pyrox.dev / nixpkgs
lol
fork atom

nixos/tlsrpt: fix default postfix sendmail path (#428869)

authored by Martin Weinelt and committed by GitHub 005d8ed6 b70fda5e

+39 -26
unified split
+39 -26
nixos/modules/services/mail/tlsrpt.nix
··· 50 50 ]; 51 51 }; 52 52 53 + collectdConfigFile = format.generate "tlsrpt-collectd.cfg" { 54 + tlsrpt_collectd = dropNullValues cfg.collectd.settings; 55 + }; 56 + fetcherConfigFile = format.generate "tlsrpt-fetcher.cfg" { 57 + tlsrpt_fetcher = dropNullValues cfg.fetcher.settings; 58 + }; 59 + reportdConfigFile = format.generate "tlsrpt-reportd.cfg" { 60 + tlsrpt_reportd = dropNullValues cfg.reportd.settings; 61 + }; 62 + 63 + withPostfix = config.services.postfix.enable && cfg.configurePostfix; 53 64 in 54 65 55 66 { ··· 117 128 See {manpage}`tlsrpt-collectd(1)` for possible flags. 118 129 ''; 119 130 }; 120 - 121 - configurePostfix = mkOption { 122 - type = types.bool; 123 - default = true; 124 - description = '' 125 - Whether to modify the local Postfix service to grant access to the collectd socket. 126 - ''; 127 - }; 128 131 }; 129 132 130 133 fetcher = { ··· 229 232 230 233 sendmail_script = mkOption { 231 234 type = with types; nullOr str; 232 - default = if config.services.postfix.enable then "sendmail" else null; 235 + default = 236 + if config.services.postfix.enable && config.services.postfix.setSendmail then 237 + "/run/wrappers/bin/sendmail -i -t" 238 + else 239 + null; 233 240 defaultText = lib.literalExpression '' 234 - if any [ config.services.postfix.enable ] then "sendmail" else null 241 + if config.services.postfix.enable && config.services.postfix.setSendmail then 242 + "/run/wrappers/bin/sendmail -i -t" 243 + else 244 + null 235 245 ''; 236 246 description = '' 237 247 Path to a sendmail-compatible executable for delivery reports. ··· 255 265 ''; 256 266 }; 257 267 }; 268 + 269 + configurePostfix = mkOption { 270 + type = types.bool; 271 + default = true; 272 + description = '' 273 + Whether to configure permissions to allow integration with Postfix. 274 + ''; 275 + }; 258 276 }; 259 277 260 278 config = mkIf cfg.enable { 261 279 environment.etc = { 262 - "tlsrpt/collectd.cfg".source = format.generate "tlsrpt-collectd.cfg" { 263 - tlsrpt_collectd = dropNullValues cfg.collectd.settings; 264 - }; 265 - "tlsrpt/fetcher.cfg".source = format.generate "tlsrpt-fetcher.cfg" { 266 - tlsrpt_fetcher = dropNullValues cfg.fetcher.settings; 267 - }; 268 - "tlsrpt/reportd.cfg".source = format.generate "tlsrpt-reportd.cfg" { 269 - tlsrpt_reportd = dropNullValues cfg.reportd.settings; 270 - }; 280 + "tlsrpt/collectd.cfg".source = collectdConfigFile; 281 + "tlsrpt/fetcher.cfg".source = fetcherConfigFile; 282 + "tlsrpt/reportd.cfg".source = reportdConfigFile; 271 283 }; 272 284 273 285 users.users.tlsrpt = { ··· 276 288 }; 277 289 users.groups.tlsrpt = { }; 278 290 279 - users.users.postfix.extraGroups = 280 - lib.mkIf (config.services.postfix.enable && cfg.collectd.configurePostfix) 281 - [ 282 - "tlsrpt" 283 - ]; 291 + users.users.postfix.extraGroups = lib.mkIf withPostfix [ 292 + "tlsrpt" 293 + ]; 284 294 285 295 systemd.services.tlsrpt-collectd = { 286 296 description = "TLSRPT datagram collector"; ··· 288 298 289 299 wantedBy = [ "multi-user.target" ]; 290 300 291 - restartTriggers = [ "/etc/tlsrpt/collectd.cfg" ]; 301 + restartTriggers = [ collectdConfigFile ]; 292 302 293 303 serviceConfig = commonServiceSettings // { 294 304 ExecStart = toString ( ··· 312 322 313 323 wantedBy = [ "multi-user.target" ]; 314 324 315 - restartTriggers = [ "/etc/tlsrpt/reportd.cfg" ]; 325 + restartTriggers = [ reportdConfigFile ]; 316 326 317 327 serviceConfig = commonServiceSettings // { 318 328 ExecStart = toString ( ··· 324 334 RestrictAddressFamilies = [ 325 335 "AF_INET" 326 336 "AF_INET6" 337 + "AF_NETLINK" 327 338 ]; 339 + ReadWritePaths = lib.optionals withPostfix [ "/var/lib/postfix/queue/maildrop" ]; 340 + SupplementaryGroups = lib.optionals withPostfix [ "postdrop" ]; 328 341 UMask = "0077"; 329 342 }; 330 343 };