nixos/nullmailer: allow users in the nullmailer group to send mails

lol

In combination with https://github.com/NixOS/nixpkgs/pull/231673 this
allows hardened services to use nullmailer's sendmail.

Sandro Jäckel 2 years ago b2c1b176 8e284221

+6 -6

1 changed file

expand all

nixos

modules

services

mail

nullmailer.nix

+6 -6

nixos/modules/services/mail/nullmailer.nix

··· 203 203 users = { 204 204 users.${cfg.user} = { 205 205 description = "Nullmailer relay-only mta user"; 206 - group = cfg.group; 206 + inherit (cfg) group; 207 207 isSystemUser = true; 208 208 }; 209 209 ··· 211 211 }; 212 212 213 213 systemd.tmpfiles.rules = [ 214 - "d /var/spool/nullmailer - ${cfg.user} - - -" 215 - "d /var/spool/nullmailer/failed 750 ${cfg.user} - - -" 216 - "d /var/spool/nullmailer/queue 750 ${cfg.user} - - -" 217 - "d /var/spool/nullmailer/tmp 750 ${cfg.user} - - -" 214 + "d /var/spool/nullmailer - ${cfg.user} ${cfg.group} - -" 215 + "d /var/spool/nullmailer/failed 770 ${cfg.user} ${cfg.group} - -" 216 + "d /var/spool/nullmailer/queue 770 ${cfg.user} ${cfg.group} - -" 217 + "d /var/spool/nullmailer/tmp 770 ${cfg.user} ${cfg.group} - -" 218 218 ]; 219 219 220 220 systemd.services.nullmailer = { ··· 238 238 program = "sendmail"; 239 239 source = "${pkgs.nullmailer}/bin/sendmail"; 240 240 owner = cfg.user; 241 - group = cfg.group; 241 + inherit (cfg) group; 242 242 setuid = true; 243 243 setgid = true; 244 244 };