nixos/modules/services/mail/rspamd.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / mail / rspamd.nix
at 17.09-beta 3.2 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.rspamd;
  8
  9  mkBindSockets = socks: concatStringsSep "\n" (map (each: "  bind_socket = \"${each}\"") socks);
 10
 11   rspamdConfFile = pkgs.writeText "rspamd.conf"
 12    ''
 13      .include "$CONFDIR/common.conf"
 14
 15      options {
 16        pidfile = "$RUNDIR/rspamd.pid";
 17        .include "$CONFDIR/options.inc"
 18      }
 19
 20      logging {
 21        type = "syslog";
 22        .include "$CONFDIR/logging.inc"
 23      }
 24
 25      worker {
 26      ${mkBindSockets cfg.bindSocket}
 27        .include "$CONFDIR/worker-normal.inc"
 28      }
 29
 30      worker {
 31      ${mkBindSockets cfg.bindUISocket}
 32        .include "$CONFDIR/worker-controller.inc"
 33      }
 34   '';
 35
 36in
 37
 38{
 39
 40  ###### interface
 41
 42  options = {
 43
 44    services.rspamd = {
 45
 46      enable = mkEnableOption "Whether to run the rspamd daemon.";
 47
 48      debug = mkOption {
 49        default = false;
 50        description = "Whether to run the rspamd daemon in debug mode.";
 51      };
 52
 53      bindSocket = mkOption {
 54        type = types.listOf types.str;
 55        default = [
 56          "/run/rspamd/rspamd.sock mode=0660 owner=${cfg.user} group=${cfg.group}"
 57        ];
 58        defaultText = ''[
 59          "/run/rspamd/rspamd.sock mode=0660 owner=${cfg.user} group=${cfg.group}"
 60        ]'';
 61        description = ''
 62          List of sockets to listen, in format acceptable by rspamd
 63        '';
 64        example = ''
 65          bindSocket = [
 66            "/run/rspamd.sock mode=0666 owner=rspamd"
 67            "*:11333"
 68          ];
 69        '';
 70      };
 71
 72      bindUISocket = mkOption {
 73        type = types.listOf types.str;
 74        default = [
 75          "localhost:11334"
 76        ];
 77        description = ''
 78          List of sockets for web interface, in format acceptable by rspamd
 79        '';
 80      };
 81
 82      user = mkOption {
 83        type = types.string;
 84        default = "rspamd";
 85        description = ''
 86          User to use when no root privileges are required.
 87        '';
 88       };
 89
 90      group = mkOption {
 91        type = types.string;
 92        default = "rspamd";
 93        description = ''
 94          Group to use when no root privileges are required.
 95        '';
 96       };
 97    };
 98  };
 99
100
101  ###### implementation
102
103  config = mkIf cfg.enable {
104
105    # Allow users to run 'rspamc' and 'rspamadm'.
106    environment.systemPackages = [ pkgs.rspamd ];
107
108    users.extraUsers = singleton {
109      name = cfg.user;
110      description = "rspamd daemon";
111      uid = config.ids.uids.rspamd;
112      group = cfg.group;
113    };
114
115    users.extraGroups = singleton {
116      name = cfg.group;
117      gid = config.ids.gids.rspamd;
118    };
119
120    systemd.services.rspamd = {
121      description = "Rspamd Service";
122
123      wantedBy = [ "multi-user.target" ];
124      after = [ "network.target" ];
125
126      serviceConfig = {
127        ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
128        Restart = "always";
129        RuntimeDirectory = "rspamd";
130        PrivateTmp = true;
131      };
132
133      preStart = ''
134        ${pkgs.coreutils}/bin/mkdir -p /var/lib/rspamd
135        ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
136      '';
137    };
138  };
139}