summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/exim.nix
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-11-03 18:03:49 +0100
committerlassulus <git@lassul.us>2023-11-03 18:03:49 +0100
commit4fd1aaaf8d1f4656f02d7868dcd6e7b297bb5cfe (patch)
treeeb473e33f84362bba573e00f0ed3dd330cb6c2bb /krebs/3modules/exim.nix
parent8fc693cae24b063f955e99e101c3508584f616b5 (diff)
exim: use upstream security wrappers
Diffstat (limited to 'krebs/3modules/exim.nix')
-rw-r--r--krebs/3modules/exim.nix14
1 files changed, 9 insertions, 5 deletions
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix
index 917a8e5a4..583fd07b1 100644
--- a/krebs/3modules/exim.nix
+++ b/krebs/3modules/exim.nix
@@ -50,14 +50,18 @@ in {
'';
systemPackages = [ pkgs.exim ];
};
- krebs.setuid = {
+ security.wrappers = {
exim = {
- filename = "${pkgs.exim}/bin/exim";
- mode = "4111";
+ source = "${pkgs.exim}/bin/exim";
+ owner = "root";
+ group = "root";
+ setuid = true;
};
sendmail = {
- filename = "${pkgs.exim}/bin/exim";
- mode = "4111";
+ source = "${pkgs.exim}/bin/exim";
+ owner = "root";
+ group = "root";
+ setuid = true;
};
};
systemd.services.exim = {