nixfiles/hosts/hetzner-vm/modules/mailserver/rspamd.nix

{ config, pkgs, lib, ... }:

let
  mail_config = config.mailserver;

  ports = (import ../../ports.nix { });

  postfixCfg = config.services.postfix;
  rspamdCfg = config.services.rspamd;
  rspamdSocket = "rspamd.service";
in {
  config = (lib.mkIf (mail_config.enable) {

    services.rspamd = {
      enable = true;
      debug = mail_config.debug_mode;
      locals = {
        "milter_headers.conf" = {
          text = ''
            extended_spam_headers = yes;
          '';
        };
        "redis.conf" = {
          text = ''
            servers = "127.0.0.1:${toString ports.rspamd-redis}";
          '';
        };
        "classifier-bayes.conf" = {
          text = ''
            cache {
              backend = "redis";
            }
            min_learns = 5;
          '';
        };
        "dkim_signing.conf" = {
          text = ''
            # opendkim does this
            enabled = false;
          '';
        };
      };

      overrides = {
        "milter_headers.conf" = {
          text = ''
            extended_spam_headers = true;
          '';
        };
      };

      workers.rspamd_proxy = {
        type = "rspamd_proxy";
        bindSockets = [{
          socket = "/run/rspamd/rspamd-milter.sock";
          mode = "0664";
        }];
        count = 1;
        extraConfig = ''
          milter = yes;
          timeout = 120s;

          upstream "local" {
            default = yes;
            self_scan = yes;
          }
        '';
      };
      workers.controller = {
        type = "controller";
        count = 1;
        bindSockets = [{
          socket = "/run/rspamd/worker-controller.sock";
          mode = "0666";
        }];
        includes = [ ];
      };

    };

    services.redis.servers.rspamd = {
      enable = true;
      port = ports.rspamd-redis;
    };

    systemd.services.rspamd = {
      requires = [ "redis-rspamd.service" ];
      after = [ "redis-rspamd.service" ];
    };

    systemd.services.postfix = {
      after = [ rspamdSocket ];
      requires = [ rspamdSocket ];
    };

    users.extraUsers.${postfixCfg.user}.extraGroups = [ rspamdCfg.group ];
  });
}
move mailserver to module 2022-11-17 12:06:16 +00:00			`{ config, pkgs, lib, ... }:`

			`let`
			`mail_config = config.mailserver;`

			`ports = (import ../../ports.nix { });`

			`postfixCfg = config.services.postfix;`
			`rspamdCfg = config.services.rspamd;`
			`rspamdSocket = "rspamd.service";`
			`in {`
			`config = (lib.mkIf (mail_config.enable) {`

			`services.rspamd = {`
			`enable = true;`
			`debug = mail_config.debug_mode;`
			`locals = {`
			`"milter_headers.conf" = {`
			`text = ''`
			`extended_spam_headers = yes;`
			`'';`
			`};`
			`"redis.conf" = {`
			`text = ''`
			`servers = "127.0.0.1:${toString ports.rspamd-redis}";`
			`'';`
			`};`
			`"classifier-bayes.conf" = {`
			`text = ''`
			`cache {`
			`backend = "redis";`
			`}`
			`min_learns = 5;`
			`'';`
			`};`
			`"dkim_signing.conf" = {`
			`text = ''`
			`# opendkim does this`
			`enabled = false;`
			`'';`
			`};`
			`};`

			`overrides = {`
			`"milter_headers.conf" = {`
			`text = ''`
			`extended_spam_headers = true;`
			`'';`
			`};`
			`};`

			`workers.rspamd_proxy = {`
			`type = "rspamd_proxy";`
			`bindSockets = [{`
			`socket = "/run/rspamd/rspamd-milter.sock";`
			`mode = "0664";`
			`}];`
			`count = 1;`
			`extraConfig = ''`
			`milter = yes;`
			`timeout = 120s;`

			`upstream "local" {`
			`default = yes;`
			`self_scan = yes;`
			`}`
			`'';`
			`};`
			`workers.controller = {`
			`type = "controller";`
			`count = 1;`
			`bindSockets = [{`
			`socket = "/run/rspamd/worker-controller.sock";`
			`mode = "0666";`
			`}];`
			`includes = [ ];`
			`};`

			`};`

			`services.redis.servers.rspamd = {`
			`enable = true;`
			`port = ports.rspamd-redis;`
			`};`

			`systemd.services.rspamd = {`
			`requires = [ "redis-rspamd.service" ];`
			`after = [ "redis-rspamd.service" ];`
			`};`

			`systemd.services.postfix = {`
			`after = [ rspamdSocket ];`
			`requires = [ rspamdSocket ];`
			`};`

			`users.extraUsers.${postfixCfg.user}.extraGroups = [ rspamdCfg.group ];`
			`});`
			`}`