modules/private/mail/rspamd.nix

   1 { lib, pkgs, config, myconfig,  ... }:
   2 {
   3   options.myServices.mail.rspamd.sockets = lib.mkOption {
   4     type = lib.types.attrsOf lib.types.path;
   5     default = {
   6       worker-controller = "/run/rspamd/worker-controller.sock";
   7     };
   8     readOnly = true;
   9     description = ''
  10       rspamd sockets
  11       '';
  12   };
  13   config.services.backup.profiles.mail.excludeFile = ''
  14     + /var/lib/rspamd
  15     '';
  16   config.services.cron.systemCronJobs = let
  17     cron_script = pkgs.runCommand "cron_script" {
  18       buildInputs = [ pkgs.makeWrapper ];
  19     } ''
  20       mkdir -p $out
  21       cp ${./scan_reported_mails} $out/scan_reported_mails
  22       patchShebangs $out
  23       for i in $out/*; do
  24         wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
  25       done
  26       '';
  27   in
  28     [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];
  29
  30   config.services.rspamd = {
  31     enable = true;
  32     debug = true;
  33     overrides = {
  34       "actions.conf".text = ''
  35         reject = null;
  36         add_header = 6;
  37         greylist = null;
  38         '';
  39       "milter_headers.conf".text = ''
  40         extended_spam_headers = true;
  41       '';
  42     };
  43     locals = {
  44       "redis.conf".text = ''
  45         servers = "${myconfig.env.mail.rspamd.redis.socket}";
  46         db = "${myconfig.env.mail.rspamd.redis.db}";
  47         '';
  48       "classifier-bayes.conf".text = ''
  49         users_enabled = true;
  50         backend = "redis";
  51         servers = "${myconfig.env.mail.rspamd.redis.socket}";
  52         database = "${myconfig.env.mail.rspamd.redis.db}";
  53         autolearn = true;
  54         cache {
  55           backend = "redis";
  56         }
  57         new_schema = true;
  58         statfile {
  59           BAYES_HAM {
  60             spam = false;
  61           }
  62           BAYES_SPAM {
  63             spam = true;
  64           }
  65         }
  66         '';
  67     };
  68     workers = {
  69       controller = {
  70         extraConfig = ''
  71           enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}";
  72           password = "${myconfig.env.mail.rspamd.read_password_hashed}";
  73         '';
  74         bindSockets = [ {
  75           socket = config.myServices.mail.rspamd.sockets.worker-controller;
  76           mode = "0660";
  77           owner = config.services.rspamd.user;
  78           group = "vhost";
  79         } ];
  80       };
  81     };
  82     postfix = {
  83       enable = true;
  84       config = {};
  85     };
  86   };
  87 }