From 8f632b404f225d70867d5e916c4a5c8be17f8852 Mon Sep 17 00:00:00 2001
From: Martin Milata <martin@martinmilata.cz>
Date: Sat, 21 Mar 2020 13:55:53 +0100
Subject: sympa: build with --enable-fhs

Update module accordingly.
---
 nixos/modules/services/mail/sympa.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/mail/sympa.nix b/nixos/modules/services/mail/sympa.nix
index c3ae9d4255b05..7b9c37aba2083 100644
--- a/nixos/modules/services/mail/sympa.nix
+++ b/nixos/modules/services/mail/sympa.nix
@@ -415,7 +415,7 @@ in
       # force-copy static_content so it's up to date with package
       # set permissions for wwsympa which needs write access (...)
       "R  ${dataDir}/static_content    -    -       -        - -"
-      "C  ${dataDir}/static_content    0711 ${user} ${group} - ${pkg}/static_content"
+      "C  ${dataDir}/static_content    0711 ${user} ${group} - ${pkg}/var/lib/sympa/static_content"
       "e  ${dataDir}/static_content/*  0711 ${user} ${group} - -"
 
       "d  /run/sympa                   0755 ${user} ${group} - -"
@@ -497,7 +497,7 @@ in
           -F ${toString cfg.web.fcgiProcs} \
           -P /run/sympa/wwsympa.pid \
           -s /run/sympa/wwsympa.socket \
-          -- ${pkg}/bin/wwsympa.fcgi
+          -- ${pkg}/lib/sympa/cgi/wwsympa.fcgi
         '';
 
       } // commonServiceConfig;
@@ -518,7 +518,7 @@ in
           fastcgi_split_path_info ^(${loc})(.*)$;
 
           fastcgi_param PATH_INFO       $fastcgi_path_info;
-          fastcgi_param SCRIPT_FILENAME ${pkg}/bin/wwsympa.fcgi;
+          fastcgi_param SCRIPT_FILENAME ${pkg}/lib/sympa/cgi/wwsympa.fcgi;
         '';
       }) // {
         "/static-sympa/".alias = "${dataDir}/static_content/";
@@ -550,7 +550,7 @@ in
           args = [
             "flags=hqRu"
             "user=${user}"
-            "argv=${pkg}/bin/queue"
+            "argv=${pkg}/libexec/queue"
             "\${nexthop}"
           ];
         };
@@ -562,7 +562,7 @@ in
           args = [
             "flags=hqRu"
             "user=${user}"
-            "argv=${pkg}/bin/bouncequeue"
+            "argv=${pkg}/libexec/bouncequeue"
             "\${nexthop}"
           ];
         };
-- 
cgit 1.4.1


From fdc36e2c89759db3bbf9d5fe2648c31b7988dbca Mon Sep 17 00:00:00 2001
From: Martin Milata <martin@martinmilata.cz>
Date: Tue, 24 Mar 2020 02:35:39 +0100
Subject: nixos/sympa: fix outgoing messaging

Because ProtectKernelModules implies NoNewPrivileges, postfix's sendmail
executable, which is setgid, wasn't able to send mail.
---
 nixos/modules/services/mail/sympa.nix | 2 --
 1 file changed, 2 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/mail/sympa.nix b/nixos/modules/services/mail/sympa.nix
index 7b9c37aba2083..0cad09927b2fb 100644
--- a/nixos/modules/services/mail/sympa.nix
+++ b/nixos/modules/services/mail/sympa.nix
@@ -25,8 +25,6 @@ let
     StateDirectory = "sympa";
     ProtectHome = true;
     ProtectSystem = "full";
-    ProtectKernelTunables = true;
-    ProtectKernelModules = true;
     ProtectControlGroups = true;
   };
 
-- 
cgit 1.4.1