nixos/prometheus-postfix-exporter: set default group

The postfix exporter needs to access postfix's `queue/public/` directory
to read the `showq` socket inside. Instead of making the public
directory world accessible, this sets the postfix exporter's group to
`postdrop` by default, when the postfix service is enabled.

nixos/modules/services/monitoring/prometheus/exporters.nix

@@ -229,6 +229,8 @@ in
   })] ++ [(mkIf config.services.nginx.enable {
     systemd.services.prometheus-nginx-exporter.after = [ "nginx.service" ];
     systemd.services.prometheus-nginx-exporter.requires = [ "nginx.service" ];
+  })] ++ [(mkIf config.services.postfix.enable {
+    services.prometheus.exporters.postfix.group = mkDefault config.services.postfix.setgidGroup;
   })] ++ (mapAttrsToList (name: conf:
     mkExporterConf {
       inherit name;

nixos/modules/services/monitoring/prometheus/exporters/postfix.nix

@@ -8,6 +8,15 @@ in
 {
   port = 9154;
   extraOpts = {
+    group = mkOption {
+      type = types.str;
+      description = ''
+        Group under which the postfix exporter shall be run.
+        It should match the group that is allowed to access the
+        <literal>showq</literal> socket in the <literal>queue/public/</literal> directory.
+        Defaults to <literal>services.postfix.setgidGroup</literal> when postfix is enabled.
+      '';
+    };
     telemetryPath = mkOption {
       type = types.str;
       default = "/metrics";