WIP: temmie/userweb: use IPC to proxy sendmail requests out of sandbox

2026-05-11 13:47:44 +09:00
parent 5e50b617fb
commit 343fcd4aea
1 changed files with 22 additions and 0 deletions
@@ -9,4 +9,26 @@
      remotes = "mail.pvv.ntnu.no smtp --port=25";
    };
  };
+
+  systemd.sockets.userweb-sendmail-sandbox-proxy = {
+    wantedBy = [ "sockets.target" ];
+    listenStreams = [ "/run/userweb-sendmail-sandbox-proxy.sock" ];
+    socketConfig = {
+      # Accept = true;
+      SocketUser = "httpd";
+      SocketGroup = "httpd"; # TODO: is wwwrun(54) in this group?
+      SocketMode = "0660";
+    };
+  };
+
+  systemd.services.userweb-sendmail-sandbox-proxy = {
+    serviceConfig = {
+      User = "root";
+      Group = "root";
+      Sockets = [
+        "userweb-sendmail-sandbox-proxy.socket"
+      ];
+      ExecStart = "${lib.getExe pkgs.hello}"
+    };
+  };
 }