-
Notifications
You must be signed in to change notification settings - Fork 7
/
pillar.example
190 lines (172 loc) · 5.95 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
rspamd:
# These are the user and group that will be used for the dkim files
# (both default to `_rspamd`, as set in both Debian and Centos)
# user: _rspamd
# group: _rspamd
use_upstream_repo: true
# If you want to install the redis-server using this formula, set this
# to true. It will install the redis-server package for the supported distros
# with default parameters. If you want to customize redis, use the redis formula
# instead.
# Default: false
manage_redis: true
# Allows you to manage dkim keys through rspamadm. See examples below
# See https://www.rspamd.com/doc/modules/dkim_signing.html#dkim-key-management
# Default: false
manage_dkim_keys: true
# Where dkim keys will be stored
dkim_keys_dir: /var/lib/rspamd/dkim
# If true, all files under the <dkim_keys_dir> not managed by the formula
# will be removed. Use with caution
# Default: false. All existing files will be kept
# clean_dkim_keys_dir: false
## RSPAMD config
config:
# rspamd uses two type of config files to modify the configuration,
# determined by the file extension:
# 'inc' files (for configuring the application),
# 'conf' files (to enable/configure modules).
#
# These file can be used in two ways, defined by their name:
# 'local's (which *adds* to the existing config, and
# 'override's, which replaces the existing values.
#
# So
#
# some_module.local.inc -> will APPEND to the existing configuration
# of 'some_module'
# other.override.conf -> will REPLACE the existing config for 'other'
#
# 'local' files are located under /<config_dir>/local.d/*
# 'override' files are located under /<config_dir>/override.d/*
#
# With two exceptions:
#
# /<config_dir>/rspamd.conf.{local,override}
#
# See https://rspamd.com/doc/quickstart.html#configuring-rspamd for more
# details.
#
# PILLAR USAGE:
#
# The following pillar
#
# rspamd:
# local:
# file-a:
# option1: 1
# file_c:
# module: true
# option2: some_text
# override:
# file-x:
# option1: bla
# rspamd:
# some_parameter:
#
# will create the following files:
#
# /etc/rspamd/local.d/file-a.inc
# /etc/rspamd/local.d/file_c.conf
#
# /etc/rspamd/override.d/file-x.inc
#
# /etc/rspamd/rspamd.conf.override
#
# Entries set as empty hashes or with the parameter `enable: false` will
# be removed.
#
# rspamd:
# local:
# dont_want: {}
#
#
# rspamd:
# local:
# dont_want:
# enable: false
# option1: bla
#
# Both examples will remove the file
#
# /etc/rspamd/local.d/dont_want.inc
#
# Existing files not being listed in the pillars *WILL NOT* be
# managed at all, and will be left as they are.
#
local:
rspamd: {}
options: {} # The file will be removed if exists
logging:
enable: false # Same as above
redis:
module: true # File 'ext' will be set to 'conf'
write_servers: localhost
read_servers: localhost
dkim_signing:
module: true # File 'ext' will be set to 'conf'
# These parameters here are merged and/or overwritten by those
# defined in the `rspamd:dkim_keys` dict (see below)
domain:
this.should.be.merged.too:
selector: dkim
path: /var/lib/rspamd/dkim/should.be.merged.with.the.others.key
example.net:
selector: fancy_selector
path: /var/lib/rspamd/dkim/this.will.be.overrriden
nom: 1234
stri: cadena1
lis:
- a
- b
- c
override:
rspamd:
options:
# yamllint disable rule:line-length
pidfile: $RUNDIR/rspamd.pid
'.include': $CONFDIR/options.inc
'.include(try=true; priority=1,duplicate=merge)': $LOCAL_CONFDIR/local.d/options.inc
'.include(try=true; priority=10)': $LOCAL_CONFDIR/override.d/options.inc
# yamllint enable rule:line-length
options: {}
logging:
some: parameter
worker-normal: {}
worker-controller: {}
worker-proxy: {}
## DKIM keys management
# All domains and keys added in this dict and enabled (the default) will be
# ADDED to the `config:local:dkim_signing:domain` dict above. For any given domain,
# values set in this dict will OVERRIDE those set in the dict above if the same
# key exist in both places.
# Keys created here can be disabled (ie, not added to the config file) just
# setting `ehable: false` to it.
# Keys not listed here will be REMOVED from disk if `clean_dkim_keys_diri: true`
dkim_keys:
identifier1:
# If key should be used in the config generated by the rspamd.config state
# Default: true
# enable: true
domain: example.net # required. If not set, the identifier will be used
# Selector used to build the selector, ie <something>._domainkey
# Defaults to `domain` above
# selector: something
# File where the privkey will be stored
# Defaults to <dkim_keys_dir>/<domain>.key
# privkey_file:
# File where the txt output will be stored
# Defaults to <dkim_keys_dir>/<domain>.txt
# txt_file:
# bits: # key size. Defaults to 2048
# type: # Either 'rsa' or 'ed25519'. Defaults to 'rsa'
identifier2: # Will be managed and enabled in the config
domain: example.com
type: ed25519
identifier3: # Will be managed but disabled in the config
enable: false
domain: example.org
just.a.domain: {} # This will be enabled with all the defaults