[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#61740] [PATCH] services: Add rspamd-service-type.
From: |
Ludovic Courtès |
Subject: |
[bug#61740] [PATCH] services: Add rspamd-service-type. |
Date: |
Tue, 08 Aug 2023 17:34:45 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) |
Hi Thomas,
It’s been a while. :-) Did you have time to consider Bruno’s
suggestions to send an updated patch?
https://issues.guix.gnu.org/61740
Thanks,
Ludo’.
Bruno Victal <mirai@makinata.eu> skribis:
> Hi,
>
> On 2023-02-23 20:16, Thomas Ieong wrote:
>> * gnu/services/mail.scm (rspamd-service-type): New variable.
>> * gnu/tests/mail.scm (%test-rspamd): New variable.
>> * doc/guix.texi: Document it.
>> ---
>>
>> Hey Guix!
>>
>> First time contributor here, this patch
>> introduces some basic support for rspamd.
>>
>> I do need guidance on some points.
>>
>> How to handle the extra configs that a user can
>> provide to rspamd?
>>
>> On your average linux distro rspamd does expects
>> you to not touch the rspamd.conf and instead put
>> your changes in the /etc/rspamd/{local.d,override.d} directories
>> (local is enough to redefine most settings, but if there are changes made
>> via the web ui, the web ui changes takes precedence, you need to use
>> override.d if you want to freeze a setting.)
>>
>> For example to set the password of the web ui
>> you're supposed to create /etc/rspamd/local.d/worker-controller.inc
>> and then set password = "some_hash";
>>
>> Then this will get merged with the config
>> as something like:
>>
>> worker {
>> type = "controller";
>> password = "some_hash";
>> }
>>
>> The point is we could ignore local.d/override.d
>> and write these blocks directly to rspamd.conf.
>
> For most services, the configuration is expected to be read-only (and
> generated & managed by guix)
> though it is possible to have a mix of non guix-managed config files (but
> discouraged).
>
> If you simply want to store the configuration in separate files,
> pulseaudio-service-type and mympd-service-type is an example that can do this.
>
>>
>> Of course it needs some additionals configuration records for the workers
>> and the common options
>> between them.
>>
>> And finally for the test I do plan to add integration test with opensmtpd
>> when I get the time.
>>
>> Are there examples of such integration test?
>
> Specific examples no but gnu/tests/ contains many tests of varying complexity
> that could serve as inspiration.
> See the NFS or web server tests.
>
>> +
>> +@deftp {Data Type} rspamd-configuration
>> +Data type representing the configuration of @command{rspamd}.
>> +
>> +@table @asis
>> +@item @code{package} (default: @code{rspamd})
>> +The package that provides @command{rspamd}.
>> +
>> +@item @code{config-file} (default: @code{%default-rspamd-config-file})
>> +File-like object of the configuration file to use. By default
>> +all workers are enabled except fuzzy and they are binded
>> +to their usual ports, e.g localhost:11334, localhost:11333 and so on.
>> +
>> +@item @code{user} (default: @code{"rspamd"})
>> +The user to run rspamd as.
>> +
>> +@item @code{group} (default: @code{"rspamd"})
>> +The user to run rspamd as.
>> +
>> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
>> +Where to store the PID file.
>> +
>> +@item @code{debug?} (default: @code{#f})
>> +Force debug output.
>> +
>> +@item @code{insecure?} (default: @code{#f})
>> +Ignore running workers as privileged users (insecure).
>> +
>> +@item @code{skip-template?} (default: @code{#f})
>> +Do not apply Jinja templates.
>> +
>> +@end table
>> +@end deftp
>> +
>
> Was this manually typed? (It seems to be the case since it's missing the
> field type information)
> You can generate the documentation automatically with
> configuration->documentation since you're using define-configuration.
>
>> +;;;
>> +;;; Rspamd.
>> +;;;
>> +
>> +(define-maybe boolean)
>> +
>> +(define-configuration rspamd-configuration
>> + (package
>> + (file-like rspamd)
>> + "The package that provides rspamd."
>> + empty-serializer)
>> + (config-file
>> + (file-like %default-rspamd-config-file)
>> + "File-like object of the configuration file to use. By default
>> +all workers are enabled except fuzzy and they are binded
>> +to their usual ports, e.g localhost:11334, localhost:11333 and so on")
>> + (user
>> + (string "rspamd")
>> + "The user to run rspamd as."
>> + empty-serializer)
>> + (group
>> + (string "rspamd")
>> + "The group to run rspamd as."
>> + empty-serializer)
>> + (pid-file
>> + (string "/var/run/rspamd/rspamd.pid")
>> + "Where to store the PID file."
>> + empty-serializer)
>> + (debug?
>> + maybe-boolean
>> + "Force debug output."
>> + empty-serializer)
>> + (insecure?
>> + maybe-boolean
>> + "Ignore running workers as privileged users (insecure)."
>> + empty-serializer)
>> + (skip-template?
>> + maybe-boolean
>> + "Do not apply Jinja templates."
>> + empty-serializer))
>
> If you're not going to use any serializer, you can use
> define-configuration/no-serialization instead.
>
>> +
>> +(define (rspamd-activation config)
>> + (match-record config <rspamd-configuration>
>> + (package config-file user)
>> + #~(begin
>> + (use-modules (guix build utils)
>> + (ice-9 match))
>> + (let ((user (getpwnam #$user)))
>> + (mkdir-p/perms "/etc/rspamd" user #o755)
>> + (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
>> + (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
>> + (mkdir-p/perms "/var/run/rspamd" user #o755)
>> + (mkdir-p/perms "/var/log/rspamd" user #o755)
>> + (mkdir-p/perms "/var/lib/rspamd" user #o755))
>> + ;; Check configuration file syntax.
>> + (system* (string-append #$package "/bin/rspamadm")
>> + "configtest"
>> + "-c" #$config-file))))
>
> This should be moved into the service constructor. See how mpd-service-type
> does this.
>
> To expand a bit here, activation-service-type service-extensions are often
> abused for "pre-service launch tasks"
> but this is incorrect usage (see #60657 which covers the pitfalls on doing
> so).
>
>> +
>> +(define rspamd-profile
>> + (compose list rspamd-configuration-package))
>
> How about:
> (service-extension profile-service-type
> (compose list rspamd-configuration-package))
>
>
>> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
>> index f13751b72f..f532d30805 100644
>
> Do not forget to register this file in gnu/local.mk.
>
>
> Cheers,
> Bruno
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug#61740] [PATCH] services: Add rspamd-service-type.,
Ludovic Courtès <=