From 7b7b016120d1fb3e2fe6dd2e2231da4b14d7b515 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 15 Jul 2024 21:11:01 +0200
Subject: add some module configs for rspamd

---
 inventory/host_vars/ch-testvm-prometheus.yml | 11 +++++++++++
 roles/mail/rspamd/defaults/main.yml          | 10 ++++++++++
 roles/mail/rspamd/tasks/main.yml             | 22 ++++++++++++++++++++++
 3 files changed, 43 insertions(+)

diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml
index 80f3b4d0..7355322d 100644
--- a/inventory/host_vars/ch-testvm-prometheus.yml
+++ b/inventory/host_vars/ch-testvm-prometheus.yml
@@ -59,6 +59,17 @@ rspamd_web:
   password: secret
   enable_password: very-secret
 
+rspamd_modules_local_config:
+  antivirus: |
+   enabled = false;
+  fuzzy_check: |
+   enabled = false;
+  greylist: |
+   enabled = false;
+  rbl: |
+   enabled = false;
+
+
 
 postfix_base_mynetworks:
   - "127.0.0.0/8"
diff --git a/roles/mail/rspamd/defaults/main.yml b/roles/mail/rspamd/defaults/main.yml
index fd235a82..5a3a5884 100644
--- a/roles/mail/rspamd/defaults/main.yml
+++ b/roles/mail/rspamd/defaults/main.yml
@@ -9,3 +9,13 @@ rspamd_proxy_socket_for_postfix: yes
 #   enable_password: "very-secret"
 #   tls:
 #     certificate_provider: ...
+
+rspamd_modules_local_config: {}
+# rspamd_modules_local_config:
+#   antivirus: |
+#    enabled = false;
+
+rspamd_modules_override_config: {}
+# rspamd_modules_override_config:
+#   antivirus: |
+#     enabled = false;
diff --git a/roles/mail/rspamd/tasks/main.yml b/roles/mail/rspamd/tasks/main.yml
index 7546c8a5..503c3669 100644
--- a/roles/mail/rspamd/tasks/main.yml
+++ b/roles/mail/rspamd/tasks/main.yml
@@ -68,3 +68,25 @@
             proxy_pass: http://127.0.0.1:11334
     include_role:
       name: nginx/vhost
+
+- name: generate local config files
+  loop: "{{ rspamd_modules_local_config | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  copy:
+    content: |
+      # ansible generated
+      {{ item.value }}
+    dest: /etc/rspamd/local.d/{{ item.key }}.conf
+  notify: reload rspamd
+
+- name: generate override config files
+  loop: "{{ rspamd_modules_override_config | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  copy:
+    content: |
+      # ansible generated
+      {{ item.value }}
+    dest: /etc/rspamd/override.d/{{ item.key }}.conf
+  notify: reload rspamd
-- 
cgit v1.2.3