aerc: add assertion to limit per-account extraConfig to UI config (#4196)

* aerc: fix per-account extraConfig section names

The aerc configuration file `aerc.conf` can contain 10 different
sections, but only the UI section supports what the aerc manual calls
contextual configuration. This works by appending to the section heading
either `:account=name` or `:folder=bar`.

The aerc-accounts module, however, applied `mkAccountConfig` to each
section heading declared in
`config.accounts.email.accounts.<name>.aerc.extraConfig.*`. This means
home-manager will generate files with `[general:account=default]` and
the options will not be recognized by aerc.

To address this, and since it doesn't make sense for other sections to
only be under a single account's scope, an assertion has been added
to confirm that only sectons that support contextual config (i.e.,
only the UI section) is declared.

This also addresses confusions like declaring
`accounts.email.accounts.*.aerc.extraConfig.general.unsafe-accounts-conf
= true` and triggering a warning message because
`programs.aerc.extraConfig.general.unsafe-accounts-conf` was unset.

This commit also updated documentation throughout the aerc modules to
be in line with this change, and fixed minor typos/formatting therein.

Co-authored-by: Genevieve <genevieve@sunlashed.garden>

* aerc: make assertion plaintext and add test case

This commit adds a test case to check both the warning on unset
`unsafe-accounts-conf = true` when aerc accounts are configured
with Nix, and the new assertion when per-account configuration
contains unsupported subsections (i.e. general).

It also fixes minor formatting issues and typos.

tests/modules/programs/aerc/assertion.nix

@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  config = {
+    test.asserts.assertions.expected = [''
+      Only the ui section of $XDG_CONFIG_HOME/aerc.conf supports contextual (per-account) configuration.
+      Please configure it with accounts.email.accounts._.aerc.extraConfig.ui and move any other
+      configuration to programs.aerc.extraConfig.
+    ''];
+    test.asserts.warnings.expected = [''
+      aerc: `programs.aerc.enable` is set, but `...extraConfig.general.unsafe-accounts-conf` is set to false or unset.
+      This will prevent aerc from starting; see `unsafe-accounts-conf` in the man page aerc-config(5):
+      > By default, the file permissions of accounts.conf must be restrictive and only allow reading by the file owner (0600).
+      > Set this option to true to ignore this permission check. Use this with care as it may expose your credentials.
+      These permissions are not possible with home-manager, since the generated file is in the nix-store (permissions 0444).
+      Therefore, please set `programs.aerc.extraConfig.general.unsafe-accounts-conf = true`.
+      This option is safe; if `passwordCommand` is properly set, no credentials will be written to the nix store.
+    ''];
+
+    test.stubs.aerc = { };
+
+    programs.aerc = {
+      enable = true;
+      extraAccounts = {
+        Test1 = {
+          source = "maildir:///dev/null";
+          enable-folders-sort = true;
+          folders = [ "INBOX" "SENT" "JUNK" ];
+        };
+      };
+      extraConfig.general = {
+        # unsafe-accounts-conf = true;
+        pgp-provider = "gpg";
+      };
+    };
+
+    accounts.email.accounts.Test2 = {
+      address = "addr@mail.invalid";
+      userName = "addr@mail.invalid";
+      realName = "Foo Bar";
+      primary = true;
+      imap.host = "imap.host.invalid";
+      passwordCommand = "echo PaSsWorD!";
+      aerc = {
+        enable = true;
+        extraConfig.general.pgp-provider = "internal";
+      };
+    };
+  };
+}

tests/modules/programs/aerc/default.nix

@@ -1,4 +1,5 @@
 {
   aerc-noSettings = ./noSettings.nix;
   aerc-settings = ./settings.nix;
+  aerc-assertion = ./assertion.nix;
 }