From 52ec953d0a646c32b02cd6edbdec991d6a725176 Mon Sep 17 00:00:00 2001
From: Felix Nehrke <felix@nehrke.info>
Date: Wed, 15 Oct 2025 02:35:01 +0200
Subject: [PATCH] Add service to start offlineimap on linux automatically

---
 README.adoc                                   |  1 +
 main.yml                                      |  3 +++
 roles/offlineimap/handlers/main.yml           |  4 ++++
 roles/offlineimap/tasks/main.yml              | 20 +++++++++++++++++++
 .../templates/offlineimap.service.j2          | 10 ++++++++++
 5 files changed, 38 insertions(+)
 create mode 100644 roles/offlineimap/handlers/main.yml
 create mode 100644 roles/offlineimap/tasks/main.yml
 create mode 100644 roles/offlineimap/templates/offlineimap.service.j2

diff --git a/README.adoc b/README.adoc
index 303d538..fad2f10 100644
--- a/README.adoc
+++ b/README.adoc
@@ -60,6 +60,7 @@ To restrict the scope of execution the playbook uses a couple of tags as describ
 | packages | Install system-packages
 | dotfiles | Install my dotfiles and apply them
 | ssh | Ensure a default SSH-key and provide it to gitea and github
+| offlineimap | Setup systemd-service for offlineimap on debian. This needs to be explicitly defined, since Enpass has to be setup first!
 | dump | Print out debug information
 |===
 
diff --git a/main.yml b/main.yml
index b3cb681..c5b428e 100644
--- a/main.yml
+++ b/main.yml
@@ -15,6 +15,9 @@
     tags: [dotfiles]
   - role: roles/enpass-cli
     tags: [packages]
+  - role: roles/offlineimap
+    tags: [offlineimap, services, never]
+    when: ansible_os_family == 'Debian'
   tasks:
   - name: Dump hostvars
     tags: [never, dump]
diff --git a/roles/offlineimap/handlers/main.yml b/roles/offlineimap/handlers/main.yml
new file mode 100644
index 0000000..4526723
--- /dev/null
+++ b/roles/offlineimap/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Reload systemd-units
+  become: yes
+  systemd:
+    daemon_reload: yes
diff --git a/roles/offlineimap/tasks/main.yml b/roles/offlineimap/tasks/main.yml
new file mode 100644
index 0000000..d3f9926
--- /dev/null
+++ b/roles/offlineimap/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: Ensure systemd-creds for offlineimap
+  become: yes
+  community.general.systemd_creds_encrypt:
+    name: enpass-password
+    secret: "{{ enpass_password }}"
+  register: encrypted_enpass_password
+
+- name: Ensure systemd service file for offlineimap
+  become: yes
+  template:
+    src: offlineimap.service.j2
+    dest: /lib/systemd/system/offlineimap.service
+  notify: Reload systemd-units
+
+- name: Ensure offlineimap service is running
+  become: yes
+  service:
+    name: offlineimap
+    state: started
+    enabled: yes
diff --git a/roles/offlineimap/templates/offlineimap.service.j2 b/roles/offlineimap/templates/offlineimap.service.j2
new file mode 100644
index 0000000..0a44081
--- /dev/null
+++ b/roles/offlineimap/templates/offlineimap.service.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Run offlineimap in the background for {{ ansible_user_id }}
+
+[Service]
+User={{ ansible_user_id }}
+SetCredentialEncrypted=enpass-password: {{ encrypted_enpass_password.value | replace("\n", " ") }}
+ExecStart=bash -c 'source ~/.profile && MASTERPW="$(systemd-creds cat enpass-password)" ~/.local/bin/offlineimap'
+
+[Install]
+WantedBy=graphical.target