I’m trying to get vaultwarden to send mails though nullmailer relay on NixOS. I installed them both as services with added glue configuration but somehow they don’t play nicely together. Vaultwarden is able to call sendmail wrapper from nullmailer and a new email is created inside /var/spool/nullmailer/queue/
. However, the email file is owned by vaultwarden user and group and has 600 permissions, so nullmailer is not able to read and deliver it.
If I understand it correctly, sendmail wrapper has setgid bit set and should run under nullmailer identity. Why does it then create files owned by vaultwarden? I even did chmod -R ug+s /var/spool/nullmailer
to ensure new files are owned by nullmailer to no success.
I’ve tried searching GitHub for nullmailer examples across nix language repos, but couldn’t find anything that would actually try to make another systemd service to use nullmailer.
What am I missing (besides in depth understanding of systemd ?
Here is my config:
services.nullmailer = {
enable = true;
setSendmail = true;
remotesFile = "...";
config = {
me = domain;
defaulthost = domain;
defaultdomain = domain;
allmailfrom = admin;
adminaddr = admin;
};
};
services.vaultwarden = {
enable = true;
environmentFile = "...";
config = {
DOMAIN = "https://...";
USE_SENDMAIL = true;
SENDMAIL_COMMAND = "${config.security.wrapperDir}/sendmail";
SMTP_FROM = "...";
};
};
users.users.vaultwarden.extraGroups = [ config.services.nullmailer.group ];
systemd.services.vaultwarden = {
serviceConfig = {
# Not sure which of this or the users.users.vaultwarden.extraGroups is required
SupplementaryGroups = [ config.services.nullmailer.group ];
ReadWritePaths = [ "/var/spool/nullmailer/" ];
};
};