Making a nixos option about the system 'sendmail', which postfix sets, for example.

svn path=/nixos/trunk/; revision=24193
2010-10-10 10:43:28 +00:00 · 2010-10-10 10:43:28 +00:00 · a069fcffc6
parent f9d4df1e04
commit a069fcffc6
3 changed files with 58 additions and 4 deletions
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -14,6 +14,7 @@
  ./config/users-groups.nix
  ./hardware/network/intel-2200bg.nix
  ./hardware/network/intel-3945abg.nix
+  ./hardware/network/rt2870.nix 
  ./hardware/network/rt73.nix 
  ./hardware/pcmcia.nix
  ./installer/generations-dir/generations-dir.nix
@ -59,6 +60,7 @@
  ./services/logging/logrotate.nix
  ./services/logging/syslogd.nix
  ./services/mail/dovecot.nix
+  ./services/mail/mail.nix
  ./services/mail/postfix.nix
  ./services/misc/autofs.nix
  ./services/misc/disnix.nix
--- a/modules/services/mail/mail.nix
+++ b/modules/services/mail/mail.nix
@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+  
+    services.mail = {
+    
+      sendmailSetuidWrapper = mkOption {
+        default = null;
+        description = ''
+          Configuration for the sendmail setuid wrwapper (like an element of
+          security.setuidOwners)";
+        '';
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf (config.services.mail.sendmailSetuidWrapper != null) {
+
+    security.setuidOwners = [ config.services.mail.sendmailSetuidWrapper ];
+
+  };
+
+}
--- a/modules/services/mail/postfix.nix
+++ b/modules/services/mail/postfix.nix
@ -111,6 +111,11 @@ in
        default = false;
        description = "Whether to run the Postfix mail server.";
      };
+
+      setSendmail = mkOption {
+        default = true;
+        description = "Whether to set the system sendmail to postfix's.";
+      };
      
      user = mkOption {
        default = "postfix";
@ -254,10 +259,24 @@ in

  config = mkIf config.services.postfix.enable {

-    environment.etc = singleton
-      { source = "/var/postfix/conf";
-        target = "postfix";
-      };
+    environment = {
+      etc = singleton
+        { source = "/var/postfix/conf";
+          target = "postfix";
+        };
+
+      # This makes comfortable for root to run 'postqueue' for example.
+      systemPackages = [ pkgs.postfix ];
+    };
+
+    services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
+      program = "sendmail";
+      source = "${pkgs.postfix}/bin/sendmail";
+      owner = "nobody";
+      group = "postdrop";
+      setuid = false;
+      setgid = true;
+    };

    users.extraUsers = singleton
      { name = user;