1 { pkgs, lib, config, ... }:
3 inherit (builtins) attrNames listToAttrs readFile;
4 inherit (builtins.extraBuiltins) pass pass-chomp;
6 inherit (pkgs.lib) unlinesAttrs;
7 inherit (config.services) postfix rspamd dovecot2;
11 rspamd/sourcephile.fr.nix
14 services.rspamd.dkimSelectorMap = lib.mkOption {
17 description = ''Each line maps a domain to its active DKIM selector'';
18 apply = s: pkgs.writeText "dkim_selectors.map" s;
22 users.users."${rspamd.user}".extraGroups = [ "keys" ];
26 postfix.enable = postfix.enable;
28 "dkim_signing.conf".text = ''
29 selector_map = ${rspamd.dkimSelectorMap};
30 path = "/run/keys/dkim.$domain.$selector.key";
31 allow_username_mismatch = true;
34 selector_map = ${rspamd.dkimSelectorMap};
35 path = "/run/keys/dkim.$domain.$selector.key";
36 allow_username_mismatch = true;
40 debug_modules = [“dkim_signing”]
45 "milter_headers.conf".text = ''
46 extended_spam_headers = true;
48 "actions.conf".text = ''
49 reject = 15; # Reject when reaching this score
50 add_header = 6; # Add header when reaching this score
51 greylist = 4; # Apply greylisting when reaching this score (will emit `soft reject action`)
56 # Like controller but without a password, only the bindSockets' permissions
58 includes = [ "$CONFDIR/worker-controller.inc" ];
60 { socket = "/run/rspamd/learner.sock";
62 owner = "${rspamd.user}";
63 group = "${dovecot2.group}";
70 includes = [ "$CONFDIR/worker-controller.inc" ];
76 #static_dir = "''${WWWDIR}";
78 password = "${pass-chomp "servers/mermet/rspamd/controller/hashedPassword"}";
84 services.postfix.extraConfig = ''
85 smtpd_milters = unix:/run/rspamd.sock
86 milter_default_action = accept
88 # Allow users to run 'rspamc' and 'rspamadm'.
89 environment.systemPackages = [ pkgs.rspamd ];
sourcephile / git / sourcephile-nix.git / blob