diff --git a/modules/common/mail/default.nix b/modules/common/mail/default.nix index c246716..82c1b15 100644 --- a/modules/common/mail/default.nix +++ b/modules/common/mail/default.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: { - imports = [ ./himalaya.nix ./aerc.nix ]; + imports = [ ./himalaya.nix ./aerc.nix ./system.nix ]; options = { mail.enable = lib.mkEnableOption "Mail service."; @@ -78,7 +78,6 @@ CopyArrivalDate = "yes"; # Sync time of original message }; }; - msmtp.enable = true; notmuch.enable = true; passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${ diff --git a/modules/common/mail/system.nix b/modules/common/mail/system.nix new file mode 100644 index 0000000..c43daa9 --- /dev/null +++ b/modules/common/mail/system.nix @@ -0,0 +1,32 @@ +{ config, pkgs, lib, ... }: { + + config = lib.mkIf (config.mail.enable || config.server) { + + home-manager.users.${config.user} = { + + programs.msmtp.enable = true; + accounts.email.accounts.system = + let address = "system@${config.mail.server}"; + in { + userName = address; + realName = "NixOS System"; + primary = false; + inherit address; + passwordCommand = + "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${ + pkgs.writeText "mailpass-system.age" + (builtins.readFile ../../../private/mailpass-system.age) + }"; + msmtp.enable = true; + smtp = { + host = config.mail.smtpHost; + port = 465; + tls.enable = true; + }; + }; + + }; + + }; + +} diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix index 5ba7790..2931f8d 100644 --- a/modules/nixos/system/default.nix +++ b/modules/nixos/system/default.nix @@ -15,6 +15,43 @@ systemd.services.nix-gc.postStop = lib.mkIf (!config.server) "systemctl suspend"; + # Update the system daily + system.autoUpgrade = { + enable = config.server; # Only auto upgrade servers + dates = "03:33"; + flake = "git+${config.dotfilesRepo}"; + randomizedDelaySec = "45min"; + operation = "switch"; + allowReboot = config.server; # Reboot servers + rebootWindow = { + lower = "00:01"; + upper = "06:00"; + }; + }; + systemd.services."notify-email@" = + let address = "system@${config.mail.server}"; + in { + enable = config.mail.enable; + environment.SERVICE_ID = "%i"; + script = '' + TEMPFILE=$(mktemp) + echo "From: ${address}" > $TEMPFILE + echo "To: ${address}" >> $TEMPFILE + echo "Subject: Failure in $SERVICE_ID" >> $TEMPFILE + echo -e "\nGot an error with $SERVICE_ID\n\n" >> $TEMPFILE + set +e + systemctl status $SERVICE_ID >> $TEMPFILE + set -e + ${pkgs.msmtp}/bin/msmtp \ + --file=${config.homePath}/.config/msmtp/config \ + --account=system \ + ${address} < $TEMPFILE + ''; + }; + systemd.services.nixos-upgrade.onFailure = + lib.mkIf config.systemd.services."notify-email@".enable + [ "notify-email@%i.service" ]; + }; } diff --git a/private/mailpass-system.age b/private/mailpass-system.age new file mode 100644 index 0000000..7d24d7e --- /dev/null +++ b/private/mailpass-system.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyA3Ynp0 +UUVDdVk1MG1nQmZ3cDl5UmY5VnpMSkdyYmluTlJGWUdnRVQyVWhvCkNlQkY0RUR5 +ODZTYUEzQlBmelBLcUxuWjdiYms2RUtmYlFFeEpXM3JCMlUKLT4gc3NoLWVkMjU1 +MTkgWXlTVU1RIFNySTEvUXhycFhZa3h5ZnZyaXJEZ3BGRW03WGRvM29FQlZJQ2xx +ZnMwVzgKbGFVMDlYZjVzeUJyY1kyc0ZXRnVydHkzOWtPaE1uTXllbHhaQTdIa016 +VQotPiBzc2gtZWQyNTUxOSBuanZYNUEgdjh4T2FkckZYQlpsd3ZSTmc4VGRxWjg4 +TVRCTUl4U1BnanVwV29POXhIZwpEcHBUOFJjTXBGTExYTWtmd01XQlZndklXTkdU +NHBnYkNBTSs5K1A3cE9vCi0tLSBBa01zRTdNYW5wRlltVkgrWG9mdHcrZ1NXRUwz +UUhsalZSeU1CVENmbnp3CphGOZ7hu3mq3UI69UCJq7ptFDMUmdmYW4ydzz2RVlYX +P1JWkX0IpnHtcFPK1XmRrBkiyto= +-----END AGE ENCRYPTED FILE-----