aerc: add assertion to limit per-account extraConfig to UI config (#4196)
* aerc: fix per-account extraConfig section names The aerc configuration file `aerc.conf` can contain 10 different sections, but only the UI section supports what the aerc manual calls contextual configuration. This works by appending to the section heading either `:account=name` or `:folder=bar`. The aerc-accounts module, however, applied `mkAccountConfig` to each section heading declared in `config.accounts.email.accounts.<name>.aerc.extraConfig.*`. This means home-manager will generate files with `[general:account=default]` and the options will not be recognized by aerc. To address this, and since it doesn't make sense for other sections to only be under a single account's scope, an assertion has been added to confirm that only sectons that support contextual config (i.e., only the UI section) is declared. This also addresses confusions like declaring `accounts.email.accounts.*.aerc.extraConfig.general.unsafe-accounts-conf = true` and triggering a warning message because `programs.aerc.extraConfig.general.unsafe-accounts-conf` was unset. This commit also updated documentation throughout the aerc modules to be in line with this change, and fixed minor typos/formatting therein. Co-authored-by: Genevieve <genevieve@sunlashed.garden> * aerc: make assertion plaintext and add test case This commit adds a test case to check both the warning on unset `unsafe-accounts-conf = true` when aerc accounts are configured with Nix, and the new assertion when per-account configuration contains unsupported subsections (i.e. general). It also fixes minor formatting issues and typos.
This commit is contained in:
parent
e42fb59768
commit
bec87d536c
4 changed files with 80 additions and 13 deletions
|
@ -53,9 +53,9 @@ in {
|
|||
example =
|
||||
literalExpression ''{ source = "maildir://~/Maildir/example"; }'';
|
||||
description = ''
|
||||
Extra config added to the configuration of this account in
|
||||
Extra config added to the configuration section for this account in
|
||||
<filename>$HOME/.config/aerc/accounts.conf</filename>.
|
||||
See aerc-config(5).
|
||||
See <citerefentry><refentrytitle>aerc-accounts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -66,18 +66,20 @@ in {
|
|||
''{ messages = { d = ":move ''${folder.trash}<Enter>"; }; }'';
|
||||
description = ''
|
||||
Extra bindings specific to this account, added to
|
||||
<filename>$HOME/.config/aerc/accounts.conf</filename>.
|
||||
See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
<filename>$HOME/.config/aerc/binds.conf</filename>.
|
||||
See <citerefentry><refentrytitle>aerc-binds</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = confSections;
|
||||
default = { };
|
||||
example = literalExpression "{ ui = { sidebar-width = 42; }; }";
|
||||
example = literalExpression "{ ui = { sidebar-width = 25; }; }";
|
||||
description = ''
|
||||
Extra config specific to this account, added to
|
||||
<filename>$HOME/.config/aerc/aerc.conf</filename>.
|
||||
Config specific to this account, added to <filename>$HOME/.config/aerc/aerc.conf</filename>.
|
||||
Aerc only supports per-account UI configuration.
|
||||
For other sections of <filename>$HOME/.config/aerc/aerc.conf</filename>,
|
||||
use <literal>programs.aerc.extraConfig</literal>.
|
||||
See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -8,7 +8,7 @@ let
|
|||
((type: either type (listOf type)) (nullOr (oneOf [ str int bool float ])))
|
||||
// {
|
||||
description =
|
||||
"values (null, bool, int, string of float) or a list of values, that will be joined with a comma";
|
||||
"values (null, bool, int, string, or float) or a list of values, that will be joined with a comma";
|
||||
};
|
||||
|
||||
confSection = types.attrsOf primitive;
|
||||
|
@ -162,16 +162,28 @@ in {
|
|||
in mkIf cfg.enable {
|
||||
warnings = if genAccountsConf
|
||||
&& (cfg.extraConfig.general.unsafe-accounts-conf or false) == false then [''
|
||||
aerc: An email account was configured, but `extraConfig.general.unsafe-accounts-conf` is set to false or unset.
|
||||
This will prevent aerc from starting, see `unsafe-accounts-conf` in the man page aerc-config(5), which states:
|
||||
aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
|
||||
This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
|
||||
> By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
|
||||
> Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
|
||||
These file permissions are not possible with home-manger, since the generated file is stored in the nix-store with read-only access for all users (0444).
|
||||
If `passwordCommand` is properly set, no credentials will be stored in the nix store.
|
||||
Therefore, consider setting the option `extraConfig.general.unsafe-accounts-conf` to true.
|
||||
These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
|
||||
Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
|
||||
This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
|
||||
''] else
|
||||
[ ];
|
||||
|
||||
assertions = [{
|
||||
assertion = let
|
||||
extraConfigSections = (unique (flatten
|
||||
(mapAttrsToList (_: v: attrNames v.aerc.extraConfig) aerc-accounts)));
|
||||
in extraConfigSections == [ ] || extraConfigSections == [ "ui" ];
|
||||
message = ''
|
||||
Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
|
||||
Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
|
||||
configuration to programs.aerc.extraConfig.
|
||||
'';
|
||||
}];
|
||||
|
||||
home.packages = [ cfg.package ];
|
||||
|
||||
xdg.configFile = {
|
||||
|
|
52
tests/modules/programs/aerc/assertion.nix
Normal file
52
tests/modules/programs/aerc/assertion.nix
Normal file
|
@ -0,0 +1,52 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
config = {
|
||||
test.asserts.assertions.expected = [''
|
||||
Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
|
||||
Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
|
||||
configuration to programs.aerc.extraConfig.
|
||||
''];
|
||||
test.asserts.warnings.expected = [''
|
||||
aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
|
||||
This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
|
||||
> By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
|
||||
> Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
|
||||
These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
|
||||
Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
|
||||
This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
|
||||
''];
|
||||
|
||||
test.stubs.aerc = { };
|
||||
|
||||
programs.aerc = {
|
||||
enable = true;
|
||||
extraAccounts = {
|
||||
Test1 = {
|
||||
source = "maildir:///dev/null";
|
||||
enable-folders-sort = true;
|
||||
folders = [ "INBOX" "SENT" "JUNK" ];
|
||||
};
|
||||
};
|
||||
extraConfig.general = {
|
||||
# unsafe-accounts-conf = true;
|
||||
pgp-provider = "gpg";
|
||||
};
|
||||
};
|
||||
|
||||
accounts.email.accounts.Test2 = {
|
||||
address = "addr@mail.invalid";
|
||||
userName = "addr@mail.invalid";
|
||||
realName = "Foo Bar";
|
||||
primary = true;
|
||||
imap.host = "imap.host.invalid";
|
||||
passwordCommand = "echo PaSsWorD!";
|
||||
aerc = {
|
||||
enable = true;
|
||||
extraConfig.general.pgp-provider = "internal";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
aerc-noSettings = ./noSettings.nix;
|
||||
aerc-settings = ./settings.nix;
|
||||
aerc-assertion = ./assertion.nix;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue