jungle/m/hut/public-inbox.nix

{ lib, ... }:

{
  services.public-inbox = {
    enable = true;
    http = {
      enable = true;
      port = 8081;
      mounts = [ "/lists" ];
    };
    settings.publicinbox = {
      css = [ "${./public-inbox.css}" ];
      wwwlisting = "all";
    };
    inboxes = {
      bscpkgs = {
        url = "https://jungle.bsc.es/lists/bscpkgs";
        address = [ "~rodarima/bscpkgs@lists.sr.ht" ];
        watch = [ "imaps://jungle-robot%40gmx.com@imap.gmx.com/INBOX" ];
        description = "Patches for bscpkgs";
        listid = "~rodarima/bscpkgs.lists.sr.ht";
      };
      jungle = {
        url = "https://jungle.bsc.es/lists/jungle";
        address = [ "~rodarima/jungle@lists.sr.ht" ];
        watch = [ "imaps://jungle-robot%40gmx.com@imap.gmx.com/INBOX" ];
        description = "Patches for jungle";
        listid = "~rodarima/jungle.lists.sr.ht";
      };
    };
  };

  # We need access to the network for the watch service, as we will fetch the
  # emails directly from the IMAP server.
  systemd.services.public-inbox-watch.serviceConfig = {
    PrivateNetwork = lib.mkForce false;
    RestrictAddressFamilies = lib.mkForce [ "AF_UNIX"  "AF_INET" "AF_INET6" ];
    KillSignal = "SIGKILL"; # Avoid slow shutdown

    # Required for chmod(..., 02750) on directories by git, from
    # systemd.exec(8):
    # > Note that this restricts marking of any type of file system object with
    # > these bits, including both regular files and directories (where the SGID
    # > is a different meaning than for files, see documentation).
    RestrictSUIDSGID = lib.mkForce false;
  };
}
Enable public-inbox at jungle.bsc.es/lists The public-inbox service fetches emails from the sourcehut mailing lists and displays them on the web. The idea is to reduce the dependency on external services and add a secondary storage for the mailing lists in case sourcehut goes down or changes the current free plans. The service is available in https://jungle.bsc.es/lists/ and is open to the public. It currently mirrors the bscpkgs and jungle mailing list. We also edited the CSS to improve the readability and have larger fonts by default. The service for public-inbox produced by NixOS is not well configured to fetch emails from an IMAP mail server, so we also manually edit the service file to enable the network. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es> 2023-12-07 11:08:15 +01:00			`{ lib, ... }:`

			`{`
			`services.public-inbox = {`
			`enable = true;`
			`http = {`
			`enable = true;`
			`port = 8081;`
			`mounts = [ "/lists" ];`
			`};`
			`settings.publicinbox = {`
			`css = [ "${./public-inbox.css}" ];`
			`wwwlisting = "all";`
			`};`
			`inboxes = {`
			`bscpkgs = {`
			`url = "https://jungle.bsc.es/lists/bscpkgs";`
			`address = [ "~rodarima/bscpkgs@lists.sr.ht" ];`
			`watch = [ "imaps://jungle-robot%40gmx.com@imap.gmx.com/INBOX" ];`
			`description = "Patches for bscpkgs";`
			`listid = "~rodarima/bscpkgs.lists.sr.ht";`
			`};`
			`jungle = {`
			`url = "https://jungle.bsc.es/lists/jungle";`
			`address = [ "~rodarima/jungle@lists.sr.ht" ];`
			`watch = [ "imaps://jungle-robot%40gmx.com@imap.gmx.com/INBOX" ];`
			`description = "Patches for jungle";`
			`listid = "~rodarima/jungle.lists.sr.ht";`
			`};`
			`};`
			`};`

			`# We need access to the network for the watch service, as we will fetch the`
			`# emails directly from the IMAP server.`
			`systemd.services.public-inbox-watch.serviceConfig = {`
			`PrivateNetwork = lib.mkForce false;`
			`RestrictAddressFamilies = lib.mkForce [ "AF_UNIX" "AF_INET" "AF_INET6" ];`
			`KillSignal = "SIGKILL"; # Avoid slow shutdown`

			`# Required for chmod(..., 02750) on directories by git, from`
			`# systemd.exec(8):`
			`# > Note that this restricts marking of any type of file system object with`
			`# > these bits, including both regular files and directories (where the SGID`
			`# > is a different meaning than for files, see documentation).`
			`RestrictSUIDSGID = lib.mkForce false;`
			`};`
			`}`