57 lines
1.4 KiB
Python
57 lines
1.4 KiB
Python
# WIP
|
|
defaults = {
|
|
'apt': {
|
|
'repos': {
|
|
'rspamd': {
|
|
'items': {
|
|
'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main',
|
|
},
|
|
},
|
|
},
|
|
'packages': {
|
|
'clamav': {},
|
|
'clamav-daemon': {},
|
|
'clamav-freshclam': {},
|
|
'clamav-unofficial-sigs': {},
|
|
'rspamd': {},
|
|
},
|
|
},
|
|
'backups': {
|
|
'paths': {
|
|
'/var/lib/rspamd',
|
|
},
|
|
},
|
|
'cron': {
|
|
'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
|
|
},
|
|
'postfix': {
|
|
'aliases': {
|
|
'clamav': {
|
|
'root',
|
|
},
|
|
},
|
|
},
|
|
'rspamd': {
|
|
'dkim': repo.vault.password_for(node.name + ' rspamd dkim key'),
|
|
},
|
|
}
|
|
|
|
|
|
# Nodes managed by us should always be able to send mail to all other
|
|
# servers.
|
|
@metadata_reactor
|
|
def populate_permitted_ips_list_with_ips_from_repo(metadata):
|
|
ips = set()
|
|
|
|
for rnode in repo.nodes:
|
|
for identifier, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items():
|
|
for ip in found_ips:
|
|
if not ip.is_private:
|
|
ips.add(str(ip))
|
|
|
|
return {
|
|
'rspamd': {
|
|
'ignore_spam_check_for_ips': ips,
|
|
},
|
|
}
|