tv sendmail: setuid in exim-*

tv/2configs/default.nix

@@ -177,12 +177,6 @@ with config.krebs.lib;
       tv.iptables.input-internet-accept-new-tcp = singleton "ssh";
     }
 
-    {
-      # TODO: exim
-      security.setuidPrograms = [
-        "sendmail"  # for sudo
-      ];
-    }
     {
       environment.systemPackages = [
         pkgs.get

tv/2configs/exim-retiolum.nix

@@ -4,5 +4,9 @@ with config.krebs.lib;
 
 {
   krebs.exim-retiolum.enable = true;
+  krebs.setuid.sendmail = {
+    filename = "${pkgs.exim}/bin/exim";
+    mode = "4111";
+  };
   tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
 }

tv/2configs/exim-smarthost.nix

@@ -40,5 +40,9 @@ with config.krebs.lib;
       { from = "mirko"; to = "mv"; }
     ];
   };
+  krebs.setuid.sendmail = {
+    filename = "${pkgs.exim}/bin/exim";
+    mode = "4111";
+  };
   tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
 }