diff options
-rw-r--r-- | src/org/euandre/queue.scm | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/src/org/euandre/queue.scm b/src/org/euandre/queue.scm index 5a6e7ac..55444b0 100644 --- a/src/org/euandre/queue.scm +++ b/src/org/euandre/queue.scm @@ -1347,7 +1347,11 @@ correctly."))) (untrusted-supplementary-groups dovecot-configuration-untrusted-supplementary-groups (default '())) (base-dir dovecot-configuration-base-dir (default "/var/run/dovecot")) (state-dir dovecot-configuration-state-dir (default "/var/lib/dovecot")) - (hostname dovecot-configuration-hostname (default (gethostname)))) + (hostname dovecot-configuration-hostname (default (gethostname))) + (run-in-container? dovecot-configuration-run-in-container? (default #f)) + (container-name dovecot-configuration-container-name (default "dovecot")) + (container-namespaces dovecot-configuration-container-namespaces (default (s1:fold delq container:%namespaces '(net)))) + (extra-mappings dovecot-configuration-extra-mappings (default '()))) (define (generate-dovecot-config config) (match-record config <dovecot-configuration> @@ -1491,18 +1495,28 @@ namespace inbox { (define (dovecot-shepherd-service config) (match-record config <dovecot-configuration> - (package config-dirname config-filename) - (let ((config-file (string-append "/etc/" config-dirname "/" config-filename))) + (package config-dirname config-filename + run-in-container? container-name container-namespaces extra-mappings) + (let* ((config-file (string-append "/etc/" config-dirname "/" config-filename)) + (bin (file-append package "/sbin/dovecot")) + (cmd (if (not run-in-container?) + bin + (least-authority-wrapper + bin + #:name container-name + #:namespaces container-namespaces + #:mappings (append + (list + (file-system-mapping + (source "/etc/shadow") + (target source))) + extra-mappings))))) (list (shepherd-service (provision '(dovecot)) (documentation "") (start #~(make-forkexec-constructor - (list - #$(file-append package "/sbin/dovecot") - "-F" - "-c" - #$config-file))) + (list #$cmd "-F" "-c" #$config-file))) (stop #~(make-kill-destructor)) (actions (list @@ -1517,7 +1531,7 @@ namespace inbox { (documentation "FIXME:DOCUMENTATION: heredoc syntax") (procedure #~(lambda _ - (invoke #$(file-append dovecot "/bin/doveadm") + (invoke #$(file-append package "/bin/doveadm") "-c" #$config-file "reload"))))))))))) |