diff options
Diffstat (limited to 'systems/eldiron/mail/rspamd.nix')
-rw-r--r-- | systems/eldiron/mail/rspamd.nix | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/systems/eldiron/mail/rspamd.nix b/systems/eldiron/mail/rspamd.nix new file mode 100644 index 0000000..a300cc5 --- /dev/null +++ b/systems/eldiron/mail/rspamd.nix | |||
@@ -0,0 +1,88 @@ | |||
1 | { lib, pkgs, config, ... }: | ||
2 | { | ||
3 | options.myServices.mail.rspamd.sockets = lib.mkOption { | ||
4 | type = lib.types.attrsOf lib.types.path; | ||
5 | default = { | ||
6 | worker-controller = "/run/rspamd/worker-controller.sock"; | ||
7 | }; | ||
8 | readOnly = true; | ||
9 | description = '' | ||
10 | rspamd sockets | ||
11 | ''; | ||
12 | }; | ||
13 | config = lib.mkIf config.myServices.mail.enable { | ||
14 | services.cron.systemCronJobs = let | ||
15 | cron_script = pkgs.runCommand "cron_script" { | ||
16 | buildInputs = [ pkgs.makeWrapper ]; | ||
17 | } '' | ||
18 | mkdir -p $out | ||
19 | cp ${./scan_reported_mails} $out/scan_reported_mails | ||
20 | patchShebangs $out | ||
21 | for i in $out/*; do | ||
22 | wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]} | ||
23 | done | ||
24 | ''; | ||
25 | in | ||
26 | [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ]; | ||
27 | |||
28 | systemd.services.rspamd.serviceConfig.Slice = "mail.slice"; | ||
29 | systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "vhost" ]; | ||
30 | services.rspamd = { | ||
31 | enable = true; | ||
32 | debug = false; | ||
33 | overrides = { | ||
34 | "actions.conf".text = '' | ||
35 | reject = null; | ||
36 | add_header = 6; | ||
37 | greylist = null; | ||
38 | ''; | ||
39 | "milter_headers.conf".text = '' | ||
40 | extended_spam_headers = true; | ||
41 | ''; | ||
42 | }; | ||
43 | locals = { | ||
44 | "redis.conf".text = '' | ||
45 | servers = "${config.myEnv.mail.rspamd.redis.socket}"; | ||
46 | db = "${config.myEnv.mail.rspamd.redis.db}"; | ||
47 | ''; | ||
48 | "classifier-bayes.conf".text = '' | ||
49 | users_enabled = true; | ||
50 | backend = "redis"; | ||
51 | servers = "${config.myEnv.mail.rspamd.redis.socket}"; | ||
52 | database = "${config.myEnv.mail.rspamd.redis.db}"; | ||
53 | autolearn = true; | ||
54 | cache { | ||
55 | backend = "redis"; | ||
56 | } | ||
57 | new_schema = true; | ||
58 | statfile { | ||
59 | BAYES_HAM { | ||
60 | spam = false; | ||
61 | } | ||
62 | BAYES_SPAM { | ||
63 | spam = true; | ||
64 | } | ||
65 | } | ||
66 | ''; | ||
67 | }; | ||
68 | workers = { | ||
69 | controller = { | ||
70 | extraConfig = '' | ||
71 | enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}"; | ||
72 | password = "${config.myEnv.mail.rspamd.read_password_hashed}"; | ||
73 | ''; | ||
74 | bindSockets = [ { | ||
75 | socket = config.myServices.mail.rspamd.sockets.worker-controller; | ||
76 | mode = "0660"; | ||
77 | owner = config.services.rspamd.user; | ||
78 | group = "vhost"; | ||
79 | } ]; | ||
80 | }; | ||
81 | }; | ||
82 | postfix = { | ||
83 | enable = true; | ||
84 | config = {}; | ||
85 | }; | ||
86 | }; | ||
87 | }; | ||
88 | } | ||