diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2020-11-29 12:51:53 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2020-11-30 07:29:32 +0100 |
| commit | 3b6ef967f3ff3f9c86ac0b406f2b1513f7b56c5c (patch) | |
| tree | f655b1988e69ea2d8cc348cff2b73eb9c3ee574f /nixos/modules/services/mail | |
| parent | 9cca2eb4c80eb5e41d67349fab8bffdd38d577fc (diff) | |
| download | nixpkgs-3b6ef967f3ff3f9c86ac0b406f2b1513f7b56c5c.tar nixpkgs-3b6ef967f3ff3f9c86ac0b406f2b1513f7b56c5c.tar.gz nixpkgs-3b6ef967f3ff3f9c86ac0b406f2b1513f7b56c5c.tar.bz2 nixpkgs-3b6ef967f3ff3f9c86ac0b406f2b1513f7b56c5c.tar.lz nixpkgs-3b6ef967f3ff3f9c86ac0b406f2b1513f7b56c5c.tar.xz nixpkgs-3b6ef967f3ff3f9c86ac0b406f2b1513f7b56c5c.tar.zst nixpkgs-3b6ef967f3ff3f9c86ac0b406f2b1513f7b56c5c.zip | |
nixos/rspamd: fix postfix integration
Diffstat (limited to 'nixos/modules/services/mail')
| -rw-r--r-- | nixos/modules/services/mail/rspamd.nix | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index 07ef5461d05..515e2880056 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -371,6 +371,9 @@ in }; services.postfix.config = mkIf cfg.postfix.enable cfg.postfix.config; + systemd.services.postfix.serviceConfig.SupplementaryGroups = + mkIf cfg.postfix.enable [ postfixCfg.group ]; + # Allow users to run 'rspamc' and 'rspamadm'. environment.systemPackages = [ pkgs.rspamd ]; @@ -399,6 +402,7 @@ in User = "${cfg.user}"; Group = "${cfg.group}"; + SupplementaryGroups = mkIf cfg.postfix.enable [ postfixCfg.group ]; RuntimeDirectory = "rspamd"; RuntimeDirectoryMode = "0755"; @@ -413,7 +417,8 @@ in PrivateDevices = true; PrivateMounts = true; PrivateTmp = true; - PrivateUsers = true; + # we need to chown socket to rspamd-milter + PrivateUsers = !cfg.postfix.enable; ProtectClock = true; ProtectControlGroups = true; ProtectHome = true; |