From e574070869b25a5da45b30914e80df2db3d9074b Mon Sep 17 00:00:00 2001
From: genofire <geno+dev@fireorbit.de>
Date: Thu, 23 Jul 2020 21:07:09 +0200
Subject: [PATCH] rspamd: webui support

---
 defaults/main.yml                      |  2 ++
 handlers/main.yml                      |  5 +++++
 tasks/rspamd.yml                       | 17 ++++++++++++++++-
 templates/rspamd-local.nginx           |  9 +++++++++
 templates/rspamd/worker-controller.inc |  1 +
 5 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 templates/rspamd-local.nginx
 create mode 100644 templates/rspamd/worker-controller.inc

diff --git a/defaults/main.yml b/defaults/main.yml
index 8c331f2..3c472f0 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -20,4 +20,6 @@ mailserver_postfixadmin_default_aliases:
   webmaster: "webmaster@{{ mailserver_mail_domain }}"
 
 mailserver_rspamd_enabled: true
+mailserver_rspamd_domain: ""
+#mailserver_rspamd_webui_password: "" # run `rspamadm pw` for it
 mailserver_rspamd_dkim_selector: "2020"
diff --git a/handlers/main.yml b/handlers/main.yml
index 0ddad3c..ea724d3 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -8,3 +8,8 @@
   systemd:
     name: dovecot
     state: restarted
+
+- name: restart rspamd
+  systemd:
+    name: rspamd
+    state: restarted
diff --git a/tasks/rspamd.yml b/tasks/rspamd.yml
index 1223905..4df2809 100644
--- a/tasks/rspamd.yml
+++ b/tasks/rspamd.yml
@@ -13,11 +13,13 @@
     state: started
 
 - name: rspamd - create config folder
+  notify: restart rspamd
   file:
     path: /etc/rspamd/local.d
     state: directory
 
 - name: rspamd - config
+  notify: restart rspamd
   template:
     src: "rspamd/{{ item }}"
     dest: "/etc/rspamd/local.d/{{ item }}" 
@@ -27,7 +29,13 @@
   - dkim_signing.conf
   - milter_headers.conf
   - redis.conf
-  #- worker-controller.inc
+
+- name: rspamd - set webui password
+  notify: restart rspamd
+  when: mailserver_rspamd_webui_password is defined
+  template:
+    src: rspamd/worker-controller.inc
+    dest: /etc/rspamd/local.d/worker-controller.inc
 
 - name: rspamd - install sieve
   copy:
@@ -37,6 +45,13 @@
   - learn-ham.sieve
   - learn-spam.sieve
 
+- name: rspamd - nginx local
+  notify: reload nginx
+  when: mailserver_rspamd_domain == ""
+  template:
+    src: rspamd-local.nginx
+    dest: /etc/nginx/local.d/rspamd.act
+
 - name: rspamd - start and enable on boot
   systemd:
     name: rspamd
diff --git a/templates/rspamd-local.nginx b/templates/rspamd-local.nginx
new file mode 100644
index 0000000..5036245
--- /dev/null
+++ b/templates/rspamd-local.nginx
@@ -0,0 +1,9 @@
+location /rspamd {
+	proxy_pass http://127.0.0.1:11334/;
+	proxy_set_header    Host            $host;
+	proxy_set_header    X-Real-IP       $remote_addr;
+	proxy_set_header    X-Forwarded-for $proxy_add_x_forwarded_for;
+	# websocket
+	proxy_set_header    Upgrade         $http_upgrade;
+	proxy_set_header    Connection      "upgrade";
+}
diff --git a/templates/rspamd/worker-controller.inc b/templates/rspamd/worker-controller.inc
new file mode 100644
index 0000000..1154de3
--- /dev/null
+++ b/templates/rspamd/worker-controller.inc
@@ -0,0 +1 @@
+password = "{{ mailserver_rspamd_webui_password }}";