diff options
author | Peter Simons <simons@cryp.to> | 2012-09-28 00:06:52 +0200 |
---|---|---|
committer | Peter Simons <simons@cryp.to> | 2012-09-28 00:06:52 +0200 |
commit | 6f052ee62e2e7d3e905a6443369409df9fa8147b (patch) | |
tree | 3d8031569e8d7cd83561e129d6008b597684a17e /modules/services/mail | |
parent | bcb80387265e9a3865c0dc346631690c8c4da606 (diff) | |
download | nixlib-6f052ee62e2e7d3e905a6443369409df9fa8147b.tar nixlib-6f052ee62e2e7d3e905a6443369409df9fa8147b.tar.gz nixlib-6f052ee62e2e7d3e905a6443369409df9fa8147b.tar.bz2 nixlib-6f052ee62e2e7d3e905a6443369409df9fa8147b.tar.lz nixlib-6f052ee62e2e7d3e905a6443369409df9fa8147b.tar.xz nixlib-6f052ee62e2e7d3e905a6443369409df9fa8147b.tar.zst nixlib-6f052ee62e2e7d3e905a6443369409df9fa8147b.zip |
spamassassin: use virtual user home directories under /var/lib/spamassassin to avoid permission problems
When spamd isn't running as 'root', it cannot access the usual ~/.spamassassin path where user-specific files normally reside. Instead, we use the path /var/lib/spamassassin-<user> to store those home directories.
Diffstat (limited to 'modules/services/mail')
-rw-r--r-- | modules/services/mail/spamassassin.nix | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/modules/services/mail/spamassassin.nix b/modules/services/mail/spamassassin.nix index 9e378ab0f20c..d4dbe8ddbd04 100644 --- a/modules/services/mail/spamassassin.nix +++ b/modules/services/mail/spamassassin.nix @@ -38,17 +38,23 @@ in # Allow users to run 'spamc'. environment.systemPackages = [ pkgs.spamassassin ]; - users.extraUsers = singleton - { name = "spamd"; - description = "Spam Assassin Daemon"; - uid = config.ids.uids.spamd; - }; + users.extraUsers = singleton { + name = "spamd"; + description = "Spam Assassin Daemon"; + uid = config.ids.uids.spamd; + group = "spamd"; + }; + + users.extraGroups = singleton { + name = "spamd"; + gid = config.ids.gids.spamd; + }; jobs.spamd = { description = "Spam Assassin Server"; startOn = "started networking and filesystem"; environment.TZ = config.time.timeZone; - exec = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --pidfile=/var/run/spamd.pid"; + exec = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --nouser-config --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/var/run/spamd.pid"; }; }; |