aerc: add assertion to limit per-account extraConfig to UI config (#4196)
* aerc: fix per-account extraConfig section names The aerc configuration file `aerc.conf` can contain 10 different sections, but only the UI section supports what the aerc manual calls contextual configuration. This works by appending to the section heading either `:account=name` or `:folder=bar`. The aerc-accounts module, however, applied `mkAccountConfig` to each section heading declared in `config.accounts.email.accounts.<name>.aerc.extraConfig.*`. This means home-manager will generate files with `[general:account=default]` and the options will not be recognized by aerc. To address this, and since it doesn't make sense for other sections to only be under a single account's scope, an assertion has been added to confirm that only sectons that support contextual config (i.e., only the UI section) is declared. This also addresses confusions like declaring `accounts.email.accounts.*.aerc.extraConfig.general.unsafe-accounts-conf = true` and triggering a warning message because `programs.aerc.extraConfig.general.unsafe-accounts-conf` was unset. This commit also updated documentation throughout the aerc modules to be in line with this change, and fixed minor typos/formatting therein. Co-authored-by: Genevieve <genevieve@sunlashed.garden> * aerc: make assertion plaintext and add test case This commit adds a test case to check both the warning on unset `unsafe-accounts-conf = true` when aerc accounts are configured with Nix, and the new assertion when per-account configuration contains unsupported subsections (i.e. general). It also fixes minor formatting issues and typos.
This commit is contained in:
parent
e42fb59768
commit
bec87d536c
|
@ -53,9 +53,9 @@ in {
|
||||||
example =
|
example =
|
||||||
literalExpression ''{ source = "maildir://~/Maildir/example"; }'';
|
literalExpression ''{ source = "maildir://~/Maildir/example"; }'';
|
||||||
description = ''
|
description = ''
|
||||||
Extra config added to the configuration of this account in
|
Extra config added to the configuration section for this account in
|
||||||
<filename>$HOME/.config/aerc/accounts.conf</filename>.
|
<filename>$HOME/.config/aerc/accounts.conf</filename>.
|
||||||
See aerc-config(5).
|
See <citerefentry><refentrytitle>aerc-accounts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -66,18 +66,20 @@ in {
|
||||||
''{ messages = { d = ":move ''${folder.trash}<Enter>"; }; }'';
|
''{ messages = { d = ":move ''${folder.trash}<Enter>"; }; }'';
|
||||||
description = ''
|
description = ''
|
||||||
Extra bindings specific to this account, added to
|
Extra bindings specific to this account, added to
|
||||||
<filename>$HOME/.config/aerc/accounts.conf</filename>.
|
<filename>$HOME/.config/aerc/binds.conf</filename>.
|
||||||
See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
See <citerefentry><refentrytitle>aerc-binds</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = confSections;
|
type = confSections;
|
||||||
default = { };
|
default = { };
|
||||||
example = literalExpression "{ ui = { sidebar-width = 42; }; }";
|
example = literalExpression "{ ui = { sidebar-width = 25; }; }";
|
||||||
description = ''
|
description = ''
|
||||||
Extra config specific to this account, added to
|
Config specific to this account, added to <filename>$HOME/.config/aerc/aerc.conf</filename>.
|
||||||
<filename>$HOME/.config/aerc/aerc.conf</filename>.
|
Aerc only supports per-account UI configuration.
|
||||||
|
For other sections of <filename>$HOME/.config/aerc/aerc.conf</filename>,
|
||||||
|
use <literal>programs.aerc.extraConfig</literal>.
|
||||||
See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
@ -8,7 +8,7 @@ let
|
||||||
((type: either type (listOf type)) (nullOr (oneOf [ str int bool float ])))
|
((type: either type (listOf type)) (nullOr (oneOf [ str int bool float ])))
|
||||||
// {
|
// {
|
||||||
description =
|
description =
|
||||||
"values (null, bool, int, string of float) or a list of values, that will be joined with a comma";
|
"values (null, bool, int, string, or float) or a list of values, that will be joined with a comma";
|
||||||
};
|
};
|
||||||
|
|
||||||
confSection = types.attrsOf primitive;
|
confSection = types.attrsOf primitive;
|
||||||
|
@ -162,16 +162,28 @@ in {
|
||||||
in mkIf cfg.enable {
|
in mkIf cfg.enable {
|
||||||
warnings = if genAccountsConf
|
warnings = if genAccountsConf
|
||||||
&& (cfg.extraConfig.general.unsafe-accounts-conf or false) == false then [''
|
&& (cfg.extraConfig.general.unsafe-accounts-conf or false) == false then [''
|
||||||
aerc: An email account was configured, but `extraConfig.general.unsafe-accounts-conf` is set to false or unset.
|
aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
|
||||||
This will prevent aerc from starting, see `unsafe-accounts-conf` in the man page aerc-config(5), which states:
|
This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
|
||||||
> By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
|
> By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
|
||||||
> Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
|
> Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
|
||||||
These file permissions are not possible with home-manger, since the generated file is stored in the nix-store with read-only access for all users (0444).
|
These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
|
||||||
If `passwordCommand` is properly set, no credentials will be stored in the nix store.
|
Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
|
||||||
Therefore, consider setting the option `extraConfig.general.unsafe-accounts-conf` to true.
|
This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
|
||||||
''] else
|
''] else
|
||||||
[ ];
|
[ ];
|
||||||
|
|
||||||
|
assertions = [{
|
||||||
|
assertion = let
|
||||||
|
extraConfigSections = (unique (flatten
|
||||||
|
(mapAttrsToList (_: v: attrNames v.aerc.extraConfig) aerc-accounts)));
|
||||||
|
in extraConfigSections == [ ] || extraConfigSections == [ "ui" ];
|
||||||
|
message = ''
|
||||||
|
Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
|
||||||
|
Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
|
||||||
|
configuration to programs.aerc.extraConfig.
|
||||||
|
'';
|
||||||
|
}];
|
||||||
|
|
||||||
home.packages = [ cfg.package ];
|
home.packages = [ cfg.package ];
|
||||||
|
|
||||||
xdg.configFile = {
|
xdg.configFile = {
|
||||||
|
|
52
tests/modules/programs/aerc/assertion.nix
Normal file
52
tests/modules/programs/aerc/assertion.nix
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
test.asserts.assertions.expected = [''
|
||||||
|
Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
|
||||||
|
Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
|
||||||
|
configuration to programs.aerc.extraConfig.
|
||||||
|
''];
|
||||||
|
test.asserts.warnings.expected = [''
|
||||||
|
aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
|
||||||
|
This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
|
||||||
|
> By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
|
||||||
|
> Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
|
||||||
|
These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
|
||||||
|
Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
|
||||||
|
This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
|
||||||
|
''];
|
||||||
|
|
||||||
|
test.stubs.aerc = { };
|
||||||
|
|
||||||
|
programs.aerc = {
|
||||||
|
enable = true;
|
||||||
|
extraAccounts = {
|
||||||
|
Test1 = {
|
||||||
|
source = "maildir:///dev/null";
|
||||||
|
enable-folders-sort = true;
|
||||||
|
folders = [ "INBOX" "SENT" "JUNK" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraConfig.general = {
|
||||||
|
# unsafe-accounts-conf = true;
|
||||||
|
pgp-provider = "gpg";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
accounts.email.accounts.Test2 = {
|
||||||
|
address = "addr@mail.invalid";
|
||||||
|
userName = "addr@mail.invalid";
|
||||||
|
realName = "Foo Bar";
|
||||||
|
primary = true;
|
||||||
|
imap.host = "imap.host.invalid";
|
||||||
|
passwordCommand = "echo PaSsWorD!";
|
||||||
|
aerc = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig.general.pgp-provider = "internal";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,4 +1,5 @@
|
||||||
{
|
{
|
||||||
aerc-noSettings = ./noSettings.nix;
|
aerc-noSettings = ./noSettings.nix;
|
||||||
aerc-settings = ./settings.nix;
|
aerc-settings = ./settings.nix;
|
||||||
|
aerc-assertion = ./assertion.nix;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue