nixos/tlsrpt: fix permissions for postfix (#427915)

      };

    };

    systemd.services.postfix.serviceConfig.SupplementaryGroups = mkIf (

      config.services.postfix.enable && cfg.collectd.configurePostfix

    ) [ "tlsrpt" ];

    users.users.tlsrpt = {

      isSystemUser = true;

      group = "tlsrpt";

    };

    users.groups.tlsrpt = { };

    users.users.postfix.extraGroups =

      lib.mkIf (config.services.postfix.enable && cfg.collectd.configurePostfix)

        [

          "tlsrpt"

        ];

    systemd.services.tlsrpt-collectd = {

      description = "TLSRPT datagram collector";

    # Enabling postfix should put sendmail as the sendmail setting

    machine.succeed("grep -q sendmail_script=sendmail /etc/tlsrpt/reportd.cfg")

    machine.succeed("systemctl show --property SupplementaryGroups postfix.service | grep tlsrpt")

    machine.succeed("getent group tlsrpt | grep -q postfix")

    machine.log(machine.succeed("systemd-analyze security tlsrpt-collectd.service tlsrpt-reportd.service | grep -v ✓"))

  '';