From 3994d0ccd28607d5aa793f40516319ec6981ef96 Mon Sep 17 00:00:00 2001 From: Thomas Preisner Date: Sun, 10 Aug 2025 18:24:18 +0200 Subject: [PATCH] mailsystem: rspamd: Make rspamd-controller.socket accessible for dovecot2 user This is required for functional spam/ham learning. --- mailsystem/rspamd.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/mailsystem/rspamd.nix b/mailsystem/rspamd.nix index 7955b9f..0312b4d 100644 --- a/mailsystem/rspamd.nix +++ b/mailsystem/rspamd.nix @@ -6,12 +6,13 @@ }: with (import ./common.nix {inherit config pkgs;}); let cfg = config.mailsystem; + dovecot2Cfg = config.services.dovecot2; nginxCfg = config.services.nginx; postfixCfg = config.services.postfix; redisCfg = config.services.redis.servers.rspamd; rspamdCfg = config.services.rspamd; - genSystemdSocketCfg = name: socketPath: additionalUser: { + genSystemdSocketCfg = name: socketPath: additionalUsers: { description = "rspamd ${name} worker socket"; listenStreams = [socketPath]; requiredBy = ["rspamd.service"]; @@ -20,8 +21,9 @@ with (import ./common.nix {inherit config pkgs;}); let SocketUser = rspamdCfg.user; SocketMode = 0600; ExecStartPost = - lib.mkIf (additionalUser != "") - ''${pkgs.acl.bin}/bin/setfacl -m "u:${additionalUser}:rw" "${socketPath}"''; + lib.mkIf (additionalUsers != []) + (lib.concatMapStringsSep "\n" (user: ''${pkgs.acl.bin}/bin/setfacl -m "u:${user}:rw" "${socketPath}"'') + additionalUsers); }; }; in { @@ -149,10 +151,8 @@ in { }; systemd.sockets = { - rspamd-proxy = genSystemdSocketCfg "proxy" rspamdProxySocket postfixCfg.user; - rspamd-controller = genSystemdSocketCfg "controller" rspamdControllerSocket ( - lib.optionalString cfg.rspamd.webUi.enable nginxCfg.user - ); + rspamd-proxy = genSystemdSocketCfg "proxy" rspamdProxySocket [postfixCfg.user]; + rspamd-controller = genSystemdSocketCfg "controller" rspamdControllerSocket ([dovecot2Cfg.mailUser] ++ lib.optional cfg.rspamd.webUi.enable nginxCfg.user); }; systemd.services.rspamd = {