nixos/mailman: wrap mailman cli to start as mailman user (#332847)

2024-11-27 23:07:31 +01:00 · 2024-11-27 23:07:31 +01:00 · 1af52db201
commit 1af52db201
parent 6d6744357f 1b510687b4
1 changed files with 10 additions and 0 deletions
--- a/nixos/modules/services/mail/mailman.nix
+++ b/nixos/modules/services/mail/mailman.nix
@ -460,6 +460,16 @@ in {
      ignoreCollisions = true;
      postBuild = ''
        find $out/bin/ -mindepth 1 -not -name "mailman*" -delete
+      '' + lib.optionalString config.security.sudo.enable ''
+        mv $out/bin/mailman $out/bin/.mailman-wrapped
+        echo '#!${pkgs.runtimeShell}
+        sudo=exec
+        if [[ "$USER" != mailman ]]; then
+          sudo="exec /run/wrappers/bin/sudo -u mailman"
+        fi
+        $sudo ${placeholder "out"}/bin/.mailman-wrapped "$@"
+        ' > $out/bin/mailman
+        chmod +x $out/bin/mailman
      '';
    }) ];