Merge branch 'master' into antifascista

Dockerfile

@@ -2,3 +2,62 @@ ARG ALPINE_VERSION=3.13.6
 ARG BASE_IMAGE=sutty/monit
 FROM ${BASE_IMAGE}:${ALPINE_VERSION}
 MAINTAINER "f <f@sutty.nl>"
+
+RUN apk add --no-cache redis
+
+COPY ./monit.conf /etc/monit.d/redis.conf
+
+RUN sed -re "/^bind /d" -i /etc/redis.conf
+RUN sed -re "/^protected-mode /d" -i /etc/redis.conf
+RUN sed -re "/^logfile /d" -i /etc/redis.conf
+RUN sed -re "s/^# (syslog-enabled).*/\1 yes/" -i /etc/redis.conf
+RUN sed -re "s/^(appendonly).*/\1 yes/" -i /etc/redis.conf
+RUN echo "pidfile /run/redis/redis.pid" >> /etc/redis.conf
+RUN echo "daemonize yes" >> /etc/redis.conf
+RUN echo "protected-mode no" >> /etc/redis.conf
+RUN echo "maxmemory 50mb" >> /etc/redis.conf
+RUN echo "maxmemory-policy volatile-ttl" >> /etc/redis.conf
+RUN echo "bind 127.0.0.1 ::1" >> /etc/redis.conf
+RUN sed -re "s/^(dir).*/\1 \/var\/lib\/rspamd-redis/" -i /etc/redis.conf
+
+RUN apk add --no-cache rspamd rspamd-client rspamd-proxy rspamd-controller
+RUN install -dm 755 /etc/rspamd/local.d
+RUN install -dm 750 -o rspamd -g rspamd /var/lib/rspamd
+RUN install -dm 750 -o redis -g redis /var/lib/rspamd-redis
+
+# TODO: Deprecate OpenDKIM
+RUN echo "enabled = false;" >> /etc/rspamd/local.d/dkim_signing.conf
+
+# Redis
+RUN echo "write_servers = \"localhost\";" >> /etc/rspamd/local.d/redis.conf
+RUN echo "read_servers = \"localhost\";" >> /etc/rspamd/local.d/redis.conf
+
+# Workers
+RUN echo "bind_socket = \"*:11332\";" >> /etc/rspamd/local.d/worker-proxy.inc
+RUN echo "bind_socket = \"*:11333\";" >> /etc/rspamd/local.d/worker-normal.inc
+RUN echo "bind_socket = \"*:11334\";" >> /etc/rspamd/local.d/worker-controller.inc
+# We don't really care about the password...
+RUN echo "password = \"`rspamadm pw -p '12345678'`\";" >> /etc/rspamd/local.d/worker-controller.inc
+
+# Options
+# Rspamd doesn't seem to write a pid file and upstream not really
+# helpful about it: https://github.com/rspamd/rspamd/issues/3096
+# RUN echo "pid_file = \"/tmp/rspamd.pid\";" >> /etc/rspamd/local.d/options.inc
+RUN echo "local_addrs = \"/etc/rspamd/local.d/maps.d/local_addrs\";" >> /etc/rspamd/local.d/options.inc
+
+# Logging
+RUN echo "type = \"syslog\";" >> /etc/rspamd/local.d/logging.inc
+RUN echo "facility = \"daemon\";" >> /etc/rspamd/local.d/logging.inc
+
+# Learn spam
+RUN echo "servers = \"localhost\";" >> /etc/rspamd/local.d/classifier-bayes.conf
+RUN echo "autolearn = [-5,5];" >> /etc/rspamd/local.d/classifier-bayes.conf
+
+COPY ./local_addrs.sh /usr/local/bin/local_addrs
+COPY ./rspamd.conf /etc/monit.d/rspamd.conf
+
+EXPOSE 11332
+EXPOSE 11333
+EXPOSE 11334
+VOLUME "/var/lib/rspamd-redis"
+VOLUME "/var/lib/rspamd"

local.conf

@@ -0,0 +1 @@
+bind_socket = "*:11333";

local_addrs.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+local_addrs="/etc/rspamd/local.d/maps.d/local_addrs"
+
+test -f "${local_addrs}" && exit
+
+ip -4 route | cut -d " " -f 1 | grep -v default >> "${local_addrs}"
+ip -6 route | cut -d " " -f 1 | grep -v default >> "${local_addrs}"

monit.conf

@@ -0,0 +1,4 @@
+check process redis with pidfile /run/redis/redis.pid
+  start program = "/usr/bin/redis-server /etc/redis.conf" as uid "redis" and gid "redis"
+  stop program = "/usr/bin/redis-cli shutdown"
+  if failed port 6379 protocol redis 3 times within 5 cycles then restart

rspamd.conf

@@ -0,0 +1,8 @@
+check process rspamd with matching "rspamd: main"
+  start program = "/usr/sbin/rspamd" as uid "rspamd" and gid "rspamd"
+  stop program = "/usr/bin/killall rspamd"
+
+check program local_addrs
+  with path "/usr/local/bin/local_addrs"
+  every 1 cycle
+  if status = 0 then unmonitor