1 files changed, 84 insertions, 0 deletions
diff --git a/modules/private/mail/rspamd.nix b/modules/private/mail/rspamd.nix
new file mode 100644
index 0000000..3a7a67c
--- /dev/null
+++ b/modules/private/mail/rspamd.nix
@@ -0,0 +1,84 @@
+{ lib, pkgs, config, myconfig,  ... }:
+{
+  options.myServices.mail.rspamd.sockets = lib.mkOption {
+    type = lib.types.attrsOf lib.types.path;
+    default = {
+      worker-controller = "/run/rspamd/worker-controller.sock";
+    };
+    readOnly = true;
+    description = ''
+      rspamd sockets
+      '';
+  };
+  config.services.cron.systemCronJobs = let
+    cron_script = pkgs.runCommand "cron_script" {
+      buildInputs = [ pkgs.makeWrapper ];
+    } ''
+      mkdir -p $out
+      cp ${./scan_reported_mails} $out/scan_reported_mails
+      patchShebangs $out
+      for i in $out/*; do
+        wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
+      done
+      '';
+  in
+    [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];
+  config.services.rspamd = {
+    enable = true;
+    debug = true;
+    overrides = {
+      "actions.conf".text = ''
+        reject = null;
+        add_header = 6;
+        greylist = null;
+        '';
+      "milter_headers.conf".text = ''
+        extended_spam_headers = true;
+      '';
+    };
+    locals = {
+      "redis.conf".text = ''
+        servers = "${myconfig.env.mail.rspamd.redis.socket}";
+        db = "${myconfig.env.mail.rspamd.redis.db}";
+        '';
+      "classifier-bayes.conf".text = ''
+        users_enabled = true;
+        backend = "redis";
+        servers = "${myconfig.env.mail.rspamd.redis.socket}";
+        database = "${myconfig.env.mail.rspamd.redis.db}";
+        autolearn = true;
+        cache {
+          backend = "redis";
+        }
+        new_schema = true;
+        statfile {
+          BAYES_HAM {
+            spam = false;
+          }
+          BAYES_SPAM {
+            spam = true;
+          }
+        }
+        '';
+    };
+    workers = {
+      controller = {
+        extraConfig = ''
+          enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}";
+          password = "${myconfig.env.mail.rspamd.read_password_hashed}";
+        '';
+        bindSockets = [ {
+          socket = config.myServices.mail.rspamd.sockets.worker-controller;
+          mode = "0660";
+          owner = config.services.rspamd.user;
+          group = "vhost";
+        } ];
+      };
+    };
+    postfix = {
+      enable = true;
+      config = {};
+    };
+  };
+}

diff --git a/modules/private/mail/rspamd.nix b/modules/private/mail/rspamd.nix new file mode 100644 index 0000000..3a7a67c --- /dev/null +++ b/modules/private/mail/rspamd.nix
@@ -0,0 +1,84 @@
	1	{ lib, pkgs, config, myconfig, ... }:
	2	{
	3	options.myServices.mail.rspamd.sockets = lib.mkOption {
	4	type = lib.types.attrsOf lib.types.path;
	5	default = {
	6	worker-controller = "/run/rspamd/worker-controller.sock";
	7	};
	8	readOnly = true;
	9	description = ''
	10	rspamd sockets
	11	'';
	12	};
	13	config.services.cron.systemCronJobs = let
	14	cron_script = pkgs.runCommand "cron_script" {
	15	buildInputs = [ pkgs.makeWrapper ];
	16	} ''
	17	mkdir -p $out
	18	cp ${./scan_reported_mails} $out/scan_reported_mails
	19	patchShebangs $out
	20	for i in $out/*; do
	21	wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
	22	done
	23	'';
	24	in
	25	[ "/20 * * * vhost ${cron_script}/scan_reported_mails" ];
	26
	27	config.services.rspamd = {
	28	enable = true;
	29	debug = true;
	30	overrides = {
	31	"actions.conf".text = ''
	32	reject = null;
	33	add_header = 6;
	34	greylist = null;
	35	'';
	36	"milter_headers.conf".text = ''
	37	extended_spam_headers = true;
	38	'';
	39	};
	40	locals = {
	41	"redis.conf".text = ''
	42	servers = "${myconfig.env.mail.rspamd.redis.socket}";
	43	db = "${myconfig.env.mail.rspamd.redis.db}";
	44	'';
	45	"classifier-bayes.conf".text = ''
	46	users_enabled = true;
	47	backend = "redis";
	48	servers = "${myconfig.env.mail.rspamd.redis.socket}";
	49	database = "${myconfig.env.mail.rspamd.redis.db}";
	50	autolearn = true;
	51	cache {
	52	backend = "redis";
	53	}
	54	new_schema = true;
	55	statfile {
	56	BAYES_HAM {
	57	spam = false;
	58	}
	59	BAYES_SPAM {
	60	spam = true;
	61	}
	62	}
	63	'';
	64	};
	65	workers = {
	66	controller = {
	67	extraConfig = ''
	68	enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}";
	69	password = "${myconfig.env.mail.rspamd.read_password_hashed}";
	70	'';
	71	bindSockets = [ {
	72	socket = config.myServices.mail.rspamd.sockets.worker-controller;
	73	mode = "0660";
	74	owner = config.services.rspamd.user;
	75	group = "vhost";
	76	} ];
	77	};
	78	};
	79	postfix = {
	80	enable = true;
	81	config = {};
	82	};
	83	};
	84	}