spamassassin: use a dedicated user for running spamd

2024-10-20 20:19:39 +03:00 · 2012-08-28 16:27:28 +02:00 · 2012-08-28 16:27:28 +02:00 · 51e58dafca
commit 51e58dafca
parent 2769f594f3
2 changed files with 8 additions and 1 deletions
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@ -73,6 +73,7 @@ in
    fprot = 52;
    bind = 53;
    wwwrun = 54;
+    spamd = 55;

    # When adding a uid, make sure it doesn't match an existing gid.

--- a/modules/services/mail/spamassassin.nix
+++ b/modules/services/mail/spamassassin.nix
@ -33,11 +33,17 @@ in
    # Allow users to run 'spamc'.
    environment.systemPackages = [ pkgs.spamassassin ];

+    users.extraUsers = singleton
+      { name = "spamd";
+        description = "Spam Assassin Daemon";
+        uid = config.ids.uids.spamd;
+      };
+
    jobs.spamd = {
      description = "Spam Assassin Server";
      startOn = "started networking and filesystem";
      environment.TZ = config.time.timeZone;
-      exec = "${pkgs.spamassassin}/bin/spamd -C /etc/spamassassin/init.pre --siteconfigpath=/etc/spamassassin --debug --pidfile=/var/run/spamd.pid";
+      exec = "${pkgs.spamassassin}/bin/spamd -C /etc/spamassassin/init.pre --siteconfigpath=/etc/spamassassin --username=spamd --pidfile=/var/run/spamd.pid";
    };

  };