From 816614bd62bcdb0b72b48a55d9a5a8ffb76ce2ea Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 14 Dec 2022 15:44:08 +0100
Subject: [PATCH] nixos/exim: allow using service credentials

By settings User= to the actual Exim user, systemd will ensure that the
credentials directory will have the correct ownership, allowing users to
utilize LoadCredential=.  Exim still gets started as root (and drops
privileges) to preserve the previous behavior.
---
 nixos/modules/services/mail/exim.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/mail/exim.nix b/nixos/modules/services/mail/exim.nix
index cd0da4fc509..a9504acee35 100644
--- a/nixos/modules/services/mail/exim.nix
+++ b/nixos/modules/services/mail/exim.nix
@@ -116,8 +116,9 @@ in
       wantedBy = [ "multi-user.target" ];
       restartTriggers = [ config.environment.etc."exim.conf".source ];
       serviceConfig = {
-        ExecStart   = "${cfg.package}/bin/exim -bdf -q${cfg.queueRunnerInterval}";
-        ExecReload  = "${coreutils}/bin/kill -HUP $MAINPID";
+        ExecStart   = "+${cfg.package}/bin/exim -bdf -q${cfg.queueRunnerInterval}";
+        ExecReload  = "+${coreutils}/bin/kill -HUP $MAINPID";
+        User        = cfg.user;
       };
       preStart = ''
         if ! test -d ${cfg.spoolDir}; then