145 lines
3.9 KiB
Python
145 lines
3.9 KiB
Python
from os import listdir
|
|
from os.path import join
|
|
|
|
repo.libs.tools.require_bundle(node, 'redis', 'rspamd does not work without a redis cache')
|
|
|
|
directories = {
|
|
'/etc/rspamd/local.d': {
|
|
'purge': True,
|
|
'needs': {
|
|
'pkg_apt:rspamd',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:rspamd:restart',
|
|
},
|
|
},
|
|
'/etc/rspamd/override.d': {
|
|
'purge': True,
|
|
'needs': {
|
|
'pkg_apt:rspamd',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:rspamd:restart',
|
|
},
|
|
},
|
|
'/var/lib/rspamd/dkim': {
|
|
'owner': '_rspamd',
|
|
'group': '_rspamd',
|
|
'mode': '0750',
|
|
'needs': {
|
|
'pkg_apt:rspamd',
|
|
},
|
|
},
|
|
}
|
|
|
|
svc_systemd = {
|
|
'rspamd': {
|
|
'needs': {
|
|
'pkg_apt:rspamd',
|
|
},
|
|
},
|
|
'clamav-daemon': {
|
|
'needs': {
|
|
'pkg_apt:clamav',
|
|
'pkg_apt:clamav-daemon',
|
|
},
|
|
},
|
|
'clamav-freshclam': {
|
|
'needs': {
|
|
'pkg_apt:clamav-freshclam',
|
|
},
|
|
},
|
|
'rspamd-dmarc-report.timer': {
|
|
'needs': {
|
|
'file:/etc/systemd/system/rspamd-dmarc-report.service',
|
|
'file:/etc/systemd/system/rspamd-dmarc-report.timer',
|
|
},
|
|
},
|
|
}
|
|
|
|
files = {
|
|
'/etc/rspamd/local.d/ip_whitelist.map': {
|
|
'content_type': 'mako',
|
|
},
|
|
'/usr/local/bin/telegraf-rspamd-plugin': {
|
|
'mode': '0755',
|
|
},
|
|
'/etc/systemd/system/rspamd-dmarc-report.timer': {
|
|
'content_type': 'mako',
|
|
'context': {
|
|
'hour': node.magic_number%24,
|
|
'minute': node.magic_number%60,
|
|
},
|
|
'triggers': {
|
|
'action:systemd-reload',
|
|
'svc_systemd:rspamd-dmarc-report.timer:restart',
|
|
},
|
|
},
|
|
'/etc/systemd/system/rspamd-dmarc-report.service': {
|
|
'triggers': {
|
|
'action:systemd-reload',
|
|
},
|
|
},
|
|
}
|
|
|
|
|
|
if 'dkim' in node.metadata.get('rspamd', {}):
|
|
for i in {'arc', 'dkim_signing'}:
|
|
files[f'/etc/rspamd/local.d/{i}.conf'] = {
|
|
'source': 'dkim.conf',
|
|
'content_type': 'mako',
|
|
'needs': {
|
|
'action:rspamd_generate_dkim_key',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:rspamd:restart',
|
|
},
|
|
}
|
|
|
|
dkim_key = repo.libs.faults.ensure_fault_or_none(node.metadata['rspamd']['dkim'])
|
|
|
|
actions = {
|
|
'rspamd_assure_dkim_key_permissions': {
|
|
'command': 'chown _rspamd:_rspamd /var/lib/rspamd/dkim/*.key',
|
|
'unless': 'test -z "$(find /var/lib/rspamd/ -iname \"*.key\" \! -user _rspamd)"',
|
|
'needs': {
|
|
'action:rspamd_generate_dkim_key',
|
|
'directory:/var/lib/rspamd/dkim',
|
|
},
|
|
},
|
|
'rspamd_generate_dkim_key': {
|
|
'command': dkim_key.format_into('cd /var/lib/rspamd/dkim && /usr/bin/rspamadm dkim_keygen -s "{0}" -b 2048 -k "{0}.key" > "{0}.txt"'),
|
|
'unless': dkim_key.format_into('test -f "/var/lib/rspamd/dkim/{0}.key"'),
|
|
'needs': {
|
|
'directory:/var/lib/rspamd/dkim',
|
|
'pkg_apt:rspamd',
|
|
},
|
|
},
|
|
}
|
|
|
|
if 'password' in node.metadata.get('rspamd', {}):
|
|
files['/etc/rspamd/local.d/worker-controller.inc'] = {
|
|
'content_type': 'mako',
|
|
'triggers': {
|
|
'svc_systemd:rspamd:restart',
|
|
},
|
|
}
|
|
|
|
local_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'local.d')
|
|
for f in listdir(local_config_path):
|
|
files[f'/etc/rspamd/local.d/{f}'] = {
|
|
'source': f'local.d/{f}',
|
|
'content_type': 'mako',
|
|
'triggers': {
|
|
'svc_systemd:rspamd:restart',
|
|
},
|
|
}
|
|
|
|
override_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'override.d')
|
|
for f in listdir(override_config_path):
|
|
files[f'/etc/rspamd/override.d/{f}'] = {
|
|
'source': f'override.d/{f}',
|
|
'triggers': {
|
|
'svc_systemd:rspamd:restart',
|
|
},
|
|
}
|