nixfiles/hosts/hetzner-vm/containers/mail/modules/mailserver/rspamd.nix

102 lines
2.1 KiB
Nix
Raw Normal View History

{
config,
lib,
...
}: let
2023-09-18 03:56:58 +01:00
inherit (lib.modules) mkIf;
mailConfig = config.services.mailserver;
2022-11-17 12:06:16 +00:00
rspamdCfg = config.services.rspamd;
rspamdSocket = "rspamd.service";
in {
2023-09-18 03:56:58 +01:00
config = mkIf (mailConfig.enable && mailConfig.rspamd.enable) {
2022-11-17 12:06:16 +00:00
services.rspamd = {
enable = true;
2023-09-18 03:56:58 +01:00
debug = mailConfig.debugMode;
2022-11-17 12:06:16 +00:00
locals = {
"milter_headers.conf" = {
text = ''
extended_spam_headers = yes;
'';
};
"redis.conf" = {
text = ''
2023-09-18 03:56:58 +01:00
servers = "127.0.0.1:${toString mailConfig.rspamd.redisPort}";
2022-11-17 12:06:16 +00:00
'';
};
"classifier-bayes.conf" = {
text = ''
cache {
backend = "redis";
}
min_learns = 5;
'';
};
"dkim_signing.conf" = {
text = ''
# opendkim does this
enabled = false;
'';
};
};
overrides = {
"milter_headers.conf" = {
text = ''
extended_spam_headers = true;
'';
};
};
workers.rspamd_proxy = {
type = "rspamd_proxy";
bindSockets = [
{
socket = "/run/rspamd/rspamd-milter.sock";
mode = "0664";
}
];
2022-11-17 12:06:16 +00:00
count = 1;
extraConfig = ''
milter = yes;
timeout = 120s;
upstream "local" {
default = yes;
self_scan = yes;
}
'';
};
workers.controller = {
type = "controller";
count = 1;
bindSockets = [
{
socket = "/run/rspamd/worker-controller.sock";
mode = "0666";
}
];
includes = [];
2022-11-17 12:06:16 +00:00
};
};
services.redis.servers.rspamd = {
enable = true;
2023-09-18 03:56:58 +01:00
port = mailConfig.rspamd.redisPort;
2022-11-17 12:06:16 +00:00
};
systemd.services.rspamd = {
requires = ["redis-rspamd.service"];
after = ["redis-rspamd.service"];
2022-11-17 12:06:16 +00:00
};
systemd.services.postfix = {
after = [rspamdSocket];
requires = [rspamdSocket];
2022-11-17 12:06:16 +00:00
};
2023-09-18 03:56:58 +01:00
users.extraUsers.postfix.extraGroups = [rspamdCfg.group];
};
2022-11-17 12:06:16 +00:00
}