Merge branch 'dmarc-reporter' into 'master'
Allow AF_UNIX sockets for dmarc reporter, tokenize commandline Closes #331 See merge request simple-nixos-mailserver/nixos-mailserver!437
This commit is contained in:
commit
57d9624c71
1 changed files with 10 additions and 4 deletions
|
@ -169,7 +169,7 @@ in
|
|||
|
||||
};
|
||||
|
||||
services.redis.servers.rspamd.enable = lib.mkDefault true;
|
||||
services.redis.servers.rspamd.enable = lib.mkDefault cfg.redis.configureLocally;
|
||||
|
||||
systemd.tmpfiles.settings."10-rspamd.conf" = {
|
||||
"${cfg.dkimKeyDirectory}" = {
|
||||
|
@ -204,9 +204,11 @@ in
|
|||
# Explicitly select yesterday's date to work around broken
|
||||
# default behaviour when called without a date.
|
||||
# https://github.com/rspamd/rspamd/issues/4062
|
||||
script = ''
|
||||
${pkgs.rspamd}/bin/rspamadm dmarc_report $(date -d "yesterday" "+%Y%m%d")
|
||||
'';
|
||||
script = toString [
|
||||
(lib.getExe' pkgs.rspamd "rspamadm")
|
||||
"dmarc_report"
|
||||
"$(date -d 'yesterday' '+%Y%m%d')"
|
||||
];
|
||||
serviceConfig = {
|
||||
User = "${config.services.rspamd.user}";
|
||||
Group = "${config.services.rspamd.group}";
|
||||
|
@ -235,10 +237,14 @@ in
|
|||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_UNIX"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SupplementaryGroups = lib.optionals cfg.redis.configureLocally [
|
||||
config.services.redis.servers.rspamd.group
|
||||
];
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue