aerc: add assertion to limit per-account extraConfig to UI config (#4196)

* aerc: fix per-account extraConfig section names

The aerc configuration file `aerc.conf` can contain 10 different
sections, but only the UI section supports what the aerc manual calls
contextual configuration. This works by appending to the section heading
either `:account=name` or `:folder=bar`.

The aerc-accounts module, however, applied `mkAccountConfig` to each
section heading declared in
`config.accounts.email.accounts.<name>.aerc.extraConfig.*`. This means
home-manager will generate files with `[general:account=default]` and
the options will not be recognized by aerc.

To address this, and since it doesn't make sense for other sections to
only be under a single account's scope, an assertion has been added
to confirm that only sectons that support contextual config (i.e.,
only the UI section) is declared.

This also addresses confusions like declaring
`accounts.email.accounts.*.aerc.extraConfig.general.unsafe-accounts-conf
= true` and triggering a warning message because
`programs.aerc.extraConfig.general.unsafe-accounts-conf` was unset.

This commit also updated documentation throughout the aerc modules to
be in line with this change, and fixed minor typos/formatting therein.

Co-authored-by: Genevieve <genevieve@sunlashed.garden>

* aerc: make assertion plaintext and add test case

This commit adds a test case to check both the warning on unset
`unsafe-accounts-conf = true` when aerc accounts are configured
with Nix, and the new assertion when per-account configuration
contains unsupported subsections (i.e. general).

It also fixes minor formatting issues and typos.
This commit is contained in:
Genevieve 2023-07-14 18:34:28 +00:00 committed by GitHub
parent e42fb59768
commit bec87d536c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 80 additions and 13 deletions

View file

@ -53,9 +53,9 @@ in {
example = example =
literalExpression ''{ source = "maildir://~/Maildir/example"; }''; literalExpression ''{ source = "maildir://~/Maildir/example"; }'';
description = '' description = ''
Extra config added to the configuration of this account in Extra config added to the configuration section for this account in
<filename>$HOME/.config/aerc/accounts.conf</filename>. <filename>$HOME/.config/aerc/accounts.conf</filename>.
See aerc-config(5). See <citerefentry><refentrytitle>aerc-accounts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
''; '';
}; };
@ -66,18 +66,20 @@ in {
''{ messages = { d = ":move ''${folder.trash}<Enter>"; }; }''; ''{ messages = { d = ":move ''${folder.trash}<Enter>"; }; }'';
description = '' description = ''
Extra bindings specific to this account, added to Extra bindings specific to this account, added to
<filename>$HOME/.config/aerc/accounts.conf</filename>. <filename>$HOME/.config/aerc/binds.conf</filename>.
See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>. See <citerefentry><refentrytitle>aerc-binds</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
''; '';
}; };
extraConfig = mkOption { extraConfig = mkOption {
type = confSections; type = confSections;
default = { }; default = { };
example = literalExpression "{ ui = { sidebar-width = 42; }; }"; example = literalExpression "{ ui = { sidebar-width = 25; }; }";
description = '' description = ''
Extra config specific to this account, added to Config specific to this account, added to <filename>$HOME/.config/aerc/aerc.conf</filename>.
<filename>$HOME/.config/aerc/aerc.conf</filename>. Aerc only supports per-account UI configuration.
For other sections of <filename>$HOME/.config/aerc/aerc.conf</filename>,
use <literal>programs.aerc.extraConfig</literal>.
See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>. See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
''; '';
}; };

View file

@ -8,7 +8,7 @@ let
((type: either type (listOf type)) (nullOr (oneOf [ str int bool float ]))) ((type: either type (listOf type)) (nullOr (oneOf [ str int bool float ])))
// { // {
description = description =
"values (null, bool, int, string of float) or a list of values, that will be joined with a comma"; "values (null, bool, int, string, or float) or a list of values, that will be joined with a comma";
}; };
confSection = types.attrsOf primitive; confSection = types.attrsOf primitive;
@ -162,16 +162,28 @@ in {
in mkIf cfg.enable { in mkIf cfg.enable {
warnings = if genAccountsConf warnings = if genAccountsConf
&& (cfg.extraConfig.general.unsafe-accounts-conf or false) == false then ['' && (cfg.extraConfig.general.unsafe-accounts-conf or false) == false then [''
aerc: An email account was configured, but `extraConfig.general.unsafe-accounts-conf` is set to false or unset. aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
This will prevent aerc from starting, see `unsafe-accounts-conf` in the man page aerc-config(5), which states: This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
> By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600). > By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
> Set this option to true to ignore this permission check. Use this with care as it may expose your credentials. > Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
These file permissions are not possible with home-manger, since the generated file is stored in the nix-store with read-only access for all users (0444). These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
If `passwordCommand` is properly set, no credentials will be stored in the nix store. Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
Therefore, consider setting the option `extraConfig.general.unsafe-accounts-conf` to true. This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
''] else ''] else
[ ]; [ ];
assertions = [{
assertion = let
extraConfigSections = (unique (flatten
(mapAttrsToList (_: v: attrNames v.aerc.extraConfig) aerc-accounts)));
in extraConfigSections == [ ] || extraConfigSections == [ "ui" ];
message = ''
Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
configuration to programs.aerc.extraConfig.
'';
}];
home.packages = [ cfg.package ]; home.packages = [ cfg.package ];
xdg.configFile = { xdg.configFile = {

View file

@ -0,0 +1,52 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
test.asserts.assertions.expected = [''
Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
configuration to programs.aerc.extraConfig.
''];
test.asserts.warnings.expected = [''
aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
> By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
> Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
''];
test.stubs.aerc = { };
programs.aerc = {
enable = true;
extraAccounts = {
Test1 = {
source = "maildir:///dev/null";
enable-folders-sort = true;
folders = [ "INBOX" "SENT" "JUNK" ];
};
};
extraConfig.general = {
# unsafe-accounts-conf = true;
pgp-provider = "gpg";
};
};
accounts.email.accounts.Test2 = {
address = "addr@mail.invalid";
userName = "addr@mail.invalid";
realName = "Foo Bar";
primary = true;
imap.host = "imap.host.invalid";
passwordCommand = "echo PaSsWorD!";
aerc = {
enable = true;
extraConfig.general.pgp-provider = "internal";
};
};
};
}

View file

@ -1,4 +1,5 @@
{ {
aerc-noSettings = ./noSettings.nix; aerc-noSettings = ./noSettings.nix;
aerc-settings = ./settings.nix; aerc-settings = ./settings.nix;
aerc-assertion = ./assertion.nix;
} }