with redis persistency

.woodpecker.yml

@@ -2,13 +2,13 @@ pipeline:
   publish:
     image: plugins/docker
     registry: registry.nulo.in
-    repo: registry.nulo.in/sutty/CHANGEME
+    repo: registry.nulo.in/sutty/rspamd
     tags:
     - ${ALPINE_VERSION}
     - latest
     build_args:
     - ALPINE_VERSION=${ALPINE_VERSION}
-    - BASE_IMAGE=registry.nulo.in/sutty/monit
+    - BASE_IMAGE=registry.nulo.in/sutty/redis
     username: sutty
     secrets:
     - docker_password

Dockerfile

@@ -1,31 +1,22 @@
 ARG ALPINE_VERSION=3.13.6
 ARG BASE_IMAGE=sutty/monit
-FROM ${BASE_IMAGE}:${ALPINE_VERSION}
+FROM ${BASE_IMAGE}:${ALPINE_VERSION}-100mb
 MAINTAINER "f <f@sutty.nl>"
 
-RUN apk add --no-cache redis
-
-COPY ./monit.conf /etc/monit.d/redis.conf
-
-RUN sed -re "/^bind /d" -i /etc/redis.conf
-RUN sed -re "/^protected-mode /d" -i /etc/redis.conf
-RUN sed -re "/^logfile /d" -i /etc/redis.conf
-RUN sed -re "s/^# (syslog-enabled).*/\1 yes/" -i /etc/redis.conf
-RUN sed -re "s/^(appendonly).*/\1 yes/" -i /etc/redis.conf
-RUN echo "pidfile /run/redis/redis.pid" >> /etc/redis.conf
-RUN echo "daemonize yes" >> /etc/redis.conf
-RUN echo "protected-mode no" >> /etc/redis.conf
-RUN echo "maxmemory 50mb" >> /etc/redis.conf
-RUN echo "maxmemory-policy volatile-ttl" >> /etc/redis.conf
-RUN echo "bind 127.0.0.1 ::1" >> /etc/redis.conf
-RUN sed -re "s/^(dir).*/\1 \/var\/lib\/rspamd-redis/" -i /etc/redis.conf
+RUN sed -re "/^save \"\"/d" \
+         -e "s/^(appendonly) .*/\1 yes/" \
+         -e "s/^(maxmemory-policy) .*/\1 volatile-ttl/" \
+         -e "s/^(bind) .*/\1 127.0.0.1 ::1/" \
+         -e "s|^(dir) .*|\1 /var/lib/redis|" \
+         -i /etc/redis.conf
 
 RUN apk add --no-cache rspamd rspamd-client rspamd-proxy rspamd-controller
 RUN install -dm 755 /etc/rspamd/local.d
 RUN install -dm 750 -o rspamd -g rspamd /var/lib/rspamd
-RUN install -dm 750 -o redis -g redis /var/lib/rspamd-redis
+RUN install -dm 750 -o redis -g redis /var/lib/redis
 
-# TODO: Deprecate OpenDKIM
+# TODO: Deprecate OpenDKIM, but it allow us to keep signing even if
+# Rspamd is down.
 RUN echo "enabled = false;" >> /etc/rspamd/local.d/dkim_signing.conf
 
 # Redis
@@ -53,11 +44,11 @@ RUN echo "facility = \"daemon\";" >> /etc/rspamd/local.d/logging.inc
 RUN echo "servers = \"localhost\";" >> /etc/rspamd/local.d/classifier-bayes.conf
 RUN echo "autolearn = [-5,5];" >> /etc/rspamd/local.d/classifier-bayes.conf
 
-COPY ./local_addrs.sh /usr/local/bin/local_addrs
-COPY ./rspamd.conf /etc/monit.d/rspamd.conf
+COPY ./local_addrs /etc/rspamd/local.d/maps.d/local_addrs
+COPY ./monit.conf /etc/monit.d/rspamd.conf
 
 EXPOSE 11332
 EXPOSE 11333
 EXPOSE 11334
-VOLUME "/var/lib/rspamd-redis"
+VOLUME "/var/lib/redis"
 VOLUME "/var/lib/rspamd"

local_addrs

@@ -0,0 +1,2 @@
+172.19.0.0/24
+fd00:acab::/32

local_addrs.sh

@@ -1,8 +0,0 @@
-#!/bin/sh
-
-local_addrs="/etc/rspamd/local.d/maps.d/local_addrs"
-
-test -f "${local_addrs}" && exit
-
-ip -4 route | cut -d " " -f 1 | grep -v default >> "${local_addrs}"
-ip -6 route | cut -d " " -f 1 | grep -v default >> "${local_addrs}"

monit.conf

@@ -1,4 +1,3 @@
-check process redis with pidfile /run/redis/redis.pid
-  start program = "/usr/bin/redis-server /etc/redis.conf" as uid "redis" and gid "redis"
-  stop program = "/usr/bin/redis-cli shutdown"
-  if failed port 6379 protocol redis 3 times within 5 cycles then restart
+check process rspamd with matching "rspamd: main"
+  start program = "/usr/sbin/rspamd" as uid "rspamd" and gid "rspamd"
+  stop program = "/usr/bin/killall rspamd"

rspamd.conf

@@ -1,8 +0,0 @@
-check process rspamd with matching "rspamd: main"
-  start program = "/usr/sbin/rspamd" as uid "rspamd" and gid "rspamd"
-  stop program = "/usr/bin/killall rspamd"
-
-check program local_addrs
-  with path "/usr/local/bin/local_addrs"
-  every 1 cycle
-  if status = 0 then unmonitor