preisi/mailnix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

mailsystem: rspamd: Make rspamd-controller.socket accessible for dovecot2 user

Browse source 
This is required for functional spam/ham learning.
This commit is contained in:
Thomas Preisner 2025-08-10 18:24:18 +02:00
parent 4c2eed3421
commit 3994d0ccd2
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
mailsystem/rspamd.nix
View file

@ -6,12 +6,13 @@
}:
with (import ./common.nix {inherit config pkgs;}); let
cfg = config.mailsystem;
dovecot2Cfg = config.services.dovecot2;
nginxCfg = config.services.nginx;
postfixCfg = config.services.postfix;
redisCfg = config.services.redis.servers.rspamd;
rspamdCfg = config.services.rspamd;
genSystemdSocketCfg = name: socketPath: additionalUser: {
genSystemdSocketCfg = name: socketPath: additionalUsers: {
description = "rspamd ${name} worker socket";
listenStreams = [socketPath];
requiredBy = ["rspamd.service"];
@ -20,8 +21,9 @@ with (import ./common.nix {inherit config pkgs;}); let
SocketUser = rspamdCfg.user;
SocketMode = 0600;
ExecStartPost =
lib.mkIf (additionalUser != "")
''${pkgs.acl.bin}/bin/setfacl -m "u:${additionalUser}:rw" "${socketPath}"'';
lib.mkIf (additionalUsers != [])
(lib.concatMapStringsSep "\n" (user: ''${pkgs.acl.bin}/bin/setfacl -m "u:${user}:rw" "${socketPath}"'')
additionalUsers);
};
};
in {
@ -149,10 +151,8 @@ in {
};
systemd.sockets = {
rspamd-proxy = genSystemdSocketCfg "proxy" rspamdProxySocket postfixCfg.user;
rspamd-controller = genSystemdSocketCfg "controller" rspamdControllerSocket (
lib.optionalString cfg.rspamd.webUi.enable nginxCfg.user
);
rspamd-proxy = genSystemdSocketCfg "proxy" rspamdProxySocket [postfixCfg.user];
rspamd-controller = genSystemdSocketCfg "controller" rspamdControllerSocket ([dovecot2Cfg.mailUser] ++ lib.optional cfg.rspamd.webUi.enable nginxCfg.user);
};
systemd.services.rspamd = {