126 lines
3.6 KiB
Python
126 lines
3.6 KiB
Python
# WIP
|
|
defaults = {
|
|
'apt': {
|
|
'repos': {
|
|
'rspamd': {
|
|
'items': {
|
|
'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main',
|
|
},
|
|
},
|
|
},
|
|
'packages': {
|
|
'clamav': {},
|
|
'clamav-daemon': {},
|
|
'clamav-freshclam': {},
|
|
'clamav-unofficial-sigs': {
|
|
'needs': {
|
|
'pkg_apt:clamav',
|
|
'pkg_apt:clamav-daemon',
|
|
},
|
|
},
|
|
'rspamd': {},
|
|
},
|
|
},
|
|
'icinga2_api': {
|
|
'rspamd': {
|
|
'services': {
|
|
'RSPAMD PROCESS': {
|
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C rspamd -c 1:',
|
|
},
|
|
'RSPAMD PROXY PORT': {
|
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_tcp -H localhost -p 11332',
|
|
},
|
|
'RSPAMD WORKER PORT': {
|
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_tcp -H localhost -p 11333',
|
|
},
|
|
'RSPAMD WEB INTERFACE': {
|
|
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_http_url_for_string http://localhost:11334/ "Login to Rspamd"',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'backups': {
|
|
'paths': {
|
|
'/var/lib/rspamd',
|
|
},
|
|
},
|
|
'cron': {
|
|
'jobs': {
|
|
'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1',
|
|
},
|
|
},
|
|
'postfix': {
|
|
'aliases': {
|
|
'clamav': {
|
|
'root',
|
|
},
|
|
'dmarc': {
|
|
'root',
|
|
},
|
|
},
|
|
},
|
|
'rspamd': {
|
|
'dkim': repo.vault.password_for(f'{node.name} rspamd dkim key'),
|
|
},
|
|
'telegraf': {
|
|
'input_plugins': {
|
|
'exec': {
|
|
'rspamd': {
|
|
'commands': [
|
|
'/usr/local/bin/telegraf-rspamd-plugin',
|
|
],
|
|
'data_format': 'influx',
|
|
'timeout': '5s',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'zfs': {
|
|
'datasets': {
|
|
'tank/rspamd': {},
|
|
'tank/rspamd/rspamd': {
|
|
'mountpoint': '/var/lib/rspamd',
|
|
'needed_by': {
|
|
'directory:/var/lib/rspamd/dkim',
|
|
'pkg_apt:rspamd',
|
|
},
|
|
},
|
|
'tank/rspamd/clamav': {
|
|
'mountpoint': '/var/lib/clamav',
|
|
'needed_by': {
|
|
'pkg_apt:clamav',
|
|
'pkg_apt:clamav-daemon',
|
|
'pkg_apt:clamav-freshclam',
|
|
},
|
|
},
|
|
'tank/rspamd/clamav-unofficial-sigs': {
|
|
'mountpoint': '/var/lib/clamav-unofficial-sigs',
|
|
'needed_by': {
|
|
'pkg_apt:clamav-unofficial-sigs',
|
|
'pkg_apt:clamav-freshclam',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
|
|
# Nodes managed by us should always be able to send mail to all other
|
|
# servers.
|
|
@metadata_reactor.provides(
|
|
'rspamd/ignore_spam_check_for_ips',
|
|
)
|
|
def populate_permitted_ips_list_with_ips_from_repo(metadata):
|
|
ips = set()
|
|
|
|
for rnode in repo.nodes:
|
|
for _, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items():
|
|
for ip in found_ips:
|
|
if not ip.is_private:
|
|
ips.add(str(ip))
|
|
|
|
return {
|
|
'rspamd': {
|
|
'ignore_spam_check_for_ips': ips,
|
|
},
|
|
}
|