mailsystem: rspamd: Add configuration options to make rspamd's web ui accessible
This commit is contained in:
parent
0ce3ecae52
commit
5583676384
1 changed files with 40 additions and 1 deletions
|
|
@ -25,7 +25,27 @@ with (import ./common.nix {inherit config;}); let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
options.mailsystem.rspamd.webUi = {
|
||||||
|
enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = true;
|
||||||
|
description = "Whether to enable the rspamd webui on `https://${config.mailsystem.fqdn}/rspamd`";
|
||||||
|
};
|
||||||
|
|
||||||
|
basicAuthFile = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Path to basic auth file";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = !cfg.rspamd.webUi.enable || cfg.rspamd.webUi.basicAuthFile != null;
|
||||||
|
message = "Setting basicAuthFile is required if rspamd's web interface is enabled";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
services.rspamd = {
|
services.rspamd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
overrides = {
|
overrides = {
|
||||||
|
|
@ -48,6 +68,12 @@ in {
|
||||||
servers = "${redisCfg.unixSocket}";
|
servers = "${redisCfg.unixSocket}";
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
"worker-controller.inc" = lib.mkIf cfg.rspamd.webUi.enable {
|
||||||
|
text = ''
|
||||||
|
secure_ip = "0.0.0.0/0";
|
||||||
|
secure_ip = "::/0";
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
workers = {
|
workers = {
|
||||||
|
|
@ -77,12 +103,25 @@ in {
|
||||||
|
|
||||||
systemd.sockets = {
|
systemd.sockets = {
|
||||||
rspamd-proxy = genSystemdSocketCfg "proxy" rspamdProxySocket postfixCfg.user;
|
rspamd-proxy = genSystemdSocketCfg "proxy" rspamdProxySocket postfixCfg.user;
|
||||||
rspamd-controller = genSystemdSocketCfg "controller" rspamdControllerSocket "";
|
rspamd-controller = genSystemdSocketCfg "controller" rspamdControllerSocket (
|
||||||
|
lib.optionalString cfg.rspamd.webUi.enable nginxCfg.user
|
||||||
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.rspamd = {
|
systemd.services.rspamd = {
|
||||||
requires = ["redis-rspamd.service"];
|
requires = ["redis-rspamd.service"];
|
||||||
after = ["redis-rspamd.service"];
|
after = ["redis-rspamd.service"];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx = lib.mkIf cfg.rspamd.webUi.enable {
|
||||||
|
enable = true;
|
||||||
|
virtualHosts."${cfg.fqdn}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
locations."/rspamd" = {
|
||||||
|
proxyPass = "http://unix:${rspamdControllerSocket}:/";
|
||||||
|
basicAuthFile = cfg.rspamd.webUi.basicAuthFile;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue