From 7cff3c0650acc6c1c07d578faa9bb35ff61266bc Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 27 Feb 2016 13:10:21 +0100
Subject: tv sendmail: setuid in exim-*

---
 tv/2configs/default.nix        | 6 ------
 tv/2configs/exim-retiolum.nix  | 4 ++++
 tv/2configs/exim-smarthost.nix | 4 ++++
 3 files changed, 8 insertions(+), 6 deletions(-)

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 02b3b61cf..1e0da8da4 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -177,12 +177,6 @@ with config.krebs.lib;
       tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
     }
 
-    {
-      # TODO: exim
-      security.setuidPrograms = [
-        "sendmail"  # for sudo
-      ];
-    }
     {
       environment.systemPackages = [
         pkgs.get
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 9197a3c30..dbe83dcf1 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -4,5 +4,9 @@ with config.krebs.lib;
 
 {
   krebs.exim-retiolum.enable = true;
+  krebs.setuid.sendmail = {
+    filename = "${pkgs.exim}/bin/exim";
+    mode = "4111";
+  };
   tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
 }
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 75dd9b42f..3ea010524 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -40,5 +40,9 @@ with config.krebs.lib;
       { from = "mirko"; to = "mv"; }
     ];
   };
+  krebs.setuid.sendmail = {
+    filename = "${pkgs.exim}/bin/exim";
+    mode = "4111";
+  };
   tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
 }
-- 
cgit v1.2.3