tv sendmail: setuid in exim-*

3 files changed, 8 insertions, 6 deletions

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 02b3b61..1e0da8d 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -178,12 +178,6 @@ with config.krebs.lib;
     }
 
     {
-      # TODO: exim
-      security.setuidPrograms = [
-        "sendmail"  # for sudo
-      ];
-    }
-    {
       environment.systemPackages = [
         pkgs.get
         pkgs.krebszones
diff --git a/tv/2configs/exim-retiolum.nix b/tv/2configs/exim-retiolum.nix
index 9197a3c..dbe83dc 100644
--- a/tv/2configs/exim-retiolum.nix
+++ b/tv/2configs/exim-retiolum.nix
@@ -4,5 +4,9 @@ with config.krebs.lib;
 
 {
   krebs.exim-retiolum.enable = true;
+  krebs.setuid.sendmail = {
+    filename = "${pkgs.exim}/bin/exim";
+    mode = "4111";
+  };
   tv.iptables.input-retiolum-accept-new-tcp = singleton "smtp";
 }
diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix
index 75dd9b4..3ea0105 100644
--- a/tv/2configs/exim-smarthost.nix
+++ b/tv/2configs/exim-smarthost.nix
@@ -40,5 +40,9 @@ with config.krebs.lib;
       { from = "mirko"; to = "mv"; }
     ];
   };
+  krebs.setuid.sendmail = {
+    filename = "${pkgs.exim}/bin/exim";
+    mode = "4111";
+  };
   tv.iptables.input-internet-accept-new-tcp = singleton "smtp";
 }