enable rspamd

hosts/falkenstein-1/default.nix

@@ -51,7 +51,7 @@
   # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
-    passwordAuthentication = false;
+    settings.PasswordAuthentication = false;
   };
   users.users.root.openssh.authorizedKeys.keyFiles = [
     #../../keys/ssh/rouven-thinkpad

hosts/falkenstein-1/modules/mail/default.nix

@@ -1,6 +1,7 @@
 { config, ... }:
 {
   sops.secrets."mail/rouven".owner = config.users.users.postfix.name;
+  sops.secrets."rspamd".owner = config.users.users.rspamd.name;
   mailserver = rec {
     enable = true;
     fqdn = "mail.rfive.de";
@@ -14,4 +15,14 @@
     };
     certificateScheme = 3;
   };
+  services.rspamd.locals."worker-controller.inc".source = config.sops.secrets."rspamd".path;
+  services.nginx.virtualHosts."rspamd.rfive.de" = {
+    enableACME = true;
+    forceSSL = true;
+    locations = {
+      "/" = {
+        proxyPass = "http://unix:/run/rspamd/worker-controller.sock:/";
+      };
+    };
+  };
 }