From 9cfc423a3852e17085b4a0451fef1b781476b8f6 Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 2 Mar 2025 03:41:42 +0100 Subject: [PATCH] add ai mailer --- hosts/fw/channel | 2 +- hosts/fw/configuration.nix | 5 +- hosts/fw/modules/ai-mailer.nix | 100 +++++++++++++++++++++++++++++++++ hosts/fw/modules/ddclient.nix | 2 +- hosts/fw/modules/dhcp4.nix | 6 ++ hosts/fw/modules/gitea.nix | 1 + hosts/fw/secrets.yaml | 8 ++- utils/overlays/packages.nix | 1 + utils/pkgs/ai-mailer.nix | 25 +++++++++ 9 files changed, 144 insertions(+), 6 deletions(-) create mode 100644 hosts/fw/modules/ai-mailer.nix create mode 100644 utils/pkgs/ai-mailer.nix diff --git a/hosts/fw/channel b/hosts/fw/channel index 425c774..ced117e 100644 --- a/hosts/fw/channel +++ b/hosts/fw/channel @@ -1 +1 @@ -https://channels.nixos.org/nixos-24.05 +https://channels.nixos.org/nixos-24.11 diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix index e8d5ebe..59496ef 100644 --- a/hosts/fw/configuration.nix +++ b/hosts/fw/configuration.nix @@ -29,7 +29,9 @@ # microvm ./modules/microvm.nix ./modules/gitea-vm.nix - ./modules/vscode-server.nix # Add VS Code Server microvm + # ./modules/vscode-server.nix # Add VS Code Server microvm + + ./modules/ai-mailer.nix # web ./modules/web @@ -74,6 +76,7 @@ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "mongodb" + "ai-mailer" ]; time.timeZone = "Europe/Vienna"; diff --git a/hosts/fw/modules/ai-mailer.nix b/hosts/fw/modules/ai-mailer.nix new file mode 100644 index 0000000..e493e33 --- /dev/null +++ b/hosts/fw/modules/ai-mailer.nix @@ -0,0 +1,100 @@ +{ config, pkgs, ... }: + +{ + users.users.ai-mailer = { + isSystemUser = true; + group = "ai-mailer"; + home = "/var/lib/ai-mailer"; + createHome = true; + description = "AI Mailer service user"; + }; + users.groups.ai-mailer = { }; + + environment.etc."ai-mailer/config.yaml" = { + mode = "0400"; + user = "ai-mailer"; + group = "ai-mailer"; + text = '' + imap: + server: "imap.cloonar.com" + port: 993 + username: "paraclub-test@cloonar.com" + password: "file://${config.sops.secrets.ai-mailer-imap-password.path}" + mailbox_in: "INBOX" + draft_box: "Drafts" + processed_box: "INBOX/Done" + use_tls: true + + ai: + openrouter_api_key: "file://${config.sops.secrets.ai-mailer-openrouter-key.path}" + model: "deepseek/deepseek-r1-distill-llama-70b" + temperature: 0.3 + max_tokens: 100000 + + context: + urls: + - "https://paraclub.cloonar.dev/de/" + - "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/alle-infos/" + - "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/kosten-tandemsprung/" + - "https://paraclub.cloonar.dev/de/ueber-uns/anfahrt/" + - "https://paraclub.cloonar.dev/de/tandemfallschirmspringen/faq/" + - "https://paraclub.cloonar.dev/de/ausbildung/uebersicht/" + - "https://paraclub.cloonar.dev/de/ausbildung/aff-ablauf/" + - "https://paraclub.cloonar.dev/de/ausbildung/kurstermine/" + - "https://paraclub.cloonar.dev/de/ausbildung/anmeldung/" + - "https://paraclub.cloonar.dev/de/ausbildung/kosten/" + + polling: + interval: "30s" + + logging: + level: "info" + file_path: "/var/log/ai-mailer.log" + ''; + }; + + sops.secrets.ai-mailer-imap-password = { + owner = "ai-mailer"; + }; + + sops.secrets.ai-mailer-openrouter-key = { + owner = "ai-mailer"; + }; + + systemd.services.ai-mailer = { + description = "AI Mail Assistant Service"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + User = "ai-mailer"; + Group = "ai-mailer"; + WorkingDirectory = "/var/lib/ai-mailer"; + ExecStart = "${pkgs.ai-mailer}/bin/paraclub-ai-mailer -config /etc/ai-mailer/config.yaml"; + Restart = "always"; + RestartSec = "10s"; + StateDirectory = "ai-mailer"; + LogsDirectory = "ai-mailer"; + RuntimeDirectory = "ai-mailer"; + + # Security settings + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + CapabilityBoundingSet = ""; + }; + }; +} diff --git a/hosts/fw/modules/ddclient.nix b/hosts/fw/modules/ddclient.nix index eb381de..d57c823 100644 --- a/hosts/fw/modules/ddclient.nix +++ b/hosts/fw/modules/ddclient.nix @@ -2,7 +2,7 @@ { services.ddclient = { enable = true; - use = "if, if=wan"; + usev4 = "if, if=wan"; protocol = "hetzner"; # server = "https://dns.hetzner.com/api/v1/"; username = "dominik.polakovics@cloonar.com"; diff --git a/hosts/fw/modules/dhcp4.nix b/hosts/fw/modules/dhcp4.nix index 01f6515..8e2ec85 100644 --- a/hosts/fw/modules/dhcp4.nix +++ b/hosts/fw/modules/dhcp4.nix @@ -22,6 +22,7 @@ renew-timer = 1000; subnet4 = [ { + id = 96; pools = [ { pool = "${config.networkPrefix}.96.100 - ${config.networkPrefix}.96.240"; @@ -67,6 +68,7 @@ } { + id = 97; pools = [ { pool = "${config.networkPrefix}.97.100 - ${config.networkPrefix}.97.240"; @@ -122,6 +124,7 @@ ]; } { + id = 101; pools = [ { pool = "${config.networkPrefix}.101.100 - ${config.networkPrefix}.101.240"; @@ -152,6 +155,7 @@ ]; } { + id = 99; pools = [ { pool = "${config.networkPrefix}.99.100 - ${config.networkPrefix}.99.240"; @@ -212,6 +216,7 @@ ]; } { + id = 254; pools = [ { pool = "${config.networkPrefix}.254.10 - ${config.networkPrefix}.254.254"; @@ -231,6 +236,7 @@ ]; } { + id = 100; pools = [ { pool = "${config.networkPrefix}.100.100 - ${config.networkPrefix}.100.240"; diff --git a/hosts/fw/modules/gitea.nix b/hosts/fw/modules/gitea.nix index 6a5a4a7..2454521 100644 --- a/hosts/fw/modules/gitea.nix +++ b/hosts/fw/modules/gitea.nix @@ -97,6 +97,7 @@ in ALLOW_ONLY_EXTERNAL_REGISTRATION = true; SHOW_REGISTRATION_BUTTON = false; ENABLE_NOTIFY_MAIL = true; + REQUIRE_SIGNIN_VIEW = false; }; mailer = { ENABLED = true; diff --git a/hosts/fw/secrets.yaml b/hosts/fw/secrets.yaml index 9c0f73d..9f5a619 100644 --- a/hosts/fw/secrets.yaml +++ b/hosts/fw/secrets.yaml @@ -7,6 +7,8 @@ wg_epicenter_works_key: ENC[AES256_GCM,data:LeLjfwfaz+loWyHYRgIMIPzHzlOnhl9tluKc wg_epicenter_works_psk: ENC[AES256_GCM,data:Den3NDWdP013Or6/2Vll1igUahuRSNW4hu+nDa5vkr93bbveQTaWFT4TD4U=,iv:r3UsD3+3lUIP2X3Grti7wpXTQBXtu1/MdrycEmpZfsI=,tag:ghbAcxmjGVOe9jCZsmFzjA==,type:str] wg_ghetto_at_key: ENC[AES256_GCM,data:OIHmoy3SpIi9aefZnZ1PzpyHbEso18ceoTULf2eQkx1rJbaxC6PD1lma7eQ=,iv:u0eFjHHOBzPTmBvBEQsYY5flcBayiAQKd6e7RyiPwJI=,tag:731C9wvv8bA5fuuQq+weVQ==,type:str] gitea-mailer-password: ENC[AES256_GCM,data:M4qCWNt1oQVJzxThIjocm2frwuVMyx+69TBpke25RwxJxEQnvHL1CM579OVroTm7+gGE/oOJqAwDIepfiDtyM1xm,iv:jayFZMbu3uDimS/rIKZSeoU0MsYwWp880iEMs1oQE4k=,tag:qGDncRkyuCWaELhcxUrqtQ==,type:str] +ai-mailer-imap-password: ENC[AES256_GCM,data:T3V9hS24fwzj1Lx2Za508fYiw8r/GmEDAaX1tGSGQCgcVfxnQ6kfncoGPEU0CGL6Vw==,iv:Z/5LxQpcWwu7U11wtXYlQ/papepm5tzgMhE2heFE7to=,tag:EESXRY7WXpus2q/vd19vbw==,type:str] +ai-mailer-openrouter-key: ENC[AES256_GCM,data:PCe8kt/M+7g087AKzYMY2H5WO4L+NGkHLsh47fMK36kz+Ju5kd/kpmM4GQcDbI3LgWm/P+T0/mv7kGGOL6KLmBFaFmGV/88cGw==,iv:ruVftGvnv+PX1Zd92tfOezpyaMbYrqCrexelyPUYFMc=,tag:z4JVUCfz/frehar6y+fOlQ==,type:str] gitea-runner: ENC[AES256_GCM,data:NYG3qRLiMjmfA+oHYBXBbxpuX2ZjB/VgvLaS7yr5kJeDN/NukB/B3OZcEfsUWgbBS5IsLENESngWTFmK4W3htN4lSqdg/g4UsUr20beNov+pbyPN05rkBYmSCZZFwZ1L9POEE4GF4LuuoNpDlWIw0mrA8oV8MoI4W5QS2IGranBTIQQaYXU5TEGYa4XMVo4oC75iuH6DIq1KD6OgFAfMhm/wlbP8CP/Iaw2K8CNPxktk93pm3OSmggf22Z4JPEnvV25sc9iBkxLkDk9FXYFys0g=,iv:UzL5ncVOC/loJwcFSG1QJHnzLp3il4Hf3qDwLWxrIlo=,tag:w0Zn/E+02KyAsPXZdOLrew==,type:str] gitea-runner-token: ENC[AES256_GCM,data:HpBjLS10w78ihbnAUrlCRGvwrXLBYKH5v/P7XggoUSWLoAazSVQArABxaK7PJas=,iv:q3Y6jV0gmug06O0EYqGVyIJ4AvMGr2ydwY17YKxo0Qw=,tag:Ws5HLbdaeYGGXzDZW/FX4w==,type:str] home-assistant-ldap: ENC[AES256_GCM,data:uZEPbSnkgQYSd8ev6FD8TRHWWr+vusadtMcvP7KKL2AZAV0h1hga5fODN6I5u0DNL9hq2pNM+FwU0E/svWLRww==,iv:IhmUgSu34NaAY+kUZehx40uymydUYYAyte1aGqQ33/8=,tag:BKFCJPr7Vz4EG78ry/ZD7g==,type:str] @@ -57,8 +59,8 @@ sops: WXJpUUxadERyYUExRFMzNzBXaUVET3cKG9ZwWy5YvTr/BAw/i+ZJos5trwRvaW5j eV/SHiEteZZtCuCVFAp3iolE/mJyu97nA2yFwWaLN86h+/xkOJsdqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-20T21:39:00Z" - mac: ENC[AES256_GCM,data:JCFvFwSqnAQCOB76n5pfQsdsaod8bBiVZ2VY+WWBDWi84gQByhqy808E2ZZJSJ1/amUi8dNBeOPNWZIGdieuWJyatrqjWziAl7gXx5u35i77sS6hAD+G/Fc/elgRbjc0VIbplZ7UxBmwo3vkVpI4RqQiQv63MvKHI+TkoY8vFUM=,iv:uy50x8FqqDW7hCLZeHfhFB/dxa3N6kM2Vj9waAZJngg=,tag:Wt1FG0kW4VFZ2fvvAC0T4A==,type:str] + lastmodified: "2025-03-01T22:14:10Z" + mac: ENC[AES256_GCM,data:UWwjvi8jLNgu4l7ldMYtkAATm3y5+BSxbCuPN/e1OC4/3ULYJndqFLfTOMpqQbj2+uHo3onelK4f0MAJuSH0oUx58CclkNBBLE0RXafxbowa7kJtTNDfTboJNqH7rFmhGhqCtHAOOpKBuowqoOUHP5BtzZfucra0Q/pIJt5lma0=,iv:iJEW/mTbizioPSN8G+WqHSipx8P6VCDrVG/Cmk+MBUc=,tag:L4OkeKec5AZdCrpUrnqcOA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.4 diff --git a/utils/overlays/packages.nix b/utils/overlays/packages.nix index 74797e0..2a52adb 100644 --- a/utils/overlays/packages.nix +++ b/utils/overlays/packages.nix @@ -3,6 +3,7 @@ self: super: { ykfde = (super.callPackage ../pkgs/ykfde { }); creality-print = (super.callPackage ../pkgs/creality-print.nix { }); openaudible = (super.callPackage ../pkgs/openaudible.nix { }); + ai-mailer = self.callPackage ../pkgs/ai-mailer.nix { }; # vscode-insiders = (super.callPackage ../pkgs/vscode-insiders.nix { }); } diff --git a/utils/pkgs/ai-mailer.nix b/utils/pkgs/ai-mailer.nix new file mode 100644 index 0000000..8523f15 --- /dev/null +++ b/utils/pkgs/ai-mailer.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchgit }: + +buildGoModule rec { + pname = "ai-mailer"; + version = "0.1.0"; + + src = fetchgit { + url = "https://git.cloonar.com/Paraclub/ai-mailer.git"; + rev = "be9f2fea8fb37182ca983061c40e30eecb48286b"; + sha256 = "sha256-Df1ioHnlhALaliPW2/x1PhR7od/I/RqU8o8YpoI5jiY="; + }; + + vendorHash = "sha256-h4RaB891GXAkgObZHYil6BOvbYp6yJSRxRj40Fhchmw="; + + preBuild = '' + sed -i 's/go 1.23.5/go 1.22/' go.mod + ''; + + meta = with lib; { + description = "AI Mail Assistant Service"; + homepage = "https://git.cloonar.com/Paraclub/ai-mailer"; + license = licenses.unfree; # Adjust based on your project's license + maintainers = [ ]; + }; +}