feat: add repo-like user secrets, rudimentary config of thunderbird

2023-09-16 14:04:02 +02:00 · 2023-09-16 14:04:02 +02:00 · 926787528b
commit 926787528b
parent 0994bba279
10 changed files with 115 additions and 3 deletions
--- a/users/myuser/graphical/default.nix
+++ b/users/myuser/graphical/default.nix
@ -11,6 +11,7 @@
      ./kitty.nix
      ./signal.nix
      ./theme.nix
+      ./thunderbird.nix
      # XXX: disabled for the time being because gaming under nvidia+wayland has too many bugs
      # XXX: retest this in the future. Problems were flickering under gles, black screens and refresh issues under vulkan, black wine windows.
      # ./sway.nix
@ -36,6 +37,13 @@
      zathura
    ];

+    # TODO accounts.concats accounts.calendar
+    # TODO test different pinentrys (pinentry gtk?)
+    # TODO agenix rekey edit secret should create temp files with same extension
+    # TODO mod+f1-4 for left monitor?
+    # TODO autostart signal, firefox (both windows), etc.
+    # TODO agenix rekey caches in /tmp which is removed each reboot and could be improved
+    # TODO entering devshell takes some time after reboot
    # TODO emoji in firefox are wrong
    # TODO screenshot selection/all and copy clipboard
    # TODO screenshot selection/all and save
--- a/users/myuser/graphical/i3.nix
+++ b/users/myuser/graphical/i3.nix
@ -173,4 +173,8 @@ in {

    exec i3
  '';
+
+  home.packages = with pkgs; [
+    xclip
+  ];
 }
--- a/users/myuser/graphical/thunderbird.nix
+++ b/users/myuser/graphical/thunderbird.nix
@ -0,0 +1,53 @@
+{
+  config,
+  lib,
+  nixosConfig,
+  pkgs,
+  ...
+}: let
+  rageWrapper = pkgs.writeShellScript "rage-decrypt-yubikey" ''
+    export PATH="${pkgs.age-plugin-yubikey}:$PATH"
+    exec ${pkgs.rage}/bin/rage
+  '';
+in {
+  accounts.email.accounts =
+    lib.flip lib.mapAttrs' config.userSecrets.accounts.email
+    (n: v:
+      lib.nameValuePair v.address ({
+          # TODO genericize
+          passwordCommand =
+            [rageWrapper.out "-d"]
+            ++ lib.concatMap (x: ["-i" x]) nixosConfig.age.rekey.masterIdentities
+            ++ [nixosConfig.age.secrets.mailpw-206fd3b8.path];
+
+          thunderbird = {
+            enable = true;
+            profiles = ["personal"];
+          };
+        }
+        // v));
+
+  # TODO dont send html setting
+
+  programs.thunderbird = {
+    enable = true;
+
+    profiles.personal = {
+      isDefault = true;
+      withExternalGnupg = true;
+    };
+  };
+
+  home.persistence."/state".directories = [
+    ".cache/thunderbird"
+  ];
+
+  home.persistence."/persist".directories = [
+    ".thunderbird"
+  ];
+
+  xdg.mimeApps.defaultApplications = {
+    "x-scheme-handler/mailto" = ["thunderbird.desktop"];
+    "message/rfc822" = ["thunderbird.desktop"];
+  };
+}