modules/private/mail/rspamd.nix

   1 { lib, pkgs, config, ... }:
   2 {
   3   options.myServices.mail.rspamd.sockets = lib.mkOption {
   4     type = lib.types.attrsOf lib.types.path;
   5     default = {
   6       worker-controller = "/run/rspamd/worker-controller.sock";
   7     };
   8     readOnly = true;
   9     description = ''
  10       rspamd sockets
  11       '';
  12   };
  13   config = lib.mkIf config.myServices.mail.enable {
  14     services.cron.systemCronJobs = let
  15       cron_script = pkgs.runCommand "cron_script" {
  16         buildInputs = [ pkgs.makeWrapper ];
  17       } ''
  18         mkdir -p $out
  19         cp ${./scan_reported_mails} $out/scan_reported_mails
  20         patchShebangs $out
  21         for i in $out/*; do
  22           wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
  23         done
  24         '';
  25     in
  26       [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];
  27
  28     systemd.services.rspamd.serviceConfig.Slice = "mail.slice";
  29     services.rspamd = {
  30       enable = true;
  31       debug = false;
  32       overrides = {
  33         "actions.conf".text = ''
  34           reject = null;
  35           add_header = 6;
  36           greylist = null;
  37           '';
  38         "milter_headers.conf".text = ''
  39           extended_spam_headers = true;
  40         '';
  41       };
  42       locals = {
  43         "redis.conf".text = ''
  44           servers = "${config.myEnv.mail.rspamd.redis.socket}";
  45           db = "${config.myEnv.mail.rspamd.redis.db}";
  46           '';
  47         "classifier-bayes.conf".text = ''
  48           users_enabled = true;
  49           backend = "redis";
  50           servers = "${config.myEnv.mail.rspamd.redis.socket}";
  51           database = "${config.myEnv.mail.rspamd.redis.db}";
  52           autolearn = true;
  53           cache {
  54             backend = "redis";
  55           }
  56           new_schema = true;
  57           statfile {
  58             BAYES_HAM {
  59               spam = false;
  60             }
  61             BAYES_SPAM {
  62               spam = true;
  63             }
  64           }
  65           '';
  66       };
  67       workers = {
  68         controller = {
  69           extraConfig = ''
  70             enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}";
  71             password = "${config.myEnv.mail.rspamd.read_password_hashed}";
  72           '';
  73           bindSockets = [ {
  74             socket = config.myServices.mail.rspamd.sockets.worker-controller;
  75             mode = "0660";
  76             owner = config.services.rspamd.user;
  77             group = "vhost";
  78           } ];
  79         };
  80       };
  81       postfix = {
  82         enable = true;
  83         config = {};
  84       };
  85     };
  86   };
  87 }