version = 3
'';
}
- ];
+ ] ++ (lib.mapAttrsToList (name: v: {
+ dest = "postfix/scripts/${name}-env";
+ user = "postfixscripts";
+ group = "root";
+ permissions = "0400";
+ text = builtins.toJSON v.env;
+ }) config.myEnv.mail.scripts);
networking.firewall.allowedTCPPorts = [ 25 465 587 ];
+ users.users.postfixscripts = {
+ group = "keys";
+ uid = config.ids.uids.postfixscripts;
+ description = "Postfix scripts user";
+ };
users.users."${config.services.postfix.user}".extraGroups = [ "keys" ];
services.filesWatcher.postfix = {
restart = true;
fi
'';
scripts = lib.attrsets.mapAttrs (n: v:
- toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = v.env; })
+ toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = "/var/secrets/postfix/scripts/${n}-env"; })
) config.myEnv.mail.scripts // {
testmail = pkgs.writeScript "testmail" ''
#! ${pkgs.stdenv.shell}
mailbox_size_limit = "1073741825"; # Workaround, local delivered mails should all go through scripts
alias_database = "\$alias_maps";
+ ### Aliases scripts user
+ default_privs = "postfixscripts";
+
### Virtual mailboxes config
virtual_alias_maps = [
"hash:/etc/postfix/virtual"
in "${cfg'.mail_address}${sep}${host'}@${cfg'.mail_domain}";
mails_to_receive = builtins.concatStringsSep " " (map (to_email cfg) reverseTargets);
in ''
- install -m 0555 -o nobody -g nogroup -d /var/lib/naemon/checks/email
+ install -m 0555 -o postfixscripts -g keys -d /var/lib/naemon/checks/email
for f in ${mails_to_receive}; do
if [ ! -f /var/lib/naemon/checks/email/$f ]; then
- install -m 0644 -o nobody -g nogroup /dev/null -T /var/lib/naemon/checks/email/$f
+ install -m 0644 -o postfixscripts -g keys /dev/null -T /var/lib/naemon/checks/email/$f
touch -m -d @0 /var/lib/naemon/checks/email/$f
fi
done
projects / perso / Immae / Config / Nix.git / blobdiff