{ config, pkgs, lib, ... }: let host = "catvayor.sh"; in { users.users.moderators = { isNormalUser = true; extraGroups = [ "postdrop" ]; openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; }; home-manager.users.moderators = { }; mailserver.loginAccounts."moderators@${host}" = { hashedPassword = ""; sieveScript = '' require "vnd.dovecot.pipe"; pipe "procmail-modo"; ''; }; services.dovecot2.sieve = { extensions = [ "vnd.dovecot.pipe" ]; pipeBins = [ (lib.getExe ( pkgs.writeShellApplication { name = "procmail-modo"; text = '' exec /run/wrappers/bin/sudo ${lib.getExe' pkgs.procmail "procmail"} -d moderators ''; } )) ]; }; security.sudo.extraRules = [ { users = [ "virtualMail" ]; commands = [ { command = "${lib.getExe' pkgs.procmail "procmail"}"; options = [ "SETENV" "NOPASSWD" ]; } ]; } ]; services.postgresql = { enable = true; ensureUsers = [ { name = "moderators"; ensureClauses.superuser = true; } ]; ensureDatabases = [ "moderation" ]; identMap = '' map-moderators moderators moderators ''; }; }