mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-11-10 01:33:11 +01:00
8fc5cfb293
Same as with other services giving postfix access, this needs to happen
for the postfix user. Adding supplementary group permissions to the
systemd unit does not propagate to child processes that ultimately call
the unix domain socket.
(cherry picked from commit e48d12554c)
43 lines
1.3 KiB
Nix
43 lines
1.3 KiB
Nix
{
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
name = "tlsrpt";
|
|
|
|
meta = {
|
|
inherit (pkgs.tlsrpt-reporter.meta) maintainers;
|
|
};
|
|
|
|
nodes.machine = {
|
|
services.tlsrpt = {
|
|
enable = true;
|
|
reportd.settings = {
|
|
organization_name = "NixOS Testers United";
|
|
contact_info = "smtp-tls-report@localhost";
|
|
sender_address = "noreply@localhost";
|
|
};
|
|
};
|
|
|
|
# To test the postfix integration
|
|
services.postfix.enable = true;
|
|
};
|
|
|
|
testScript = ''
|
|
machine.wait_for_unit("tlsrpt-collectd.service")
|
|
machine.wait_for_unit("tlsrpt-reportd.service")
|
|
|
|
machine.wait_for_file("/run/tlsrpt/collectd.sock")
|
|
machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-collectd | grep -Pq 'Database .* setup finished'")
|
|
machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd | grep -Pq 'Database .* setup finished'")
|
|
machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd | grep -Pq 'Fetcher .* finished'")
|
|
|
|
# Enabling postfix should put sendmail as the sendmail setting
|
|
machine.succeed("grep -q sendmail_script=sendmail /etc/tlsrpt/reportd.cfg")
|
|
machine.succeed("getent group tlsrpt | grep -q postfix")
|
|
|
|
machine.log(machine.succeed("systemd-analyze security tlsrpt-collectd.service tlsrpt-reportd.service | grep -v ✓"))
|
|
'';
|
|
}
|