nixos-config/config/services/rspamd.nix

{ config, ... }: {
  services.rspamd = {
    enable = true;
    locals."dkim_signing.conf".text = ''
      domain {
        darkkirb.de {
          selector = "dkim";
          path = "${config.sops.secrets."services/rspamd/dkim/darkkirb.de".path}";
        }
        miifox.net {
          selector = "dkim";
          path = "${config.sops.secrets."services/rspamd/dkim/miifox.net".path}";
        }
        chir.rs {
          selector = "dkim";
          path = "${config.sops.secrets."services/rspamd/dkim/chir.rs".path}";
        }
      }
      allow_hdrfrom_mismatch = true;
      allow_hdrfrom_mismatch_sign_networks = true;
      allow_username_mismatch = true;
      use_domain = "header";
      sign_authenticated = true;
      use_esld = true;
    '';
    workers = {
      normal = {
        includes = [ "$CONFDIR/worker-normal.inc" ];
        bindSockets = [ "*:11332" ];
      };
      controller = {
        includes = [ "$CONFDIR/worker-controller.inc" ];
        bindSockets = [ "*:11334" ];
      };
    };
  };
  sops.secrets."services/rspamd/dkim/darkkirb.de" = { owner = "rspamd"; };
  sops.secrets."services/rspamd/dkim/miifox.net" = { owner = "rspamd"; };
  sops.secrets."services/rspamd/dkim/chir.rs" = { owner = "rspamd"; };
}
add the most basic-ass rspamd config possible 2022-04-21 07:47:22 +00:00			`{ config, ... }: {`
			`services.rspamd = {`
			`enable = true;`
			`locals."dkim_signing.conf".text = ''`
			`domain {`
			`darkkirb.de {`
			`selector = "dkim";`
			`path = "${config.sops.secrets."services/rspamd/dkim/darkkirb.de".path}";`
			`}`
			`miifox.net {`
			`selector = "dkim";`
			`path = "${config.sops.secrets."services/rspamd/dkim/miifox.net".path}";`
			`}`
			`chir.rs {`
			`selector = "dkim";`
			`path = "${config.sops.secrets."services/rspamd/dkim/chir.rs".path}";`
			`}`
			`}`
			`allow_hdrfrom_mismatch = true;`
			`allow_hdrfrom_mismatch_sign_networks = true;`
			`allow_username_mismatch = true;`
			`use_domain = "header";`
			`sign_authenticated = true;`
			`use_esld = true;`
			`'';`
listen to rspamd on :11332 2022-04-27 10:30:34 +00:00			`workers = {`
			`normal = {`
			`includes = [ "$CONFDIR/worker-normal.inc" ];`
Move rspamd to nas 2022-04-28 11:23:41 +00:00			`bindSockets = [ "*:11332" ];`
listen to rspamd on :11332 2022-04-27 10:30:34 +00:00			`};`
add the controller worker 2022-04-27 10:37:49 +00:00			`controller = {`
			`includes = [ "$CONFDIR/worker-controller.inc" ];`
Move rspamd to nas 2022-04-28 11:23:41 +00:00			`bindSockets = [ "*:11334" ];`
add the controller worker 2022-04-27 10:37:49 +00:00			`};`
listen to rspamd on :11332 2022-04-27 10:30:34 +00:00			`};`
add the most basic-ass rspamd config possible 2022-04-21 07:47:22 +00:00			`};`
			`sops.secrets."services/rspamd/dkim/darkkirb.de" = { owner = "rspamd"; };`
			`sops.secrets."services/rspamd/dkim/miifox.net" = { owner = "rspamd"; };`
			`sops.secrets."services/rspamd/dkim/chir.rs" = { owner = "rspamd"; };`
			`}`