Franziska Kunsmann
a4ca98e79e
All checks were successful
bundlewrap/pipeline/head This commit looks good
74 lines
2.2 KiB
Python
74 lines
2.2 KiB
Python
# WIP
|
|
defaults = {
|
|
'apt': {
|
|
'repos': {
|
|
'rspamd': {
|
|
'items': {
|
|
'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main',
|
|
},
|
|
},
|
|
},
|
|
'packages': {
|
|
'clamav': {},
|
|
'clamav-daemon': {},
|
|
'clamav-freshclam': {},
|
|
'clamav-unofficial-sigs': {},
|
|
'rspamd': {},
|
|
},
|
|
},
|
|
'icinga2_api': {
|
|
'rspamd': {
|
|
'services': {
|
|
'RSPAMD PROCESS': {
|
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C rspamd -c 1:',
|
|
},
|
|
'RSPAMD PROXY PORT': {
|
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_tcp -H localhost -p 11332',
|
|
},
|
|
'RSPAMD WORKER PORT': {
|
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_tcp -H localhost -p 11333',
|
|
},
|
|
'RSPAMD WEB INTERFACE': {
|
|
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_http_url_for_string http://localhost:11334/ "Login to Rspamd"',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'backups': {
|
|
'paths': {
|
|
'/var/lib/rspamd',
|
|
},
|
|
},
|
|
'cron': {
|
|
'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
|
|
},
|
|
'postfix': {
|
|
'aliases': {
|
|
'clamav': {
|
|
'root',
|
|
},
|
|
},
|
|
},
|
|
'rspamd': {
|
|
'dkim': repo.vault.password_for(node.name + ' rspamd dkim key'),
|
|
},
|
|
}
|
|
|
|
|
|
# Nodes managed by us should always be able to send mail to all other
|
|
# servers.
|
|
@metadata_reactor
|
|
def populate_permitted_ips_list_with_ips_from_repo(metadata):
|
|
ips = set()
|
|
|
|
for rnode in repo.nodes:
|
|
for identifier, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items():
|
|
for ip in found_ips:
|
|
if not ip.is_private:
|
|
ips.add(str(ip))
|
|
|
|
return {
|
|
'rspamd': {
|
|
'ignore_spam_check_for_ips': ips,
|
|
},
|
|
}
|