rspamd: configure redis backend

The sqlite backed is deprecated, and the redis backend is the default since rspamd 2.0. Not having redis started results in such errors: rspamd_redis_init: cannot init redis backend for BAYES_SPAM To migrate the sqlite database, run rspamadm statconvert --spam-db /var/lib/rspamd/bayes.spam.sqlite --ham-db /var/lib/rspamd/bayes.ham.sqlite -h 127.0.0.1:6379 --symbol-ham BAYES_HAM --symbol-spam BAYES_SPAM The current module implements the recommended configuration that this utility prints out.
2020-04-03 12:00:00 +00:00 · 2020-04-03 12:00:00 +00:00 · 9e772d166c
commit 9e772d166c
parent ac0f5c118f
2 changed files with 55 additions and 2 deletions
--- a/default.nix
+++ b/default.nix
@ -480,6 +480,46 @@ in
      '';
    };

+    redis = {
+      address = mkOption {
+        type = types.str;
+        # read the default from nixos' redis module
+        default = let
+          cf = config.services.redis.bind;
+          cfdefault = if cf == null then "127.0.0.1" else cf;
+          ips = lib.strings.splitString " " cfdefault;
+          ip = lib.lists.head (ips ++ [ "127.0.0.1" ]);
+          isIpv6 = ip: lib.lists.elem ":" (lib.stringToCharacters ip);
+        in
+        if (ip == "0.0.0.0" || ip == "::")
+        then "127.0.0.1"
+        else if isIpv6 ip then "[${ip}]" else ip;
+        description = ''
+          Address that rspamd should use to contact redis. The default value
+          is read from <literal>config.services.redis.bind</literal>.
+        '';
+      };
+
+      port = mkOption {
+        type = types.port;
+        default = config.services.redis.port;
+        description = ''
+          Port that rspamd should use to contact redis. The default value is
+          read from <literal>config.services.redis.port<literal>.
+        '';
+      };
+
+      password = mkOption {
+        type = types.nullOr types.str;
+        default = config.services.redis.requirePass;
+        description = ''
+          Password that rspamd should use to contact redis, or null if not
+          required. The default value is read from
+          <literal>config.services.redis.requirePass<literal>.
+        '';
+      };
+    };
+
    rewriteMessageId = mkOption {
      type = types.bool;
      default = false;
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@ -32,6 +32,16 @@ in
          "milter_headers.conf" = { text = ''
              extended_spam_headers = yes;
          ''; };
+          "redis.conf" = { text = ''
+              servers = "${cfg.redis.address}:${toString cfg.redis.port}";
+          '' + (lib.optionalString (cfg.redis.password != null) ''
+              password = "${cfg.redis.password}";
+          ''); };
+          "classifier-bayes.conf" = { text = ''
+              cache {
+                backend = "redis";
+              }
+          ''; };
          "antivirus.conf" = lib.mkIf cfg.virusScanning { text = ''
              clamav {
                action = "reject";
@ -80,9 +90,12 @@ in
      };

    };
+
+    services.redis.enable = true;
+
    systemd.services.rspamd = {
-      requires = (lib.optional cfg.virusScanning "clamav-daemon.service");
-      after = (lib.optional cfg.virusScanning "clamav-daemon.service");
+      requires = [ "redis.service" ] ++ (lib.optional cfg.virusScanning "clamav-daemon.service");
+      after = [ "redis.service" ] ++ (lib.optional cfg.virusScanning "clamav-daemon.service");
    };

    systemd.services.postfix = {