Open Redis port (and make host/port explicit)

2023-10-16 08:32:18 -07:00 · 2023-10-16 08:32:18 -07:00 · 4b50bf40fc
parent af3dbd0bed
commit 4b50bf40fc
2 changed files with 24 additions and 10 deletions
--- a/mail-server.nix
+++ b/mail-server.nix
@ -274,6 +274,7 @@ in {
          authPort = 5447;
          userdbPort = 5448;
          dkimPort = 5734;
+          redisPort = 6379;

        in {
          smtp = {
@ -503,13 +504,14 @@ in {
            nixos = {
              useSystemd = true;
              configuration = {
+                networking.firewall.allowedTCPPorts = [ redisPort ];
                boot.tmp.useTmpfs = true;
                system.nssModules = lib.mkForce [ ];
                services.redis.servers."rspamd" = {
                  enable = true;
                  # null -> all
                  bind = null;
-                  port = 6379;
+                  port = redisPort;
                  requirePassFile = "/run/redis/passwd";
                };
              };
--- a/rspamd.nix
+++ b/rspamd.nix
@ -38,9 +38,21 @@ in {
      };
    };

-    redis.password = mkOption {
-      type = str;
-      description = "Password with which to connect to Redis.";
+    redis = {
+      host = mkOption {
+        type = str;
+        default = "redis";
+      };
+
+      port = mkOption {
+        type = str;
+        default = 6379;
+      };
+
+      password = mkOption {
+        type = str;
+        description = "Password with which to connect to Redis.";
+      };
    };
  };

@ -90,7 +102,7 @@ in {

          "dmark.conf".text = ''
            dmarc = {
-              servers = "redis";
+              servers = "${cfg.redis.host}:${cfg.redis.port}";
              password = "${cfg.redis.password}";
            }
          '';
@ -98,7 +110,7 @@ in {
          "mx_check.conf".text = ''
            enabled = true;

-            servers = "redis";
+            servers = "${cfg.redis.host}:${cfg.redis.port}";
            password = "${cfg.redis.password}";

            timeout = 10.0;
@ -115,7 +127,7 @@ in {
                selector "ip" {
                }
                backend "redis" {
-                  servers = "redis";
+                  servers = "${cfg.redis.host}:${cfg.redis.port}";
                  password = "${cfg.redis.password}";
                }

@ -125,7 +137,7 @@ in {
                selector "spf" {
                }
                backend "redis" {
-                  servers = "redis";
+                  servers = "${cfg.redis.host}:${cfg.redis.port}";
                  password = "${cfg.redis.password}";
                }

@ -135,7 +147,7 @@ in {
                selector "dkim" {
                }
                backend "redis" {
-                  servers = "redis";
+                  servers = "${cfg.redis.host}:${cfg.redis.port}";
                  password = "${cfg.redis.password}";
                }

@ -146,7 +158,7 @@ in {
                  selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html
                }
                backend "redis" {
-                  servers = "redis";
+                  servers = "${cfg.redis.host}:${cfg.redis.port}";
                  password = "${cfg.redis.password}";
                }