mailsystem: Configure rspamd as spam filter

mailsystem/redis.nix

@@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.mailsystem;
+  redisCfg = config.services.redis.servers.rspamd;
+  rspamdCfg = config.services.rspamd;
+in {
+  config = lib.mkIf cfg.enable {
+    services.redis.servers.rspamd = {
+      enable = true;
+      # Don't accept connections via tcp
+      port = 0;
+      unixSocketPerm = 600;
+    };
+
+    # TODO: Run commands as service user instead of as root?
+    systemd.services.redis-rspamd.serviceConfig.ExecStartPost =
+      "+"
+      + pkgs.writeShellScript "redis-rspamd-postStart" ''
+        ${pkgs.acl.bin}/bin/setfacl -m "u:${rspamdCfg.user}:x" "${builtins.dirOf redisCfg.unixSocket}"
+        ${pkgs.acl.bin}/bin/setfacl -m "u:${rspamdCfg.user}:rw" "${redisCfg.unixSocket}"
+      '';
+  };
+}