infra icon indicating copy to clipboard operation
infra copied to clipboard
verified publisher icon NixOS

Shared team email inboxes with Freescout

Open infinisil opened this issue 9 months ago • 5 comments

Edit: The infra team discussed this and we're going to self host this. Task list:

  • [x] Convert foundation@ to a regular IMAP + SMTP account, rather than a forwarding mailing list: https://github.com/NixOS/infra/pull/715
  • [x] Deploy Freescout (cyberchaos.dev/e1mo/freescout-nix-flake) to umbriel for @infinisil to test: https://github.com/NixOS/infra/pull/705
    • [ ] Try out a paid module (https://freescout.net/modules). Does it play nicely with nix? See https://cyberchaos.dev/e1mo/freescout-nix-flake/-/issues/1
  • [ ] (optional) Deploy Zammad to umbriel for evaluation as well
  • [ ] Set up backups: email inboxes, Freescout state/modules, etc. We use zrepl for backups in some places: https://github.com/NixOS/infra/pull/849
  • [ ] Set up SSO with OIDC. See https://freescout.net/module/oauth-login/
    • @infinisil edit: Doesn't work, quote:

      Keep in mind that this is the general OAuth authentication plugin and it will not allow to adjust users access based on user’s GitHub organization.

  • [ ] Discuss Freescout administration policy, and document it on nixos/org
    • Currently (2025-06-24) @infinisil is the only admin on freescout. The infra team should probably have account(s). Creating an admin is currently an imperative process: https://github.com/freescout-help-desk/freescout/wiki/Console-Commands#create-user
  • [ ] Discuss email retention policy. Perhaps would be nice to only store 1 year of emails.

Is your feature request related to a problem? Please describe. Currently, @nixos.org emails for teams get forwarded to personal emails. While this is simple, it makes managing emails tricky:

  • Everybody needs to locally maintain the list of emails that still need attention, wasting a lot of our attention.
  • Notifications for all emails are distracting when it doesn't pertain to most people.
  • There is no way to easily delegate or synchronise on responses.

Overall, a lot of effort is duplicated and wasted, and we're really noticing this in the foundation board.

Describe the solution you'd like

Looking into potential solutions, I've found Freescout to be ideal. It has to be backed by a mail server, but has its own web UI on top with exactly the features we need:

  • A way to assign people to emails and mark threads as complete
  • Configure notifications and other automations
  • Much more

In addition to being open-source, Freescout has an interesting monetization model: The base product is free, but any extension modules (of which there are many neat ones!) cost, but it's only a one-time fee, no subscription!

On behalf of the @NixOS/foundation board, I'd like this to be deployed for [email protected], which means:

  • To stop [email protected] from forwarding emails and instead have it serve as a standard inbox with a SMTP and IMAP login.
  • To deploy Freescout on https://freescout.nixos.org (or so). We can use this great recent effort to package Freescout by @e1mo: https://cyberchaos.dev/e1mo/freescout-nix-flake
  • To make me a Freescout administrator, so I can configure it with the foundation's inbox, invite the other board members and register extension modules.

Describe alternatives you've considered There's hacky ways of having shared read markers on emails, but that leaves much unaddressed.

Additional context

Note that with this, emails (which are sometimes private) will be stored on the infra teams servers going forward, and any Freescout admins will also have access to all configured email inboxes, which makes emails less private than they are now. We expect such access to be reasonably restricted, and those who have it to maintain confidentiality.

We're happy to try this with the foundation email and see how it goes, but expect other teams to want to join in too if it works well.

While it would be great if the infra team could implement this for us, I'm also happy to jump in if some extra hands are necessary!

Ping @jfly @mweinelt (as you are very involved in email handling recently).

infinisil avatar May 28 '25 18:05 infinisil

Neat! We'll discuss this at our team meeting tomorrow.

Note that with this, emails (which are sometimes private) will be stored on the infra teams servers going forward

In addition to privacy, there's the question of backups. Today, umbriel (our mailserver) is pretty much stateless. I don't know how we handle stuff like that, but excited to learn!

jfly avatar May 28 '25 18:05 jfly

Thank you! I'll join too if that's okay (I see the meeting in the official calendar).

Yeah backups would be great, but probably not super essential, since with an IMAP login, all team members can have a local clone of all emails. Only the freescout state could get lost, which is not as essential.

infinisil avatar May 28 '25 18:05 infinisil

We already backup haumea's DB via zrepl to our rsync.net account. I'd assume that adding this on top wouldn't be much work nor space.

vcunat avatar May 28 '25 18:05 vcunat

Yeah backups would be great, but probably not super essential, since with an IMAP login, all team members can have a local clone of all emails

Yeah, maybe that's actually a desirable property to avoid this scenario:

  • Current board has sensitive discussion over email about person Foo
  • (time passes)
  • Foo gets elected to the board
  • Foo digs through Freescout archive and discovers discussion about themselves

jfly avatar May 28 '25 18:05 jfly

Side note: in one organization I am active we have the same problem that whenever the board changes, some things are lost in mail and forgotten. This is especially annoying when you get a fine for it. The mailbox archive looks interesting though.

I haven't looked into it at all but maybe it can have a retention span to only keep the last year or so of mails?

SuperSandro2000 avatar May 29 '25 13:05 SuperSandro2000