modules/private/mail/rspamd.nix

   1 { lib, pkgs, config, myconfig,  ... }:
   2 {
   3   options.myServices.mail.rspamd.sockets = lib.mkOption {
   4     type = lib.types.attrsOf lib.types.path;
   5     default = {
   6       worker-controller = "/run/rspamd/worker-controller.sock";
   7     };
   8     readOnly = true;
   9     description = ''
  10       rspamd sockets
  11       '';
  12   };
  13   config.services.cron.systemCronJobs = let
  14     cron_script = pkgs.runCommand "cron_script" {
  15       buildInputs = [ pkgs.makeWrapper ];
  16     } ''
  17       mkdir -p $out
  18       cp ${./scan_reported_mails} $out/scan_reported_mails
  19       patchShebangs $out
  20       for i in $out/*; do
  21         wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
  22       done
  23       '';
  24   in
  25     [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];
  26
  27   config.services.rspamd = {
  28     enable = true;
  29     debug = true;
  30     overrides = {
  31       "actions.conf".text = ''
  32         reject = null;
  33         add_header = 6;
  34         greylist = null;
  35         '';
  36       "milter_headers.conf".text = ''
  37         extended_spam_headers = true;
  38       '';
  39     };
  40     locals = {
  41       "redis.conf".text = ''
  42         servers = "${myconfig.env.mail.rspamd.redis.socket}";
  43         db = "${myconfig.env.mail.rspamd.redis.db}";
  44         '';
  45       "classifier-bayes.conf".text = ''
  46         users_enabled = true;
  47         backend = "redis";
  48         servers = "${myconfig.env.mail.rspamd.redis.socket}";
  49         database = "${myconfig.env.mail.rspamd.redis.db}";
  50         autolearn = true;
  51         cache {
  52           backend = "redis";
  53         }
  54         new_schema = true;
  55         statfile {
  56           BAYES_HAM {
  57             spam = false;
  58           }
  59           BAYES_SPAM {
  60             spam = true;
  61           }
  62         }
  63         '';
  64     };
  65     workers = {
  66       controller = {
  67         extraConfig = ''
  68           enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}";
  69           password = "${myconfig.env.mail.rspamd.read_password_hashed}";
  70         '';
  71         bindSockets = [ {
  72           socket = config.myServices.mail.rspamd.sockets.worker-controller;
  73           mode = "0660";
  74           owner = config.services.rspamd.user;
  75           group = "vhost";
  76         } ];
  77       };
  78     };
  79     postfix = {
  80       enable = true;
  81       config = {};
  82     };
  83   };
  84 }