-- This file must be written to /opt/kumomta/etc/policy/init.lua for use.

-- This require statement is needed in any script passed to KumoMTA.
-- Includes from this policy script will not need this declared again.
local kumo = require 'kumo'
local utils = require 'policy-extras.policy_utils'

-- Load the policy helpers to simplify common configuration use cases
local shaping = require 'policy-extras.shaping'
local queue_module = require 'policy-extras.queue'
local listener_domains = require 'policy-extras.listener_domains'
local sources = require 'policy-extras.sources'
local dkim_sign = require 'policy-extras.dkim_sign'
local log_hooks = require 'policy-extras.log_hooks'

-- START SETUP

-- Configure the sending IP addresses that will be used by KumoMTA to
-- connect to remote systems using the sources.lua policy helper.
-- Note that defining sources and pools does nothing without some form of
-- policy in effect to assign messages to the source pools you have defined.
-- WARNING: THIS WILL NOT LOAD WITHOUT THE sources.toml/json FILE IN PLACE
-- SEE https://docs.kumomta.com/userguide/configuration/sendingips/
sources:setup { '/opt/kumomta/etc/policy/sources.json' }

-- Configure DKIM signing. In this case we use the dkim_sign.lua policy helper.
-- WARNING: THIS WILL NOT LOAD WITHOUT the dkim_data.toml/json FILE IN PLACE
-- See https://docs.kumomta.com/userguide/configuration/dkim/
local dkim_signer =
dkim_sign:setup { '/opt/kumomta/etc/policy/dkim_data.json' }

-- Load Traffic Shaping Automation Helper
-- SEE https://docs.kumomta.com/userguide/configuration/trafficshaping/
local shaper = shaping:setup_with_automation {
        publish = { 'http://127.0.0.1:8008' },
        subscribe = { 'http://127.0.0.1:8008' },
        extra_files = { '/opt/kumomta/etc/policy/shaping.json' },
}

-- Configure queue management settings. These are not throttles, but instead
-- control how messages flow through the queues.
-- WARNING: ENSURE THAT WEBHOOKS AND SHAPING ARE SETUP BEFORE THE QUEUE HELPER FOR PROPER OPERATION
-- WARNING: THIS WILL NOT LOAD WITHOUT the queues.toml FILE IN PLACE
-- See https://docs.kumomta.com/userguide/configuration/queuemanagement/
local queue_helper =
queue_module:setup { '/opt/kumomta/etc/policy/queues.toml' }

-- END SETUP

--START EVENT HANDLERS

-- Called On Startup, handles initial configuration
kumo.on('init', function()
        -- Define the default "data" spool location; this is where
        -- message bodies will be stored.
        -- See https://docs.kumomta.com/userguide/configuration/spool/

        kumo.define_spool {
                name = 'data',
                path = '/var/spool/kumomta/data',
                kind = 'RocksDB',
        }

        -- Define the default "meta" spool location; this is where
        -- message envelope and metadata will be stored.
        kumo.define_spool {
                name = 'meta',
                path = '/var/spool/kumomta/meta',
                kind = 'RocksDB',
        }

        -- Configure publishing of TSA logs to automation daemon
        shaper.setup_publish()

        -- Configure logging to local disk. Separating spool and logs to separate
        -- disks helps reduce IO load and can help performance.
        -- See https://docs.kumomta.com/userguide/configuration/logging/
        kumo.configure_local_logs {
                log_dir = '/var/log/kumomta',
                max_segment_duration = '1 minute',
                headers = { '*' },
                meta = { '*' }
        }

        -- Configure bounce classification.
        -- See https://docs.kumomta.com/userguide/configuration/bounce/
        kumo.configure_bounce_classifier {
                files = {
                        '/opt/kumomta/share/bounce_classifier/iana.json',
                        -- Additinal files for custom rules can be specified here
                },
        }

        -- Configure HTTP Listeners for injection and management APIs.
        -- See https://docs.kumomta.com/userguide/configuration/httplisteners/
        kumo.start_http_listener {
                listen = '0.0.0.0:80',
                -- allowed to access any http endpoint without additional auth
                trusted_hosts = { '0.0.0.0/0', '::1' },
                use_tls = false
        }

        kumo.start_http_listener {
                use_tls = true,
                listen = '0.0.0.0:443',
                -- allowed to access any http endpoint without additional auth
                trusted_hosts = { '0.0.0.0/0', '::1' },
                -- tls_certificate = '/etc/ssl/certs/ca.cert',
                -- tls_private_key = '/etc/ssl/private/ca.key'
        }
end) -- END OF THE INIT EVENT

-- Configure listener domains for relay, oob bounces, and FBLs using the
-- listener_domains.lua policy helper.
-- WARNING: THIS WILL NOT LOAD WITHOUT THE listener_domains.toml FILE IN PLACE
kumo.on(
'get_listener_domain',
listener_domains:setup { '/opt/kumomta/etc/policy/listener_domains.json' }
)

-- Call the Traffic Shaping Automation Helper to configure shaping rules.
kumo.on('get_egress_path_config', shaper.get_egress_path_config)

-- Processing of incoming messages via HTTP
kumo.on('http_message_generated', function(msg)
        local tenant = msg:get_first_named_header_value('X-Tenant')
        if not tenant then
                kumo.reject(500, "No tenant")
        end
        -- Call the queue helper to set up the queue for the message.
        queue_helper:apply(msg)

        -- Scheduling
        --msg:import_scheduling_header 'X-Schedule'
        -- SIGNING MUST COME LAST OR YOU COULD BREAK YOUR DKIM SIGNATURES
        dkim_signer(msg)
end)

-- END OF EVENT HANDLERS