# WIP defaults = { 'apt': { 'repos': { 'rspamd': { 'items': { 'deb [arch=amd64] http://rspamd.com/apt-stable/ {os_release} main', }, }, }, 'packages': { 'clamav': {}, 'clamav-daemon': {}, 'clamav-freshclam': {}, 'clamav-unofficial-sigs': {}, 'rspamd': {}, }, }, 'icinga2_api': { 'rspamd': { 'services': { 'RSPAMD PROCESS': { 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C rspamd -c 1:', }, 'RSPAMD PROXY PORT': { 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_tcp -H localhost -p 11332', }, 'RSPAMD WORKER PORT': { 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_tcp -H localhost -p 11333', }, 'RSPAMD WEB INTERFACE': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_http_url_for_string http://localhost:11334/ "Login to Rspamd"', }, }, }, }, 'backups': { 'paths': { '/var/lib/rspamd', }, }, 'cron': { 'clamav-unofficial-sigs': f'{node.magic_number%60} */4 * * * clamav /usr/sbin/clamav-unofficial-sigs >/dev/null 2>&1', }, 'postfix': { 'aliases': { 'clamav': { 'root', }, }, }, 'rspamd': { 'dkim': repo.vault.password_for(node.name + ' rspamd dkim key'), }, } # Nodes managed by us should always be able to send mail to all other # servers. @metadata_reactor def populate_permitted_ips_list_with_ips_from_repo(metadata): ips = set() for rnode in repo.nodes: for identifier, found_ips in repo.libs.tools.resolve_identifier(repo, rnode.name).items(): for ip in found_ips: if not ip.is_private: ips.add(str(ip)) return { 'rspamd': { 'ignore_spam_check_for_ips': ips, }, }