Commit 593cac9f authored by Michael Franzl's avatar Michael Franzl Committed by Bjørn Forsman
Browse files

services.exim: Fix failing systemd service ExecStartPre script 

The previous script ran unprivileged by default (because the default
value of cfg.user was "exim"), and enabling the exim service always
failed. It also would have created the directory with unspecified permissions.

The new mechanism uses coreutil's install tool to create the
directory on systemd service start, with proper ownership and
restrictive permissions.

Fixes NixOS#385522
parent 35ca1b10

nixos/modules/services/mail/exim.nix

+1 −8
Original line number Diff line number Diff line
@@ -123,18 +123,11 @@ in 
      wantedBy = [ "multi-user.target" ];

      restartTriggers = [ config.environment.etc."exim.conf".source ];

      serviceConfig = {

        ExecStartPre = "+${coreutils}/bin/install --group=${cfg.group} --owner=${cfg.user} --mode=0700 --directory ${cfg.spoolDir}";

        ExecStart = "!${cfg.package}/bin/exim -bdf -q${cfg.queueRunnerInterval}";

        ExecReload = "!${coreutils}/bin/kill -HUP $MAINPID";

        User = cfg.user;

      };

      preStart = ''

        if ! test -d ${cfg.spoolDir}; then

          ${coreutils}/bin/mkdir -p ${cfg.spoolDir}

          ${coreutils}/bin/chown ${cfg.user}:${cfg.group} ${cfg.spoolDir}

        fi

      '';

    };



  };



}