This reverts commit a794031c59.
With the following additions:
Allow `CAP_KILL`, so the dovecot master process may interrupt its child
processes.
Allow new privileges, so dovecot and call the setuid sendmail executable.
Allow AF_NETLINK sockets, so dovecot sieve handling can use the
getifaddrs syscall.
Finally, we now asssert, that no options are set on the legacy dovecot2
systemd unit name, to make the user aware they need to update their
overrides.
Remove the major version from the unit name and add an alias for the old
dovecot2 name.
Then restricts what the dovecot service can do, which is very interesting
given that the unit runs as root and spawns less-privileged processes
from there.
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
This plugin is used commonly enough that we should ensure it still
builds (and dovecot works) after loading it.
This is not yet perfect as we aren't testing any of it's functionality
but at least we ensure that dovecot continues to do the regular job.
This option got introduced in 7904499542
and it didn't check whether mailUser and mailGroup are null, which they
are by default.
Now we're only creating the user if createMailUser is set in conjunction
with mailUser and the group if mailGroup is set as well.
I've added a NixOS VM test so that we can verify whether dovecot works
without any additional options set, so it serves as a regression test
for issue #29466 and other issues that might come up with future changes
to the Dovecot service.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #29466
Cc: @qknight, @abbradar, @ixmatus, @siddharthist
