nixos/nullmailer: Always adjust ownership of spool directories

When switching between different NixOS configurations (with and without nullmailer and other services), it can happen that the UID of the nullmailer user changes. When it happens, the nullmailer service happily starts, but the user cannot send any email, because the sendmail wrapper doesn't have permission to write them to the queue. This commit prevents that. Instead of creating the directories by the nullmailer user, which doesn't have permissions to change ownership, we now create them by the systemd-tmpfiles, which has sufficient permissions to adjust ownership.
2022-09-01 15:25:02 +02:00 · 2022-09-01 15:25:02 +02:00 · 7e626703b0
commit 7e626703b0
parent a63021a330
1 changed files with 3 additions and 1 deletions
--- a/nixos/modules/services/mail/nullmailer.nix
+++ b/nixos/modules/services/mail/nullmailer.nix
@ -212,6 +212,9 @@ with lib;

    systemd.tmpfiles.rules = [
      "d /var/spool/nullmailer - ${cfg.user} - - -"
+      "d /var/spool/nullmailer/failed 750 ${cfg.user} - - -"
+      "d /var/spool/nullmailer/queue 750 ${cfg.user} - - -"
+      "d /var/spool/nullmailer/tmp 750 ${cfg.user} - - -"
    ];

    systemd.services.nullmailer = {
@ -220,7 +223,6 @@ with lib;
      after = [ "network.target" ];

      preStart = ''
-        mkdir -p /var/spool/nullmailer/{queue,tmp,failed}
        rm -f /var/spool/nullmailer/trigger && mkfifo -m 660 /var/spool/nullmailer/trigger
      '';