From 9a0d7dff036f582f4f7bf96c44c57968c8577a19 Mon Sep 17 00:00:00 2001
From: Robin Raymond <robin@robinraymond.de>
Date: Mon, 13 Nov 2017 21:35:42 +0100
Subject: [PATCH] unbound DNS resolver

---
 default.nix             |  8 ++++++++
 mail-server/rmilter.nix |  2 +-
 mail-server/rspamd.nix  | 36 ++++++++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 mail-server/rspamd.nix

diff --git a/default.nix b/default.nix
index 9b7f6fe..b3cd52d 100644
--- a/default.nix
+++ b/default.nix
@@ -241,6 +241,14 @@ in
 
       '';
     };
+
+    useDNSResolver = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Installs a local DNS resolver for faster and secure access.
+      '';
+    };
   };
 
   imports = [
diff --git a/mail-server/rmilter.nix b/mail-server/rmilter.nix
index 91a49fa..1322c59 100644
--- a/mail-server/rmilter.nix
+++ b/mail-server/rmilter.nix
@@ -56,7 +56,7 @@ in
       postfix.enable = true;
       rspamd = {
         enable = true;
-        extraConfig = "extended_spam_headers = yes;";
+        extraConfig = "password = \"trolol\";";
       };
       extraConfig =
       ''
diff --git a/mail-server/rspamd.nix b/mail-server/rspamd.nix
new file mode 100644
index 0000000..70b9129
--- /dev/null
+++ b/mail-server/rspamd.nix
@@ -0,0 +1,36 @@
+#  nixos-mailserver: a simple mail server
+#  Copyright (C) 2016-2017  Robin Raymond
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program. If not, see <http://www.gnu.org/licenses/>
+
+{ config, pkgs, lib, ... }:
+
+
+let
+  cfg = config.mailserver;
+in
+{
+  config = with cfg; lib.mkIf enable {
+    services.rspamd = {
+        enable = true;
+    };
+
+   services.unbound = {
+     enable = useDNSResolver;
+     # use dns.watch, an awesome non-logging DNS provider
+     forwardAddresses = [ "84.200.69.80" "84.200.70.40" ];
+   };
+  };
+}
+