Just use redis password directly

2023-09-27 12:11:07 -07:00 · 2023-09-27 12:11:07 -07:00 · 8a8d894f00
parent 811f1de248
commit 8a8d894f00
2 changed files with 10 additions and 12 deletions
--- a/mail-server.nix
+++ b/mail-server.nix
@ -405,7 +405,6 @@ in {
              ];
              capabilities.SYS_ADMIN = true;
              depends_on = [ "antivirus" "redis" ];
-              volumes = [ "${redisPasswdFile}:/run/redis.passwd" ];
            };
            nixos = {
              useSystemd = true;
@ -424,7 +423,7 @@ in {
                    host = "antivirus";
                    port = antivirusPort;
                  };
-                  redis.password-file = "/run/redis.passwd";
+                  redis.password = readFile redisPasswdFile;
                };
              };
            };
--- a/rspamd.nix
+++ b/rspamd.nix
@ -38,7 +38,7 @@ in {
      };
    };

-    redis.password-file = mkOption {
+    redis.password = mkOption {
      type = str;
      description = "Password with which to connect to Redis.";
    };
@ -51,8 +51,7 @@ in {
      port = cfg.ports.metrics;
    };

-    services.rspamd = let redisPasswd = readFile cfg.redis.password-file;
-    in {
+    services.rspamd = {
      enable = true;

      locals = {
@ -65,7 +64,7 @@ in {
            type = "clamav";
            log_clean = true;
            servers = "${cfg.antivirus.host}:${toString cfg.antivirus.port}";
-            password = "${redisPasswd}";
+            password = "${cfg.redis.password}";
            scan_mime_parts = false; # scan mail as a whole unit, not parts. seems to be needed to work at all
          }
        '';
@ -86,7 +85,7 @@ in {
        "dmark.conf".text = ''
          dmarc = {
            servers = "redis";
-            password = "${redisPasswd}";
+            password = "${cfg.redis.password}";
          }
        '';

@ -94,7 +93,7 @@ in {
          enabled = true;

          servers = "redis";
-          password = "${redisPasswd}";
+          password = "${cfg.redis.password}";

          timeout = 10.0;

@ -111,7 +110,7 @@ in {
              }
              backend "redis" {
                servers = "redis";
-                password = "${redisPasswd}";
+                password = "${cfg.redis.password}";
              }

              symbol = "IP_REPUTATION";
@ -121,7 +120,7 @@ in {
              }
              backend "redis" {
                servers = "redis";
-                password = "${redisPasswd}";
+                password = "${cfg.redis.password}";
              }

              symbol = "SPF_REPUTATION";
@ -131,7 +130,7 @@ in {
              }
              backend "redis" {
                servers = "redis";
-                password = "${redisPasswd}";
+                password = "${cfg.redis.password}";
              }

              symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT
@ -142,7 +141,7 @@ in {
              }
              backend "redis" {
                servers = "redis";
-                password = "${redisPasswd}";
+                password = "${cfg.redis.password}";
              }

              symbol = "GENERIC_REPUTATION";