bundlewrap/bundles/rspamd/metadata.py

56 lines
1.4 KiB
Python

# WIP
defaults = {
'apt': {
'repos': {
'rspamd': {
'items': {
'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main',
},
},
},
'packages': {
'clamav': {},
'clamav-daemon': {},
'clamav-freshclam': {},
'clamav-unofficial-sigs': {},
'rspamd': {},
},
},
'backups': {
'paths': {
'/var/lib/rspamd',
},
},
'cron': {
'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
},
'postfix': {
'aliases': {
'clamav': {
'root',
},
},
},
'rspamd': {
'dkim': repo.vault.password_for(node.name + ' rspamd dkim key'),
},
}
# Nodes managed by us should always be able to send mail to all other
# servers.
@metadata_reactor
def populate_permitted_ips_list_with_ips_from_repo(metadata):
ips = set()
for rnode in repo.nodes:
for identifier, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items():
for ip in found_ips:
if not ip.is_private:
ips.add(str(ip))
return {
'rspamd': {
'ignore_spam_check_for_ips': ips,
},
}