From 4b50bf40fcd48820803d0eae41c21f8957df7d14 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Mon, 16 Oct 2023 08:32:18 -0700
Subject: [PATCH] Open Redis port (and make host/port explicit)

---
 mail-server.nix |  4 +++-
 rspamd.nix      | 30 +++++++++++++++++++++---------
 2 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/mail-server.nix b/mail-server.nix
index 5f3a5ea..aec1e00 100644
--- a/mail-server.nix
+++ b/mail-server.nix
@@ -274,6 +274,7 @@ in {
           authPort = 5447;
           userdbPort = 5448;
           dkimPort = 5734;
+          redisPort = 6379;
 
         in {
           smtp = {
@@ -503,13 +504,14 @@ in {
             nixos = {
               useSystemd = true;
               configuration = {
+                networking.firewall.allowedTCPPorts = [ redisPort ];
                 boot.tmp.useTmpfs = true;
                 system.nssModules = lib.mkForce [ ];
                 services.redis.servers."rspamd" = {
                   enable = true;
                   # null -> all
                   bind = null;
-                  port = 6379;
+                  port = redisPort;
                   requirePassFile = "/run/redis/passwd";
                 };
               };
diff --git a/rspamd.nix b/rspamd.nix
index 4b93250..7b0d894 100644
--- a/rspamd.nix
+++ b/rspamd.nix
@@ -38,9 +38,21 @@ in {
       };
     };
 
-    redis.password = mkOption {
-      type = str;
-      description = "Password with which to connect to Redis.";
+    redis = {
+      host = mkOption {
+        type = str;
+        default = "redis";
+      };
+
+      port = mkOption {
+        type = str;
+        default = 6379;
+      };
+
+      password = mkOption {
+        type = str;
+        description = "Password with which to connect to Redis.";
+      };
     };
   };
 
@@ -90,7 +102,7 @@ in {
 
           "dmark.conf".text = ''
             dmarc = {
-              servers = "redis";
+              servers = "${cfg.redis.host}:${cfg.redis.port}";
               password = "${cfg.redis.password}";
             }
           '';
@@ -98,7 +110,7 @@ in {
           "mx_check.conf".text = ''
             enabled = true;
 
-            servers = "redis";
+            servers = "${cfg.redis.host}:${cfg.redis.port}";
             password = "${cfg.redis.password}";
 
             timeout = 10.0;
@@ -115,7 +127,7 @@ in {
                 selector "ip" {
                 }
                 backend "redis" {
-                  servers = "redis";
+                  servers = "${cfg.redis.host}:${cfg.redis.port}";
                   password = "${cfg.redis.password}";
                 }
 
@@ -125,7 +137,7 @@ in {
                 selector "spf" {
                 }
                 backend "redis" {
-                  servers = "redis";
+                  servers = "${cfg.redis.host}:${cfg.redis.port}";
                   password = "${cfg.redis.password}";
                 }
 
@@ -135,7 +147,7 @@ in {
                 selector "dkim" {
                 }
                 backend "redis" {
-                  servers = "redis";
+                  servers = "${cfg.redis.host}:${cfg.redis.port}";
                   password = "${cfg.redis.password}";
                 }
 
@@ -146,7 +158,7 @@ in {
                   selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html
                 }
                 backend "redis" {
-                  servers = "redis";
+                  servers = "${cfg.redis.host}:${cfg.redis.port}";
                   password = "${cfg.redis.password}";
                 }