feat(vesuvio): add rspamd

2025-01-08 00:44:41 +01:00 · 2025-01-08 00:44:41 +01:00 · 92f3f0e0ca
commit 92f3f0e0ca
parent dd9dd6d516
5 changed files with 51 additions and 1 deletions
--- a/systems/vesuvio/mail/default.nix
+++ b/systems/vesuvio/mail/default.nix
@ -2,5 +2,6 @@
  imports = [
    ./maddy.nix
    ./mta-sts.nix
+    ./rspamd.nix
  ];
 }
--- a/systems/vesuvio/mail/maddy.nix
+++ b/systems/vesuvio/mail/maddy.nix
@ -62,7 +62,9 @@ in
      ## message reception

      msgpipeline local_routing {
-        # TODO: checks (rspamd)
+        check {
+          rspamd
+        }

        modify {
          replace_rcpt &local_rewrites
--- a/systems/vesuvio/mail/rspamd.nix
+++ b/systems/vesuvio/mail/rspamd.nix
@ -0,0 +1,32 @@
+{ config, _utils, ... }:
+let
+  password = _utils.setupSingleSecret config "rspamdPassword" {
+    owner = config.services.rspamd.user;
+    inherit (config.services.rspamd) group;
+  };
+in
+{
+  imports = [ password.generate ];
+
+  services = {
+    redis.servers.rspamd = {
+      enable = true;
+      user = config.services.rspamd.user;
+      port = 0; # disable tcp
+    };
+
+    rspamd = {
+      enable = true;
+      locals = {
+        "redis.conf".text = ''
+          servers = ${config.services.redis.servers.rspamd.unixSocket};
+        '';
+      };
+
+      workers = {
+        controller.includes = [ password.path ];
+        normal.bindSockets = [ "127.0.0.1:11333" ]; # maddy queries port 11333
+      };
+    };
+  };
+}