From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 0NJdGBl/+mO9YgAAbAwnHQ (envelope-from ) for ; Sat, 25 Feb 2023 22:35:21 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id iCSCFxl/+mOfMAEAG6o9tA (envelope-from ) for ; Sat, 25 Feb 2023 22:35:21 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8085467DF for ; Sat, 25 Feb 2023 22:35:20 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677360920; a=rsa-sha256; cv=none; b=JQy7KZ1rmh6dHnTK9OgSxzcuFBkSGg6t3LKMQOc1xfMfo73JpfhVcRTCYagWkPRlTZNv+z n5n4QAMdUTUNKBs6m6uo0JWeb5boLtwc5KGKJZvpltQKFmVjMJJqsxAcYxZeJQEbzKESiA iYW1pCab6GZ6yo1rgGwHjBnwc9rm8ZcLJv6WVj+ry550ozcLMw4qLNVK+eTVXC+T2vlmxG cdzmt6tDO/EFVhjCuq9IcPQ8t7tWaoZ2w7lOTJZ0bHGmrCcTwz+EhJVCTw64+jkYDZSQtl IMLHZ+BqIrm1a/tCsWz6Q8/QV+vjQvsGiLjvDFwIcW4Mm282Irb4w7/1Qt4jfQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1677360920; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=YWFFhBQoPgaROdrasAcn6tawzVdykrFtyCWV7W1eW8o=; b=iW2YzRHzIy8jASMlDKo35wvVfXsn73bMp2/WizYSLmI5A5PXAcDiSOKkdu4KmyhUahTlCD 4sv6bkFST91efAs0uheiYwrDWuCFHdXyPvss2SfUx1KO6S9NKVAwSbhsPT2OX14UtxCTlZ NpfFrlO2CZWG2pMvPo/9s0/5T16q7YTPcp5NWaxRFy+8lYR+CY5A7+TuEYAXlU0fdxetfn 1Zo11IFQcbdS+ZSuuXhH/9FYkqNmcW7BtR/aLzY/hine2KXJbQdQDxcrWw0a/NPz0wSsWo 5DDiUDVK3B9o9mosGQFwRxCgtxjNcHE2UWEh1x7sGtMS3k1E9zbMw6vQh/ggtQ== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pW2C9-0007JV-0O; Sat, 25 Feb 2023 16:35:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pW2C7-0007J0-0i for guix-patches@gnu.org; Sat, 25 Feb 2023 16:35:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pW2C6-0004Zr-J5 for guix-patches@gnu.org; Sat, 25 Feb 2023 16:35:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pW2C5-00068L-V0 for guix-patches@gnu.org; Sat, 25 Feb 2023 16:35:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61740] [PATCH] services: Add rspamd-service-type. Resent-From: Bruno Victal Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 25 Feb 2023 21:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61740 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Thomas Ieong Cc: 61740@debbugs.gnu.org Received: via spool by 61740-submit@debbugs.gnu.org id=B61740.167736084423506 (code B ref 61740); Sat, 25 Feb 2023 21:35:01 +0000 Received: (at 61740) by debbugs.gnu.org; 25 Feb 2023 21:34:04 +0000 Received: from localhost ([127.0.0.1]:41716 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pW2BA-000674-2c for submit@debbugs.gnu.org; Sat, 25 Feb 2023 16:34:04 -0500 Received: from smtpm8.myservices.hosting ([185.26.105.209]:46902) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pW2B7-00066e-P6 for 61740@debbugs.gnu.org; Sat, 25 Feb 2023 16:34:02 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm8.myservices.hosting (Postfix) with ESMTP id BB5F420D41; Sat, 25 Feb 2023 22:33:58 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 9A9C180098; Sat, 25 Feb 2023 22:33:58 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id NeYTg8_Ck_AJ; Sat, 25 Feb 2023 22:33:57 +0100 (CET) Received: from [192.168.1.239] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 85A9980097; Sat, 25 Feb 2023 22:33:57 +0100 (CET) Message-ID: Date: Sat, 25 Feb 2023 21:33:57 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Content-Language: en-US References: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr> From: Bruno Victal In-Reply-To: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: X-Migadu-Queue-Id: 8085467DF X-Spam-Score: -3.98 X-Migadu-Spam-Score: -3.98 X-Migadu-Scanner: scn0.migadu.com List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-TUID: Qm46DxjQD8xf Hi, On 2023-02-23 20:16, Thomas Ieong wrote: > * gnu/services/mail.scm (rspamd-service-type): New variable. > * gnu/tests/mail.scm (%test-rspamd): New variable. > * doc/guix.texi: Document it. > --- > > Hey Guix! > > First time contributor here, this patch > introduces some basic support for rspamd. > > I do need guidance on some points. > > How to handle the extra configs that a user can > provide to rspamd? > > On your average linux distro rspamd does expects > you to not touch the rspamd.conf and instead put > your changes in the /etc/rspamd/{local.d,override.d} directories > (local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.) > > For example to set the password of the web ui > you're supposed to create /etc/rspamd/local.d/worker-controller.inc > and then set password = "some_hash"; > > Then this will get merged with the config > as something like: > > worker { > type = "controller"; > password = "some_hash"; > } > > The point is we could ignore local.d/override.d > and write these blocks directly to rspamd.conf. For most services, the configuration is expected to be read-only (and generated & managed by guix) though it is possible to have a mix of non guix-managed config files (but discouraged). If you simply want to store the configuration in separate files, pulseaudio-service-type and mympd-service-type is an example that can do this. > > Of course it needs some additionals configuration records for the workers and the common options > between them. > > And finally for the test I do plan to add integration test with opensmtpd when I get the time. > > Are there examples of such integration test? Specific examples no but gnu/tests/ contains many tests of varying complexity that could serve as inspiration. See the NFS or web server tests. > + > +@deftp {Data Type} rspamd-configuration > +Data type representing the configuration of @command{rspamd}. > + > +@table @asis > +@item @code{package} (default: @code{rspamd}) > +The package that provides @command{rspamd}. > + > +@item @code{config-file} (default: @code{%default-rspamd-config-file}) > +File-like object of the configuration file to use. By default > +all workers are enabled except fuzzy and they are binded > +to their usual ports, e.g localhost:11334, localhost:11333 and so on. > + > +@item @code{user} (default: @code{"rspamd"}) > +The user to run rspamd as. > + > +@item @code{group} (default: @code{"rspamd"}) > +The user to run rspamd as. > + > +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"}) > +Where to store the PID file. > + > +@item @code{debug?} (default: @code{#f}) > +Force debug output. > + > +@item @code{insecure?} (default: @code{#f}) > +Ignore running workers as privileged users (insecure). > + > +@item @code{skip-template?} (default: @code{#f}) > +Do not apply Jinja templates. > + > +@end table > +@end deftp > + Was this manually typed? (It seems to be the case since it's missing the field type information) You can generate the documentation automatically with configuration->documentation since you're using define-configuration. > +;;; > +;;; Rspamd. > +;;; > + > +(define-maybe boolean) > + > +(define-configuration rspamd-configuration > + (package > + (file-like rspamd) > + "The package that provides rspamd." > + empty-serializer) > + (config-file > + (file-like %default-rspamd-config-file) > + "File-like object of the configuration file to use. By default > +all workers are enabled except fuzzy and they are binded > +to their usual ports, e.g localhost:11334, localhost:11333 and so on") > + (user > + (string "rspamd") > + "The user to run rspamd as." > + empty-serializer) > + (group > + (string "rspamd") > + "The group to run rspamd as." > + empty-serializer) > + (pid-file > + (string "/var/run/rspamd/rspamd.pid") > + "Where to store the PID file." > + empty-serializer) > + (debug? > + maybe-boolean > + "Force debug output." > + empty-serializer) > + (insecure? > + maybe-boolean > + "Ignore running workers as privileged users (insecure)." > + empty-serializer) > + (skip-template? > + maybe-boolean > + "Do not apply Jinja templates." > + empty-serializer)) If you're not going to use any serializer, you can use define-configuration/no-serialization instead. > + > +(define (rspamd-activation config) > + (match-record config > + (package config-file user) > + #~(begin > + (use-modules (guix build utils) > + (ice-9 match)) > + (let ((user (getpwnam #$user))) > + (mkdir-p/perms "/etc/rspamd" user #o755) > + (mkdir-p/perms "/etc/rspamd/local.d" user #o755) > + (mkdir-p/perms "/etc/rspamd/override.d" user #o755) > + (mkdir-p/perms "/var/run/rspamd" user #o755) > + (mkdir-p/perms "/var/log/rspamd" user #o755) > + (mkdir-p/perms "/var/lib/rspamd" user #o755)) > + ;; Check configuration file syntax. > + (system* (string-append #$package "/bin/rspamadm") > + "configtest" > + "-c" #$config-file)))) This should be moved into the service constructor. See how mpd-service-type does this. To expand a bit here, activation-service-type service-extensions are often abused for "pre-service launch tasks" but this is incorrect usage (see #60657 which covers the pitfalls on doing so). > + > +(define rspamd-profile > + (compose list rspamd-configuration-package)) How about: (service-extension profile-service-type (compose list rspamd-configuration-package)) > diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm > index f13751b72f..f532d30805 100644 Do not forget to register this file in gnu/local.mk. Cheers, Bruno