nixos: Add module for rspamd

9 years ago · 14926f08a3
parent 480083922c
commit 14926f08a3
3 changed files with 93 additions and 0 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -246,6 +246,7 @@
      dspam = 222;
      gale = 223;
      matrix-synapse = 224;
+      rspamd = 225;

      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

@ -469,6 +470,7 @@
      dspam = 222;
      gale = 223;
      matrix-synapse = 224;
+      rspamd = 225;

      # When adding a gid, make sure it doesn't match an existing
      # uid. Users and groups with the same name should have equal
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -193,6 +193,7 @@
  ./services/mail/postfix.nix
  ./services/mail/postsrsd.nix
  ./services/mail/spamassassin.nix
+  ./services/mail/rspamd.nix
  ./services/misc/apache-kafka.nix
  ./services/misc/autofs.nix
  ./services/misc/bepasty.nix
--- a/nixos/modules/services/mail/rspamd.nix
+++ b/nixos/modules/services/mail/rspamd.nix
@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.services.rspamd;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.rspamd = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to run the rspamd daemon.";
+      };
+
+      debug = mkOption {
+        default = false;
+        description = "Whether to run the rspamd daemon in debug mode.";
+      };
+
+      user = mkOption {
+        type = types.string;
+        default = "rspamd";
+        description = ''
+          User to use when no root privileges are required.
+        '';
+       };
+
+      group = mkOption {
+        type = types.string;
+        default = "rspamd";
+        description = ''
+          Group to use when no root privileges are required.
+        '';
+       };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    # Allow users to run 'rspamc' and 'rspamadm'.
+    environment.systemPackages = [ pkgs.rspamd ];
+
+    users.extraUsers = singleton {
+      name = cfg.user;
+      description = "rspamd daemon";
+      uid = config.ids.uids.rspamd;
+      group = cfg.group;
+    };
+
+    users.extraGroups = singleton {
+      name = cfg.group;
+      gid = config.ids.gids.spamd;
+    };
+
+    systemd.services.rspamd = {
+      description = "Rspamd Service";
+
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f";
+        RuntimeDirectory = "/var/lib/rspamd";
+        PermissionsStartOnly = true;
+        Restart = "always";
+      };
+
+      preStart = ''
+        ${pkgs.coreutils}/bin/mkdir -p /var/{lib,log}/rspamd
+        ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
+      '';
+
+    };
+
+  };
+
+}