Initial Commit

templates/etc/rspamd/local.d/allowlist_from.map.j2

@@ -0,0 +1,6 @@
+#
+# {{ ansible_managed }}
+#
+{% for item in rspamd_acl_allowlist_from %}
+{{ item.from }}
+{% endfor %}

templates/etc/rspamd/local.d/allowlist_ips.map.j2

@@ -0,0 +1,6 @@
+#
+# {{ ansible_managed }}
+#
+{% for item in rspamd_acl_allowlist_ips %}
+{{ item.ip }}
+{% endfor %}

templates/etc/rspamd/local.d/blocklist_from.map.j2

@@ -0,0 +1,6 @@
+#
+# {{ ansible_managed }}
+#
+{% for item in rspamd_acl_blocklist_from %}
+{{ item.from }}
+{% endfor %}

templates/etc/rspamd/local.d/blocklist_ips.map.j2

@@ -0,0 +1,6 @@
+#
+# {{ ansible_managed }}
+#
+{% for item in rspamd_acl_blocklist_ips %}
+{{ item.ip }}
+{% endfor %}

templates/etc/rspamd/local.d/classifier-bayes.conf.j2

@@ -0,0 +1,5 @@
+#
+# {{ ansible_managed }}
+#
+
+backend = "redis";

templates/etc/rspamd/local.d/dkim_signing.conf.j2

@@ -0,0 +1,23 @@
+#
+# {{ ansible_managed }}
+#
+
+#
+# Documentation: https://rspamd.com/doc/modules/dkim_signing.html#configuration
+#
+
+# Default DKIM Keys
+# selector = "";
+# path = "";
+
+allow_username_mismatch = {{ rspamd_dkim_allow_username_mismatch | lower }};
+
+# Domain specific settings
+domain {
+{% for dkim_domain in rspamd_dkim_domains %}
+  {{ dkim_domain.name }} {
+    path = "{{ rspamd_dkim_dir }}/{{ dkim_domain.name }}.{{ dkim_domain.selector }}.key";
+    selector = "{{ dkim_domain.selector }}";
+  }
+{% endfor %}
+}

templates/etc/rspamd/local.d/logging.inc.j2

@@ -0,0 +1,9 @@
+#
+# {{ ansible_managed }}
+#
+
+{% if rspamd_logging_type == "file" and rspamd_logging_filename | length > 0 %}
+filename = "{{ rspamd_logging_filename }}";
+{% endif %}
+level = "{{ rspamd_logging_level }}";
+type = "{{ rspamd_logging_type}}";

templates/etc/rspamd/local.d/milter_headers.conf.j2

@@ -0,0 +1,13 @@
+#
+# {{ ansible_managed }}
+#
+
+authenticated_headers = [
+  "authentication-results",
+];
+
+use = [
+  "x-spamd-bar",
+  "x-spam-level",
+  "authentication-results",
+];

templates/etc/rspamd/local.d/multimap.conf.j2

@@ -0,0 +1,39 @@
+#
+# {{ ansible_managed }}
+#
+{% if rspamd_acl_blocklist_from | length > 0 %}
+BLACKLIST_FROM {
+  type = "from";
+  map = "$CONFDIR/local.d/blocklist_from.map";
+  description = "Local from blocklist";
+  action = "reject";
+}
+
+{% endif %}
+{% if rspamd_acl_blocklist_ips | length > 0 %}
+BLACKLIST_IP {
+  type = "ip";
+  map = "$CONFDIR/local.d/blocklist_ips.map";
+  description = "Local ip blocklist";
+  action = "reject";
+}
+
+{% endif %}
+{% if rspamd_acl_allowlist_from | length > 0 %}
+WHITELIST_FROM {
+  type = "from";
+  map = "$CONFDIR/local.d/allowlist_from.map";
+  description = "Local from allowlist";
+  action = "accept";
+}
+
+{% endif %}
+{% if rspamd_acl_allowlist_ips | length > 0 %}
+WHITELIST_IP {
+  type = "ip";
+  map = "$CONFDIR/local.d/allowlist_ips.map";
+  description = "Local ip allowlist";
+  action = "accept";
+}
+
+{% endif %}

templates/etc/rspamd/local.d/options.inc.j2

@@ -0,0 +1,10 @@
+#
+# {{ ansible_managed }}
+#
+
+{% if rspamd_dns_server is defined and rspamd_dns_servers | length > 0 %}
+dns {
+  nameserver = "{{ rspamd_dns_server }}";
+}
+{% endif %}
+enable_test_patterns = true;

templates/etc/rspamd/local.d/redis.conf.j2

@@ -0,0 +1,27 @@
+#jinja2: lstrip_blocks: True, trim_blocks: True
+#
+# {{ ansible_managed }}
+#
+
+db = {{ rspamd_redis_database }};
+{% if rspamd_redis_disabled_modules | length > 0 %}
+disabled_modules = [
+{% for item in rspamd_redis_disabled_modules %}
+  "{{ item }}",
+{% endfor %}
+];
+{% endif %}
+{% if rspamd_redis_password | length > 0 %}
+password = "{{ rspamd_redis_password }}";
+{% endif %}
+{% if rspamd_redis_username| length > 0 %}
+username = "{{ rspamd_redis_username }}";
+{% endif %}
+servers = "{{ rspamd_redis_servers | join(',') }}";
+{% if rspamd_redis_read_servers | length > 0 %}
+read_servers = "{{ rspamd_redis_read_servers | join(',') }}";
+{% endif %}
+{% if rspamd_redis_write_servers | length > 0 %}
+write_servers = "{{ rspamd_redis_write_servers | join(',') }}";
+{% endif %}
+timeout = {{ rspamd_redis_timeout }};

templates/etc/rspamd/local.d/worker-controller.inc.j2

@@ -0,0 +1,22 @@
+#
+# {{ ansible_managed }}
+#
+
+{% if rspamd_worker_controller_bind_socket | length > 0 %}
+bind_socket = "{{ rspamd_worker_controller_bind_socket }}";
+{% endif %}
+{% if rspamd_worker_controller_write_password_salted.stdout is defined and rspamd_worker_controller_write_password_salted.stdout | length > 0 %}
+enable_password = "{{ rspamd_worker_controller_write_password_salted.stdout }}";
+{% endif %}
+{% if rspamd_worker_controller_read_password_salted.stdout is defined and rspamd_worker_controller_read_password_salted.stdout | length > 0 %}
+password = "{{ rspamd_worker_controller_read_password_salted.stdout }}";
+{% endif %}
+{% if rspamd_worker_controller_secure_ips | length > 0 %}
+secure_ip = "{{ rspamd_worker_controller_secure_ips | join(',') }}";
+{% endif %}
+{% if rspamd_worker_controller_ssl_cert | length > 0 %}
+ssl_cert = "{{ rspamd_worker_controller_ssl_cert }}";
+{% endif %}
+{% if rspamd_worker_controller_ssl_key | length > 0 %}
+ssl_key = "{{ rspamd_worker_controller_ssl_key }}";
+{% endif %}

templates/etc/rspamd/override.d/classifier-bayes.conf.j2

@@ -0,0 +1,5 @@
+#
+# {{ ansible_managed }}
+#
+
+autolearn = true;