Fixes to sieve generation

This commit is contained in:
niten 2023-09-26 15:30:38 -07:00
parent ddf8cbde68
commit 6ad453e3e0
1 changed files with 4 additions and 5 deletions

View File

@ -186,7 +186,7 @@ in {
tmpfiles.rules = [ tmpfiles.rules = [
"d ${cfg.state-directory} 0750 ${cfg.mail-user} ${cfg.mail-group} - -" "d ${cfg.state-directory} 0750 ${cfg.mail-user} ${cfg.mail-group} - -"
"d ${cfg.state-directory}/mail 0750 ${cfg.mail-user} ${cfg.mail-group} - -" "d ${cfg.state-directory}/mail 0750 ${cfg.mail-user} ${cfg.mail-group} - -"
"d ${cfg.state-directory}/sieves 0750 ${cfg.mail-user} ${cfg.mail-group} - -" "d ${cfg.state-directory}/sieves 0750 ${config.services.dovecot2.user} - - -"
]; ];
services.dovecot-sieve-generator = let services.dovecot-sieve-generator = let
@ -206,12 +206,12 @@ in {
in { in {
wantedBy = [ "dovecot2.service" ]; wantedBy = [ "dovecot2.service" ];
before = [ "dovecot2.service" ]; before = [ "dovecot2.service" ];
path = [ dovecot_pigeonhole ];
serviceConfig = { serviceConfig = {
User = config.services.dovecot2.user; User = config.services.dovecot2.user;
ReadWritePaths = [ sieveDirectory ]; ReadWritePaths = [ sieveDirectory ];
ExecStart = pkgs.writeShellScript "generate-sieves.sh" ExecStart = pkgs.writeShellScript "generate-sieves.sh"
(concatStringsSep "\n" (mapAttrsToList compileFile sieves)); (concatStringsSep "\n" (mapAttrsToList compileFile sieves));
PrivateNetwork = true;
PrivateDevices = true; PrivateDevices = true;
PrivateTmp = true; PrivateTmp = true;
PrivateMounts = true; PrivateMounts = true;
@ -219,7 +219,6 @@ in {
ProtectKernelTunables = true; ProtectKernelTunables = true;
ProtectKernelModules = true; ProtectKernelModules = true;
ProtectSystem = true; ProtectSystem = true;
ProtectHostname = true;
ProtectHome = true; ProtectHome = true;
ProtectClock = true; ProtectClock = true;
ProtectKernelLogs = true; ProtectKernelLogs = true;