feat(vesuvio): add rspamd
This commit is contained in:
parent
dd9dd6d516
commit
92f3f0e0ca
SSH key fingerprint:
SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
5 changed files with 51 additions and 1 deletions
|
|
@ -43,4 +43,5 @@ in
|
||||||
"etna/cobaltTokens.age".publicKeys = main ++ [ etna ];
|
"etna/cobaltTokens.age".publicKeys = main ++ [ etna ];
|
||||||
|
|
||||||
"vesuvio/maddyEnv.age".publicKeys = main ++ [ vesuvio ];
|
"vesuvio/maddyEnv.age".publicKeys = main ++ [ vesuvio ];
|
||||||
|
"vesuvio/rspamdPassword.age".publicKeys = main ++ [ vesuvio ];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
14
secrets/vesuvio/rspamdPassword.age
Normal file
14
secrets/vesuvio/rspamdPassword.age
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSUw2b0luVmJzcGpJK2g2
|
||||||
|
QmZGMjZMSENzSWhiemVSZGRxR1dYVDhwckF3CnRlZzVRWVRoR2xzdkNIbTJBM1hi
|
||||||
|
M1VZWkwxZVZGS3B3a2dYODJucUE1bGsKLT4gWDI1NTE5IDRXZjhBbHo3U3oremo2
|
||||||
|
djVPZWxQM1NDalpKVmV0KzJCVW5TVzlpMHYwajQKMkVKM2MrV2pCb3g4SUt1RjFE
|
||||||
|
Z0pTZVQwRWFWT1hDdk5HRHVkWEQ5YWEwcwotPiBYMjU1MTkgMGJPSHFiZyt4aUg4
|
||||||
|
aDRjSVQ2SkdYNU8yMzFJVjNwYTZPRTloYW5jUGFBZwppRTlHcDBtUmdoSHlzOVlm
|
||||||
|
SjVFS2J5d1ZEME5UTlNSSklYN3JkZk5nb1pZCi0+IFgyNTUxOSBjSVZZZUFjL0JC
|
||||||
|
bzVhWXVVVld1MGFoRmM3clZHanZ5aTNzYXpnMEVWK3ljClFqZTRpMlpOcW9vSits
|
||||||
|
NU0yQzRPQ1JqajdzSnJOZVNiYlo4ejBFblhiSzQKLS0tIGt0WU5FRGt3VzVUbmlx
|
||||||
|
eitOZXVrMm0wYmc4QzE3WldMV2xyazNoUnkyTlkK0E7n/mjIjtOJvcEL9l5ruTqQ
|
||||||
|
wYLglgs3vZCp7Wz0hF921qopRZzAa6TrU7sR7bJauXrQQ0TaCLb6lFf92pIzJiW5
|
||||||
|
SU7dMYFn/w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
|
@ -2,5 +2,6 @@
|
||||||
imports = [
|
imports = [
|
||||||
./maddy.nix
|
./maddy.nix
|
||||||
./mta-sts.nix
|
./mta-sts.nix
|
||||||
|
./rspamd.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,9 @@ in
|
||||||
## message reception
|
## message reception
|
||||||
|
|
||||||
msgpipeline local_routing {
|
msgpipeline local_routing {
|
||||||
# TODO: checks (rspamd)
|
check {
|
||||||
|
rspamd
|
||||||
|
}
|
||||||
|
|
||||||
modify {
|
modify {
|
||||||
replace_rcpt &local_rewrites
|
replace_rcpt &local_rewrites
|
||||||
|
|
|
||||||
32
systems/vesuvio/mail/rspamd.nix
Normal file
32
systems/vesuvio/mail/rspamd.nix
Normal file
|
|
@ -0,0 +1,32 @@
|
||||||
|
{ config, _utils, ... }:
|
||||||
|
let
|
||||||
|
password = _utils.setupSingleSecret config "rspamdPassword" {
|
||||||
|
owner = config.services.rspamd.user;
|
||||||
|
inherit (config.services.rspamd) group;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [ password.generate ];
|
||||||
|
|
||||||
|
services = {
|
||||||
|
redis.servers.rspamd = {
|
||||||
|
enable = true;
|
||||||
|
user = config.services.rspamd.user;
|
||||||
|
port = 0; # disable tcp
|
||||||
|
};
|
||||||
|
|
||||||
|
rspamd = {
|
||||||
|
enable = true;
|
||||||
|
locals = {
|
||||||
|
"redis.conf".text = ''
|
||||||
|
servers = ${config.services.redis.servers.rspamd.unixSocket};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
workers = {
|
||||||
|
controller.includes = [ password.path ];
|
||||||
|
normal.bindSockets = [ "127.0.0.1:11333" ]; # maddy queries port 11333
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue