]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
a929614f IB |
2 | { |
3 | options.myServices.mail.rspamd.sockets = lib.mkOption { | |
4 | type = lib.types.attrsOf lib.types.path; | |
5 | default = { | |
6 | worker-controller = "/run/rspamd/worker-controller.sock"; | |
7 | }; | |
8 | readOnly = true; | |
9 | description = '' | |
10 | rspamd sockets | |
11 | ''; | |
12 | }; | |
8415083e | 13 | config = lib.mkIf config.myServices.mail.enable { |
8415083e IB |
14 | services.cron.systemCronJobs = let |
15 | cron_script = pkgs.runCommand "cron_script" { | |
16 | buildInputs = [ pkgs.makeWrapper ]; | |
17 | } '' | |
18 | mkdir -p $out | |
19 | cp ${./scan_reported_mails} $out/scan_reported_mails | |
20 | patchShebangs $out | |
21 | for i in $out/*; do | |
22 | wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]} | |
23 | done | |
a929614f | 24 | ''; |
8415083e IB |
25 | in |
26 | [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ]; | |
27 | ||
850adcf4 | 28 | systemd.services.rspamd.serviceConfig.Slice = "mail.slice"; |
1a64deeb | 29 | systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "vhost" ]; |
8415083e IB |
30 | services.rspamd = { |
31 | enable = true; | |
34a16461 | 32 | debug = false; |
8415083e IB |
33 | overrides = { |
34 | "actions.conf".text = '' | |
35 | reject = null; | |
36 | add_header = 6; | |
37 | greylist = null; | |
38 | ''; | |
39 | "milter_headers.conf".text = '' | |
40 | extended_spam_headers = true; | |
a929614f | 41 | ''; |
8415083e IB |
42 | }; |
43 | locals = { | |
e612b869 IB |
44 | "composites.conf".text = '' |
45 | # Local delivered e-mails have both SMTP AUTH and only one Received | |
46 | "LOCAL_DELIVERED_EMAILS" = { | |
47 | expression = "RCVD_VIA_SMTP_AUTH and ONCE_RECEIVED"; | |
48 | score = -10.0; | |
49 | } | |
50 | ''; | |
8415083e | 51 | "redis.conf".text = '' |
ab8f306d IB |
52 | servers = "${config.myEnv.mail.rspamd.redis.socket}"; |
53 | db = "${config.myEnv.mail.rspamd.redis.db}"; | |
8415083e IB |
54 | ''; |
55 | "classifier-bayes.conf".text = '' | |
56 | users_enabled = true; | |
a929614f | 57 | backend = "redis"; |
ab8f306d IB |
58 | servers = "${config.myEnv.mail.rspamd.redis.socket}"; |
59 | database = "${config.myEnv.mail.rspamd.redis.db}"; | |
8415083e IB |
60 | autolearn = true; |
61 | cache { | |
62 | backend = "redis"; | |
a929614f | 63 | } |
8415083e IB |
64 | new_schema = true; |
65 | statfile { | |
66 | BAYES_HAM { | |
67 | spam = false; | |
68 | } | |
69 | BAYES_SPAM { | |
70 | spam = true; | |
71 | } | |
a929614f | 72 | } |
8415083e IB |
73 | ''; |
74 | }; | |
75 | workers = { | |
76 | controller = { | |
77 | extraConfig = '' | |
ab8f306d IB |
78 | enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}"; |
79 | password = "${config.myEnv.mail.rspamd.read_password_hashed}"; | |
8415083e IB |
80 | ''; |
81 | bindSockets = [ { | |
82 | socket = config.myServices.mail.rspamd.sockets.worker-controller; | |
83 | mode = "0660"; | |
84 | owner = config.services.rspamd.user; | |
85 | group = "vhost"; | |
86 | } ]; | |
87 | }; | |
88 | }; | |
89 | postfix = { | |
90 | enable = true; | |
91 | config = {}; | |
a929614f | 92 | }; |
a929614f IB |
93 | }; |
94 | }; | |
95 | } |