public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Open Redis port (and make host/port explicit)

This commit is contained in:
niten 2023-10-16 08:32:18 -07:00
parent af3dbd0bed
commit 4b50bf40fc
2 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mail-server.nix
View File

@ -274,6 +274,7 @@ in {
authPort = 5447; authPort = 5447;
userdbPort = 5448; userdbPort = 5448;
dkimPort = 5734; dkimPort = 5734;
redisPort = 6379;
in { in {
smtp = { smtp = {
@ -503,13 +504,14 @@ in {
nixos = { nixos = {
useSystemd = true; useSystemd = true;
configuration = { configuration = {
networking.firewall.allowedTCPPorts = [ redisPort ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
system.nssModules = lib.mkForce [ ]; system.nssModules = lib.mkForce [ ];
services.redis.servers."rspamd" = { services.redis.servers."rspamd" = {
enable = true; enable = true;
# null -> all # null -> all
bind = null; bind = null;
port = 6379; port = redisPort;
requirePassFile = "/run/redis/passwd"; requirePassFile = "/run/redis/passwd";
}; };
}; };

30
rspamd.nix
View File

@ -38,9 +38,21 @@ in {
}; };
}; };
redis.password = mkOption { redis = {
type = str; host = mkOption {
description = "Password with which to connect to Redis."; type = str;
default = "redis";
};
port = mkOption {
type = str;
default = 6379;
};
password = mkOption {
type = str;
description = "Password with which to connect to Redis.";
};
}; };
}; };
@ -90,7 +102,7 @@ in {
"dmark.conf".text = '' "dmark.conf".text = ''
dmarc = { dmarc = {
servers = "redis"; servers = "${cfg.redis.host}:${cfg.redis.port}";
password = "${cfg.redis.password}"; password = "${cfg.redis.password}";
} }
''; '';
@ -98,7 +110,7 @@ in {
"mx_check.conf".text = '' "mx_check.conf".text = ''
enabled = true; enabled = true;
servers = "redis"; servers = "${cfg.redis.host}:${cfg.redis.port}";
password = "${cfg.redis.password}"; password = "${cfg.redis.password}";
timeout = 10.0; timeout = 10.0;
@ -115,7 +127,7 @@ in {
selector "ip" { selector "ip" {
} }
backend "redis" { backend "redis" {
servers = "redis"; servers = "${cfg.redis.host}:${cfg.redis.port}";
password = "${cfg.redis.password}"; password = "${cfg.redis.password}";
} }
@ -125,7 +137,7 @@ in {
selector "spf" { selector "spf" {
} }
backend "redis" { backend "redis" {
servers = "redis"; servers = "${cfg.redis.host}:${cfg.redis.port}";
password = "${cfg.redis.password}"; password = "${cfg.redis.password}";
} }
@ -135,7 +147,7 @@ in {
selector "dkim" { selector "dkim" {
} }
backend "redis" { backend "redis" {
servers = "redis"; servers = "${cfg.redis.host}:${cfg.redis.port}";
password = "${cfg.redis.password}"; password = "${cfg.redis.password}";
} }
@ -146,7 +158,7 @@ in {
selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html
} }
backend "redis" { backend "redis" {
servers = "redis"; servers = "${cfg.redis.host}:${cfg.redis.port}";
password = "${cfg.redis.password}"; password = "${cfg.redis.password}";
} }