{ lib, pkgs, config, ... }: { options.myServices.mail.rspamd.sockets = lib.mkOption { type = lib.types.attrsOf lib.types.path; default = { worker-controller = "/run/rspamd/worker-controller.sock"; }; readOnly = true; description = '' rspamd sockets ''; }; config = lib.mkIf config.myServices.mail.enable { services.duplyBackup.profiles.mail.excludeFile = '' + /var/lib/rspamd ''; services.cron.systemCronJobs = let cron_script = pkgs.runCommand "cron_script" { buildInputs = [ pkgs.makeWrapper ]; } '' mkdir -p $out cp ${./scan_reported_mails} $out/scan_reported_mails patchShebangs $out for i in $out/*; do wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]} done ''; in [ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ]; systemd.services.rspamd.serviceConfig.Slice = "mail.slice"; services.rspamd = { enable = true; debug = false; overrides = { "actions.conf".text = '' reject = null; add_header = 6; greylist = null; ''; "milter_headers.conf".text = '' extended_spam_headers = true; ''; }; locals = { "redis.conf".text = '' servers = "${config.myEnv.mail.rspamd.redis.socket}"; db = "${config.myEnv.mail.rspamd.redis.db}"; ''; "classifier-bayes.conf".text = '' users_enabled = true; backend = "redis"; servers = "${config.myEnv.mail.rspamd.redis.socket}"; database = "${config.myEnv.mail.rspamd.redis.db}"; autolearn = true; cache { backend = "redis"; } new_schema = true; statfile { BAYES_HAM { spam = false; } BAYES_SPAM { spam = true; } } ''; }; workers = { controller = { extraConfig = '' enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}"; password = "${config.myEnv.mail.rspamd.read_password_hashed}"; ''; bindSockets = [ { socket = config.myServices.mail.rspamd.sockets.worker-controller; mode = "0660"; owner = config.services.rspamd.user; group = "vhost"; } ]; }; }; postfix = { enable = true; config = {}; }; }; }; }