modules/private/mail/rspamd.nix

   1 { lib, pkgs, config, myconfig,  ... }:
   2 {
   3   options.myServices.mail.rspamd.sockets = lib.mkOption {
   4     type = lib.types.attrsOf lib.types.path;
   5     default = {
   6       worker-controller = "/run/rspamd/worker-controller.sock";
   7     };
   8     readOnly = true;
   9     description = ''
  10       rspamd sockets
  11       '';
  12   };
  13   config = lib.mkIf config.myServices.mail.enable {
  14     services.backup.profiles.mail.excludeFile = ''
  15       + /var/lib/rspamd
  16       '';
  17     services.cron.systemCronJobs = let
  18       cron_script = pkgs.runCommand "cron_script" {
  19         buildInputs = [ pkgs.makeWrapper ];
  20       } ''
  21         mkdir -p $out
  22         cp ${./scan_reported_mails} $out/scan_reported_mails
  23         patchShebangs $out
  24         for i in $out/*; do
  25           wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
  26         done
  27         '';
  28     in
  29       [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];
  30
  31     services.rspamd = {
  32       enable = true;
  33       debug = true;
  34       overrides = {
  35         "actions.conf".text = ''
  36           reject = null;
  37           add_header = 6;
  38           greylist = null;
  39           '';
  40         "milter_headers.conf".text = ''
  41           extended_spam_headers = true;
  42         '';
  43       };
  44       locals = {
  45         "redis.conf".text = ''
  46           servers = "${myconfig.env.mail.rspamd.redis.socket}";
  47           db = "${myconfig.env.mail.rspamd.redis.db}";
  48           '';
  49         "classifier-bayes.conf".text = ''
  50           users_enabled = true;
  51           backend = "redis";
  52           servers = "${myconfig.env.mail.rspamd.redis.socket}";
  53           database = "${myconfig.env.mail.rspamd.redis.db}";
  54           autolearn = true;
  55           cache {
  56             backend = "redis";
  57           }
  58           new_schema = true;
  59           statfile {
  60             BAYES_HAM {
  61               spam = false;
  62             }
  63             BAYES_SPAM {
  64               spam = true;
  65             }
  66           }
  67           '';
  68       };
  69       workers = {
  70         controller = {
  71           extraConfig = ''
  72             enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}";
  73             password = "${myconfig.env.mail.rspamd.read_password_hashed}";
  74           '';
  75           bindSockets = [ {
  76             socket = config.myServices.mail.rspamd.sockets.worker-controller;
  77             mode = "0660";
  78             owner = config.services.rspamd.user;
  79             group = "vhost";
  80           } ];
  81         };
  82       };
  83       postfix = {
  84         enable = true;
  85         config = {};
  86       };
  87     };
  88   };
  89 }