From fa388534e4a74f4055643e5ed85c95ee4148eda4 Mon Sep 17 00:00:00 2001
From: Drew Hess <src@drewhess.com>
Date: Mon, 22 Oct 2018 13:57:32 -0400
Subject: dovecot: dovenull user should have its own group.

Quoting from https://wiki.dovecot.org/UserIds#dovenulluser:

"It should belong to its own private dovenull group where no one else
belongs to..."
---
 nixos/modules/misc/ids.nix              | 2 +-
 nixos/modules/services/mail/dovecot.nix | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 0b4ed6d3b628..5c30e512a1b3 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -385,7 +385,7 @@
       virtuoso = 44;
       #rtkit = 45; # unused
       dovecot2 = 46;
-      #dovenull = 47; # unused
+      dovenull2 = 47;
       prayer = 49;
       mpd = 50;
       clamav = 51;
diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
index e6091182b2ab..30ad7d82fb80 100644
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@@ -311,7 +311,7 @@ in
       { name = "dovenull";
         uid = config.ids.uids.dovenull2;
         description = "Dovecot user for untrusted logins";
-        group = cfg.group;
+        group = "dovenull";
       }
     ] ++ optional (cfg.user == "dovecot2")
          { name = "dovecot2";
@@ -332,6 +332,10 @@ in
       }
     ++ optional (cfg.createMailUser && cfg.mailGroup != null)
       { name = cfg.mailGroup;
+      }
+    ++ singleton
+      { name = "dovenull";
+        gid = config.ids.gids.dovenull2;
       };
 
     environment.etc."dovecot/modules".source = modulesDir;
-- 
cgit 1.4.1