From 52595af8aff88d0ad3147f5122f19a8d44f72df1 Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <cnx@loang.net>
Date: Thu, 18 Apr 2024 07:03:34 +0900
Subject: Enable public-inbox-imapd

---
 mail.nix | 54 ++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 46 insertions(+), 8 deletions(-)

diff --git a/mail.nix b/mail.nix
index 62a7f11..ae14556 100644
--- a/mail.nix
+++ b/mail.nix
@@ -192,16 +192,40 @@ in {
         enable = true;
         port = 1430;
       };
-      inboxes = {
-        test = {
-          address = [ "test@${publicHost}" ];
-          description = "test list";
-          url = "https://${publicHost}/test";
+      imap = let
+        certDir = config.security.acme.certs.${publicHost}.directory;
+      in {
+        cert = "${certDir}/cert.pem";
+        enable = true;
+        key = "${certDir}/key.pem";
+        port = 143;
+      };
+      inboxes = builtins.mapAttrs (name: value: value // {
+        address = [ "${name}@${publicHost}" ];
+        url = "https://${publicHost}/${name}";
+        newsgroup = "inbox.${name}";
+      }) {
+        test.description = "test list";
+        chung = {
+          description = "News, requests and patches for loang.net";
+          coderepo = [ "nixos-conf" "phylactery" "site" ];
         };
       };
       mda.enable = true;
       postfix.enable = true;
-      settings.publicinbox.wwwlisting = "match=domain";
+      settings = {
+        coderepo = builtins.listToAttrs (map (name: {
+          name = name;
+          value = {
+            cgitUrl = "https://trong.loang.net/${name}";
+            dir = name;
+          };
+        }) [ "nixos-conf" "phylactery" "site" ]);
+        publicinbox = {
+          imapserver = [ publicHost ];
+          wwwlisting = "match=domain";
+        };
+      };
     };
 
     nginx.virtualHosts = {
@@ -257,6 +281,20 @@ in {
     };
   };
 
-  systemd.services.alps.unitConfig.Requires = "maddy.service";
-  users.extraUsers.maddy.extraGroups = [ "nginx" "shadow" ];
+  systemd.services = {
+    alps.unitConfig.Requires = "maddy.service";
+    public-inbox-imapd.serviceConfig.BindReadOnlyPaths = [
+      config.security.acme.certs.${publicHost}.directory
+    ];
+  };
+
+  users.users = {
+    maddy.extraGroups = [
+      config.security.acme.certs.${hostname}.group
+      "shadow"
+    ];
+    public-inbox.extraGroups = [
+      config.security.acme.certs.${publicHost}.group
+    ];
+  };
 }
-- 
cgit 1.4.1