--- /dev/null
+{ lib, pkgs, config, myconfig, ... }:
+{
+ options.myServices.mail.rspamd.sockets = lib.mkOption {
+ type = lib.types.attrsOf lib.types.path;
+ default = {
+ worker-controller = "/run/rspamd/worker-controller.sock";
+ };
+ readOnly = true;
+ description = ''
+ rspamd sockets
+ '';
+ };
+ config.services.cron.systemCronJobs = let
+ cron_script = pkgs.runCommand "cron_script" {
+ buildInputs = [ pkgs.makeWrapper ];
+ } ''
+ mkdir -p $out
+ cp ${./scan_reported_mails} $out/scan_reported_mails
+ patchShebangs $out
+ for i in $out/*; do
+ wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
+ done
+ '';
+ in
+ [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];
+
+ config.services.rspamd = {
+ enable = true;
+ debug = true;
+ overrides = {
+ "actions.conf".text = ''
+ reject = null;
+ add_header = 6;
+ greylist = null;
+ '';
+ "milter_headers.conf".text = ''
+ extended_spam_headers = true;
+ '';
+ };
+ locals = {
+ "redis.conf".text = ''
+ servers = "${myconfig.env.mail.rspamd.redis.socket}";
+ db = "${myconfig.env.mail.rspamd.redis.db}";
+ '';
+ "classifier-bayes.conf".text = ''
+ users_enabled = true;
+ backend = "redis";
+ servers = "${myconfig.env.mail.rspamd.redis.socket}";
+ database = "${myconfig.env.mail.rspamd.redis.db}";
+ autolearn = true;
+ cache {
+ backend = "redis";
+ }
+ new_schema = true;
+ statfile {
+ BAYES_HAM {
+ spam = false;
+ }
+ BAYES_SPAM {
+ spam = true;
+ }
+ }
+ '';
+ };
+ workers = {
+ controller = {
+ extraConfig = ''
+ enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}";
+ password = "${myconfig.env.mail.rspamd.read_password_hashed}";
+ '';
+ bindSockets = [ {
+ socket = config.myServices.mail.rspamd.sockets.worker-controller;
+ mode = "0660";
+ owner = config.services.rspamd.user;
+ group = "vhost";
+ } ];
+ };
+ };
+ postfix = {
+ enable = true;
+ config = {};
+ };
+ };
+}