from os import listdir from os.path import join repo.libs.tools.require_bundle(node, 'redis', 'rspamd does not work without a redis cache') directories = { '/etc/rspamd/local.d': { 'purge': True, 'needs': { 'pkg_apt:rspamd', }, 'triggers': { 'svc_systemd:rspamd:restart', }, }, '/etc/rspamd/override.d': { 'purge': True, 'needs': { 'pkg_apt:rspamd', }, 'triggers': { 'svc_systemd:rspamd:restart', }, }, '/var/lib/rspamd/dkim': { 'owner': '_rspamd', 'group': '_rspamd', 'mode': '0750', 'needs': { 'pkg_apt:rspamd', }, }, } svc_systemd = { 'rspamd': { 'needs': { 'pkg_apt:rspamd', }, }, 'clamav-daemon': { 'needs': { 'pkg_apt:clamav', 'pkg_apt:clamav-daemon', }, }, 'clamav-freshclam': { 'needs': { 'pkg_apt:clamav-freshclam', }, }, 'rspamd-dmarc-report.timer': { 'needs': { 'file:/etc/systemd/system/rspamd-dmarc-report.service', 'file:/etc/systemd/system/rspamd-dmarc-report.timer', }, }, } files = { '/etc/rspamd/local.d/ip_whitelist.map': { 'content_type': 'mako', }, '/usr/local/bin/telegraf-rspamd-plugin': { 'mode': '0755', }, '/etc/systemd/system/rspamd-dmarc-report.timer': { 'content_type': 'mako', 'context': { 'hour': node.magic_number%24, 'minute': node.magic_number%60, }, 'triggers': { 'action:systemd-reload', 'svc_systemd:rspamd-dmarc-report.timer:restart', }, }, '/etc/systemd/system/rspamd-dmarc-report.service': { 'triggers': { 'action:systemd-reload', }, }, } if 'dkim' in node.metadata.get('rspamd', {}): for i in {'arc', 'dkim_signing'}: files[f'/etc/rspamd/local.d/{i}.conf'] = { 'source': 'dkim.conf', 'content_type': 'mako', 'needs': { 'action:rspamd_generate_dkim_key', }, 'triggers': { 'svc_systemd:rspamd:restart', }, } dkim_key = repo.libs.faults.ensure_fault_or_none(node.metadata['rspamd']['dkim']) actions = { 'rspamd_assure_dkim_key_permissions': { 'command': 'chown _rspamd:_rspamd /var/lib/rspamd/dkim/*.key', 'unless': 'test -z "$(find /var/lib/rspamd/ -iname \"*.key\" \! -user _rspamd)"', 'needs': { 'action:rspamd_generate_dkim_key', 'directory:/var/lib/rspamd/dkim', }, }, 'rspamd_generate_dkim_key': { 'command': dkim_key.format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{0}" -b 2048 -k "{0}.key" > "{0}.txt"'), 'unless': dkim_key.format_into('test -f "/var/lib/rspamd/dkim/{0}.key"'), 'needs': { 'directory:/var/lib/rspamd/dkim', 'pkg_apt:rspamd', }, }, } if 'password' in node.metadata.get('rspamd', {}): files['/etc/rspamd/local.d/worker-controller.inc'] = { 'content_type': 'mako', 'triggers': { 'svc_systemd:rspamd:restart', }, } local_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'local.d') for f in listdir(local_config_path): files[f'/etc/rspamd/local.d/{f}'] = { 'source': f'local.d/{f}', 'content_type': 'mako', 'triggers': { 'svc_systemd:rspamd:restart', }, } override_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'override.d') for f in listdir(override_config_path): files[f'/etc/rspamd/override.d/{f}'] = { 'source': f'override.d/{f}', 'triggers': { 'svc_systemd:rspamd:restart', }, }