diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-05-01 12:49:56 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-05-01 12:49:56 +0200 |
commit | 02760890f33ffe8d031f2cf7df4c70b7fdc93b3b (patch) | |
tree | c208b69be378e2adb029d962e209bc07aace464d /nixos/modules | |
parent | 37563c2d964ee0666b7525828d152b3f5e0e212e (diff) | |
parent | 05036343dcc42cfcd05563302ef286740f7e6ffc (diff) | |
download | nixlib-02760890f33ffe8d031f2cf7df4c70b7fdc93b3b.tar nixlib-02760890f33ffe8d031f2cf7df4c70b7fdc93b3b.tar.gz nixlib-02760890f33ffe8d031f2cf7df4c70b7fdc93b3b.tar.bz2 nixlib-02760890f33ffe8d031f2cf7df4c70b7fdc93b3b.tar.lz nixlib-02760890f33ffe8d031f2cf7df4c70b7fdc93b3b.tar.xz nixlib-02760890f33ffe8d031f2cf7df4c70b7fdc93b3b.tar.zst nixlib-02760890f33ffe8d031f2cf7df4c70b7fdc93b3b.zip |
Merge pull request #14992 from avnik/rspamd
Rspamd/Rmilter update
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/mail/rmilter.nix | 67 | ||||
-rw-r--r-- | nixos/modules/services/mail/rspamd.nix | 59 |
2 files changed, 109 insertions, 17 deletions
diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index a6e2a9fc7808..d1f7cd2e173e 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -7,9 +7,14 @@ let rspamdCfg = config.services.rspamd; cfg = config.services.rmilter; + inetSockets = map (sock: let s = stringSplit ":" sock; in "inet:${last s}:${head s}") cfg.bindInetSockets; + unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets; + + allSockets = unixSockets ++ inetSockets; + rmilterConf = '' pidfile = /run/rmilter/rmilter.pid; -bind_socket = ${cfg.bindSocket}; +bind_socket = ${if cfg.socketActivation then "fd:3" else concatStringsSep ", " allSockets}; tempdir = /tmp; '' + (with cfg.rspamd; if enable then '' @@ -68,14 +73,37 @@ in ''; }; - bindSocket = mkOption { - type = types.string; - default = "unix:/run/rmilter/rmilter.sock"; - description = "Socket to listed for MTA requests"; + bindUnixSockets = mkOption { + type = types.listOf types.str; + default = ["/run/rmilter.sock"]; + description = '' + Unix domain sockets to listen for MTA requests. + ''; example = '' - "unix:/run/rmilter/rmilter.sock" or - "inet:11990@127.0.0.1" - ''; + [ "/run/rmilter.sock"] + ''; + }; + + bindInetSockets = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Inet addresses to listen (in format accepted by systemd.socket) + ''; + example = '' + ["127.0.0.1:11990"] + ''; + }; + + socketActivation = mkOption { + type = types.bool; + default = true; + description = '' + Enable systemd socket activation for rmilter. + (disabling socket activation not recommended + when unix socket used, and follow to wrong + permissions on unix domain socket.) + ''; }; rspamd = { @@ -86,7 +114,7 @@ in servers = mkOption { type = types.listOf types.str; - default = ["r:0.0.0.0:11333"]; + default = ["r:/run/rspamd.sock"]; description = '' Spamd socket definitions. Is server name is prefixed with r: it is rspamd server. @@ -129,7 +157,7 @@ in type = types.str; description = "Addon to postfix configuration"; default = '' -smtpd_milters = ${cfg.bindSocket} +smtpd_milters = ${head allSockets} # or for TCP socket # # smtpd_milters = inet:localhost:9900 milter_protocol = 6 @@ -169,21 +197,30 @@ milter_default_action = accept serviceConfig = { ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}"; + ExecReload = "/bin/kill -USR1 $MAINPID"; User = cfg.user; Group = cfg.group; PermissionsStartOnly = true; Restart = "always"; + RuntimeDirectory = "rmilter"; + RuntimeDirectoryPermissions="0755"; }; - preStart = '' - ${pkgs.coreutils}/bin/mkdir -p /run/rmilter - ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /run/rmilter - ''; + }; + systemd.sockets.rmilter = mkIf cfg.socketActivation { + description = "Rmilter service socket"; + wantedBy = [ "sockets.target" ]; + socketConfig = { + ListenStream = cfg.bindUnixSockets ++ cfg.bindInetSockets; + SocketUser = cfg.user; + SocketGroup = cfg.group; + SocketMode = "0660"; + }; }; services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment; - + users.users.postfix.extraGroups = [ cfg.group ]; }; } diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index a083f8293243..412b99ccc570 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -6,6 +6,35 @@ let cfg = config.services.rspamd; + mkBindSockets = socks: concatStringsSep "\n" (map (each: " bind_socket = \"${each}\"") socks); + + rspamdConf = + '' + .include "$CONFDIR/common.conf" + + options { + pidfile = "$RUNDIR/rspamd.pid"; + .include "$CONFDIR/options.inc" + } + + logging { + type = "file"; + filename = "$LOGDIR/rspamd.log"; + .include "$CONFDIR/logging.inc" + } + + worker { + ${mkBindSockets cfg.bindSocket} + .include "$CONFDIR/worker-normal.inc" + } + + worker { + ${mkBindSockets cfg.bindUISocket} + .include "$CONFDIR/worker-controller.inc" + } + ''; + rspamdConfFile = pkgs.writeText "rspamd.conf" rspamdConf; + in { @@ -26,6 +55,32 @@ in description = "Whether to run the rspamd daemon in debug mode."; }; + bindSocket = mkOption { + type = types.listOf types.str; + default = [ + "/run/rspamd.sock mode=0666 owner=${cfg.user}" + ]; + description = '' + List of sockets to listen, in format acceptable by rspamd + ''; + example = '' + bindSocket = [ + "/run/rspamd.sock mode=0666 owner=rspamd" + "*:11333" + ]; + ''; + }; + + bindUISocket = mkOption { + type = types.listOf types.str; + default = [ + "localhost:11334" + ]; + description = '' + List of sockets for web interface, in format acceptable by rspamd + ''; + }; + user = mkOption { type = types.string; default = "rspamd"; @@ -62,7 +117,7 @@ in users.extraGroups = singleton { name = cfg.group; - gid = config.ids.gids.spamd; + gid = config.ids.gids.rspamd; }; systemd.services.rspamd = { @@ -72,7 +127,7 @@ in after = [ "network.target" ]; serviceConfig = { - ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f"; + ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f"; RuntimeDirectory = "/var/lib/rspamd"; PermissionsStartOnly = true; Restart = "always"; |