From f3dc2a905e4328d6fc16aa15d091ec65edcfc120 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Sat, 9 May 2026 10:21:36 -0500 Subject: feat: add post-install cmail Bridge setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bridge first-run is interactive, so I put the cmail wiring in a post-install helper rather than running it inside archsetup. scripts/cmail-setup-finish.sh handles the post-first-run steps idempotently: it decrypts the encrypted cmailpass, copies Bridge's self-signed cert to ~/.config/protonbridge.pem, symlinks the cmail-action triage helper into ~/.local/bin, and enables the user-level protonmail-bridge service. I added loginctl enable-linger in essential_services so the user service survives logout — without it, triaging cmail from a remote agent or SSH session has nothing to talk to. outro prints a four-step runbook for the manual steps after reboot. --- scripts/cmail-setup-finish.sh | 79 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100755 scripts/cmail-setup-finish.sh (limited to 'scripts') diff --git a/scripts/cmail-setup-finish.sh b/scripts/cmail-setup-finish.sh new file mode 100755 index 0000000..de99101 --- /dev/null +++ b/scripts/cmail-setup-finish.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash +# cmail-setup-finish.sh — finish Proton Mail Bridge + cmail-action setup after +# Bridge first-run. Idempotent; safe to re-run after a Bridge cert rotation or +# a claude-templates re-clone. +# +# Pre-reqs (the script aborts if any are missing): +# - protonmail-bridge installed (archsetup handles it) +# - You have run 'protonmail-bridge --cli', logged in, and quit at least once +# (the script looks for state at ~/.config/protonmail/bridge-v3/) +# - claude-templates cloned at ~/projects/claude-templates +# - dotfiles stowed (~/.config/.cmailpass.gpg present) +# +# What it does: +# 1. Decrypts ~/.config/.cmailpass.gpg → ~/.config/.cmailpass (mode 0600) +# 2. Copies Bridge's self-signed cert → ~/.config/protonbridge.pem +# 3. Symlinks ~/projects/claude-templates/.ai/scripts/cmail-action.py +# → ~/.local/bin/cmail-action +# 4. Enables + starts the protonmail-bridge user service +# 5. Verifies Bridge is listening on 127.0.0.1:1143 / :1025 + +set -euo pipefail + +err() { printf 'error: %s\n' "$*" >&2; exit 1; } +info() { printf '==> %s\n' "$*"; } +ok() { printf ' %s\n' "$*"; } + +# 1. Pre-reqs +command -v protonmail-bridge >/dev/null 2>&1 \ + || err "protonmail-bridge not found in PATH — install via archsetup first" + +bridge_state="$HOME/.config/protonmail/bridge-v3" +[ -d "$bridge_state" ] \ + || err "Bridge has no state at $bridge_state — run 'protonmail-bridge --cli' and log in first" + +cmail_action_src="$HOME/projects/claude-templates/.ai/scripts/cmail-action.py" +[ -f "$cmail_action_src" ] \ + || err "cmail-action.py not found at $cmail_action_src — clone claude-templates first" + +cmailpass_enc="$HOME/.config/.cmailpass.gpg" +[ -f "$cmailpass_enc" ] \ + || err "$cmailpass_enc not found — ensure dotfiles are stowed" + +# 2. Decrypt cmailpass +info "decrypting $cmailpass_enc" +cmailpass_plain="$HOME/.config/.cmailpass" +gpg --quiet --yes --decrypt --output "$cmailpass_plain" "$cmailpass_enc" +chmod 600 "$cmailpass_plain" +ok "wrote $cmailpass_plain (mode 0600)" + +# 3. Bridge cert +info "exporting Bridge cert" +cert_src="$(find "$bridge_state" -name 'cert.pem' -print -quit 2>/dev/null)" +[ -n "$cert_src" ] || err "no cert.pem found under $bridge_state — Bridge state is incomplete" +cert_dst="$HOME/.config/protonbridge.pem" +cp "$cert_src" "$cert_dst" +ok "copied $cert_src → $cert_dst" + +# 4. Symlink cmail-action +info "symlinking cmail-action" +mkdir -p "$HOME/.local/bin" +ln -sf "$cmail_action_src" "$HOME/.local/bin/cmail-action" +ok "linked $HOME/.local/bin/cmail-action → $cmail_action_src" + +# 5. Enable + start systemd user service +info "enabling protonmail-bridge user service" +systemctl --user enable --now protonmail-bridge +ok "service active" + +# 6. Verify +info "verifying Bridge is listening" +if ss -ltn 2>/dev/null | grep -qE '127\.0\.0\.1:(1143|1025)'; then + ok "127.0.0.1:1143 + :1025 LISTEN" +else + err "Bridge isn't listening on the expected ports — check 'systemctl --user status protonmail-bridge'" +fi + +echo +echo "cmail setup complete." +echo "Next: 'mbsync cmail && mu index' for the first sync." -- cgit v1.2.3