[perso/Immae/Config/Nix.git] / modules / private / mail / rspamd.nix

{ lib, pkgs, config, ... }:
{
  options.myServices.mail.rspamd.sockets = lib.mkOption {
    type = lib.types.attrsOf lib.types.path;
    default = {
      worker-controller = "/run/rspamd/worker-controller.sock";
    };
    readOnly = true;
    description = ''
      rspamd sockets
      '';
  };
  config = lib.mkIf config.myServices.mail.enable {
    services.duplyBackup.profiles.mail.excludeFile = ''
      + /var/lib/rspamd
      '';
    services.cron.systemCronJobs = let
      cron_script = pkgs.runCommand "cron_script" {
        buildInputs = [ pkgs.makeWrapper ];
      } ''
        mkdir -p $out
        cp ${./scan_reported_mails} $out/scan_reported_mails
        patchShebangs $out
        for i in $out/*; do
          wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
        done
        '';
    in
      [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];

    systemd.services.rspamd.serviceConfig.Slice = "mail.slice";
    services.rspamd = {
      enable = true;
      debug = false;
      overrides = {
        "actions.conf".text = ''
          reject = null;
          add_header = 6;
          greylist = null;
          '';
        "milter_headers.conf".text = ''
          extended_spam_headers = true;
        '';
      };
      locals = {
        "redis.conf".text = ''
          servers = "${config.myEnv.mail.rspamd.redis.socket}";
          db = "${config.myEnv.mail.rspamd.redis.db}";
          '';
        "classifier-bayes.conf".text = ''
          users_enabled = true;
          backend = "redis";
          servers = "${config.myEnv.mail.rspamd.redis.socket}";
          database = "${config.myEnv.mail.rspamd.redis.db}";
          autolearn = true;
          cache {
            backend = "redis";
          }
          new_schema = true;
          statfile {
            BAYES_HAM {
              spam = false;
            }
            BAYES_SPAM {
              spam = true;
            }
          }
          '';
      };
      workers = {
        controller = {
          extraConfig = ''
            enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}";
            password = "${config.myEnv.mail.rspamd.read_password_hashed}";
          '';
          bindSockets = [ {
            socket = config.myServices.mail.rspamd.sockets.worker-controller;
            mode = "0660";
            owner = config.services.rspamd.user;
            group = "vhost";
          } ];
        };
      };
      postfix = {
        enable = true;
        config = {};
      };
    };
  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
a929614f IB	2	{
	3	options.myServices.mail.rspamd.sockets = lib.mkOption {
	4	type = lib.types.attrsOf lib.types.path;
	5	default = {
	6	worker-controller = "/run/rspamd/worker-controller.sock";
	7	};
	8	readOnly = true;
	9	description = ''
	10	rspamd sockets
	11	'';
	12	};
8415083e	13	config = lib.mkIf config.myServices.mail.enable {
d2e703c5	14	services.duplyBackup.profiles.mail.excludeFile = ''
8415083e	15	+ /var/lib/rspamd
a929614f	16	'';
8415083e IB	17	services.cron.systemCronJobs = let
	18	cron_script = pkgs.runCommand "cron_script" {
	19	buildInputs = [ pkgs.makeWrapper ];
	20	} ''
	21	mkdir -p $out
	22	cp ${./scan_reported_mails} $out/scan_reported_mails
	23	patchShebangs $out
	24	for i in $out/*; do
	25	wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
	26	done
a929614f	27	'';
8415083e IB	28	in
	29	[ "/20 * * * vhost ${cron_script}/scan_reported_mails" ];
	30
850adcf4	31	systemd.services.rspamd.serviceConfig.Slice = "mail.slice";
8415083e IB	32	services.rspamd = {
8415083e IB	33	enable = true;
34a16461	34	debug = false;
8415083e IB	35	overrides = {
	36	"actions.conf".text = ''
	37	reject = null;
	38	add_header = 6;
	39	greylist = null;
	40	'';
	41	"milter_headers.conf".text = ''
	42	extended_spam_headers = true;
a929614f	43	'';
8415083e IB	44	};
	45	locals = {
	46	"redis.conf".text = ''
ab8f306d IB	47	servers = "${config.myEnv.mail.rspamd.redis.socket}";
ab8f306d IB	48	db = "${config.myEnv.mail.rspamd.redis.db}";
8415083e IB	49	'';
	50	"classifier-bayes.conf".text = ''
	51	users_enabled = true;
a929614f	52	backend = "redis";
ab8f306d IB	53	servers = "${config.myEnv.mail.rspamd.redis.socket}";
ab8f306d IB	54	database = "${config.myEnv.mail.rspamd.redis.db}";
8415083e IB	55	autolearn = true;
	56	cache {
	57	backend = "redis";
a929614f	58	}
8415083e IB	59	new_schema = true;
	60	statfile {
	61	BAYES_HAM {
	62	spam = false;
	63	}
	64	BAYES_SPAM {
	65	spam = true;
	66	}
a929614f	67	}
8415083e IB	68	'';
	69	};
	70	workers = {
	71	controller = {
	72	extraConfig = ''
ab8f306d IB	73	enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}";
ab8f306d IB	74	password = "${config.myEnv.mail.rspamd.read_password_hashed}";
8415083e IB	75	'';
	76	bindSockets = [ {
	77	socket = config.myServices.mail.rspamd.sockets.worker-controller;
	78	mode = "0660";
	79	owner = config.services.rspamd.user;
	80	group = "vhost";
	81	} ];
	82	};
	83	};
	84	postfix = {
	85	enable = true;
	86	config = {};
a929614f	87	};
a929614f IB	88	};
	89	};
	90	}