nixos/modules/services/mail/rmilter.nix at release-16.03-start · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / mail / rmilter.nix
at release-16.03-start 4.7 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  rspamdCfg = config.services.rspamd;
  8  cfg = config.services.rmilter;
  9
 10  rmilterConf = ''
 11pidfile = /run/rmilter/rmilter.pid;
 12bind_socket = ${cfg.bindSocket};
 13tempdir = /tmp;
 14
 15  '' + (with cfg.rspamd; if enable then ''
 16spamd {
 17        servers = ${concatStringsSep ", " servers};
 18        connect_timeout = 1s;
 19        results_timeout = 20s;
 20        error_time = 10;
 21        dead_time = 300;
 22        maxerrors = 10;
 23        reject_message = "${rejectMessage}";
 24        ${optionalString (length whitelist != 0)  "whitelist = ${concatStringsSep ", " whitelist};"}
 25
 26        # rspamd_metric - metric for using with rspamd
 27        # Default: "default"
 28        rspamd_metric = "default";
 29        ${extraConfig}
 30};
 31    '' else "") + cfg.extraConfig;
 32
 33  rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf;
 34
 35in
 36
 37{
 38
 39  ###### interface
 40
 41  options = {
 42
 43    services.rmilter = {
 44
 45      enable = mkOption {
 46        default = cfg.rspamd.enable;
 47        description = "Whether to run the rmilter daemon.";
 48      };
 49
 50      debug = mkOption {
 51        default = false;
 52        description = "Whether to run the rmilter daemon in debug mode.";
 53      };
 54
 55      user = mkOption {
 56        type = types.string;
 57        default = "rmilter";
 58        description = ''
 59          User to use when no root privileges are required.
 60        '';
 61       };
 62
 63      group = mkOption {
 64        type = types.string;
 65        default = "rmilter";
 66        description = ''
 67          Group to use when no root privileges are required.
 68        '';
 69       };
 70
 71      bindSocket =  mkOption {
 72        type = types.string;
 73        default = "unix:/run/rmilter/rmilter.sock";
 74        description = "Socket to listed for MTA requests";
 75        example = ''
 76            "unix:/run/rmilter/rmilter.sock" or
 77            "inet:11990@127.0.0.1"
 78          '';
 79      };
 80
 81      rspamd = {
 82        enable = mkOption {
 83          default = rspamdCfg.enable;
 84          description = "Whether to use rspamd to filter mails";
 85        };
 86
 87        servers = mkOption {
 88          type = types.listOf types.str;
 89          default = ["r:0.0.0.0:11333"];
 90          description = ''
 91            Spamd socket definitions.
 92            Is server name is prefixed with r: it is rspamd server.
 93          '';
 94        };
 95
 96        whitelist = mkOption {
 97          type = types.listOf types.str;
 98          default = [ ];
 99          description = "list of ips or nets that should be not checked with spamd";
100        };
101
102        rejectMessage = mkOption {
103          type = types.str;
104          default = "Spam message rejected; If this is not spam contact abuse";
105          description = "reject message for spam";
106        };
107
108        extraConfig = mkOption {
109          type = types.lines;
110          default = "";
111          description = "Custom snippet to append to end of `spamd' section";
112        };
113      };
114
115      extraConfig = mkOption {
116        type = types.lines;
117        default = "";
118        description = "Custom snippet to append to rmilter config";
119      };
120
121      postfix = {
122        enable = mkOption {
123          type = types.bool;
124          default = false;
125          description = "Add rmilter to postfix main.conf";
126        };
127
128        configFragment = mkOption {
129          type = types.str;
130          description = "Addon to postfix configuration";
131          default = ''
132smtpd_milters = ${cfg.bindSocket}
133# or for TCP socket
134# # smtpd_milters = inet:localhost:9900
135milter_protocol = 6
136milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
137# skip mail without checks if milter will die
138milter_default_action = accept
139          '';
140        };
141      };
142
143    };
144
145  };
146
147
148  ###### implementation
149
150  config = mkIf cfg.enable {
151
152    users.extraUsers = singleton {
153      name = cfg.user;
154      description = "rspamd daemon";
155      uid = config.ids.uids.rmilter;
156      group = cfg.group;
157    };
158
159    users.extraGroups = singleton {
160      name = cfg.group;
161      gid = config.ids.gids.rmilter;
162    };
163
164    systemd.services.rmilter = {
165      description = "Rmilter Service";
166
167      wantedBy = [ "multi-user.target" ];
168      after = [ "network.target" ];
169
170      serviceConfig = {
171        ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}";
172        User = cfg.user;
173        Group = cfg.group;
174        PermissionsStartOnly = true;
175        Restart = "always";
176      };
177
178      preStart = ''
179        ${pkgs.coreutils}/bin/mkdir -p /run/rmilter
180        ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /run/rmilter
181      '';
182
183    };
184
185    services.postfix.extraConfig = optionalString cfg.postfix.enable cfg.postfix.configFragment;
186
187  };
188
189}