rspamd service: fix runtime directory, log to syslog

Fixes #17144.

1 files changed, 6 insertions, 8 deletions

diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix
index 412b99ccc57..01f2f9e5d09 100644
--- a/nixos/modules/services/mail/rspamd.nix
+++ b/nixos/modules/services/mail/rspamd.nix
@@ -8,7 +8,7 @@ let
 
   mkBindSockets = socks: concatStringsSep "\n" (map (each: "  bind_socket = \"${each}\"") socks);
 
-  rspamdConf =
+   rspamdConfFile = pkgs.writeText "rspamd.conf"
     ''
       .include "$CONFDIR/common.conf"
 
@@ -18,8 +18,7 @@ let
       }
 
       logging {
-        type = "file";
-        filename = "$LOGDIR/rspamd.log";
+        type = "syslog";
         .include "$CONFDIR/logging.inc"
       }
 
@@ -33,7 +32,6 @@ let
         .include "$CONFDIR/worker-controller.inc"
       }
    '';
-   rspamdConfFile = pkgs.writeText "rspamd.conf" rspamdConf;
 
 in
 
@@ -58,7 +56,7 @@ in
       bindSocket = mkOption {
         type = types.listOf types.str;
         default = [
-          "/run/rspamd.sock mode=0666 owner=${cfg.user}"
+          "/run/rspamd/rspamd.sock mode=0666 owner=${cfg.user}"
         ];
         description = ''
           List of sockets to listen, in format acceptable by rspamd
@@ -128,13 +126,13 @@ in
 
       serviceConfig = {
         ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
-        RuntimeDirectory = "/var/lib/rspamd";
-        PermissionsStartOnly = true;
         Restart = "always";
+        RuntimeDirectory = "rspamd";
+        PrivateTmp = true;
       };
 
       preStart = ''
-        ${pkgs.coreutils}/bin/mkdir -p /var/{lib,log}/rspamd
+        ${pkgs.coreutils}/bin/mkdir -p /var/lib/rspamd
         ${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} /var/lib/rspamd
       '';