diff options
-rw-r--r-- | krebs/3modules/exim-retiolum.nix | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 854fdd70e..89a05c8fc 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,6 +1,15 @@ with import <stockholm/lib>; { config, pkgs, lib, ... }: let cfg = config.krebs.exim-retiolum; + + # Due to improvements to the JSON notation, braces around top-level objects + # are not necessary^Wsupported by rspamd's parser when including files: + # https://github.com/rspamd/rspamd/issues/2674 + toMostlyJSON = value: + assert typeOf value == "set"; + (s: substring 1 (stringLength s - 2) s) + (toJSON value); + in { options.krebs.exim-retiolum = { enable = mkEnableOption "krebs.exim-retiolum"; @@ -25,12 +34,16 @@ in { enable = mkEnableOption "krebs.exim-retiolum.rspamd" // { default = false; }; - local_networks = mkOption { - type = types.listOf types.cidr; - default = [ - config.krebs.build.host.nets.retiolum.ip4.prefix - config.krebs.build.host.nets.retiolum.ip6.prefix - ]; + locals = { + options = { + local_networks = mkOption { + type = types.listOf types.cidr; + default = [ + config.krebs.build.host.nets.retiolum.ip4.prefix + config.krebs.build.host.nets.retiolum.ip6.prefix + ]; + }; + }; }; }; }; @@ -38,9 +51,12 @@ in { { config = lib.mkIf cfg.rspamd.enable { services.rspamd.enable = true; - services.rspamd.locals."options.inc".text = '' - local_networks = ${toJSON cfg.rspamd.local_networks}; - ''; + services.rspamd.locals = + mapAttrs' + (name: value: nameValuePair "${name}.inc" { + text = toMostlyJSON value; + }) + cfg.rspamd.locals; users.users.${config.krebs.exim.user.name}.extraGroups = [ config.services.rspamd.group ]; |