pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6
7 cfg = config.services.rspamd;
8
9in
10
11{
12
13 ###### interface
14
15 options = {
16
17 services.rspamd = {
18
19 enable = mkOption {
20 default = false;
21 description = "Whether to run the rspamd daemon.";
22 };
23
24 debug = mkOption {
25 default = false;
26 description = "Whether to run the rspamd daemon in debug mode.";
27 };
28
29 user = mkOption {
30 type = types.string;
31 default = "rspamd";
32 description = ''
33 User to use when no root privileges are required.
34 '';
35 };
36
37 group = mkOption {
38 type = types.string;
39 default = "rspamd";
40 description = ''
41 Group to use when no root privileges are required.
42 '';
43 };
44 };
45
46 };
47
48
49 ###### implementation
50
51 config = mkIf cfg.enable {
52
53 # Allow users to run 'rspamc' and 'rspamadm'.
54 environment.systemPackages = [ pkgs.rspamd ];
55
56 users.extraUsers = singleton {
57 name = cfg.user;
58 description = "rspamd daemon";
59 uid = config.ids.uids.rspamd;
60 group = cfg.group;
61 };
62
63 users.extraGroups = singleton {
64 name = cfg.group;
65 gid = config.ids.gids.spamd;
66 };
67
68 systemd.services.rspamd = {
69 description = "Rspamd Service";
70
71 wantedBy = [ "multi-user.target" ];
72 after = [ "network.target" ];
73
74 serviceConfig = {
75 ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f";
76 RuntimeDirectory = "/var/lib/rspamd";
77 PermissionsStartOnly = true;
78 Restart = "always";
79 };
80
81 preStart = ''
82 ${pkgs.coreutils}/bin/mkdir -p /var/{lib,log}/rspamd
83 ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
84 '';
85
86 };
87
88 };
89
90}