diff options
| author | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2023-07-13 17:02:19 +0200 |
|---|---|---|
| committer | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2023-07-13 17:02:19 +0200 |
| commit | b2c1b176d902477a623f3e7b99e2cf8900b0ea06 (patch) | |
| tree | 04a41daf0a2dbc9211686456148f75f3dfda6980 /nixos | |
| parent | 8e284221f403c5579d02190ad2bc06d78576dfe2 (diff) | |
| download | nixlib-b2c1b176d902477a623f3e7b99e2cf8900b0ea06.tar nixlib-b2c1b176d902477a623f3e7b99e2cf8900b0ea06.tar.gz nixlib-b2c1b176d902477a623f3e7b99e2cf8900b0ea06.tar.bz2 nixlib-b2c1b176d902477a623f3e7b99e2cf8900b0ea06.tar.lz nixlib-b2c1b176d902477a623f3e7b99e2cf8900b0ea06.tar.xz nixlib-b2c1b176d902477a623f3e7b99e2cf8900b0ea06.tar.zst nixlib-b2c1b176d902477a623f3e7b99e2cf8900b0ea06.zip | |
nixos/nullmailer: allow users in the nullmailer group to send mails
In combination with https://github.com/NixOS/nixpkgs/pull/231673 this allows hardened services to use nullmailer's sendmail.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/mail/nullmailer.nix | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/nixos/modules/services/mail/nullmailer.nix b/nixos/modules/services/mail/nullmailer.nix index 7c72229efb24..f6befe246b12 100644 --- a/nixos/modules/services/mail/nullmailer.nix +++ b/nixos/modules/services/mail/nullmailer.nix @@ -203,7 +203,7 @@ with lib; users = { users.${cfg.user} = { description = "Nullmailer relay-only mta user"; - group = cfg.group; + inherit (cfg) group; isSystemUser = true; }; @@ -211,10 +211,10 @@ with lib; }; systemd.tmpfiles.rules = [ - "d /var/spool/nullmailer - ${cfg.user} - - -" - "d /var/spool/nullmailer/failed 750 ${cfg.user} - - -" - "d /var/spool/nullmailer/queue 750 ${cfg.user} - - -" - "d /var/spool/nullmailer/tmp 750 ${cfg.user} - - -" + "d /var/spool/nullmailer - ${cfg.user} ${cfg.group} - -" + "d /var/spool/nullmailer/failed 770 ${cfg.user} ${cfg.group} - -" + "d /var/spool/nullmailer/queue 770 ${cfg.user} ${cfg.group} - -" + "d /var/spool/nullmailer/tmp 770 ${cfg.user} ${cfg.group} - -" ]; systemd.services.nullmailer = { @@ -238,7 +238,7 @@ with lib; program = "sendmail"; source = "${pkgs.nullmailer}/bin/sendmail"; owner = cfg.user; - group = cfg.group; + inherit (cfg) group; setuid = true; setgid = true; }; |