preisi/mailnix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mailsystem: rspamd: Make rspamd-controller.socket accessible for dovecot2 user

Browse source 
This is required for functional spam/ham learning.
This commit is contained in:
Thomas Preisner 2025-08-10 18:24:18 +02:00
parent 4c2eed3421
commit 3994d0ccd2
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
mailsystem/rspamd.nix
View file

@ -6,12 +6,13 @@
}: }:
with (import ./common.nix {inherit config pkgs;}); let with (import ./common.nix {inherit config pkgs;}); let
cfg = config.mailsystem; cfg = config.mailsystem;
dovecot2Cfg = config.services.dovecot2;
nginxCfg = config.services.nginx; nginxCfg = config.services.nginx;
postfixCfg = config.services.postfix; postfixCfg = config.services.postfix;
redisCfg = config.services.redis.servers.rspamd; redisCfg = config.services.redis.servers.rspamd;
rspamdCfg = config.services.rspamd; rspamdCfg = config.services.rspamd;
genSystemdSocketCfg = name: socketPath: additionalUser: { genSystemdSocketCfg = name: socketPath: additionalUsers: {
description = "rspamd ${name} worker socket"; description = "rspamd ${name} worker socket";
listenStreams = [socketPath]; listenStreams = [socketPath];
requiredBy = ["rspamd.service"]; requiredBy = ["rspamd.service"];
@ -20,8 +21,9 @@ with (import ./common.nix {inherit config pkgs;}); let
SocketUser = rspamdCfg.user; SocketUser = rspamdCfg.user;
SocketMode = 0600; SocketMode = 0600;
ExecStartPost = ExecStartPost =
lib.mkIf (additionalUser != "") lib.mkIf (additionalUsers != [])
''${pkgs.acl.bin}/bin/setfacl -m "u:${additionalUser}:rw" "${socketPath}"''; (lib.concatMapStringsSep "\n" (user: ''${pkgs.acl.bin}/bin/setfacl -m "u:${user}:rw" "${socketPath}"'')
additionalUsers);
}; };
}; };
in { in {
@ -149,10 +151,8 @@ in {
}; };
systemd.sockets = { systemd.sockets = {
rspamd-proxy = genSystemdSocketCfg "proxy" rspamdProxySocket postfixCfg.user; rspamd-proxy = genSystemdSocketCfg "proxy" rspamdProxySocket [postfixCfg.user];
rspamd-controller = genSystemdSocketCfg "controller" rspamdControllerSocket ( rspamd-controller = genSystemdSocketCfg "controller" rspamdControllerSocket ([dovecot2Cfg.mailUser] ++ lib.optional cfg.rspamd.webUi.enable nginxCfg.user);
lib.optionalString cfg.rspamd.webUi.enable nginxCfg.user
);
}; };
systemd.services.rspamd = { systemd.services.rspamd = {