {
''; CHECK_INTERVAL_DAYS = 7;
default = [ ]; QUOTA_WARNING_THRESHOLD_PERCENT = 80;
}; }
'';
interval = lib.mkOption {
type = lib.types.str;
default = "*:00,30:00";
description = ''
How often we run the sync. Default is half an hour.
The format is described in
{manpage}`systemd.time(7)`.
'';
};
};
};
config = lib.mkIf cfg.enable {
systemd.services."mail-quota-warning" = {
description = "mail-quota-warning script";
after = [ "network.target" ];
wants = [ "network-online.target" ];
environment = {
PYTHONUNBUFFERED = "1";
} // lib.mapAttrs (_: v: toString v) cfg.settings;
serviceConfig = {
Type = "simple";
ExecStart = lib.getExe pkgs.mail-quota-warning;
# hardening
AmbientCapabilities = "";
CapabilityBoundingSet = "" ;
DevicePolicy = "closed";
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" ];
UMask = "0077";
} // lib.optionalAttrs (cfg.secretFile != [ ]) {
EnvironmentFile = cfg.secretFile;
};
}; };
systemd.timers.mail-quota-warning = { secretFile = lib.mkOption {
timerConfig = { type = with lib.types; listOf path;
OnCalendar = [ description = ''
"" A list of files containing the various secrets. Should be in the
cfg.interval format expected by systemd's `EnvironmentFile` directory.
]; '';
}; default = [ ];
wantedBy = [ "timers.target" ]; };
interval = lib.mkOption {
type = lib.types.str;
default = "*:00,30:00";
description = ''
How often we run the sync. Default is half an hour.
The format is described in
{manpage}`systemd.time(7)`.
'';
}; };
}; };
};
meta = { config = lib.mkIf cfg.enable {
maintainers = with lib.maintainers; [ onny ];
systemd.services."mail-quota-warning" = {
description = "mail-quota-warning script";
after = [ "network.target" ];
wants = [ "network-online.target" ];
environment = {
PYTHONUNBUFFERED = "1";
}
// lib.mapAttrs (_: v: toString v) cfg.settings;
serviceConfig = {
Type = "simple";
ExecStart = lib.getExe pkgs.mail-quota-warning;
# hardening
AmbientCapabilities = "";
CapabilityBoundingSet = "";
DevicePolicy = "closed";
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
}
// lib.optionalAttrs (cfg.secretFile != [ ]) {
EnvironmentFile = cfg.secretFile;
};
}; };
} systemd.timers.mail-quota-warning = {
timerConfig = {
OnCalendar = [
""
cfg.interval
];
};
wantedBy = [ "timers.target" ];
};
};
meta = {
maintainers = with lib.maintainers; [ onny ];
};
}