Enable XOAUTH2 authentication for ExOL accounts

4 files changed, 17 insertions, 6 deletions

diff --git a/.gitmodules b/.gitmodules
index 55ea75d8..1888ab79 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -22,3 +22,6 @@
 [submodule "catppuccin/kde"]
 	path = catppuccin/kde
 	url = https://github.com/catppuccin/kde
+[submodule "neomutt"]
+	path = neomutt
+	url = https://github.com/neomutt/neomutt
diff --git a/home-configuration.scm b/home-configuration.scm
index 4638f0cf..1fdad1e0 100644
--- a/home-configuration.scm
+++ b/home-configuration.scm
@@ -461,6 +461,10 @@ replacement spec (to which `regexp-substitute/global' is applied)."
    (simple-service
     'terminal-files home-files-service-type
     `((".mailcap" ,(local-file "mailcap"))
+      ;; The file from git main is newer than the one bundled with the
+      ;; packaged neomutt version and contains a few fixes.
+      (".local/bin/mutt_oauth2.py"
+       ,(local-file "neomutt/contrib/oauth2/mutt_oauth2.py" #:recursive? #t))
       ;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config,
       ;; so we can't use `home-xdg-configuration-files-service-type'.
       (".local/share/gnupg/gpg.conf" ,(local-file "gpg.conf"))
diff --git a/muttrc b/muttrc
index f0419b72..e17a467a 100644
--- a/muttrc
+++ b/muttrc
@@ -70,6 +70,7 @@ auto_view text/html image/jpeg image/png
 set allow_ansi
 
 set my_mythic = "imaps://oncilla.mythic-beasts.com/"
+account-hook "$my_mythic" 'unmailboxes *'
 account-hook "$my_mythic" 'set folder = "$my_mythic"'
 account-hook "$my_mythic" 'set smtp_url = "smtps://smtp-auth.mythic-beasts.com"'
 account-hook "$my_mythic" 'set imap_user = "timo@twilken.net"'
@@ -83,6 +84,7 @@ account-hook "$my_mythic" 'set from = "$imap_user"'
 account-hook "$my_mythic" 'reset ssl_use_tlsv1 ssl_use_tlsv1_1 smtp_authenticators imap_authenticators imap_oauth_refresh_command'
 
 set my_cern = "imaps://imap.cern.ch/"
+account-hook "$my_cern" 'unmailboxes *'
 account-hook "$my_cern" 'set folder = "$my_cern"'
 account-hook "$my_cern" 'set smtp_url = "smtp://smtp.cern.ch:587"'   # we need to rely on STARTTLS
 account-hook "$my_cern" 'set imap_user = "twilken"'
@@ -90,6 +92,7 @@ account-hook "$my_cern" 'set smtp_user = "twilken"'
 account-hook "$my_cern" 'set imap_pass = `pass cern/sso | head -1`'
 account-hook "$my_cern" 'set smtp_pass = `pass cern/sso | head -1`'
 account-hook "$my_cern" 'set smtp_authenticators = "login"'   # only LOGIN supported, not even PLAIN
+account-hook "$my_cern" "alternates '^timo\.wilken@cern\.ch$' '^twilken@cern\.ch$'"
 account-hook "$my_cern" 'set spool_file = +INBOX'
 account-hook "$my_cern" 'set postponed = +Drafts'
 account-hook "$my_cern" 'set record = "+Sent Items"'
@@ -98,6 +101,7 @@ account-hook "$my_cern" 'set ssl_use_tlsv1 ssl_use_tlsv1_1'   # imap.cern.ch nee
 account-hook "$my_cern" 'reset imap_authenticators imap_oauth_refresh_command'
 
 set my_gmail = "imaps://imap.gmail.com/"
+account-hook "$my_gmail" 'unmailboxes *'
 account-hook "$my_gmail" 'set folder = "$my_gmail"'
 account-hook "$my_gmail" 'set smtp_url = "smtps://smtp.gmail.com"'
 account-hook "$my_gmail" 'set imap_user = "timo.21.wilken@gmail.com"'
@@ -113,6 +117,7 @@ account-hook "$my_gmail" 'reset ssl_use_tlsv1 ssl_use_tlsv1_1 smtp_authenticator
 # ExOl needs OAUTH now!
 # https://neomutt.org/guide/optionalfeatures.html#oauth
 set my_cantab = "imaps://tw466@cantab.ac.uk@outlook.office365.com/"
+account-hook "$my_cantab" 'unmailboxes *'
 account-hook "$my_cantab" 'set folder = "$my_cantab"'
 account-hook "$my_cantab" 'set smtp_url = "smtp://smtp-mail.outlook.com:587"'
 account-hook "$my_cantab" 'set imap_user = "tw466@cantab.ac.uk"'
@@ -124,11 +129,11 @@ account-hook "$my_cantab" 'set postponed = +Drafts'
 account-hook "$my_cantab" 'set record = +Sent'
 account-hook "$my_cantab" 'set from = "$imap_user"'
 account-hook "$my_cantab" 'reset ssl_use_tlsv1 ssl_use_tlsv1_1 smtp_authenticators'
-account-hook "$my_cantab" 'set imap_authenticators = "oauthbearer:xoauth2"'
-# TODO: replace YOUR_GPG_IDENTITY string in mutt_oauth2.py.
-account-hook "$my_cantab" 'set imap_oauth_refresh_command = "python3 ~/.guix-home/profile/share/doc/neomutt/oauth2/mutt_oauth2.py ~/.local/share/neomutt/cantab.gpg"'
+account-hook "$my_cantab" 'set imap_authenticators = "xoauth2"'
+account-hook "$my_cantab" 'set imap_oauth_refresh_command = "mutt_oauth2.py --encryption-pipe=\"gpg --encrypt --recipient timo@twilken.net\" $XDG_DATA_HOME/neomutt/cantab.gpg"'
 
 set my_outlook = "imaps://timo_wilken@live.co.uk@outlook.office365.com/"
+account-hook "$my_outlook" 'unmailboxes *'
 account-hook "$my_outlook" 'set folder = "$my_outlook"'
 account-hook "$my_outlook" 'set smtp_url = "smtp://smtp-mail.outlook.com:587"'
 account-hook "$my_outlook" 'set imap_user = "timo_wilken@live.co.uk"'
@@ -140,9 +145,8 @@ account-hook "$my_outlook" 'set postponed = +Drafts'
 account-hook "$my_outlook" 'set record = +Sent'
 account-hook "$my_outlook" 'set from = "$imap_user"'
 account-hook "$my_outlook" 'reset ssl_use_tlsv1 ssl_use_tlsv1_1 smtp_authenticators'
-account-hook "$my_cantab" 'set imap_authenticators = "oauthbearer:xoauth2"'
-# TODO: replace YOUR_GPG_IDENTITY string in mutt_oauth2.py.
-account-hook "$my_cantab" 'set imap_oauth_refresh_command = "python3 ~/.guix-home/profile/share/doc/neomutt/oauth2/mutt_oauth2.py ~/.local/share/neomutt/outlook.gpg"'
+account-hook "$my_outlook" 'set imap_authenticators = "xoauth2"'
+account-hook "$my_outlook" 'set imap_oauth_refresh_command = "mutt_oauth2.py --encryption-pipe=\"gpg --encrypt --recipient timo@twilken.net\" $XDG_DATA_HOME/neomutt/outlook.gpg"'
 
 macro index,pager gm "<sync-mailbox><enter-command>set folder=$my_mythic<enter><change-folder>+INBOX<enter>" "Switch to Mythic Beasts account"
 macro index,pager gG "<sync-mailbox><enter-command>set folder=$my_gmail<enter><change-folder>+INBOX<enter>" "Switch to Gmail account"
diff --git a/neomutt b/neomutt
new file mode 160000
+Subproject 34816020295ace8f4b94a4da4c89367354457f4