From 2a1bc560e1bfef0f82b3a2880486f514f86b5e66 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Mon, 16 Oct 2023 09:31:33 -0700
Subject: [PATCH] Just forget about the Redis password

---
 mail-server.nix | 11 +----------
 rspamd.nix      | 13 +------------
 2 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/mail-server.nix b/mail-server.nix
index aec1e00..5d91229 100644
--- a/mail-server.nix
+++ b/mail-server.nix
@@ -254,10 +254,6 @@ in {
     ];
 
     virtualisation.arion.projects.mail-server.settings = let
-      redisPasswdFile =
-        pkgs.lib.passwd.stablerandom-passwd-file "mail-server-redis-passwd"
-        config.instance.build-seed;
-
       image = { pkgs, ... }: {
         project.name = "mail-server";
         networks = {
@@ -439,7 +435,6 @@ in {
                     host = "antivirus";
                     port = antivirusPort;
                   };
-                  redis.password = readFile redisPasswdFile;
                 };
               };
             };
@@ -495,10 +490,7 @@ in {
           };
           redis = {
             service = {
-              volumes = [
-                "${cfg.state-directory}/redis:/var/lib/redis"
-                "${redisPasswdFile}:/run/redis/passwd"
-              ];
+              volumes = [ "${cfg.state-directory}/redis:/var/lib/redis" ];
               networks = [ "redis_network" ];
             };
             nixos = {
@@ -512,7 +504,6 @@ in {
                   # null -> all
                   bind = null;
                   port = redisPort;
-                  requirePassFile = "/run/redis/passwd";
                 };
               };
             };
diff --git a/rspamd.nix b/rspamd.nix
index bf914b4..c60a776 100644
--- a/rspamd.nix
+++ b/rspamd.nix
@@ -48,11 +48,6 @@ in {
         type = port;
         default = 6379;
       };
-
-      password = mkOption {
-        type = str;
-        description = "Password with which to connect to Redis.";
-      };
     };
   };
 
@@ -100,10 +95,9 @@ in {
             }
           '';
 
-          "dmark.conf".text = ''
+          "dmarc.conf".text = ''
             dmarc = {
               servers = "${cfg.redis.host}:${toString cfg.redis.port}";
-              password = "${cfg.redis.password}";
             }
           '';
 
@@ -111,7 +105,6 @@ in {
             enabled = true;
 
             servers = "${cfg.redis.host}:${toString cfg.redis.port}";
-            password = "${cfg.redis.password}";
 
             timeout = 10.0;
 
@@ -128,7 +121,6 @@ in {
                 }
                 backend "redis" {
                   servers = "${cfg.redis.host}:${toString cfg.redis.port}";
-                  password = "${cfg.redis.password}";
                 }
 
                 symbol = "IP_REPUTATION";
@@ -138,7 +130,6 @@ in {
                 }
                 backend "redis" {
                   servers = "${cfg.redis.host}:${toString cfg.redis.port}";
-                  password = "${cfg.redis.password}";
                 }
 
                 symbol = "SPF_REPUTATION";
@@ -148,7 +139,6 @@ in {
                 }
                 backend "redis" {
                   servers = "${cfg.redis.host}:${toString cfg.redis.port}";
-                  password = "${cfg.redis.password}";
                 }
 
                 symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT
@@ -159,7 +149,6 @@ in {
                 }
                 backend "redis" {
                   servers = "${cfg.redis.host}:${toString cfg.redis.port}";
-                  password = "${cfg.redis.password}";
                 }
 
                 symbol = "GENERIC_REPUTATION";