From e2b8b43095b57148dddc9910c667924913e678bb Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Thu, 12 Oct 2023 08:44:04 -0700
Subject: [PATCH] Make sure solr can access state-dir

---
 mail-server.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/mail-server.nix b/mail-server.nix
index acc1843..f482d3f 100644
--- a/mail-server.nix
+++ b/mail-server.nix
@@ -203,6 +203,11 @@ in {
       };
     };
 
+    users.users.mail-server-solr = {
+      isSystemUser = true;
+      uid = 10574;
+    };
+
     fudo.secrets.host-secrets."${hostname}" = {
       mailLdapProxyEnv = {
         source-file = pkgs.writeText "ldap-proxy.env" ''
@@ -238,6 +243,7 @@ in {
       "d ${cfg.state-directory}/antivirus          0700 - - - -"
       "d ${cfg.state-directory}/dkim               0700 - - - -"
       "d ${cfg.state-directory}/mail               0700 - - - -"
+      "d ${cfg.state-directory}/solr               0700 mail-server-solr - - -"
     ];
 
     virtualisation.arion.projects.mail-server.settings = let
@@ -402,6 +408,8 @@ in {
             networks = [ "solr_network" ];
             volumes =
               [ "${cfg.state-directory}/solr:/opt/solr/server/solr/dovecot" ];
+            user = let uid = config.users.users.mail-server-solr.uid;
+            in "${uid}:${uid}";
           };
           antispam = {
             service = {