This reverts commit a794031c59.
With the following additions:
Allow `CAP_KILL`, so the dovecot master process may interrupt its child
processes.
Allow new privileges, so dovecot and call the setuid sendmail executable.
Allow AF_NETLINK sockets, so dovecot sieve handling can use the
getifaddrs syscall.
Finally, we now asssert, that no options are set on the legacy dovecot2
systemd unit name, to make the user aware they need to update their
overrides.
It's not clear how to use this command in other systemd units, this
section gives a recommendation.
I realized that there's no explicit mention of `nextcloud-occ` in the
first place, so I wrote some introductory sentences as well.
The tee-supplicant is a program that interacts with OP-TEE OS and allows
loading trusted applications at runtime (among other things). There is
an `optee` test included that uses the pkcs11 trusted application (in
upstream OP-TEE OS), loads it during system startup via tee-supplicant,
and uses `pkcs11-tool` to list available token slots.
See https://discourse.nixos.org/t/i-cannot-for-the-life-of-me-find-the-package-that-has-pg-config/66244/4
I decided against doing this in its own nixpkgs manual: the line
to draw is quite blurry already (e.g. we have documented our package
removal policy in here as well) and having to check two manuals for a
single subsystem feels pretty annoying to me.
The relevant part - where to find pg_config - is written at the top. I
decided to give a bit more context about the way our packaging works
since I realized a few times now that I don't remember all the details
about the problems we had in the past and having to look up individual
commit messages for that isn't very productive.
