Add mu4e mail provisioning with vault-backed iCloud secret

2026-05-30 23:49:56 +00:00 · 2026-03-17 22:12:05 +01:00
parent 1b463e1cb2
commit 576999d864
8 changed files with 57 additions and 0 deletions
--- a/ansible/inventory/group_vars/desktop.yml
+++ b/ansible/inventory/group_vars/desktop.yml
@@ -29,6 +29,10 @@ profile_packages:
  - network-manager-applet
  - chromium
  - emacs-gtk3
+  - mu4e
+  - isync
+  - msmtp
+  - libsecret
  - libtool
  - libvterm-devel
  - cmake
@@ -120,6 +124,14 @@ desktop_dotfiles:
    src: .themes.gitignore
    dest: .themes.gitignore
    mode: "0644"
+  - name: .mbsyncrc
+    src: .mbsyncrc
+    dest: .mbsyncrc
+    mode: "0600"
+  - name: .msmtprc
+    src: .msmtprc
+    dest: .msmtprc
+    mode: "0600"
  - name: Emacs config
    src: .emacs.d/
    dest: .emacs.d/
--- a/ansible/roles/profile_desktop_i3/tasks/main.yml
+++ b/ansible/roles/profile_desktop_i3/tasks/main.yml
@@ -63,6 +63,15 @@
    group: "{{ user_group }}"
    mode: "0600"

+- name: Store iCloud mail password in GNOME Keyring
+  ansible.builtin.command:
+    cmd: secret-tool store --label="iCloud Mail" icloud-mail icloud
+    stdin: "{{ vault_icloud_mail_password }}"
+    stdin_add_newline: false
+  become: false
+  no_log: true
+  when: (vault_icloud_mail_password | default('')) | length > 0
+
 - name: Ensure local source directory exists
  ansible.builtin.file:
    path: "{{ user_home }}/.local/src"
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -7,6 +7,11 @@

 - hosts: void
  become: true
+  pre_tasks:
+    - name: Load local vault variables when available
+      ansible.builtin.include_vars:
+        file: "{{ playbook_dir }}/../secrets/vault.yml"
+      when: lookup('ansible.builtin.fileglob', playbook_dir + '/../secrets/vault.yml', errors='ignore') != ''

  roles:
    - packages_void