From 6f052ee62e2e7d3e905a6443369409df9fa8147b Mon Sep 17 00:00:00 2001
From: Peter Simons <simons@cryp.to>
Date: Fri, 28 Sep 2012 00:06:52 +0200
Subject: [PATCH] spamassassin: use virtual user home directories under
 /var/lib/spamassassin to avoid permission problems

When spamd isn't running as 'root', it cannot access the usual ~/.spamassassin
path where user-specific files normally reside. Instead, we use the path
/var/lib/spamassassin-<user> to store those home directories.
---
 modules/misc/ids.nix                   |  1 +
 modules/services/mail/spamassassin.nix | 18 ++++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix
index ca5d2051af2..dbecaf802a1 100644
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@@ -126,6 +126,7 @@ in
     clamav = 51;
     fprot = 52;
     wwwrun = 54;
+    spamd = 55;
     networkmanager = 56;
 
     # When adding a gid, make sure it doesn't match an existing uid.
diff --git a/modules/services/mail/spamassassin.nix b/modules/services/mail/spamassassin.nix
index 9e378ab0f20..d4dbe8ddbd0 100644
--- a/modules/services/mail/spamassassin.nix
+++ b/modules/services/mail/spamassassin.nix
@@ -38,17 +38,23 @@ in
     # Allow users to run 'spamc'.
     environment.systemPackages = [ pkgs.spamassassin ];
 
-    users.extraUsers = singleton
-      { name = "spamd";
-        description = "Spam Assassin Daemon";
-        uid = config.ids.uids.spamd;
-      };
+    users.extraUsers = singleton {
+    name = "spamd";
+      description = "Spam Assassin Daemon";
+      uid = config.ids.uids.spamd;
+      group = "spamd";
+    };
+
+    users.extraGroups = singleton {
+      name = "spamd";
+      gid = config.ids.gids.spamd;
+    };
 
     jobs.spamd = {
       description = "Spam Assassin Server";
       startOn = "started networking and filesystem";
       environment.TZ = config.time.timeZone;
-      exec = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --pidfile=/var/run/spamd.pid";
+      exec = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --nouser-config --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/var/run/spamd.pid";
     };
 
   };