mailctl: replace with oama

dezeroku · May 17, 2024 · 4fccd2d · 4fccd2d
1 parent f88a5a9
commit 4fccd2d
Show file tree

Hide file tree

Showing 14 changed files with 51 additions and 55 deletions.
diff --git a/base.yml b/base.yml
@@ -95,10 +95,10 @@ local_machine:
     #     # drafts_dir: "[Gmail]/Drafts"
     #     # sent_dir: "[Gmail]/Sent Mail"
     #
-    #     # If oauth is set to true, you'll need to run `mailctl authorize <service> <email>`
+    #     # If oauth is set to true, you'll need to run `oama authorize <service> <email>`
     #     # one-time before using the account
     #     # You'll also have to create an OAuth app or use publicly available credentials
-    #     # See configurable variables for the `mailctl` role for more details
+    #     # See configurable variables for the `oama` role for more details
     #     oauth: false
     #     # Set this to true if you are using a GSuite based pim tooling
     #     # It requires non-standard authentication flow

diff --git a/playbooks/mail.yml b/playbooks/mail.yml
@@ -8,7 +8,7 @@
     - {role: imapnotify, tags: ['imapnotify']}
     - {role: isync, tags: ['isync']}
     - {role: msmtp, tags: ['msmtp']}
-    - {role: mailctl, tags: ['mailctl'], when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
+    - {role: oama, tags: ['oama'], when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
   tags:
     - mail
     - never

diff --git a/roles/imapnotify/meta/main.yaml b/roles/imapnotify/meta/main.yaml
@@ -1,4 +1,4 @@
 ---
 dependencies:
   - role: isync
-  - {role: mailctl, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
+  - {role: oama, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
diff --git a/roles/isync/meta/main.yaml b/roles/isync/meta/main.yaml
@@ -1,3 +1,3 @@
 ---
 dependencies:
-  - {role: mailctl, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
+  - {role: oama, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
diff --git a/roles/mailctl/templates/config.yaml b/roles/mailctl/templates/config.yaml
diff --git a/roles/mailctl/templates/services.yaml b/roles/mailctl/templates/services.yaml
diff --git a/roles/msmtp/meta/main.yaml b/roles/msmtp/meta/main.yaml
@@ -1,3 +1,3 @@
 ---
 dependencies:
-  - {role: mailctl, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
+  - {role: oama, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
diff --git a/roles/mailctl/defaults/main.yml → roles/oama/defaults/main.yml b/roles/mailctl/defaults/main.yml → roles/oama/defaults/main.yml
@@ -2,5 +2,5 @@
 # Create a private app for these
 # Or (not recommended) use the publicly available details from Thunderbird
 # https://hg.mozilla.org/comm-central/file/tip/mailnews/base/src/OAuth2Providers.sys.mjs
-mailctl_google_client_id: ""
-mailctl_google_client_secret: ""
+oama_google_client_id: ""
+oama_google_client_secret: ""
diff --git a/roles/mailctl/tasks/main.yml → roles/oama/tasks/main.yml b/roles/mailctl/tasks/main.yml → roles/oama/tasks/main.yml
@@ -1,16 +1,29 @@
 ---
-# mailctl-bin SEGFAULTs for me locally,
-# installing the static binary from Github works
-- name: Install mailctl
+- name: Remove mailctl-bin
+  become: true
+  become_user: root
+  community.general.pacman:
+    name:
+      - mailctl-bin
+    state: absent
+
+- name: Remove mailctl legacy config files
+  become: true
+  become_user: root
+  ansible.builtin.file:
+    path: ~/.config/mailctl
+    state: absent
+
+- name: Install oama
   become: true
   become_user: aur_builder
   kewlfft.aur.aur:
     state: present
     name:
-      - mailctl-bin
+      - oama-bin
 
 # This probably belongs more in the isync config
-# But we won't really need it anywhere outside the mailctl context
+# But we won't really need it anywhere outside the oama context
 - name: Install XOAUTH2 SASL helper
   become: true
   become_user: aur_builder
@@ -21,15 +34,14 @@
 
 - name: Ensure config directory exists
   ansible.builtin.file:
-    path: ~/.config/mailctl
+    path: ~/.config/oama
     state: directory
     mode: 0755
 
 - name: Template config files
   ansible.builtin.template:
     src: "{{ item }}"
-    dest: ~/.config/mailctl/{{ item }}
+    dest: ~/.config/oama/{{ item }}
     mode: 0600
   loop:
     - config.yaml
-    - services.yaml
diff --git a/roles/oama/templates/config.yaml b/roles/oama/templates/config.yaml
@@ -0,0 +1,13 @@
+---
+encryption:
+  tag: GRING
+
+redirect_port: 8080
+
+services:
+  google:
+    client_id: {{oama_google_client_id}}
+    client_secret: {{oama_google_client_secret}}
+    # Only the first scope is strictly required for email
+    # But for the sake of mail-pim let's add all the scopes we might want
+    auth_scope: https://mail.google.com/ https://www.googleapis.com/auth/carddav https://www.googleapis.com/auth/calendar
diff --git a/roles/vdirsyncer/files/oauth-mailctl.sh → roles/vdirsyncer/files/oauth-oama.sh b/roles/vdirsyncer/files/oauth-mailctl.sh → roles/vdirsyncer/files/oauth-oama.sh
@@ -11,11 +11,11 @@ TOKEN_FILE="$TOKEN_DIR/$MAIL_ADDRESS"
 touch "$TOKEN_FILE"
 chmod 0600 "$TOKEN_FILE"
 
-mailctl access "$MAIL_ADDRESS" > /dev/null
+oama access "$MAIL_ADDRESS" > /dev/null
 
-# Using mailctl access directly will not work
+# Using oama access directly will not work
 # as we need to access the whole JSON here
 # Thus we get it from gnome-keyring in the expanded format
-secret-tool lookup mailctl "$MAIL_ADDRESS" > "$TOKEN_FILE"
+secret-tool lookup oama "$MAIL_ADDRESS" > "$TOKEN_FILE"
 
 echo "$TOKEN_FILE"
diff --git a/roles/vdirsyncer/meta/main.yaml b/roles/vdirsyncer/meta/main.yaml
@@ -1,3 +1,3 @@
 ---
 dependencies:
-  - {role: mailctl, when: 'email_client | dict2items | selectattr("value.google", "defined") | selectattr("value.google", "equalto", true) | list | items2dict'}
+  - {role: oama, when: 'email_client | dict2items | selectattr("value.google", "defined") | selectattr("value.google", "equalto", true) | list | items2dict'}
diff --git a/roles/vdirsyncer/tasks/main.yml b/roles/vdirsyncer/tasks/main.yml
@@ -22,8 +22,8 @@
 
 - name: Copy the oauth wrapper script
   ansible.builtin.copy:
-    src: oauth-mailctl.sh
-    dest: ~/.config/vdirsyncer/oauth-mailctl.sh
+    src: oauth-oama.sh
+    dest: ~/.config/vdirsyncer/oauth-oama.sh
     mode: 0755
 
 - name: Enable the systemd timer

diff --git a/roles/vdirsyncer/templates/config b/roles/vdirsyncer/templates/config
@@ -32,8 +32,8 @@ password.fetch = ["command", {{ item.password_cmd.split() | map('join') | map("t
 {% else %}
 type = "google_contacts"
 
-token_file.fetch = ["command", "~/.config/vdirsyncer/oauth-mailctl.sh", "{{ item.from.email }}"]
-# We provide neither, as the script wrapper takes care of that via mailctl
+token_file.fetch = ["command", "~/.config/vdirsyncer/oauth-oama.sh", "{{ item.from.email }}"]
+# We provide neither, as the script wrapper takes care of that via oama
 client_id = ""
 client_secret = ""
 {% endif %}
@@ -70,8 +70,8 @@ password.fetch = ["command", {{ item.password_cmd.split() | map('join') | map("t
 {% else %}
 type = "google_calendar"
 
-token_file.fetch = ["command", "~/.config/vdirsyncer/oauth-mailctl.sh", "{{ item.from.email }}"]
-# We provide neither, as the script wrapper takes care of that via mailctl
+token_file.fetch = ["command", "~/.config/vdirsyncer/oauth-oama.sh", "{{ item.from.email }}"]
+# We provide neither, as the script wrapper takes care of that via oama
 client_id = ""
 client_secret = ""
 {% endif %}