1 { lib, pkgs, config, ... }:
3 options.myServices.mail.rspamd.sockets = lib.mkOption {
4 type = lib.types.attrsOf lib.types.path;
6 worker-controller = "/run/rspamd/worker-controller.sock";
13 config = lib.mkIf config.myServices.mail.enable {
14 services.cron.systemCronJobs = let
15 cron_script = pkgs.runCommand "cron_script" {
16 buildInputs = [ pkgs.makeWrapper ];
19 cp ${./scan_reported_mails} $out/scan_reported_mails
22 wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
26 [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];
28 systemd.services.rspamd.serviceConfig.Slice = "mail.slice";
29 systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "vhost" ];
34 "actions.conf".text = ''
39 "milter_headers.conf".text = ''
40 extended_spam_headers = true;
44 "composites.conf".text = ''
45 # Local delivered e-mails have both SMTP AUTH and only one Received
46 "LOCAL_DELIVERED_EMAILS" = {
47 expression = "RCVD_VIA_SMTP_AUTH and ONCE_RECEIVED";
51 "redis.conf".text = ''
52 servers = "${config.myEnv.mail.rspamd.redis.socket}";
53 db = "${config.myEnv.mail.rspamd.redis.db}";
55 "classifier-bayes.conf".text = ''
58 servers = "${config.myEnv.mail.rspamd.redis.socket}";
59 database = "${config.myEnv.mail.rspamd.redis.db}";
78 enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}";
79 password = "${config.myEnv.mail.rspamd.read_password_hashed}";
82 socket = config.myServices.mail.rspamd.sockets.worker-controller;
84 owner = config.services.rspamd.user;