diff options
Diffstat (limited to 'modules/server/pushmail/default.nix')
| -rw-r--r-- | modules/server/pushmail/default.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/modules/server/pushmail/default.nix b/modules/server/pushmail/default.nix new file mode 100644 index 000000000000..6da372471d0f --- /dev/null +++ b/modules/server/pushmail/default.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: + +{ + imports = [ ../git/nixpkgs ../mail ]; + + users.users.pushmail = { isSystemUser = true; group = "pushmail"; }; + users.groups.pushmail = {}; + + # This service can't be DynamicUser because DynamicUser implies + # NoNewPrivileges, and sendmail is setuid. + systemd.services.pushmail = { + path = with pkgs; [ system-sendmail ]; + serviceConfig.ExecStart = "${pkgs.pushmail}/bin/pushmail --from 'Nixpkgs Direct Pushes <pushmail@atuin.qyliss.net>' /var/lib/git/nixpkgs.git NixOS/nixpkgs 'Alyssa Ross <hi@alyssa.is>'"; + serviceConfig.StandardInput = "file:/etc/pushmail/token"; + serviceConfig.User = "pushmail"; + serviceConfig.Group = "pushmail"; + serviceConfig.UMask = "0002"; + serviceConfig.SupplementaryGroups = "nixpkgs"; + }; + + systemd.timers.pushmail = { + wantedBy = [ "timers.target" ]; + timerConfig.OnActiveSec = 0; + timerConfig.OnUnitActiveSec = 300; + }; +} |