nix-community · ncfavier · Jul 14, 2023 · Jul 4, 2023 · Jul 8, 2023
diff --git a/modules/programs/aerc-accounts.nix b/modules/programs/aerc-accounts.nix
@@ -53,9 +53,9 @@ in {
           example =
             literalExpression ''{ source = "maildir://~/Maildir/example"; }'';
           description = ''
-            Extra config added to the configuration of this account in
+            Extra config added to the configuration section for this account in
             <filename>$HOME/.config/aerc/accounts.conf</filename>.
-            See aerc-config(5).
+            See <citerefentry><refentrytitle>aerc-accounts</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
           '';
         };
 
@@ -66,18 +66,20 @@ in {
             ''{ messages = { d = ":move ''${folder.trash}<Enter>"; }; }'';
           description = ''
             Extra bindings specific to this account, added to
-            <filename>$HOME/.config/aerc/accounts.conf</filename>.
-            See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+            <filename>$HOME/.config/aerc/binds.conf</filename>.
+            See <citerefentry><refentrytitle>aerc-binds</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
           '';
         };
 
         extraConfig = mkOption {
           type = confSections;
           default = { };
-          example = literalExpression "{ ui = { sidebar-width = 42; }; }";
+          example = literalExpression "{ ui = { sidebar-width = 25; }; }";
           description = ''
-            Extra config specific to this account, added to
-            <filename>$HOME/.config/aerc/aerc.conf</filename>.
+            Config specific to this account, added to <filename>$HOME/.config/aerc/aerc.conf</filename>.
+            Aerc only supports per-account UI configuration.
+            For other sections of <filename>$HOME/.config/aerc/aerc.conf</filename>,
+            use <literal>programs.aerc.extraConfig</literal>.
             See <citerefentry><refentrytitle>aerc-config</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
           '';
         };

diff --git a/modules/programs/aerc.nix b/modules/programs/aerc.nix
@@ -8,7 +8,7 @@ let
     ((type: either type (listOf type)) (nullOr (oneOf [ str int bool float ])))
     // {
       description =
-        "values (null, bool, int, string of float) or a list of values, that will be joined with a comma";
+        "values (null, bool, int, string, or float) or a list of values, that will be joined with a comma";
     };
 
   confSection = types.attrsOf primitive;
@@ -162,16 +162,28 @@ in {
   in mkIf cfg.enable {
     warnings = if genAccountsConf
     && (cfg.extraConfig.general.unsafe-accounts-conf or false) == false then [''
-      aerc: An email account was configured, but `extraConfig.general.unsafe-accounts-conf` is set to false or unset.
-      This will prevent aerc from starting, see `unsafe-accounts-conf` in the man page aerc-config(5), which states:
+      aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
+      This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
       > By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
       > Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
-      These file permissions are not possible with home-manger, since the generated file is stored in the nix-store with read-only access for all users (0444).
-      If `passwordCommand` is properly set, no credentials will be stored in the nix store.
-      Therefore, consider setting the option `extraConfig.general.unsafe-accounts-conf` to true.
+      These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
+      Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
+      This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
     ''] else
       [ ];
 
+    assertions = [{
+      assertion = let
+        extraConfigSections = (unique (flatten
+          (mapAttrsToList (_: v: attrNames v.aerc.extraConfig) aerc-accounts)));
+      in extraConfigSections == [ ] || extraConfigSections == [ "ui" ];
+      message = ''
+        Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
+        Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
+        configuration to programs.aerc.extraConfig.
+      '';
+    }];
+
     home.packages = [ cfg.package ];
 
     xdg.configFile = {

diff --git a/tests/modules/programs/aerc/assertion.nix b/tests/modules/programs/aerc/assertion.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  config = {
+    test.asserts.assertions.expected = [''
+      Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
+      Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
+      configuration to programs.aerc.extraConfig.
+    ''];
+    test.asserts.warnings.expected = [''
+      aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
+      This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
+      > By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
+      > Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
+      These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
+      Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
+      This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
+    ''];
+
+    test.stubs.aerc = { };
+
+    programs.aerc = {
+      enable = true;
+      extraAccounts = {
+        Test1 = {
+          source = "maildir:///dev/null";
+          enable-folders-sort = true;
+          folders = [ "INBOX" "SENT" "JUNK" ];
+        };
+      };
+      extraConfig.general = {
+        # unsafe-accounts-conf = true;
+        pgp-provider = "gpg";
+      };
+    };
+
+    accounts.email.accounts.Test2 = {
+      address = "addr@mail.invalid";
+      userName = "addr@mail.invalid";
+      realName = "Foo Bar";
+      primary = true;
+      imap.host = "imap.host.invalid";
+      passwordCommand = "echo PaSsWorD!";
+      aerc = {
+        enable = true;
+        extraConfig.general.pgp-provider = "internal";
+      };
+    };
+  };
+}
diff --git a/tests/modules/programs/aerc/default.nix b/tests/modules/programs/aerc/default.nix
@@ -1,4 +1,5 @@
 {
   aerc-noSettings = ./noSettings.nix;
   aerc-settings = ./settings.nix;
+  aerc-assertion = ./assertion.nix;
 }