rspamd_proxy from ymir on yggdrasil

author: Gregor Kleen <gkleen@yggdrasil.li> 2020-03-28 15:28:36 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2020-03-28 15:28:36 +0100
commit: 670aa8c2c36f5a09a5d84e062269ae18afebf96a (patch)
tree: 9ef7a2c76f6c8438c2eb7e2ad70356f93fdcb278 /ymir.nix
parent: 7bcd116cc32dc76dbd03e72d06ddcb095fdc2d18 (diff)
download: nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.tar
nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.tar.gz
nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.tar.bz2
nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.tar.xz
nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.zip
1 files changed, 28 insertions, 1 deletions
diff --git a/ymir.nix b/ymir.nix
index 417850f2..dc759c51 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -195,6 +195,10 @@ in rec {
                             ];
      allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                             ];
+      interfaces.yggdrasil.allowedTCPPorts =
+        [ 11332 # rspamd
+        ];
    };
    enableIPv6 = true;
    interfaces."ens3" = {
@@ -1084,7 +1088,8 @@ in rec {
    enable = true;
    workers = {
      controller = {};
-      rspamd_proxy = {
+      external = {
+        type = "rspamd_proxy";
        bindSockets = [
          { mode = "0660";
            socket = "/var/lib/postfix/queue/private/rspamd";
@@ -1099,6 +1104,19 @@ in rec {
          }
        '';
      };
+      internal = {
+        type = "rspamd_proxy";
+        bindSockets = [
+          "ymir.niflheim.yggdrasil:11332"
+        ];
+        extraConfig = ''
+          upstream "local" {
+            default = yes;
+            self_scan = yes;
+            id = "internal";
+          }
+        '';
+      };
    };
    locals = {
      "milter_headers.conf".text = ''
@@ -1149,6 +1167,15 @@ in rec {
            spam = true;
        }
      '';
+      "settings.conf".text = ''
+        internal {
+          apply {
+            actions {
+              add_header = 10;
+            }
+          }
+        }
+      '';
    };
  };
author	Gregor Kleen <gkleen@yggdrasil.li>	2020-03-28 15:28:36 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2020-03-28 15:28:36 +0100
commit	670aa8c2c36f5a09a5d84e062269ae18afebf96a (patch)
tree	9ef7a2c76f6c8438c2eb7e2ad70356f93fdcb278 /ymir.nix
parent	7bcd116cc32dc76dbd03e72d06ddcb095fdc2d18 (diff)
download	nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.tar nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.tar.gz nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.tar.bz2 nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.tar.xz nixos-670aa8c2c36f5a09a5d84e062269ae18afebf96a.zip

diff --git a/ymir.nix b/ymir.nix index 417850f2..dc759c51 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -195,6 +195,10 @@ in rec {
195	];	195	];
196	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh	196	allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
197	];	197	];
		198
		199	interfaces.yggdrasil.allowedTCPPorts =
		200	[ 11332 # rspamd
		201	];
198	};	202	};
199	enableIPv6 = true;	203	enableIPv6 = true;
200	interfaces."ens3" = {	204	interfaces."ens3" = {
@@ -1084,7 +1088,8 @@ in rec {
1084	enable = true;	1088	enable = true;
1085	workers = {	1089	workers = {
1086	controller = {};	1090	controller = {};
1087	rspamd_proxy = {	1091	external = {
		1092	type = "rspamd_proxy";
1088	bindSockets = [	1093	bindSockets = [
1089	{ mode = "0660";	1094	{ mode = "0660";
1090	socket = "/var/lib/postfix/queue/private/rspamd";	1095	socket = "/var/lib/postfix/queue/private/rspamd";
@@ -1099,6 +1104,19 @@ in rec {
1099	}	1104	}
1100	'';	1105	'';
1101	};	1106	};
		1107	internal = {
		1108	type = "rspamd_proxy";
		1109	bindSockets = [
		1110	"ymir.niflheim.yggdrasil:11332"
		1111	];
		1112	extraConfig = ''
		1113	upstream "local" {
		1114	default = yes;
		1115	self_scan = yes;
		1116	id = "internal";
		1117	}
		1118	'';
		1119	};
1102	};	1120	};
1103	locals = {	1121	locals = {
1104	"milter_headers.conf".text = ''	1122	"milter_headers.conf".text = ''
@@ -1149,6 +1167,15 @@ in rec {
1149	spam = true;	1167	spam = true;
1150	}	1168	}
1151	'';	1169	'';
		1170	"settings.conf".text = ''
		1171	internal {
		1172	apply {
		1173	actions {
		1174	add_header = 10;
		1175	}
		1176	}
		1177	}
		1178	'';
1152	};	1179	};
1153	};	1180	};
1154		1181