diff options
| author | Alyssa Ross <hi@alyssa.is> | 2021-01-06 10:28:29 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2021-01-06 10:28:29 +0000 |
| commit | 3641350f6bca02b02d7675fc7349f56bc7a16c85 (patch) | |
| tree | cb1afe8d7ddfca9ec6c7303e4553ec18c8047bb6 /nixpkgs/nixos | |
| parent | c319338f2889a538eb0d44c03059ec47d00082cf (diff) | |
| download | nixlib-3641350f6bca02b02d7675fc7349f56bc7a16c85.tar nixlib-3641350f6bca02b02d7675fc7349f56bc7a16c85.tar.gz nixlib-3641350f6bca02b02d7675fc7349f56bc7a16c85.tar.bz2 nixlib-3641350f6bca02b02d7675fc7349f56bc7a16c85.tar.lz nixlib-3641350f6bca02b02d7675fc7349f56bc7a16c85.tar.xz nixlib-3641350f6bca02b02d7675fc7349f56bc7a16c85.tar.zst nixlib-3641350f6bca02b02d7675fc7349f56bc7a16c85.zip | |
nixos/mailman: add mailman-web user
Extracted from
b478e0043c53964c99cc9a145c155a673af3c7d8 ("nixos/mailman: refactor"),
to bring myself closer to current upstream.
Diffstat (limited to 'nixpkgs/nixos')
| -rw-r--r-- | nixpkgs/nixos/modules/services/mail/mailman.nix | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/nixpkgs/nixos/modules/services/mail/mailman.nix b/nixpkgs/nixos/modules/services/mail/mailman.nix index 10777c5596cc..26d05db3caa4 100644 --- a/nixpkgs/nixos/modules/services/mail/mailman.nix +++ b/nixpkgs/nixos/modules/services/mail/mailman.nix @@ -131,7 +131,7 @@ in { webUser = mkOption { type = types.str; - default = config.services.httpd.user; + default = "mailman-web"; description = '' User to run mailman-web as ''; @@ -201,6 +201,11 @@ in { isSystemUser = true; group = "mailman"; }; + users.users.mailman-web = lib.mkIf (cfg.webUser == "mailman-web") { + description = "GNU Mailman web interface"; + isSystemUser = true; + group = "mailman"; + }; users.groups.mailman = {}; environment.etc."mailman3/mailman.cfg".text = mailmanCfg; @@ -262,8 +267,9 @@ in { mailmanCfg=$mailmanDir/mailman-hyperkitty.cfg mailmanWebCfg=$mailmanWebDir/settings_local.json - install -m 0700 -o ${cfg.webUser} -g nogroup -d /var/lib/mailman-web-static - install -m 0700 -o ${cfg.webUser} -g nogroup -d $mailmanWebDir + install -m 0775 -o mailman -g mailman -d /var/lib/mailman-web-static + install -m 0770 -o mailman -g mailman -d $mailmanDir + install -m 0770 -o ${cfg.webUser} -g mailman -d $mailmanWebDir if [ ! -e $mailmanWebCfg ]; then hyperkittyApiKey=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 64) @@ -274,14 +280,15 @@ in { --arg archiver_key "$hyperkittyApiKey" \ --arg secret_key "$secretKey" \ >"$mailmanWebCfgTmp" - chown ${cfg.webUser} "$mailmanWebCfgTmp" + chown root:mailman "$mailmanWebCfgTmp" + chmod 440 "$mailmanWebCfgTmp" mv -n "$mailmanWebCfgTmp" "$mailmanWebCfg" fi hyperkittyApiKey="$(jq -r .MAILMAN_ARCHIVER_KEY "$mailmanWebCfg")" mailmanCfgTmp=$(mktemp) sed "s/@API_KEY@/$hyperkittyApiKey/g" ${mailmanHyperkittyCfg} >"$mailmanCfgTmp" - chown mailman "$mailmanCfgTmp" + chown mailman:mailman "$mailmanCfgTmp" mv "$mailmanCfgTmp" "$mailmanCfg" ''; serviceConfig = { |