From 2411a9c18566f820e3ca845c039997d1478532ac Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 9 Jan 2023 18:14:32 +0100 Subject: [PATCH] finished rspamd setup --- modules/mail.nix | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/modules/mail.nix b/modules/mail.nix index b2eefaa..5e929a5 100644 --- a/modules/mail.nix +++ b/modules/mail.nix @@ -4,7 +4,7 @@ let domain = config.fsr.domain; in { - sops.secrets."rspamd-password".owner = config.users.user.rspamd.name; + sops.secrets."rspamd-password".owner = config.users.users.rspamd.name; networking.firewall.allowedTCPPorts = [ 25 465 993 ]; @@ -75,13 +75,41 @@ in postfix.enable = true; locals = { "worker-controller.inc".source = config.sops.secrets."rspamd-password".path; + "redis.conf".text = '' + read_servers = "127.0.0.1"; + write_servers = "127.0.0.1"; + ''; + }; + }; + redis = { + vmOverCommit = true; + servers.rspamd = { + enable = true; + port = 6379; }; }; nginx = { enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."${hostname}" = { forceSSL = true; enableACME = true; + locations = { + "/rspamd" = { + proxyWebsockets = true; + + # maybe there is a more beautiful way for this + extraConfig = '' + if ($request_uri ~* "/rspamd/(.*)") { + proxy_pass http://127.0.0.1:11334/$1; + } + ''; + }; + }; }; }; };