wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

finished rspamd setup

Browse source
This commit is contained in:
Rouven Seifert 2023-01-09 18:14:32 +01:00
parent a11a3614a9
commit 2411a9c185
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
1 changed files with 29 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
modules/mail.nix
View file

@ -4,7 +4,7 @@ let
domain = config.fsr.domain; domain = config.fsr.domain;
in in
{ {
sops.secrets."rspamd-password".owner = config.users.user.rspamd.name; sops.secrets."rspamd-password".owner = config.users.users.rspamd.name;
networking.firewall.allowedTCPPorts = [ 25 465 993 ]; networking.firewall.allowedTCPPorts = [ 25 465 993 ];
@ -75,13 +75,41 @@ in
postfix.enable = true; postfix.enable = true;
locals = { locals = {
"worker-controller.inc".source = config.sops.secrets."rspamd-password".path; "worker-controller.inc".source = config.sops.secrets."rspamd-password".path;
"redis.conf".text = ''
read_servers = "127.0.0.1";
write_servers = "127.0.0.1";
'';
};
};
redis = {
vmOverCommit = true;
servers.rspamd = {
enable = true;
port = 6379;
}; };
}; };
nginx = { nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."${hostname}" = { virtualHosts."${hostname}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = {
"/rspamd" = {
proxyWebsockets = true;
# maybe there is a more beautiful way for this
extraConfig = ''
if ($request_uri ~* "/rspamd/(.*)") {
proxy_pass http://127.0.0.1:11334/$1;
}
'';
};
};
}; };
}; };
}; };