summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-02-27 13:10:21 +0100
committertv <tv@krebsco.de>2016-02-27 13:10:21 +0100
commit7cff3c0650acc6c1c07d578faa9bb35ff61266bc (patch)
treed9f556593da5b068a5b0da72a0e1ad189ae6967e
parentcc395214f58e4ac1d95e9855d4cf4784fa75d17e (diff)
tv sendmail: setuid in exim-*
-rw-r--r--tv/2configs/default.nix6
-rw-r--r--tv/2configs/exim-retiolum.nix4
-rw-r--r--tv/2configs/exim-smarthost.nix4
3 files changed, 8 insertions, 6 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 02b3b61cf..1e0da8da4 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -178,12 +178,6 @@ with config.krebs.lib;
}
{
- # TODO: exim
- security.setuidPrograms = [
- "sendmail" # for sudo
- ];
- }
- {
environment.systemPackages = [
pkgs.get
pkgs.krebszones
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 9197a3c30..dbe83dcf1 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -4,5 +4,9 @@ with config.krebs.lib;
{
krebs.exim-retiolum.enable = true;
+ krebs.setuid.sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
}
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 75dd9b42f..3ea010524 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -40,5 +40,9 @@ with config.krebs.lib;
{ from = "mirko"; to = "mv"; }
];
};
+ krebs.setuid.sendmail = {
+ filename = "${pkgs.exim}/bin/exim";
+ mode = "4111";
+ };
tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
}