pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / mail / rspamd.nix
at 16.09-beta 3.1 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 cfg = config.services.rspamd; 8 9 mkBindSockets = socks: concatStringsSep "\n" (map (each: " bind_socket = \"${each}\"") socks); 10 11 rspamdConfFile = pkgs.writeText "rspamd.conf" 12 '' 13 .include "$CONFDIR/common.conf" 14 15 options { 16 pidfile = "$RUNDIR/rspamd.pid"; 17 .include "$CONFDIR/options.inc" 18 } 19 20 logging { 21 type = "syslog"; 22 .include "$CONFDIR/logging.inc" 23 } 24 25 worker { 26 ${mkBindSockets cfg.bindSocket} 27 .include "$CONFDIR/worker-normal.inc" 28 } 29 30 worker { 31 ${mkBindSockets cfg.bindUISocket} 32 .include "$CONFDIR/worker-controller.inc" 33 } 34 ''; 35 36in 37 38{ 39 40 ###### interface 41 42 options = { 43 44 services.rspamd = { 45 46 enable = mkEnableOption "Whether to run the rspamd daemon."; 47 48 debug = mkOption { 49 default = false; 50 description = "Whether to run the rspamd daemon in debug mode."; 51 }; 52 53 bindSocket = mkOption { 54 type = types.listOf types.str; 55 default = [ 56 "/run/rspamd/rspamd.sock mode=0666 owner=${cfg.user}" 57 ]; 58 description = '' 59 List of sockets to listen, in format acceptable by rspamd 60 ''; 61 example = '' 62 bindSocket = [ 63 "/run/rspamd.sock mode=0666 owner=rspamd" 64 "*:11333" 65 ]; 66 ''; 67 }; 68 69 bindUISocket = mkOption { 70 type = types.listOf types.str; 71 default = [ 72 "localhost:11334" 73 ]; 74 description = '' 75 List of sockets for web interface, in format acceptable by rspamd 76 ''; 77 }; 78 79 user = mkOption { 80 type = types.string; 81 default = "rspamd"; 82 description = '' 83 User to use when no root privileges are required. 84 ''; 85 }; 86 87 group = mkOption { 88 type = types.string; 89 default = "rspamd"; 90 description = '' 91 Group to use when no root privileges are required. 92 ''; 93 }; 94 }; 95 }; 96 97 98 ###### implementation 99 100 config = mkIf cfg.enable { 101 102 # Allow users to run 'rspamc' and 'rspamadm'. 103 environment.systemPackages = [ pkgs.rspamd ]; 104 105 users.extraUsers = singleton { 106 name = cfg.user; 107 description = "rspamd daemon"; 108 uid = config.ids.uids.rspamd; 109 group = cfg.group; 110 }; 111 112 users.extraGroups = singleton { 113 name = cfg.group; 114 gid = config.ids.gids.rspamd; 115 }; 116 117 systemd.services.rspamd = { 118 description = "Rspamd Service"; 119 120 wantedBy = [ "multi-user.target" ]; 121 after = [ "network.target" ]; 122 123 serviceConfig = { 124 ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f"; 125 Restart = "always"; 126 RuntimeDirectory = "rspamd"; 127 PrivateTmp = true; 128 }; 129 130 preStart = '' 131 ${pkgs.coreutils}/bin/mkdir -p /var/lib/rspamd 132 ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd 133 ''; 134 }; 135 }; 136}