diff options
| author | Peter Simons <simons@cryp.to> | 2016-01-22 17:25:07 +0100 |
|---|---|---|
| committer | Peter Simons <simons@cryp.to> | 2016-01-22 17:25:07 +0100 |
| commit | e6d42dfe04e289373d1ef6169d37c8c5ec6c55c6 (patch) | |
| tree | 17974bc603b2be40b6163f47cc06b4ca58d234ec /nixos/modules | |
| parent | b076c780051587a8940c0fab9f083eef260a700d (diff) | |
| parent | 39bd9be5a9dc8d8efe6016e3234302ab027dc4cf (diff) | |
| download | nixpkgs-e6d42dfe04e289373d1ef6169d37c8c5ec6c55c6.tar nixpkgs-e6d42dfe04e289373d1ef6169d37c8c5ec6c55c6.tar.gz nixpkgs-e6d42dfe04e289373d1ef6169d37c8c5ec6c55c6.tar.bz2 nixpkgs-e6d42dfe04e289373d1ef6169d37c8c5ec6c55c6.tar.lz nixpkgs-e6d42dfe04e289373d1ef6169d37c8c5ec6c55c6.tar.xz nixpkgs-e6d42dfe04e289373d1ef6169d37c8c5ec6c55c6.tar.zst nixpkgs-e6d42dfe04e289373d1ef6169d37c8c5ec6c55c6.zip | |
Merge pull request #12459 from avnik/fix-var-lib-postfix-permissions
Make /var/lib/postfix world-readable
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/mail/postfix.nix | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 6c5d7e92702..f2d8189de6e 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -20,6 +20,23 @@ let mail_owner = ${user} default_privs = nobody + # NixOS specific locations + data_directory = /var/lib/postfix/data + queue_directory = /var/lib/postfix/queue + + # Default location of everything in package + meta_directory = ${pkgs.postfix}/etc/postfix + command_directory = ${pkgs.postfix}/bin + sample_directory = /etc/postfix + newaliases_path = ${pkgs.postfix}/bin/newaliases + mailq_path = ${pkgs.postfix}/bin/mailq + readme_directory = no + sendmail_path = ${pkgs.postfix}/bin/sendmail + daemon_directory = ${pkgs.postfix}/libexec/postfix + manpage_directory = ${pkgs.postfix}/share/man + html_directory = ${pkgs.postfix}/share/postfix/doc/html + shlib_directory = no + '' + optionalString config.networking.enableIPv6 '' inet_protocols = all @@ -435,31 +452,35 @@ in mkdir -p /var/lib mv /var/postfix /var/lib/postfix fi - mkdir -p /var/lib/postfix/data /var/lib/postfix/queue/{pid,public,maildrop} - chown -R ${user}:${group} /var/lib/postfix - chown root /var/lib/postfix/queue - chown root /var/lib/postfix/queue/pid - chgrp -R ${setgidGroup} /var/lib/postfix/queue/{public,maildrop} - chmod 770 /var/lib/postfix/queue/{public,maildrop} + # All permissions set according ${pkgs.postfix}/etc/postfix/postfix-files script + mkdir -p /var/lib/postfix /var/lib/postfix/queue/{pid,public,maildrop} + chmod 0755 /var/lib/postfix + chown root:root /var/lib/postfix rm -rf /var/lib/postfix/conf mkdir -p /var/lib/postfix/conf + chmod 0755 /var/lib/postfix/conf + ln -sf ${pkgs.postfix}/etc/postfix/postfix-files ln -sf ${mainCfFile} /var/lib/postfix/conf/main.cf ln -sf ${masterCfFile} /var/lib/postfix/conf/master.cf + ${concatStringsSep "\n" (mapAttrsToList (to: from: '' ln -sf ${from} /var/lib/postfix/conf/${to} - postalias /var/lib/postfix/conf/${to} + ${pkgs.postfix}/bin/postalias /var/lib/postfix/conf/${to} '') cfg.aliasFiles)} ${concatStringsSep "\n" (mapAttrsToList (to: from: '' ln -sf ${from} /var/lib/postfix/conf/${to} - postmap /var/lib/postfix/conf/${to} + ${pkgs.postfix}/bin/postmap /var/lib/postfix/conf/${to} '') cfg.mapFiles)} mkdir -p /var/spool/mail chown root:root /var/spool/mail chmod a+rwxt /var/spool/mail ln -sf /var/spool/mail /var/ + + #Finally delegate to postfix checking remain directories in /var/lib/postfix and set permissions on them + ${pkgs.postfix}/bin/postfix set-permissions config_directory=/var/lib/postfix/conf ''; }; } |