From 4fccd2dc7a944ac2685ab69c44f4b49fecf4b620 Mon Sep 17 00:00:00 2001
From: dezeroku <contact@dezeroku.com>
Date: Fri, 17 May 2024 20:15:42 +0200
Subject: [PATCH] mailctl: replace with oama

---
 base.yml                                      |  4 +--
 playbooks/mail.yml                            |  2 +-
 roles/imapnotify/meta/main.yaml               |  2 +-
 roles/isync/meta/main.yaml                    |  2 +-
 roles/mailctl/templates/config.yaml           | 15 ----------
 roles/mailctl/templates/services.yaml         | 14 ----------
 roles/msmtp/meta/main.yaml                    |  2 +-
 roles/{mailctl => oama}/defaults/main.yml     |  4 +--
 roles/{mailctl => oama}/tasks/main.yml        | 28 +++++++++++++------
 roles/oama/templates/config.yaml              | 13 +++++++++
 .../files/{oauth-mailctl.sh => oauth-oama.sh} |  6 ++--
 roles/vdirsyncer/meta/main.yaml               |  2 +-
 roles/vdirsyncer/tasks/main.yml               |  4 +--
 roles/vdirsyncer/templates/config             |  8 +++---
 14 files changed, 51 insertions(+), 55 deletions(-)
 delete mode 100644 roles/mailctl/templates/config.yaml
 delete mode 100644 roles/mailctl/templates/services.yaml
 rename roles/{mailctl => oama}/defaults/main.yml (76%)
 rename roles/{mailctl => oama}/tasks/main.yml (58%)
 create mode 100644 roles/oama/templates/config.yaml
 rename roles/vdirsyncer/files/{oauth-mailctl.sh => oauth-oama.sh} (68%)

diff --git a/base.yml b/base.yml
index 64c3ffb..b1ed2e3 100644
--- a/base.yml
+++ b/base.yml
@@ -95,10 +95,10 @@ local_machine:
     #     # drafts_dir: "[Gmail]/Drafts"
     #     # sent_dir: "[Gmail]/Sent Mail"
     #
-    #     # If oauth is set to true, you'll need to run `mailctl authorize <service> <email>`
+    #     # If oauth is set to true, you'll need to run `oama authorize <service> <email>`
     #     # one-time before using the account
     #     # You'll also have to create an OAuth app or use publicly available credentials
-    #     # See configurable variables for the `mailctl` role for more details
+    #     # See configurable variables for the `oama` role for more details
     #     oauth: false
     #     # Set this to true if you are using a GSuite based pim tooling
     #     # It requires non-standard authentication flow
diff --git a/playbooks/mail.yml b/playbooks/mail.yml
index ca6afbe..020ba7d 100644
--- a/playbooks/mail.yml
+++ b/playbooks/mail.yml
@@ -8,7 +8,7 @@
     - {role: imapnotify, tags: ['imapnotify']}
     - {role: isync, tags: ['isync']}
     - {role: msmtp, tags: ['msmtp']}
-    - {role: mailctl, tags: ['mailctl'], when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
+    - {role: oama, tags: ['oama'], when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
   tags:
     - mail
     - never
diff --git a/roles/imapnotify/meta/main.yaml b/roles/imapnotify/meta/main.yaml
index cd2e2e4..f3a6c1a 100644
--- a/roles/imapnotify/meta/main.yaml
+++ b/roles/imapnotify/meta/main.yaml
@@ -1,4 +1,4 @@
 ---
 dependencies:
   - role: isync
-  - {role: mailctl, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
+  - {role: oama, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
diff --git a/roles/isync/meta/main.yaml b/roles/isync/meta/main.yaml
index 20d624a..9cd06be 100644
--- a/roles/isync/meta/main.yaml
+++ b/roles/isync/meta/main.yaml
@@ -1,3 +1,3 @@
 ---
 dependencies:
-  - {role: mailctl, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
+  - {role: oama, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
diff --git a/roles/mailctl/templates/config.yaml b/roles/mailctl/templates/config.yaml
deleted file mode 100644
index fbc2ce5..0000000
--- a/roles/mailctl/templates/config.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-services_file: ~/.config/mailctl/services.yaml
-
-# Store tokens in the GNOME keyring
-ring_store:
-  exec: secret-tool
-  args:
-    - store
-    - --label
-
-ring_lookup:
-  exec: secret-tool
-  args:
-    - lookup
-    - mailctl
diff --git a/roles/mailctl/templates/services.yaml b/roles/mailctl/templates/services.yaml
deleted file mode 100644
index 3c77a47..0000000
--- a/roles/mailctl/templates/services.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-google:
-  auth_endpoint: https://accounts.google.com/o/oauth2/auth
-  auth_http_method: POST
-  auth_params_mode: query-string
-  token_endpoint: https://accounts.google.com/o/oauth2/token
-  token_http_method: POST
-  token_params_mode: both
-  redirect_uri: http://localhost:8080
-  # Only the first scope is strictly required
-  # But for the sake of mail-pim let's add all the scopes we might want
-  auth_scope: https://mail.google.com/ https://www.googleapis.com/auth/carddav https://www.googleapis.com/auth/calendar
-  client_id: {{mailctl_google_client_id}}
-  client_secret: {{mailctl_google_client_secret}}
diff --git a/roles/msmtp/meta/main.yaml b/roles/msmtp/meta/main.yaml
index 20d624a..9cd06be 100644
--- a/roles/msmtp/meta/main.yaml
+++ b/roles/msmtp/meta/main.yaml
@@ -1,3 +1,3 @@
 ---
 dependencies:
-  - {role: mailctl, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
+  - {role: oama, when: 'email_client | dict2items | selectattr("value.oauth", "defined") | selectattr("value.oauth", "equalto", true) | list | items2dict'}
diff --git a/roles/mailctl/defaults/main.yml b/roles/oama/defaults/main.yml
similarity index 76%
rename from roles/mailctl/defaults/main.yml
rename to roles/oama/defaults/main.yml
index 5538bbf..4f0ed1f 100644
--- a/roles/mailctl/defaults/main.yml
+++ b/roles/oama/defaults/main.yml
@@ -2,5 +2,5 @@
 # Create a private app for these
 # Or (not recommended) use the publicly available details from Thunderbird
 # https://hg.mozilla.org/comm-central/file/tip/mailnews/base/src/OAuth2Providers.sys.mjs
-mailctl_google_client_id: ""
-mailctl_google_client_secret: ""
+oama_google_client_id: ""
+oama_google_client_secret: ""
diff --git a/roles/mailctl/tasks/main.yml b/roles/oama/tasks/main.yml
similarity index 58%
rename from roles/mailctl/tasks/main.yml
rename to roles/oama/tasks/main.yml
index 5d06c66..802ebd5 100644
--- a/roles/mailctl/tasks/main.yml
+++ b/roles/oama/tasks/main.yml
@@ -1,16 +1,29 @@
 ---
-# mailctl-bin SEGFAULTs for me locally,
-# installing the static binary from Github works
-- name: Install mailctl
+- name: Remove mailctl-bin
+  become: true
+  become_user: root
+  community.general.pacman:
+    name:
+      - mailctl-bin
+    state: absent
+
+- name: Remove mailctl legacy config files
+  become: true
+  become_user: root
+  ansible.builtin.file:
+    path: ~/.config/mailctl
+    state: absent
+
+- name: Install oama
   become: true
   become_user: aur_builder
   kewlfft.aur.aur:
     state: present
     name:
-      - mailctl-bin
+      - oama-bin
 
 # This probably belongs more in the isync config
-# But we won't really need it anywhere outside the mailctl context
+# But we won't really need it anywhere outside the oama context
 - name: Install XOAUTH2 SASL helper
   become: true
   become_user: aur_builder
@@ -21,15 +34,14 @@
 
 - name: Ensure config directory exists
   ansible.builtin.file:
-    path: ~/.config/mailctl
+    path: ~/.config/oama
     state: directory
     mode: 0755
 
 - name: Template config files
   ansible.builtin.template:
     src: "{{ item }}"
-    dest: ~/.config/mailctl/{{ item }}
+    dest: ~/.config/oama/{{ item }}
     mode: 0600
   loop:
     - config.yaml
-    - services.yaml
diff --git a/roles/oama/templates/config.yaml b/roles/oama/templates/config.yaml
new file mode 100644
index 0000000..96857ae
--- /dev/null
+++ b/roles/oama/templates/config.yaml
@@ -0,0 +1,13 @@
+---
+encryption:
+  tag: GRING
+
+redirect_port: 8080
+
+services:
+  google:
+    client_id: {{oama_google_client_id}}
+    client_secret: {{oama_google_client_secret}}
+    # Only the first scope is strictly required for email
+    # But for the sake of mail-pim let's add all the scopes we might want
+    auth_scope: https://mail.google.com/ https://www.googleapis.com/auth/carddav https://www.googleapis.com/auth/calendar
diff --git a/roles/vdirsyncer/files/oauth-mailctl.sh b/roles/vdirsyncer/files/oauth-oama.sh
similarity index 68%
rename from roles/vdirsyncer/files/oauth-mailctl.sh
rename to roles/vdirsyncer/files/oauth-oama.sh
index 3baaafa..6ca48d9 100755
--- a/roles/vdirsyncer/files/oauth-mailctl.sh
+++ b/roles/vdirsyncer/files/oauth-oama.sh
@@ -11,11 +11,11 @@ TOKEN_FILE="$TOKEN_DIR/$MAIL_ADDRESS"
 touch "$TOKEN_FILE"
 chmod 0600 "$TOKEN_FILE"
 
-mailctl access "$MAIL_ADDRESS" > /dev/null
+oama access "$MAIL_ADDRESS" > /dev/null
 
-# Using mailctl access directly will not work
+# Using oama access directly will not work
 # as we need to access the whole JSON here
 # Thus we get it from gnome-keyring in the expanded format
-secret-tool lookup mailctl "$MAIL_ADDRESS" > "$TOKEN_FILE"
+secret-tool lookup oama "$MAIL_ADDRESS" > "$TOKEN_FILE"
 
 echo "$TOKEN_FILE"
diff --git a/roles/vdirsyncer/meta/main.yaml b/roles/vdirsyncer/meta/main.yaml
index 27a127c..51473a4 100644
--- a/roles/vdirsyncer/meta/main.yaml
+++ b/roles/vdirsyncer/meta/main.yaml
@@ -1,3 +1,3 @@
 ---
 dependencies:
-  - {role: mailctl, when: 'email_client | dict2items | selectattr("value.google", "defined") | selectattr("value.google", "equalto", true) | list | items2dict'}
+  - {role: oama, when: 'email_client | dict2items | selectattr("value.google", "defined") | selectattr("value.google", "equalto", true) | list | items2dict'}
diff --git a/roles/vdirsyncer/tasks/main.yml b/roles/vdirsyncer/tasks/main.yml
index 5bea800..1691f4a 100644
--- a/roles/vdirsyncer/tasks/main.yml
+++ b/roles/vdirsyncer/tasks/main.yml
@@ -22,8 +22,8 @@
 
 - name: Copy the oauth wrapper script
   ansible.builtin.copy:
-    src: oauth-mailctl.sh
-    dest: ~/.config/vdirsyncer/oauth-mailctl.sh
+    src: oauth-oama.sh
+    dest: ~/.config/vdirsyncer/oauth-oama.sh
     mode: 0755
 
 - name: Enable the systemd timer
diff --git a/roles/vdirsyncer/templates/config b/roles/vdirsyncer/templates/config
index 564a1d0..bfb2173 100644
--- a/roles/vdirsyncer/templates/config
+++ b/roles/vdirsyncer/templates/config
@@ -32,8 +32,8 @@ password.fetch = ["command", {{ item.password_cmd.split() | map('join') | map("t
 {% else %}
 type = "google_contacts"
 
-token_file.fetch = ["command", "~/.config/vdirsyncer/oauth-mailctl.sh", "{{ item.from.email }}"]
-# We provide neither, as the script wrapper takes care of that via mailctl
+token_file.fetch = ["command", "~/.config/vdirsyncer/oauth-oama.sh", "{{ item.from.email }}"]
+# We provide neither, as the script wrapper takes care of that via oama
 client_id = ""
 client_secret = ""
 {% endif %}
@@ -70,8 +70,8 @@ password.fetch = ["command", {{ item.password_cmd.split() | map('join') | map("t
 {% else %}
 type = "google_calendar"
 
-token_file.fetch = ["command", "~/.config/vdirsyncer/oauth-mailctl.sh", "{{ item.from.email }}"]
-# We provide neither, as the script wrapper takes care of that via mailctl
+token_file.fetch = ["command", "~/.config/vdirsyncer/oauth-oama.sh", "{{ item.from.email }}"]
+# We provide neither, as the script wrapper takes care of that via oama
 client_id = ""
 client_secret = ""
 {% endif %}