nixos-config/nixos/configs/workhorse/mail-fetcher.nix

# fetches mails for me
{ lib, pkgs, config, ... }:
let
  junk_filter = [
    "from:booking.com"
    "from:brompton.com"
    "from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)"
    "from:codepen.io"
    "from:congstarnews.de"
    "from:cronullasurfingacademy.com"
    "from:cryptohopper.com"
    "from:digitalo.de"
    "from:facebook.com OR from:facebookmail.com"
    "from:fitnessfirst.de"
    "from:flixbus.de"
    "from:getdigital.de"
    "from:getpocket.com"
    "from:ghostinspector.com"
    "from:globetrotter.de"
    "from:hackster.io"
    "from:hostelworld.com"
    "from:immobilienscout24.de"
    "from:kvraudio.com"
    "from:letterboxd.com"
    "from:linkedin.com"
    "from:magix.net"
    "from:mailings.gmx.net"
    "from:mailings.web.de"
    "from:matrix.org"
    "from:menospese.com"
    "from:microsoftstoreemail.com"
    "from:mixcloudmail.com AND subject:Weekly Update"
    "from:oknotify2.com AND NOT subject:New message"
    "from:paulaschoice.com"
    "from:puppet.com"
    "from:runtastic.com"
    "from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com"
    "from:ticketmaster.de"
    "from:trade4less.de"
    "from:tumblr.com"
    "from:turners.co.nz"
    "from:twitch.tv"
    "from:vstbuzz.com"
  ];
  filters = [
    {
      query = "from:hv-geelen.de";
      tags = [ "+wohnung" ];
    }
    {
      query = "from:computerfutures.com OR from:computerfutures.de";
      tags = [ "+jobs" "-inbox" ];
    }
    {
      query = "from:seek.com.au or from:seek.co.nz";
      tags = [ "+jobs" ];
    }
    {
      query = "from:xing.com";
      tags = [ "+jobs" "-inbox" ];
    }
    {
      query = "from:no-reply@backtrace.io OR to:sononym@noreply.github.com";
      tags = [ "+sononym" "-inbox" ];
    }
    {
      query = "from:ebay.com OR from:ebay.de OR from:ebay.net";
      tags = [ "+ebay" "+shop" "+billing" ];
    }
    {
      query = "from:bahn.de";
      tags = [ "+billing" "+bahn" ];
    }
    {
      query =
        "from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com";
      tags = [ "+mia" "+work" "-unread" "-inbox" ];
    }
    {
      query =
        "from:space-left.org OR to:space-left.org OR subject:/\\[space-left\\]/";
      tags = [ "+spaceleft" "+space-left" ];
    }
    {
      query = "from:landr.com";
      tags = [ "+landr" "+music" ];
    }
    {
      query = "tag:landr and tag:billing";
      tags = [ "+billing" ];
    }
    {
      query = "from:oknotify2.com";
      tags = [ "+okcupid" ];
    }
    {
      query = "from:taxback.de OR to:taxback.de";
      tags = [ "+steuer" ];
    }
    {
      query = "from:campact.de";
      tags = [ "+campact" "+politics" ];
    }
    {
      query = "from:aliexpress.com";
      tags = [ "+shop" "+aliexpress" ];
    }
    {
      query = "from:congstar.de";
      tags = [ "+billing" "+congstar" "-inbox" "-unread" ];
    }
    {
      query =
        "from:steampowered.com AND NOT ( subject:purchase OR subject:received )";
      tags = [ "-inbox" "-unread" ];
    }
    {
      query =
        "from:steampowered.com AND ( subject:purchase OR subject:received )";
      tags = [ "+billing" "+steam" ];
    }
    {
      query = "from:gog.com AND NOT subject:Bestellung";
      tags = [ "-inbox" "-unread" ];
    }
    {
      query = "from:gog.com AND subject:Bestellung";
      tags = [ "+billing" "+gog" ];
    }
    {
      query = "from:stadtmobil.de";
      tags = [ "+billing" "+stadtmobil" "-inbox" "-unread" ];
    }
    {
      query = "from:drive-now.com";
      tags = [ "+billing" "+drivenow" "-inbox" "-unread" ];
    }
    {
      query = "from:data-treuhand.de";
      tags = [ "+mindcurv" "+work" "-inbox" "-unread" "-junk" ];
    }
    {
      query = "from:immocation.de";
      tags = [ "+immobilien" "-inbox" ];
    }
    {
      query = "from:tinc-vpn.org";
      tags = [ "+tinc" ];
    }
    {
      query = "from:mindfactory.de";
      tags = [ "+shop" "+billing" ];
    }
    {
      query = "from:zalando.de";
      tags = [ "+shop" "+billing" "+zalando" ];
    }
    {
      query = "from:ing.de";
      tags = [ "+bank" "+ingdiba" ];
    }
    {
      query = "from:nab.com.au";
      tags = [ "+bank" "+nab" "-inbox" "-unread" ];
    }
    {
      query = "from:dkb.de";
      tags = [ "+bank" "+dkb" ];
    }
    {
      query = "from:o2online.de";
      tags = [ "+billing" "+o2" ];
    }
    {
      query = "from:betfair.com";
      tags = [ "+work" "+betfair" ];
    }
    {
      query = "from:notifications@github.com";
      tags = [ "+github" ];
    }
    {
      query = "to:NUR@noreply.github.com";
      tags = [ "+nur" "+nixos" "+list" ];
    }
    {
      query = "to:nixpkgs@noreply.github.com";
      tags = [ "+nixpkgs" "+nixos" "+list" ];
    }
    {
      query = "from:travis-ci.org AND subject:mrVanDalo/navi";
      tags = [ "+development" "+navi" ];
    }
    {
      query = "from:travis-ci.org AND subject:nur-packages";
      tags = [ "+development" "+nixos" "+nur-packages" ];
    }
    {
      query = "from:travis-ci.org AND subject:csv-to-qif";
      tags = [ "+development" "+csv-to-qif" ];
    }
    {
      query = "to:proaudio@lists.tuxfamily.org";
      tags = [ "-inbox" "-unread" ];
    }
    {
      query = "from:nixos1@discoursemail.com";
      tags = [ "+nixos" "+discourse" "+list" ];
    }
    {
      query = "from:nixos1@discoursemail.com AND subject:Development";
      tags = [ "+nixos" "+discourse" "+development" ];
    }
    {
      query = "from:nixos1@discoursemail.com AND subject:Français";
      tags = [ "+nixos" "+discourse" "-inbox" "-unread" ];
    }
    {
      query = "from:nixos1@discoursemail.com AND subject:Announcements";
      tags = [ "+nixos" "+discourse" "+announcements" ];
    }
    {
      query = "from:nixos1@discoursemail.com AND subject:Links";
      tags = [ "+nixos" "+discourse" "+links" ];
    }
    {
      query = "from:nixos1@discoursemail.com AND subject:Games";
      tags = [ "+nixos" "+discourse" "+games" ];
    }
    {
      query = "from:nixos1@discoursemail.com AND subject:Meta";
      tags = [ "+nixos" "+discourse" "+meta" ];
    }
    {
      query = "from:nixos1@discoursemail.com AND subject:Events";
      tags = [ "+nixos" "+discourse" "+events" ];
    }
    {
      query = "from:limebike.com AND (subject:Funds OR subject:Receipt)";
      tags = [ "-inbox" "-unread" "+billing" "+limebike" ];
    }
    {
      query = "from:freemusicarchive.org";
      tags = [ "+FMA" ];
    }
    {
      query = "from:namecheap.com and subject:auto-renewal";
      tags = [ "+namecheap" "+billing" ];
    }
    {
      query = "from:namecheap.com and subject:order";
      tags = [ "+namecheap" "+billing" ];
    }
    {
      query = "tag:namecheap.com and tag:billing and body:gaykraft.com";
      tags = [ "+namecheap" "+billing" ];
    }
    {
      query = "from:nintendo.com";
      tags = [ "+nintendo" "+billing" ];
    }
    {
      query = "from:oculus.com AND subject:receipt";
      tags = [ "+oculus" "+billing" ];
    }
    {
      query = "from:car2go.com";
      tags = [ "-inbox" "-unread" ];
    }
    {
      query = "from:sixt.de";
      tags = [ "-inbox" "-unread" ];
    }
    {
      query = "from:meetup.com";
      tags = [ "-inbox" "-unread" "+meetup" ];
    }
    {
      query = "from:slack.com";
      tags = [ "+slack" ];
    }
    {
      query = "from:keybase.io";
      tags = [ "+keybase" ];
    }
    {
      query = "from:jobs2web.com";
      tags = [ "+newzealand" "+jobs" "-inbox" ];
    }
    {
      query = "from:paypal.de AND subject:Bestätigung";
      tags = [ "-unread" "+paypal" "+billing" ];
    }
    {
      query = "to:c-base.org";
      tags = [ "+cbase" "+list" ];
    }
    {
      query = "to:c-base.org AND subject=[auto-report]";
      tags = [ "-unread" "-inbox" ];
    }
    {
      query = "from:browserstack.com";
      tags = [ "+browserstack" ];
    }
    {
      query =
        "to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com";
      tags = [ "+renoise" ];
    }
    {
      query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com";
      tags = [ "+shop" "+amazon" "+billing" ];
    }
    {
      query = "from:hetzner.com OR from:hetzner.de";
      tags = [ "+hetzner" ];
    }
    {
      query =
        "to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
      tags = [ "-inbox" "-unread" "+junk" "+renoise" ];
    }
    {
      query = "tag:hetzner and subject:Invoice";
      tags = [ "+billing" ];
    }
    # final rules to make imap sync stuff easier
    # there can only be one output folder tag, and theses rules are prioritized
    {
      query = "tag:fraud";
      tags = [ "-inbox" "-archive" "-junk" "-unread" ];
      message = "clean up tag fraud";
    }
    {
      query = "tag:junk";
      tags = [ "-inbox" "-archive" "-fraud" "-unread" ];
      message = "clean up tag junk";
    }
    {
      query = "tag:archive";
      tags = [ "-inbox" "-junk" "-fraud" "-unread" ];
      message = "clean up tag archive";
    }
    {
      query = "tag:inbox";
      tags = [ "-archive" "-junk" "-fraud" ];
      message = "clean up inbox";
    }
    {
      query = "tag:killed";
      tags = [ "-inbox" "-unread" ];
      message = "clean up tag killed";
    }
    {
      query = "tag:muted";
      tags = [ "-inbox" "-unread" ];
    }
    # remove new tag at the end
    {
      query = "tag:new";
      tags = [ "-new" ];
      message = "remove new tag at the end";
    }
  ];

  notmuchTagging =
    let

      template = index:
        { tags, query, message ? "generic", ... }:
        let
          command = ''
            ${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}"
          '';
        in
        ''
          echo '${command}'
          ${command}
        '';
      junk_template = index: query:
        template index {
          tags = [ "+junk" "-unread" "-inbox" ];
          query = query;
          message = "generic junk filter";
        };

    in
    pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n"
      ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));

  notmuchTaggingNew =
    let

      template = index:
        { tags, query, message ? "generic", ... }:
        let
          command = ''
            ${pkgs.notmuch}/bin/notmuch tag ${
              lib.concatStringsSep " " tags
            } -- "${query} AND tag:new"
          '';
        in
        ''
          echo '${command}'
          ${command}
        '';

      junk_template = index: query:
        template index {
          tags = [ "+junk" "-unread" "-inbox" ];
          query = query;
          message = "generic junk filter";
        };
    in
    pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n"
      ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));

in
{

  backup.dirs = [ "/home/mailfetcher" ];

  users.users.mailUser = {
    isNormalUser = true;
    description = "collects mails for me";
    hashedPassword = "!";
    name = "mailfetcher";
    home = "/home/mailfetcher";
    openssh.authorizedKeys.keyFiles =
      config.users.users.root.openssh.authorizedKeys.keyFiles;
    group = "mailfetcher";
  };

  users.groups.mailUser = {
    name = "mailfetcher";
  };

  sops.secrets.mail_terranix = {
    owner = config.users.users.mailUser.name;
    group = config.users.users.mailUser.group;
  };
  sops.secrets.mail_gmail = {
    owner = config.users.users.mailUser.name;
    group = config.users.users.mailUser.group;
  };
  sops.secrets.mail_gmx_palo = {
    owner = config.users.users.mailUser.name;
    group = config.users.users.mailUser.group;
  };
  sops.secrets.mail_gmx_ingolf = {
    owner = config.users.users.mailUser.name;
    group = config.users.users.mailUser.group;
  };
  sops.secrets.mail_web = {
    owner = config.users.users.mailUser.name;
    group = config.users.users.mailUser.group;
  };
  sops.secrets.mail_siteground = {
    owner = config.users.users.mailUser.name;
    group = config.users.users.mailUser.group;
  };

  environment.systemPackages = [ pkgs.muchsync ];

  # configure accounts
  home-manager.users.mailUser.accounts.email = {
    accounts = {

      palo_van_dalo-gmx = {
        primary = false;
        address = "palo_van_dalo@gmx.de";
        aliases = [ ];
        realName = "Ingolf Wagner";
        userName = "palo_van_dalo@gmx.de";
        passwordCommand =
          "cat ${toString config.sops.secrets.mail_gmx_palo.path }";
        imap = {
          host = "imap.gmx.net";
          tls.enable = true;
          port = 993;
        };
        mbsync = {
          enable = true;
          create = "both";
        };
        notmuch.enable = true;
      };

      ingolf-wagner-gmx = {
        primary = false;
        address = "ingolf.wagner@gmx.de";
        aliases = [ ];
        realName = "Ingolf Wagner";
        userName = "ingolf.wagner@gmx.de";
        passwordCommand =
          "cat ${toString config.sops.secrets.mail_gmx_ingolf.path }";
        imap = {
          host = "imap.gmx.net";
          tls.enable = true;
          port = 993;
        };
        mbsync = {
          enable = true;
          create = "both";
        };
        notmuch.enable = true;
      };

      pali_palo = {
        primary = false;
        address = "pali_palo@web.de";
        aliases = [ ];
        realName = "Ingolf Wagner";
        userName = "pali_palo@web.de";
        passwordCommand =
          "cat ${toString config.sops.secrets.mail_web.path }";
        imap = {
          host = "imap.web.de";
          tls.enable = true;
          port = 993;
        };
        mbsync = {
          enable = true;
          create = "both";
        };
        notmuch.enable = true;
      };

      gmail = {
        # for google accounts you have to allow 'less secure apps' in accounts.google.com
        primary = true;
        address = "palipalo9@googlemail.com";
        aliases = [ ];
        realName = "Ingolf Wagner";
        userName = "palipalo9@googlemail.com";
        passwordCommand =
          "cat ${toString config.sops.secrets.mail_gmail.path }";
        imap = {
          host = "imap.gmail.com";
          tls.enable = true;
          port = 993;
        };
        mbsync = {
          enable = true;
          create = "both";
        };
        notmuch.enable = true;
      };

      terranix_org = {
        primary = false;
        address = "palo@terranix.org";
        aliases = [ ];
        realName = "Ingolf Wagner";
        userName = "palo@terranix.org";
        passwordCommand = "cat ${toString config.sops.secrets.mail_terranix.path }";
        imap = {
          host = "mail.privateemail.com";
          tls.enable = true;
          port = 993;
        };
        mbsync = {
          enable = true;
          create = "both";
        };
        notmuch.enable = true;
      };

      ingolf-wagner-de = {
        primary = false;
        address = "contact@ingolf-wagner.de";
        aliases = [ ];
        realName = "Ingolf Wagner";
        userName = "contact@ingolf-wagner.de";
        passwordCommand =
          "cat ${toString config.sops.secrets.mail_siteground.path }";
        imap = {
          host = "securees5.sgcpanel.com";
          port = 993;
          tls.enable = true;
          #tls.useStartTls = true;
        };
        # make sure the upstream mail is deleted
        getmail = {
          enable = true;
          delete = true;
          readAll = false;
          mailboxes = [ "ALL" ];
        };
        notmuch.enable = true;
      };

    };
  };

  # configure mbsync
  home-manager.users.mailUser.programs.mbsync.enable = true;

  # re-tag everything once a day
  systemd.services.retagmail = {
    enable = true;
    serviceConfig = { User = config.users.users.mailUser.name; };
    environment.NOTMUCH_CONFIG =
      "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
    script = "${notmuchTagging}";
  };
  systemd.timers.retagmail = {
    enable = true;
    timerConfig = {
      OnCalendar = "daily";
      Persistent = "true";
    };
    wantedBy = [ "multi-user.target" ];
  };

  # fetch mails every 10 minutes
  systemd.services.fetchmail =
    let
      threadTag = tag: ''
        echo "tag threads with ${tag}"
        ${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag})
      '';
    in
    {
      enable = true;
      serviceConfig = { User = config.users.users.mailUser.name; };
      environment.NOTMUCH_CONFIG =
        "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
      script = ''
        echo "run mbsync"
        ${pkgs.isync}/bin/mbsync \
          --all
        echo "run getmail"
        ${pkgs.getmail}/bin/getmail \
          --quiet \
          --rcfile getmailingolf-wagner-de

        echo "run notmuch"
        ${pkgs.notmuch}/bin/notmuch new
        ${notmuchTaggingNew}
        ${threadTag "muted"}
        ${threadTag "wohnung"}
        ${threadTag "flagged"}
      '';
    };
  systemd.timers.fetchmail = {
    enable = true;
    # timerConfig.OnCalendar = " *-*-* *:00:00";
    timerConfig.OnCalendar = "*:0/10";
    wantedBy = [ "multi-user.target" ];
  };

  # configure notmuch
  home-manager.users.mailUser.programs.notmuch = {
    enable = true;
    new.tags = [ "unread" "inbox" "new" ];
  };

}