Revert "nixos/postfix: fix in secure systemd-nspawn containers"

This reverts commit f2eda9a6a9. Adding `-p` results in a world-readable file which we don't want for e.g. `smtp_sasl_password_maps`: > Keep the SASL client password file in /etc/postfix, and make the file > read+write only for root to protect the username/password combinations > against other users.[^1] [^1]: https://www.postfix.org/SASL_README.html#client_sasl_enable
2025-11-11 19:17:14 -08:00
parent 23208dde43
commit 7f36b9d6e1
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -972,7 +972,7 @@ in
            ${lib.concatStringsSep "\n" (
              lib.mapAttrsToList (to: from: ''
                ln -sf ${from} /var/lib/postfix/conf/${to}
-                ${lib.getExe' cfg.package "postmap"} -o -p /var/lib/postfix/conf/${to}
+                ${lib.getExe' cfg.package "postmap"} /var/lib/postfix/conf/${to}
              '') cfg.mapFiles
            )}