From 5f2d2fc54bbc9727b1d62136666c7b6d1a35145f Mon Sep 17 00:00:00 2001
From: Philipp Hochkamp <git@phochkamp.de>
Date: Tue, 6 Sep 2022 08:57:25 +0200
Subject: [PATCH] feat: mail

---
 flake.nix                        |   4 ++--
 hm-imports/zsh/zshrc             |   2 +-
 hosts/ds9/default.nix            |  22 ++++++++++++++++++++++
 hosts/picard/default.nix         |   3 +++
 nixos-modules/services/msmtp.nix |  21 +++++++++++++++++++++
 secrets/aliases.age              |  17 +++++++++++++++++
 secrets/msmtprc.age              | Bin 0 -> 1045 bytes
 secrets/secrets.nix              |   2 ++
 8 files changed, 68 insertions(+), 3 deletions(-)
 create mode 100644 nixos-modules/services/msmtp.nix
 create mode 100644 secrets/aliases.age
 create mode 100644 secrets/msmtprc.age

diff --git a/flake.nix b/flake.nix
index 79ef42eb..caca5151 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,7 +8,7 @@
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
     impermanence.url = "github:nix-community/impermanence";
-    impermanence.inputs.nixpkgs.follows = "nixpkgs";
+    #impermanence.inputs.nixpkgs.follows = "nixpkgs";
     xynoblog.url = "github:thexyno/blog";
     xynoblog.inputs.nixpkgs.follows = "nixpkgs";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
@@ -181,7 +181,7 @@
     let pkgs = nixpkgs.legacyPackages.${system}; in
     {
       devShell = pkgs.mkShell {
-        buildInputs = with pkgs; [ lefthook nixpkgs-fmt ];
+        buildInputs = with pkgs; [ lefthook nixpkgs-fmt inputs.agenix.packages.${system}.agenix ];
       };
       packages = lib.my.mapModules ./packages (p: pkgs.callPackage p { inputs = inputs; });
     });
diff --git a/hm-imports/zsh/zshrc b/hm-imports/zsh/zshrc
index ad991e35..5fde09bd 100644
--- a/hm-imports/zsh/zshrc
+++ b/hm-imports/zsh/zshrc
@@ -48,7 +48,7 @@ n ()
     fi
 }
 
-ORIGTMPDIR=$TMPDIR # nix-shell overrides tmpdir, but we want to save it
+export ORIGTMPDIR=${TMPDIR:-$(mktemp -d)} # nix-shell overrides tmpdir, but we want to save it
 emacsclient ()
 {
     command emacsclient -s $ORIGTMPDIR/emacs$(id -u)/server "$@"
diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix
index cfbae7b7..c09f0084 100644
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@@ -196,6 +196,27 @@ in
     fruit:metadata = stream
   '';
 
+  services.smartd = {
+    enable = true;
+  };
+  nixpkgs.overlays = [
+    (self: super: {
+      zfs = super.zfs.override {enableMail = true;};
+    })
+  ];
+
+  services.zfs.zed.settings = {
+    ZED_EMAIL_ADDR = [ "root" ];
+    ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
+    ZED_EMAIL_OPTS = "@ADDRESS@";
+
+    ZED_NOTIFY_INTERVAL_SECS = 3600;
+    ZED_NOTIFY_VERBOSE = true;
+
+    ZED_USE_ENCLOSURE_LEDS = true;
+    ZED_SCRUB_AFTER_RESILVER = true;
+  };
+
   ragon = {
     cli.enable = true;
     user.enable = true;
@@ -223,6 +244,7 @@ in
       docker.enable = true;
       ssh.enable = true;
       nginx.enable = true;
+      msmtp.enable = true;
       jellyfin.enable = true;
       photoprism.enable = true;
       tailscale.enable = true;
diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix
index 329c21a8..ccb56479 100644
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@@ -109,6 +109,8 @@
     script = "${pkgs.curl}/bin/curl -fss -m 10 --retry 5 -o /dev/null $(cat ${config.age.secrets.picardResticHealthCheckUrl.path})/fail";
   };
   services.xynoblog.enable = true;
+  boot.zfs.package = lib.mkForce (pkgs.zfs.override { enableMail = true; });
+  services.zfs.zed.enableMail = true;
   ragon = {
     cli.enable = true;
     user.enable = true;
@@ -117,6 +119,7 @@
 
     services = {
       ssh.enable = true;
+      msmtp.enable = true;
       bitwarden.enable = true;
       gitlab.enable = false; # TODO gitlab-runner
       synapse.enable = true;
diff --git a/nixos-modules/services/msmtp.nix b/nixos-modules/services/msmtp.nix
new file mode 100644
index 00000000..af73f191
--- /dev/null
+++ b/nixos-modules/services/msmtp.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.ragon.services.msmtp;
+in
+{
+  options.ragon.services.msmtp.enable = lib.mkEnableOption "Enables msmtp";
+  config = lib.mkIf cfg.enable {
+    programs.msmtp = {
+      enable = true;
+    };
+    environment.etc."msmtprc".enable = false;
+    ragon.agenix.secrets.msmtprc = {
+      path = "/etc/msmtprc";
+      mode = "0644";
+    };
+    ragon.agenix.secrets.aliases = {
+      path = "/etc/aliases";
+      mode = "0644";
+    };
+  };
+}
diff --git a/secrets/aliases.age b/secrets/aliases.age
new file mode 100644
index 00000000..1f8d2eed
--- /dev/null
+++ b/secrets/aliases.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 ugHWWw VTuKkXWunXbu2WTd+E2waGeEl7g0f/oNTACPNgntGBo
+CvOioqM2nxtGvVWH5XTpNm4+cxCweXScY0C5pFFyLqg
+-> ssh-ed25519 UU9RSA 7uNSJZ2tIRNHh7MgWlvZ6hZbax6fZWvs6ZCCfCqTvic
+NwwrPDbpEbeVW98xByYbOq3B4ZY1q9Bot5cAZYk45sw
+-> ssh-ed25519 yqm35A ESh3UDixa7eo8WT4s4OLUl2hZ2aO+YFKOqlCp/T9cx4
+26DziZ1brodjCZrAYDCMBxWlXe+RMnKIz+hBoSKG0t8
+-> ssh-ed25519 kKx7Qw s23jAaybkI40kC2DaXYdOVuYp5DR09fC+ynrs4l7RVE
+K8HfhCN4Eua0U/Ib1azxikqdB9ipWzqvZ2U6vdffIgs
+-> ssh-ed25519 IbXxfw Ixc96Krq/ibCSOWhF5Ckx5TlcufTkYb6xngZoPJ1+Wo
+mAtp5p0voszNxWadJRXZm5rvtJEti83suoBhoqDFHT8
+-> ssh-ed25519 WceKOQ 5QRwNWuOae6DCekv9bBwZEwDtPTL8W9a93xWfsMcRAU
+TzK0g3FVBuujYsB5kplMyWluIboEigKI9rWll3FmVGw
+-> p>C-grease Yy'> M#H;
+o+PSejuhm+hthXQFewLLcU9ENoHKAeKnplvPIPFFtYBFR1Vy7ffnBY5GFHQ
+--- QaSqQ3aLEQzEPEPJ14H4l49c+PvV1F8/r1H/d86vlhY
+�eQ沆�p���פŸRO'X��D��/����z#��HYsa���fx������K���
\ No newline at end of file
diff --git a/secrets/msmtprc.age b/secrets/msmtprc.age
new file mode 100644
index 0000000000000000000000000000000000000000..26df2e3fa48c8a0bbfcaae0d3c4c62858a2ad969
GIT binary patch
literal 1045
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSHP4@^7FIT8^4y|(b
zObT-}2rUk(2#hQ@35?7NH>oHsE2?k~EH3gZ3C*-fPY?5Vcjbx<^hnN#GRP}%FDff{
zHgHdLb<~ftFfWO!aP~H-NDU27uXHmq$qq5d@<g{SG}JOE*ipgTAk)a-xy;49Jh;-=
zB2?eA)Ho=x*wH0DH`O8}tg6u8B;O(>EXd#8)q=~kI3mQ@z}GRLqS!bj$luR3r=TdY
z$kN?BDLlAbJ1aHGBiB2t#7#TGr5xS1%EDY@Q%40$ZPSp5U}NI|%Q9Evu;h&JM34M3
zqsUwfkFda`O3TWm{4@(^7Y`#($3U(^S1<G8khD}k?=auY!m51Bq;jv6NWZXPqpWo2
zpu}JwLnni>fb!h3vQTu}vb`(J1IrasJ@YCPeLc(^19OX#(yRQ;D@&4mDhmAF9CH&Z
zP5naB{k_~hBfYXh^9;Buv-2~(wTnY@oV9&|%nVc9O|!fVGYg8#EF+R#{c`<0O<Xe5
zqD+G`O-#^j^Gu4UNGn$`v-HfebS(+3DDzCtPxCSjF)ApGv^33kG))T%&dv`n4i7Xf
zbt&|7H4f#<&d4@R^ES$M%TKDxNHZ<*^2ziu@~tv33H9;yO|6J1bI;Yc@No|hFiJ+Z
zEj&5Z+dojj(7D3QH^n3;DZJ99O5ZcEGB?%Sz&t0w#KSn!z%@C-Fg3r@%gih}rP7rv
zEj=vHF|yJnF+IDoAm2RFC(<O}#mF!@EVIBkq{t`4u`<Bl#lWb@vLYK~TZnFYQEFmw
zs)Bw<ji#4{LV9tQts9p?R&r3eb44PTuCA^^R#1>-QlN8rPI<YxZ(g#WMM+^)X;x8Q
zad1?CX-;xvaB`rrf3j(Aet004;rz_&Jeny!OIaTXJKElBe|jld<|@OLT(kAti(^?s
zu02iDQ|X`0ufI(H?d%=*-+y0nKIWfw(!@BAn|J5M>OS+h;9JUToP6)Jveb<mURU-P
z3-wPB*nBEOSoG@RxJtKI;udZax;NXUf-~7Ja-REhw)EW5Z*0|*p4W*A?6AH$TYHP+
zk;gmFWZUiy|Es>~g;hlR`zO0BcP6M#uC{#iS)T2PSc|OF-P57pbA7w7cH5d6zi76R
zd$!K~|I@TOx1c$bE%FPe=TFMe`}8G8gTv{wLRQBr$6JT)O*zn-b7zuX=EQ4%Pjn~7
z@R}XpFT34l8-MF{%RPOet-;@wY){p04|hqObZ|e@w3qLrp1Awnd7hT@di&o-Q%>Dh
I{_r2a0OXE=xBvhE

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 9882c3ba..66c1df64 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -6,6 +6,8 @@ in
   "nextshot.age".publicKeys = pubkeys.ragon.client;
   "pulseLaunch.age".publicKeys = pubkeys.ragon.client;
   "rootPasswd.age".publicKeys = pubkeys.ragon.computers;
+  "msmtprc.age".publicKeys = pubkeys.ragon.computers;
+  "aliases.age".publicKeys = pubkeys.ragon.computers;
   "wpa_supplicant.age".publicKeys = pubkeys.ragon.computers;
   "ragonPasswd.age".publicKeys = pubkeys.ragon.computers;
   "tailscaleKey.age".publicKeys = pubkeys.ragon.computers;