From 670aa8c2c36f5a09a5d84e062269ae18afebf96a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 28 Mar 2020 15:28:36 +0100
Subject: rspamd_proxy from ymir on yggdrasil

---
 nixpkgs       |  2 +-
 odin/strm.nix |  3 ++-
 ymir.nix      | 29 ++++++++++++++++++++++++++++-
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/nixpkgs b/nixpkgs
index 5494bdc1..c128f8c4 160000
--- a/nixpkgs
+++ b/nixpkgs
@@ -1 +1 @@
-Subproject commit 5494bdc14fff3acacd3653e5a44c1346018332b9
+Subproject commit c128f8c4700aed57e5a18cfb7f59abe40a994a14
diff --git a/odin/strm.nix b/odin/strm.nix
index 8fe4a68b..e0eb2696 100644
--- a/odin/strm.nix
+++ b/odin/strm.nix
@@ -5,7 +5,8 @@
 
 let
   manual-youtube = buildPerlPackage {
-    name = "manual_youtube";
+    version = "0.0.0";
+    pname = "manual_youtube";
   
     src = ./strm/manual_youtube;
 
diff --git a/ymir.nix b/ymir.nix
index 417850f2..dc759c51 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -195,6 +195,10 @@ in rec {
                              ];
       allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh
                              ];
+
+      interfaces.yggdrasil.allowedTCPPorts =
+        [ 11332 # rspamd
+        ];
     };
     enableIPv6 = true;
     interfaces."ens3" = {
@@ -1084,7 +1088,8 @@ in rec {
     enable = true;
     workers = {
       controller = {};
-      rspamd_proxy = {
+      external = {
+        type = "rspamd_proxy";
         bindSockets = [
           { mode = "0660";
             socket = "/var/lib/postfix/queue/private/rspamd";
@@ -1099,6 +1104,19 @@ in rec {
           }
         '';
       };
+      internal = {
+        type = "rspamd_proxy";
+        bindSockets = [
+          "ymir.niflheim.yggdrasil:11332"
+        ];
+        extraConfig = ''
+          upstream "local" {
+            default = yes;
+            self_scan = yes;
+            id = "internal";
+          }
+        '';
+      };
     };
     locals = {
       "milter_headers.conf".text = ''
@@ -1149,6 +1167,15 @@ in rec {
             spam = true;
         }
       '';
+      "settings.conf".text = ''
+        internal {
+          apply {
+            actions {
+              add_header = 10;
+            }
+          }
+        }
+      '';
     };
   };
 
-- 
cgit v1.2.3