public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Nope...we need a password I guess

This commit is contained in:
niten 2023-10-16 11:54:32 -07:00
parent 2a1bc560e1
commit f07f164fe4
2 changed files with 17 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
mail-server.nix
View File

@ -254,6 +254,10 @@ in {
]; ];
virtualisation.arion.projects.mail-server.settings = let virtualisation.arion.projects.mail-server.settings = let
redisPasswdFile =
pkgs.lib.passwd.stablerandom-passwd-file "mail-server-redis-passwd"
config.instance.build-seed;
image = { pkgs, ... }: { image = { pkgs, ... }: {
project.name = "mail-server"; project.name = "mail-server";
networks = { networks = {
@ -435,6 +439,7 @@ in {
host = "antivirus"; host = "antivirus";
port = antivirusPort; port = antivirusPort;
}; };
redis.password = readFile redisPasswdFile;
}; };
}; };
}; };
@ -501,9 +506,9 @@ in {
system.nssModules = lib.mkForce [ ]; system.nssModules = lib.mkForce [ ];
services.redis.servers."rspamd" = { services.redis.servers."rspamd" = {
enable = true; enable = true;
# null -> all bind = null; # null -> all
bind = null;
port = redisPort; port = redisPort;
requirePassFile = "/run/redis/passwd";
}; };
}; };
}; };

34
rspamd.nix
View File

@ -48,6 +48,11 @@ in {
type = port; type = port;
default = 6379; default = 6379;
}; };
password = mkOption {
type = str;
description = "Password with which to connect to Redis.";
};
}; };
}; };
@ -71,6 +76,11 @@ in {
locals = { locals = {
"milter_headers.conf".text = "extended_spam_headers = yes;"; "milter_headers.conf".text = "extended_spam_headers = yes;";
"redis.conf".text = ''
servers = "${cfg.redis.host}:${toString cfg.redis.port}";
password = "${cfg.redis.password}";
'';
"antivirus.conf".text = '' "antivirus.conf".text = ''
clamav { clamav {
action = "reject"; action = "reject";
@ -95,17 +105,9 @@ in {
} }
''; '';
"dmarc.conf".text = ''
dmarc = {
servers = "${cfg.redis.host}:${toString cfg.redis.port}";
}
'';
"mx_check.conf".text = '' "mx_check.conf".text = ''
enabled = true; enabled = true;
servers = "${cfg.redis.host}:${toString cfg.redis.port}";
timeout = 10.0; timeout = 10.0;
exclude_domains = [ exclude_domains = [
@ -119,38 +121,22 @@ in {
ip_reputation = { ip_reputation = {
selector "ip" { selector "ip" {
} }
backend "redis" {
servers = "${cfg.redis.host}:${toString cfg.redis.port}";
}
symbol = "IP_REPUTATION"; symbol = "IP_REPUTATION";
} }
spf_reputation = { spf_reputation = {
selector "spf" { selector "spf" {
} }
backend "redis" {
servers = "${cfg.redis.host}:${toString cfg.redis.port}";
}
symbol = "SPF_REPUTATION"; symbol = "SPF_REPUTATION";
} }
dkim_reputation = { dkim_reputation = {
selector "dkim" { selector "dkim" {
} }
backend "redis" {
servers = "${cfg.redis.host}:${toString cfg.redis.port}";
}
symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT symbol = "DKIM_REPUTATION"; # Also adjusts scores for DKIM_ALLOW, DKIM_REJECT
} }
generic_reputation = { generic_reputation = {
selector "generic" { selector "generic" {
selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html selector = "ip"; # see https://rspamd.com/doc/configuration/selectors.html
} }
backend "redis" {
servers = "${cfg.redis.host}:${toString cfg.redis.port}";
}
symbol = "GENERIC_REPUTATION"; symbol = "GENERIC_REPUTATION";
} }
} }