chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

remove rspamd from mail server module

Browse source
This commit is contained in:
chaos 2024-02-08 17:46:58 +00:00
parent ee9e3ea1f0
commit de89b62cab
No known key found for this signature in database
10 changed files with 4 additions and 193 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
hosts/hetzner-arm/containers/mail/modules/mailserver/default.nix
View file

@ -53,21 +53,6 @@ in {
}; };
}; };
rspamd = {
enable = mkOption {
type = types.bool;
default = true;
};
extraConfig = mkOption {
type = types.lines;
default = "";
};
redisPort = mkOption {
type = types.number;
default = 6380;
};
};
accounts = mkOption { accounts = mkOption {
# where attrName = email for login # where attrName = email for login
default = {}; default = {};

50
hosts/hetzner-arm/containers/mail/modules/mailserver/dovecot.nix
View file

@ -53,20 +53,11 @@ in {
sslServerKey = mailConfig.sslConfig.key; sslServerKey = mailConfig.sslConfig.key;
# For Sieve # For Sieve
modules = with pkgs; [dovecot_pigeonhole]; modules = with pkgs; [
dovecot_pigeonhole
];
protocols = ["sieve"]; protocols = ["sieve"];
sieveScripts = {
# BROKEN: after: line 1: error: require command: unknown Sieve capability `fileinto'.
# after = builtins.toFile "spam.sieve" ''
# require "fileinto";
# if header :is "X-Spam" "Yes" {
# fileinto "Junk";
# stop;
# }
# '';
};
mailboxes = { mailboxes = {
Trash = { Trash = {
auto = "no"; auto = "no";
@ -159,40 +150,7 @@ in {
sieve = file:${mailConfig.sieveDirectory}/%u/scripts;active=${mailConfig.sieveDirectory}/%u/active.sieve sieve = file:${mailConfig.sieveDirectory}/%u/scripts;active=${mailConfig.sieveDirectory}/%u/active.sieve
sieve_default = file:${mailConfig.sieveDirectory}/%u/default.sieve sieve_default = file:${mailConfig.sieveDirectory}/%u/default.sieve
sieve_default_name = default sieve_default_name = default
sieve_global_extensions = +vnd.dovecot.environment
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:${./spam_sieve/report-spam.sieve}
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${./spam_sieve/report-ham.sieve}
${optionalString mailConfig.rspamd.enable (let
pipeBin = pkgs.stdenv.mkDerivation {
name = "pipe_bin";
src = ./pipe_bin;
buildInputs = with pkgs; [makeWrapper coreutils bash rspamd];
buildCommand = ''
mkdir -p $out/pipe/bin
cp $src/* $out/pipe/bin/
chmod a+x $out/pipe/bin/*
patchShebangs $out/pipe/bin
for file in $out/pipe/bin/*; do
wrapProgram $file \
--set PATH "${pkgs.coreutils}/bin:${pkgs.rspamd}/bin"
done
'';
};
in ''
sieve_pipe_bin_dir = ${pipeBin}/pipe/bin
'')}
sieve_global_extensions = ${optionalString mailConfig.rspamd.enable "+vnd.dovecot.pipe"} +vnd.dovecot.environment
} }
lda_mailbox_autosubscribe = yes lda_mailbox_autosubscribe = yes
lda_mailbox_autocreate = yes lda_mailbox_autocreate = yes

3
hosts/hetzner-arm/containers/mail/modules/mailserver/pipe_bin/rspam-learn-ham.sh
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -o errexit
exec rspamc -h /run/rspamd/worker-controller.sock learn_ham

3
hosts/hetzner-arm/containers/mail/modules/mailserver/pipe_bin/rspam-learn-spam.sh
View file

@ -1,3 +0,0 @@
#!/bin/bash
set -o errexit
exec rspamc -h /run/rspamd/worker-controller.sock learn_spam

1
hosts/hetzner-arm/containers/mail/modules/mailserver/postfix.nix
View file

@ -148,7 +148,6 @@ in {
smtpd_milters = flatten [ smtpd_milters = flatten [
(optional mailConfig.dkim.enable "unix:/run/opendkim/opendkim.sock") (optional mailConfig.dkim.enable "unix:/run/opendkim/opendkim.sock")
(optional mailConfig.rspamd.enable "unix:/run/rspamd/rspamd-milter.sock")
]; ];
non_smtpd_milters = flatten [ non_smtpd_milters = flatten [

101
hosts/hetzner-arm/containers/mail/modules/mailserver/rspamd.nix
View file

@ -1,101 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib.modules) mkIf;
mailConfig = config.services.mailserver;
rspamdCfg = config.services.rspamd;
rspamdSocket = "rspamd.service";
in {
config = mkIf (mailConfig.enable && mailConfig.rspamd.enable) {
services.rspamd = {
enable = true;
debug = mailConfig.debugMode;
locals = {
"milter_headers.conf" = {
text = ''
extended_spam_headers = yes;
'';
};
"redis.conf" = {
text = ''
servers = "127.0.0.1:${toString mailConfig.rspamd.redisPort}";
'';
};
"classifier-bayes.conf" = {
text = ''
cache {
backend = "redis";
}
min_learns = 5;
'';
};
"dkim_signing.conf" = {
text = ''
# opendkim does this
enabled = false;
'';
};
};
overrides = {
"milter_headers.conf" = {
text = ''
extended_spam_headers = true;
'';
};
};
workers.rspamd_proxy = {
type = "rspamd_proxy";
bindSockets = [
{
socket = "/run/rspamd/rspamd-milter.sock";
mode = "0664";
}
];
count = 1;
extraConfig = ''
milter = yes;
timeout = 120s;
upstream "local" {
default = yes;
self_scan = yes;
}
'';
};
workers.controller = {
type = "controller";
count = 1;
bindSockets = [
{
socket = "/run/rspamd/worker-controller.sock";
mode = "0666";
}
];
includes = [];
};
};
services.redis.servers.rspamd = {
enable = true;
port = mailConfig.rspamd.redisPort;
};
systemd.services.rspamd = {
requires = ["redis-rspamd.service"];
after = ["redis-rspamd.service"];
};
systemd.services.postfix = {
after = [rspamdSocket];
requires = [rspamdSocket];
};
users.extraUsers.postfix.extraGroups = [rspamdCfg.group];
};
}

15
hosts/hetzner-arm/containers/mail/modules/mailserver/spam_sieve/report-ham.sieve
View file

@ -1,15 +0,0 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "${1}";
}
if string "${mailbox}" "Trash" {
stop;
}
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "rspam-learn-ham.sh" [ "${username}" ];

7
hosts/hetzner-arm/containers/mail/modules/mailserver/spam_sieve/report-spam.sieve
View file

@ -1,7 +0,0 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "rspam-learn-spam.sh" [ "${username}" ];

1
hosts/hetzner-arm/containers/mail/profiles/mailserver.nix
View file

@ -13,7 +13,6 @@ in {
key = "/var/lib/acme/mail.owo.monster/key.pem"; key = "/var/lib/acme/mail.owo.monster/key.pem";
}; };
rspamd.enable = false;
spf.enable = false; spf.enable = false;
accounts = { accounts = {

1
hosts/hetzner-arm/containers/mail/profiles/restic.nix
View file

@ -23,7 +23,6 @@ in {
mailConfig.vmail.directory mailConfig.vmail.directory
mailConfig.sieveDirectory mailConfig.sieveDirectory
mailConfig.dkim.directory mailConfig.dkim.directory
"/var/lib/redis-rspamd"
]; ];
# repository is overrided in environmentFile to contain auth # repository is overrided in environmentFile to contain auth