From 4ad9050c2486ea0700238e3e60051785a8401619 Mon Sep 17 00:00:00 2001
From: Frederik Schwan <frederik.schwan@linux.com>
Date: Wed, 23 Dec 2020 03:02:09 +0100
Subject: [PATCH] use fetchmail to deliver mail to patchwork

---
 .../misc}                                           |  2 ++
 .../patchwork.archlinux.org/vault_patchwork.yml     |  1 +
 playbooks/patchwork.archlinux.org.yml               |  1 +
 roles/fetchmail/handlers/main.yml                   |  4 ++++
 roles/fetchmail/tasks/main.yml                      | 12 ++++++++++++
 roles/fetchmail/templates/fetchmailrc.j2            | 13 +++++++++++++
 6 files changed, 33 insertions(+)
 rename host_vars/{patchwork.archlinux.org => patchwork.archlinux.org/misc} (53%)
 create mode 100644 host_vars/patchwork.archlinux.org/vault_patchwork.yml
 create mode 100644 roles/fetchmail/handlers/main.yml
 create mode 100644 roles/fetchmail/tasks/main.yml
 create mode 100644 roles/fetchmail/templates/fetchmailrc.j2

diff --git a/host_vars/patchwork.archlinux.org b/host_vars/patchwork.archlinux.org/misc
similarity index 53%
rename from host_vars/patchwork.archlinux.org
rename to host_vars/patchwork.archlinux.org/misc
index 2cbc6b51..74eb2a1d 100644
--- a/host_vars/patchwork.archlinux.org
+++ b/host_vars/patchwork.archlinux.org/misc
@@ -1,6 +1,8 @@
 ---
 filesystem: btrfs
 memcached_socket: "/var/run/patchwork.sock"
+fetchmail_user: "patchwork@archlinux.org"
+fetchmail_delivery_cmd: "/usr/local/bin/patchwork-parsemail-wrapper.sh"
 
 fail2ban_jails:
   sshd: true
diff --git a/host_vars/patchwork.archlinux.org/vault_patchwork.yml b/host_vars/patchwork.archlinux.org/vault_patchwork.yml
new file mode 100644
index 00000000..6abd9679
--- /dev/null
+++ b/host_vars/patchwork.archlinux.org/vault_patchwork.yml
@@ -0,0 +1 @@
+fetchmail_pass: none
diff --git a/playbooks/patchwork.archlinux.org.yml b/playbooks/patchwork.archlinux.org.yml
index 5424be67..d9bd76b9 100644
--- a/playbooks/patchwork.archlinux.org.yml
+++ b/playbooks/patchwork.archlinux.org.yml
@@ -12,6 +12,7 @@
     - { role: certbot }
     - { role: nginx }
     - { role: postfix, postfix_relayhost: "mail.archlinux.org"  }
+    - { role: fetchmail }
     - { role: postgres }
     - { role: sudo }
     - { role: uwsgi }
diff --git a/roles/fetchmail/handlers/main.yml b/roles/fetchmail/handlers/main.yml
new file mode 100644
index 00000000..e078510c
--- /dev/null
+++ b/roles/fetchmail/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart fetchmail
+  service: name=fetchmail state=restarted
diff --git a/roles/fetchmail/tasks/main.yml b/roles/fetchmail/tasks/main.yml
new file mode 100644
index 00000000..f0422efc
--- /dev/null
+++ b/roles/fetchmail/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+
+- name: install fetchmail
+  pacman: name=fetchmail state=present
+
+- name: template fetchmail config
+  template: src=fetchmailrc.j2 dest=/etc/fetchmailrc owner=fetchmail group=nobody mode=600
+  notify:
+    - restart fetchmail
+
+- name: start and enable fetchmail
+  service: name=fetchmail enabled=yes state=started
diff --git a/roles/fetchmail/templates/fetchmailrc.j2 b/roles/fetchmail/templates/fetchmailrc.j2
new file mode 100644
index 00000000..3212fe8c
--- /dev/null
+++ b/roles/fetchmail/templates/fetchmailrc.j2
@@ -0,0 +1,13 @@
+set postmaster "postmaster@archlinux.org"
+set bouncemail
+set no spambounce
+set daemon 10
+set syslog
+
+poll mail.archlinux.org
+bad-header accept
+proto imap
+user {{ fetchmail_user }}
+password {{ fetchmail_pass }}
+options idle sslcertck ssl sslproto "TLS1.2+" limitflush limit 25000000 fetchall
+mda "{{ fetchmail_delivery_cmd }}"