wip

bundles/rspamd/files/ip_whitelist.map

@@ -0,0 +1,3 @@
+% for ip in sorted(node.metadata.get('rspamd/ignore_spam_check_for_ips', set())):
+${ip}
+% endfor

bundles/rspamd/files/local.d/classifier-bayes.conf

@@ -0,0 +1 @@
+backend = "redis";

bundles/rspamd/files/local.d/logging.inc

@@ -0,0 +1,2 @@
+systemd = true;
+type = "console";

bundles/rspamd/files/local.d/milter_headers.conf

@@ -0,0 +1,2 @@
+use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
+authenticated_headers = ["authentication-results"];

bundles/rspamd/files/local.d/multimap.conf

@@ -0,0 +1,6 @@
+IP_WHITELIST {
+    type = "ip";
+    prefilter = true;
+    map = "/etc/rspamd/local.d/ip_whitelist.map";
+    action = "accept";
+}

bundles/rspamd/files/local.d/redis.conf

@@ -0,0 +1 @@
+servers = "127.0.0.1";

bundles/rspamd/files/local.d/worker-normal.inc

@@ -0,0 +1 @@
+bind_socket = "localhost:11333";

bundles/rspamd/files/local.d/worker-proxy.inc

@@ -0,0 +1,7 @@
+bind_socket = "localhost:11332";
+milter = yes;
+timeout = 120s;
+upstream "local" {
+    default = yes;
+    self_scan = yes;
+}

bundles/rspamd/files/override.d/antivirus.conf

@@ -0,0 +1,6 @@
+clamav {
+    servers = "/run/clamav/clamd.ctl";
+    action = "reject";
+    type = "clamav";
+    symbol = "CLAM_VIRUS";
+}

bundles/rspamd/files/worker-controller.inc

@@ -0,0 +1 @@
+password = "${node.metadata.get('rspamd/web_password')}";

bundles/rspamd/items.py

@@ -0,0 +1,66 @@
+from os import listdir
+from os.path import join
+
+repo.libs.tools.require_bundle(node, 'redis', 'rspamd does not work without a redis cache')
+
+directories = {
+    '/etc/rspamd/local.d': {
+        'purge': True,
+        'needs': {
+            'pkg_apt:rspamd',
+        },
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    },
+    '/etc/rspamd/override.d': {
+        'purge': True,
+        'needs': {
+            'pkg_apt:rspamd',
+        },
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    },
+}
+
+files = {
+    '/etc/rspamd/local.d/ip_whitelist.map': {
+        'content_type': 'mako',
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    },
+    '/etc/rspamd/local.d/worker-controller.inc': {
+        'content_type': 'mako',
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    }
+}
+
+local_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'local.d')
+for f in listdir(local_config_path):
+    files[f'/etc/rspamd/local.d/{f}'] = {
+        'source': f'local.d/{f}',
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    }
+
+override_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'override.d')
+for f in listdir(override_config_path):
+    files[f'/etc/rspamd/override.d/{f}'] = {
+        'source': f'override.d/{f}',
+        'triggers': {
+            'svc_systemd:rspamd:restart',
+        },
+    }
+
+svc_systemd = {
+    'rspamd': {
+        'needs': {
+            'pkg_apt:rspamd',
+        },
+    },
+}

bundles/rspamd/metadata.py

@@ -1,7 +1,15 @@
 defaults = {
     'apt': {
         'packages': {
+            'clamav': {},
+            'clamav-daemon': {},
+            'clamav-freshclam': {},
+            'clamav-unofficial-sigs': {}, 
             'rspamd': {},
         },
     },
-} 
+    'rspamd': {
+        'web_password': repo.vault.password_for(node.name + ' rspamd web password'),
+        'ignore_spam_check_for_ips': [],
+    },
+}