public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Just forget about the Redis password

This commit is contained in:
niten 2023-10-16 09:31:33 -07:00
parent f3765d0401
commit 2a1bc560e1
2 changed files with 2 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
mail-server.nix
View File

@ -254,10 +254,6 @@ in {
]; ];
virtualisation.arion.projects.mail-server.settings = let virtualisation.arion.projects.mail-server.settings = let
redisPasswdFile =
pkgs.lib.passwd.stablerandom-passwd-file "mail-server-redis-passwd"
config.instance.build-seed;
image = { pkgs, ... }: { image = { pkgs, ... }: {
project.name = "mail-server"; project.name = "mail-server";
networks = { networks = {
@ -439,7 +435,6 @@ in {
host = "antivirus"; host = "antivirus";
port = antivirusPort; port = antivirusPort;
}; };
redis.password = readFile redisPasswdFile;
}; };
}; };
}; };
@ -495,10 +490,7 @@ in {
}; };
redis = { redis = {
service = { service = {
volumes = [ volumes = [ "${cfg.state-directory}/redis:/var/lib/redis" ];
"${cfg.state-directory}/redis:/var/lib/redis"
"${redisPasswdFile}:/run/redis/passwd"
];
networks = [ "redis_network" ]; networks = [ "redis_network" ];
}; };
nixos = { nixos = {
@ -512,7 +504,6 @@ in {
# null -> all # null -> all
bind = null; bind = null;
port = redisPort; port = redisPort;
requirePassFile = "/run/redis/passwd";
}; };
}; };
}; };

13
rspamd.nix
View File

@ -48,11 +48,6 @@ in {
type = port; type = port;
default = 6379; default = 6379;
}; };
password = mkOption {
type = str;
description = "Password with which to connect to Redis.";
};
}; };
}; };
@ -100,10 +95,9 @@ in {
} }
''; '';
"dmark.conf".text = '' "dmarc.conf".text = ''
dmarc = { dmarc = {
servers = "${cfg.redis.host}:${toString cfg.redis.port}"; servers = "${cfg.redis.host}:${toString cfg.redis.port}";
password = "${cfg.redis.password}";
} }
''; '';
@ -111,7 +105,6 @@ in {
enabled = true; enabled = true;
servers = "${cfg.redis.host}:${toString cfg.redis.port}"; servers = "${cfg.redis.host}:${toString cfg.redis.port}";
password = "${cfg.redis.password}";
timeout = 10.0; timeout = 10.0;
@ -128,7 +121,6 @@ in {
} }
backend "redis" { backend "redis" {
servers = "${cfg.redis.host}:${toString cfg.redis.port}"; servers = "${cfg.redis.host}:${toString cfg.redis.port}";
password = "${cfg.redis.password}";
} }
symbol = "IP_REPUTATION"; symbol = "IP_REPUTATION";
@ -138,7 +130,6 @@ in {
} }
backend "redis" { backend "redis" {
servers = "${cfg.redis.host}:${toString cfg.redis.port}"; servers = "${cfg.redis.host}:${toString cfg.redis.port}";
password = "${cfg.redis.password}";
} }
symbol = "SPF_REPUTATION"; symbol = "SPF_REPUTATION";
@ -148,7 +139,6 @@ in {
} }
backend "redis" { backend "redis" {
servers = "${cfg.redis.host}:${toString cfg.redis.port}"; servers = "${cfg.redis.host}:${toString cfg.redis.port}";
password = "${cfg.redis.password}";
} }
symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT
@ -159,7 +149,6 @@ in {
} }
backend "redis" { backend "redis" {
servers = "${cfg.redis.host}:${toString cfg.redis.port}"; servers = "${cfg.redis.host}:${toString cfg.redis.port}";
password = "${cfg.redis.password}";
} }
symbol = "GENERIC_REPUTATION"; symbol = "GENERIC_REPUTATION";