From 9c6a8123348520bf59228887eb6ffb23918bddaa Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Mon, 11 May 2026 13:47:44 +0900
Subject: [PATCH] WIP: temmie/userweb: use IPC to proxy sendmail requests out
 of sandbox

---
 hosts/temmie/services/userweb/mail.nix | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/hosts/temmie/services/userweb/mail.nix b/hosts/temmie/services/userweb/mail.nix
index 203cddf..f76517c 100644
--- a/hosts/temmie/services/userweb/mail.nix
+++ b/hosts/temmie/services/userweb/mail.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 {
   services.postfix.enable = lib.mkForce false;
 
@@ -9,4 +9,26 @@
       remotes = "mail.pvv.ntnu.no smtp --port=25";
     };
   };
+
+  systemd.sockets.userweb-sendmail-sandbox-proxy = {
+    wantedBy = [ "sockets.target" ];
+    listenStreams = [ "/run/userweb-sendmail-sandbox-proxy.sock" ];
+    socketConfig = {
+      # Accept = true;
+      SocketUser = "httpd";
+      SocketGroup = "httpd"; # TODO: is wwwrun(54) in this group?
+      SocketMode = "0660";
+    };
+  };
+
+  systemd.services.userweb-sendmail-sandbox-proxy = {
+    serviceConfig = {
+      User = "root";
+      Group = "root";
+      Sockets = [
+        "userweb-sendmail-sandbox-proxy.socket"
+      ];
+      ExecStart = "${lib.getExe pkgs.hello}";
+    };
+  };
 }