From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:306:2d92::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id WC9+IrFg0mSKHQAASxT56A (envelope-from ) for ; Tue, 08 Aug 2023 17:35:13 +0200 Received: from aspmx1.migadu.com ([2001:41d0:306:2d92::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id AHODIrFg0mQmPwAA9RJhRA (envelope-from ) for ; Tue, 08 Aug 2023 17:35:13 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2C25D376C4 for ; Tue, 8 Aug 2023 17:35:13 +0200 (CEST) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=aAmb0L3g; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1691508913; a=rsa-sha256; cv=none; b=gtABUKkzGNyglQGVrZ9BrSLINK3xzy/nvXhDNbE8fzN5ugnykJcocvzBT33p8BTS0QbGcH 31Xp70vS+1tUrKgJpv8PURzzIFED5HIdQk/kuBOJvjO2vBb34X4LKKt/4vtGZ5EmrA5OB1 17QewbzYVROLy3LhAVIMMhEssiYHMbHkuG4oiSP70sEDFLM/meTbFjHB0Tm7yKVYni3MZT j7ffQDus299s2f753iNMrhd0AabjNfZQSZCLqxwi9m0VXfaMVnnnLfPCie2ZBnZV8EoQ0Z 9GKUkLA4IbTFK1YmEEkeU04LahmDYlX9kN26aMQv2JOptU97MiCKfbzS6B2+yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1691508913; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=MZIEW1g0iwRU8VQAtkiVPBorzY8TDqsTkCr9HdbovJw=; b=HlR6dN8YaB0iMt9b7RrU98ce57T9KSHnmE0hglXS+7lj6k6ZBY4JiDWc5KstF1QieKKAHi dA1NLfdLAKKz1sXsXIcqLoPObxqdknfykIx+hKQ/fRzrvGpZw/SsgwUXkd7GCCEO9SPJHA FPJVo8yr9/cKDzsLHV9ndN748Hej8Yx7nGGA9IxrExTUYd+1OuV7HOpf4nkGAlj9J1d7O9 IIpFLIYBf5lEDJp60QxFaOmV6+zqb5aI4ZoaZKfXcbXKw7op/eDJfvGZVam2o7ECmuUQz6 /8g+/CTNKgpXYZNzbS+yjqsvBJcDNoBnbHsKGRKBlYOkyiJirzPInif3gAb2+A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=aAmb0L3g; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qTOjg-0002zo-4H; Tue, 08 Aug 2023 11:35:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qTOje-0002zE-KI for guix-patches@gnu.org; Tue, 08 Aug 2023 11:35:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qTOje-0006ku-Bl for guix-patches@gnu.org; Tue, 08 Aug 2023 11:35:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qTOje-0001Id-6j for guix-patches@gnu.org; Tue, 08 Aug 2023 11:35:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#61740] [PATCH] services: Add rspamd-service-type. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 08 Aug 2023 15:35:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61740 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: moreinfo patch To: Thomas Ieong Cc: Bruno Victal , 61740@debbugs.gnu.org Received: via spool by 61740-submit@debbugs.gnu.org id=B61740.16915088964978 (code B ref 61740); Tue, 08 Aug 2023 15:35:02 +0000 Received: (at 61740) by debbugs.gnu.org; 8 Aug 2023 15:34:56 +0000 Received: from localhost ([127.0.0.1]:37564 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTOjY-0001IE-4l for submit@debbugs.gnu.org; Tue, 08 Aug 2023 11:34:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42796) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTOjV-0001I1-PN for 61740@debbugs.gnu.org; Tue, 08 Aug 2023 11:34:54 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qTOjP-0006gJ-Ll; Tue, 08 Aug 2023 11:34:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=MZIEW1g0iwRU8VQAtkiVPBorzY8TDqsTkCr9HdbovJw=; b=aAmb0L3gubM+6jCw7vOC QE8jIpRHt7fDEzdhDJAuHSCtQUp3Fr6pRnXdDh7+vhOSQnAE4emD+Tydww/aKUssVscRPjvzP45JP qThPFgY+YHXajnNC1046V7lE2sws1vkjFn7nHdJe7egM+AzxNJfp1BEnKrMzjn+Zf7GQde4oQn4x0 FY+UeGwDSJP4Gs1xch6MDNJbpUie8C3WIUQGKs3yNfrE5cmbrkp1klqcvu/NaTH1sBo9gZ339LhbX mCHpkxxFSKjcvE9lQj7oEeEb5f3rouwoKS9IHN3hDR1yr1UFq7vbLzTuvJDdCIewUwu23sjwMdp18 zZW2bpqJwW4/ig==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: (Bruno Victal's message of "Sat, 25 Feb 2023 21:33:57 +0000") References: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) Date: Tue, 08 Aug 2023 17:34:45 +0200 Message-ID: <87v8dppmy2.fsf_-_@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -3.86 X-Migadu-Scanner: mx2.migadu.com X-Migadu-Queue-Id: 2C25D376C4 X-Spam-Score: -3.86 X-TUID: S1tfGl+DRxER Hi Thomas, It=E2=80=99s been a while. :-) Did you have time to consider Bruno=E2=80= =99s suggestions to send an updated patch? https://issues.guix.gnu.org/61740 Thanks, Ludo=E2=80=99. Bruno Victal skribis: > Hi, > > On 2023-02-23 20:16, Thomas Ieong wrote: >> * gnu/services/mail.scm (rspamd-service-type): New variable. >> * gnu/tests/mail.scm (%test-rspamd): New variable. >> * doc/guix.texi: Document it. >> --- >>=20 >> Hey Guix! >>=20 >> First time contributor here, this patch >> introduces some basic support for rspamd. >>=20 >> I do need guidance on some points. >>=20 >> How to handle the extra configs that a user can >> provide to rspamd? >>=20 >> On your average linux distro rspamd does expects >> you to not touch the rspamd.conf and instead put >> your changes in the /etc/rspamd/{local.d,override.d} directories >> (local is enough to redefine most settings, but if there are changes mad= e via the web ui, the web ui changes takes precedence, you need to use over= ride.d if you want to freeze a setting.) >>=20 >> For example to set the password of the web ui >> you're supposed to create /etc/rspamd/local.d/worker-controller.inc >> and then set password =3D "some_hash"; >>=20 >> Then this will get merged with the config >> as something like: >>=20 >> worker { >> type =3D "controller"; >> password =3D "some_hash"; >> } >>=20 >> The point is we could ignore local.d/override.d >> and write these blocks directly to rspamd.conf. > > For most services, the configuration is expected to be read-only (and gen= erated & managed by guix) > though it is possible to have a mix of non guix-managed config files (but= discouraged). > > If you simply want to store the configuration in separate files, pulseaud= io-service-type and mympd-service-type is an example that can do this. > >>=20 >> Of course it needs some additionals configuration records for the worker= s and the common options >> between them. >>=20 >> And finally for the test I do plan to add integration test with opensmtp= d when I get the time. >>=20 >> Are there examples of such integration test? > > Specific examples no but gnu/tests/ contains many tests of varying comple= xity that could serve as inspiration. > See the NFS or web server tests. > >> + >> +@deftp {Data Type} rspamd-configuration >> +Data type representing the configuration of @command{rspamd}. >> + >> +@table @asis >> +@item @code{package} (default: @code{rspamd}) >> +The package that provides @command{rspamd}. >> + >> +@item @code{config-file} (default: @code{%default-rspamd-config-file}) >> +File-like object of the configuration file to use. By default >> +all workers are enabled except fuzzy and they are binded >> +to their usual ports, e.g localhost:11334, localhost:11333 and so on. >> + >> +@item @code{user} (default: @code{"rspamd"}) >> +The user to run rspamd as. >> + >> +@item @code{group} (default: @code{"rspamd"}) >> +The user to run rspamd as. >> + >> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"}) >> +Where to store the PID file. >> + >> +@item @code{debug?} (default: @code{#f}) >> +Force debug output. >> + >> +@item @code{insecure?} (default: @code{#f}) >> +Ignore running workers as privileged users (insecure). >> + >> +@item @code{skip-template?} (default: @code{#f}) >> +Do not apply Jinja templates. >> + >> +@end table >> +@end deftp >> + > > Was this manually typed? (It seems to be the case since it's missing the = field type information) > You can generate the documentation automatically with configuration->docu= mentation since you're using define-configuration. > >> +;;; >> +;;; Rspamd. >> +;;; >> + >> +(define-maybe boolean) >> + >> +(define-configuration rspamd-configuration >> + (package >> + (file-like rspamd) >> + "The package that provides rspamd." >> + empty-serializer) >> + (config-file >> + (file-like %default-rspamd-config-file) >> + "File-like object of the configuration file to use. By default >> +all workers are enabled except fuzzy and they are binded >> +to their usual ports, e.g localhost:11334, localhost:11333 and so on") >> + (user >> + (string "rspamd") >> + "The user to run rspamd as." >> + empty-serializer) >> + (group >> + (string "rspamd") >> + "The group to run rspamd as." >> + empty-serializer) >> + (pid-file >> + (string "/var/run/rspamd/rspamd.pid") >> + "Where to store the PID file." >> + empty-serializer) >> + (debug? >> + maybe-boolean >> + "Force debug output." >> + empty-serializer) >> + (insecure? >> + maybe-boolean >> + "Ignore running workers as privileged users (insecure)." >> + empty-serializer) >> + (skip-template? >> + maybe-boolean >> + "Do not apply Jinja templates." >> + empty-serializer)) > > If you're not going to use any serializer, you can use define-configurati= on/no-serialization instead. > >> + >> +(define (rspamd-activation config) >> + (match-record config >> + (package config-file user) >> + #~(begin >> + (use-modules (guix build utils) >> + (ice-9 match)) >> + (let ((user (getpwnam #$user))) >> + (mkdir-p/perms "/etc/rspamd" user #o755) >> + (mkdir-p/perms "/etc/rspamd/local.d" user #o755) >> + (mkdir-p/perms "/etc/rspamd/override.d" user #o755) >> + (mkdir-p/perms "/var/run/rspamd" user #o755) >> + (mkdir-p/perms "/var/log/rspamd" user #o755) >> + (mkdir-p/perms "/var/lib/rspamd" user #o755)) >> + ;; Check configuration file syntax. >> + (system* (string-append #$package "/bin/rspamadm") >> + "configtest" >> + "-c" #$config-file)))) > > This should be moved into the service constructor. See how mpd-service-ty= pe does this. > > To expand a bit here, activation-service-type service-extensions are ofte= n abused for "pre-service launch tasks" > but this is incorrect usage (see #60657 which covers the pitfalls on doin= g so). > >> + >> +(define rspamd-profile >> + (compose list rspamd-configuration-package)) > > How about:=20 > (service-extension profile-service-type > (compose list rspamd-configuration-package)) > > >> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm >> index f13751b72f..f532d30805 100644 > > Do not forget to register this file in gnu/local.mk. > > > Cheers, > Bruno