From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id QN89L8XVcmXotgAAG6o9tA:P1 (envelope-from ) for ; Fri, 08 Dec 2023 09:37:25 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id QN89L8XVcmXotgAAG6o9tA (envelope-from ) for ; Fri, 08 Dec 2023 09:37:25 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4CC1F14960 for ; Fri, 8 Dec 2023 09:37:25 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=laesvuori.fi header.s=mail header.b=H0ZvpGJ9; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1702024645; a=rsa-sha256; cv=none; b=b0uuU4cMJuvDqIAIeIwwfwsz24BYyFxvDaMOSqnWJb0YbEaoPPf7uFBpSDIHOoGQqyU90M iuImNnj5E5dESjA9eWHXx8oWnLWldZqqFmshoaHWQ46VLNADHKbkd2JCX7x5IbqwBsAgoX tEGx5nJNGDYwr1WqCl6pFa/pNAtC4ZbRBthiRIKrn0v5cA+Rfb3HTSh6KjoY8x4Jrq3hTJ 8KMqAxJWP8w86ZA0fPCTAcURV1aw9PmDZ9CGLXwgc9Ej6zbKCZdjBALc1yQ5vEgIX3YNmg eqNtdaFHF0hBXz5W6Tvru/XhrNR3f5f9y69VYqe0cYnahvY+SKcRaRc0MPvYSw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=laesvuori.fi header.s=mail header.b=H0ZvpGJ9; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1702024645; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=ILZ9Setvv3bWM5pMk4bhXx061czzs0B6yBLRza6uaqU=; b=oP+2nqXEOQF2OV07ULZ1bESsuSULIZfTCV8YaoGQGs5MHLTRlLv3lGEgsb5IFKaQIg0rTv HbYxHHHPmlYTyS3EKm4ySH5MRIobBdWQk8vmytEu7XYBcqESi94uEEhzxTqfiV/2GBhGxz Q+poVeRn4E2gUMlQyhbdFVEoEPALWpyYRu13jwhKSdZ5wKeeP4HRAH3VWjA7QUmQL0hdX6 dygmWutjSdTJ3nhRSL+uJO8P9MQPMI9676bw6yQi8CmAUr0LqmzUlCr7YLwLxQ3eDUQJ4h /y5cmYNIzJvQgNBqCwY4gcH5X+R+j7ZNEHAUbvYLIvWNj2+6M5s3VNi/wn59Vg== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rBW3S-0001OK-NH; Fri, 08 Dec 2023 03:17:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rBW3R-0001O1-9Q for guix-patches@gnu.org; Fri, 08 Dec 2023 03:17:49 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rBW3R-00084x-1T for guix-patches@gnu.org; Fri, 08 Dec 2023 03:17:49 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rBW3d-0003PZ-Jo for guix-patches@gnu.org; Fri, 08 Dec 2023 03:18:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61740] [PATCH v3] services: Add rspamd-service-type. (was [bug#61740] [PATCH] services: Add rspamd-service-type.) Resent-From: Saku Laesvuori Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 08 Dec 2023 08:18:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61740 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: moreinfo patch To: Bruno Victal Cc: Thomas Ieong , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Felix Lechner , 61740@debbugs.gnu.org Received: via spool by 61740-submit@debbugs.gnu.org id=B61740.170202346713079 (code B ref 61740); Fri, 08 Dec 2023 08:18:01 +0000 Received: (at 61740) by debbugs.gnu.org; 8 Dec 2023 08:17:47 +0000 Received: from localhost ([127.0.0.1]:43737 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rBW3N-0003Or-M4 for submit@debbugs.gnu.org; Fri, 08 Dec 2023 03:17:46 -0500 Received: from vmi571514.contaboserver.net ([75.119.130.101]:57422 helo=mail.laesvuori.fi) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rBW3G-0003ON-SV for 61740@debbugs.gnu.org; Fri, 08 Dec 2023 03:17:44 -0500 Received: from X-kone (unknown [130.233.144.30]) by mail.laesvuori.fi (Postfix) with ESMTPSA id B92B9340121; Fri, 8 Dec 2023 09:17:25 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1702023446; bh=QGwxNjRhgUdumYWXxJ7DYi294tmcAu8n3g0SJOxacwo=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=H0ZvpGJ9jOvBa396ONRLH61BAyJSU1ntGbtiyrocD0QwEdlqoAyhLgvuO8d4Gbahy hKvrjWfbboB+00MoQu7MLVSVinWrHNNzW+PtdNyzd/7OMnF45diLidMiWBiYT35/Hu pIBL+UdJt/Uz/G/+QNrxO9ixSzSRDIVGa78Auk3c= Date: Fri, 8 Dec 2023 10:17:21 +0200 Message-ID: <4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro> References: <87sf7fqi3x.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="f4qc5saaf4smhvxp" Content-Disposition: inline In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Saku Laesvuori X-ACL-Warn: , Saku Laesvuori via Guix-patches From: Saku Laesvuori via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -8.25 X-Spam-Score: -8.25 X-Migadu-Queue-Id: 4CC1F14960 X-TUID: YkSJtqqs4D6X --f4qc5saaf4smhvxp Content-Type: multipart/mixed; boundary="bxgnrao7elkpdkw3" Content-Disposition: inline --bxgnrao7elkpdkw3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 06, 2023 at 02:58:19PM +0000, Bruno Victal wrote: > Hi Saku, >=20 > Some comments: >=20 > > +(define (directory-tree? xs) > > + (match xs > > + (((file-name file-like) ...) > > + (and (every string? file-name) > > + (every file-like? file-like))) > > + (_ #f))) >=20 > You can express this more compactly as: >=20 > --8<---------------cut here---------------start------------->8--- > (define directory-tree? > (match-lambda > ((((? string?) (? file-like?)) ...) #t) > (_ #f))) > --8<---------------cut here---------------end--------------->8--- Done in v4. >=20 > > + (user > > + (string "rspamd") > > + "The user to run rspamd as.") > > + (group > > + (string "rspamd") > > + "The group to run rspamd as.") >=20 > How about using user-account and user-group records instead? (see > vnstat-service-type for an example) Done in v4. >=20 > > + (pid-file > > + (string "/var/run/rspamd/rspamd.pid") > > + "Where to store the PID file.") >=20 > Is it useful to expose this? I don't know. It was there when I picked up this patch but I can't come up with a case in which one would want to change it. Removed in v4. >=20 >=20 > > + (insecure? > > + (boolean #f) > > + "Ignore running workers as privileged users (insecure).") >=20 > To me it seems redundant to restate =E2=80=9C(insecure)=E2=80=9D in the d= escription. True. Removed in v4. >=20 > > + (make-forkexec-constructor > > + (list #$rspamd "-c" #$config-file >=20 > I'd prefer the long-name --config over the shorter ones here. Done in v4. > > + "--var" (string-append "LOCAL_CONFDIR=3D" = #$local-confdir) >=20 > Curiously I don't see this listed in the 'rspamd' manpage although > it is on the 'rspamadm' one. Can you confirm whether this works > and if so, report to upstream that their docs are missing this? It does work; I've used it since before I submitted this patch. The `--var` option is listed on `rspamd --help`. Unfortunately, Rspamd tracks their issues on Github and I'd prefer not registering an account there. > > + (service-extension profile-service-type > > + (compose list rspamd-configuration-package)) >=20 > What's the motivation for adding the rspamd package to the profile? That was also there when I picked up this patch. I assume it is added to the profile so that the `rspamadm` and `rspamc` programs are available and compatible with the daemon. I don't have strong feelings about this in either direction. > > +(define %rspamd-os > > + (simple-operating-system > > + (service dhcp-client-service-type) > > + (service rspamd-service-type))) >=20 > Is 'dhcp-client-service-type' needed for this system test? > I haven't tested it but it looks unnecessary to me. It provides 'networking for the http test. Apparently the test wasn't working yet anyway (I had no experience in Guix tests when I sent my versions of the patch and just assumed that they were working in Thomas' version). The tests are now fixed in v4. > > + ;; Check that we can access the web ui > > + (test-equal "http-get" > > + 200 > > + (begin > > + (let-values (((response text) > > + (http-get "http://localhost:22668/" > > + #:decode-body? #t))) > > + (response-code response)))) >=20 > IMO if you're only interested in the HTTP response code a http-head > is the better option, unless the program handles those requests > differently. Also, since 'text' isn't used you can simplify this to: >=20 > --8<---------------cut here---------------start------------->8--- > ;; Don't forget to remove the unused (srfi srfi-11) import. >=20 > (test-equal "Web UI is accessible" > 200 > (response-code (http-head "http://localhost:22668/"))) > --8<---------------cut here---------------end--------------->8--- Done in v4. > > + (test-assert "rspamd pid ready" > > + (marionette-eval > > + '(file-exists? "/var/run/rspamd/rspamd.pid") > > + marionette)) >=20 > There's a procedure dedicated for this: >=20 > --8<---------------cut here---------------start------------->8--- > (test-assert "rspamd pid ready" > (wait-for-file #$(rspamd-configuration-pid-file (rspamd-configuration))= marionette))) > --8<---------------cut here---------------end--------------->8--- Done in v4. > > +(define %test-rspamd > > + (system-test > > + (name "rspamd") > > + (description "Send an email to a running rspamd server.") > > + (value (run-rspamd-test)))) >=20 > I'd change the description to something like "Basic rspamd service test." > as the current one is misleading. Done in v4. --bxgnrao7elkpdkw3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =46rom 1a2a4378304e77ee6ac4823734b916c8810b0834 Mon Sep 17 00:00:00 2001 Message-ID: <1a2a4378304e77ee6ac4823734b916c8810b0834.1702023246.git.saku@l= aesvuori.fi> =46rom: Thomas Ieong Date: Thu, 23 Feb 2023 21:16:14 +0100 Subject: [PATCH v4] services: Add rspamd-service-type. * gnu/services/mail.scm (rspamd-service-type): New variable. * gnu/tests/mail.scm (%test-rspamd): New variable. * doc/guix.texi: Document it. Co-authored-by: Saku Laesvuori Change-Id: I7196643f087ffe9fc91aab231b69d5ed8dc9d198 --- doc/guix.texi | 62 +++++++++++++ gnu/services/mail.scm | 206 +++++++++++++++++++++++++++++++++++++++++- gnu/tests/mail.scm | 74 ++++++++++++++- 3 files changed, 340 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index f82bb99069..5875008ec3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -119,6 +119,8 @@ Copyright @copyright{} 2023 Zheng Junjie@* Copyright @copyright{} 2023 Brian Cully@* Copyright @copyright{} 2023 Felix Lechner@* +Copyright @copyright{} 2023 Thomas Ieong@* +Copyright @copyright{} 2023 Saku Laesvuori@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -27393,6 +27395,66 @@ Mail Services @end table @end deftp =20 +@subsubheading Rspamd Service +@cindex email +@cindex spam + +@defvar rspamd-service-type +This is the type of the @uref{https://rspamd.com/, Rspamd} filtering +system whose value should be a @code{rspamd-configuration}. +@end defvar + +@c %start of fragment + +@deftp {Data Type} rspamd-configuration +Available @code{rspamd-configuration} fields are: + +@table @asis +@item @code{package} (default: @code{rspamd}) (type: file-like) +The package that provides rspamd. + +@item @code{config-file} (default: @code{%default-rspamd-config-file}) (ty= pe: file-like) +File-like object of the configuration file to use. By default all +workers are enabled except fuzzy and they are binded to their usual +ports, e.g localhost:11334, localhost:11333 and so on + +@item @code{local.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in local.d, provided as a list of two element lists +where the first element is the filename and the second one is a +file-like object. Settings in these files will be merged with the +defaults. + +@item @code{override.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in override.d, provided as a list of two element +lists where the first element is the filename and the second one is a +file-like object. Settings in these files will override the defaults. + +@item @code{user} (default: @code{%default-rspamd-account}) (type: user-ac= count) +The user to run rspamd as. + +@item @code{group} (default: @code{%default-rspamd-group}) (type: user-gro= up) +The group to run rspamd as. + +@item @code{debug?} (default: @code{#f}) (type: boolean) +Force debug output. + +@item @code{insecure?} (default: @code{#f}) (type: boolean) +Ignore running workers as privileged users. + +@item @code{skip-template?} (default: @code{#f}) (type: boolean) +Do not apply Jinja templates. + +@item @code{shepherd-requirements} (default: @code{(loopback)}) (type: lis= t-of-symbols) +This is a list of symbols naming Shepherd services that this service +will depend on. + +@end table + +@end deftp + + +@c %end of fragment + @node Messaging Services @subsection Messaging Services =20 diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 12dcc8e71d..0ec0c43a4d 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -5,6 +5,8 @@ ;;; Copyright =C2=A9 2017, 2020 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2019 Kristofer Buffington ;;; Copyright =C2=A9 2020 Jonathan Brielmaier +;;; Copyright =C2=A9 2023 Thomas Ieong +;;; Copyright =C2=A9 2023 Saku Laesvuori ;;; ;;; This file is part of GNU Guix. ;;; @@ -80,7 +82,13 @@ (define-module (gnu services mail) radicale-configuration radicale-configuration? radicale-service-type - %default-radicale-config-file)) + %default-radicale-config-file + + rspamd-configuration + rspamd-service-type + %default-rspamd-account + %default-rspamd-config-file + %default-rspamd-group)) =20 ;;; Commentary: ;;; @@ -1987,3 +1995,199 @@ (define radicale-service-type (service-extension account-service-type (const %radicale-account= s)) (service-extension activation-service-type radicale-activation))) (default-value (radicale-configuration)))) + +;;; +;;; Rspamd. +;;; + +(define (directory-tree? xs) + (match xs + ((((? string?) (? file-like?)) ...) #t) + (_ #f))) + +(define (list-of-symbols? x) + (and (list? x) + (every symbol? x))) + +(define-configuration/no-serialization rspamd-configuration + (package + (file-like rspamd) + "The package that provides rspamd.") + (config-file + (file-like %default-rspamd-config-file) + "File-like object of the configuration file to use. By default +all workers are enabled except fuzzy and they are binded +to their usual ports, e.g localhost:11334, localhost:11333 and so on") + (local.d-files + (directory-tree '()) + "Configuration files in local.d, provided as a list of two element list= s where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will be merged with the defaults.") + (override.d-files + (directory-tree '()) + "Configuration files in override.d, provided as a list of two element l= ists where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will override the defaults.") + (user + (user-account %default-rspamd-account) + "The user to run rspamd as.") + (group + (user-group %default-rspamd-group) + "The group to run rspamd as.") + (debug? + (boolean #f) + "Force debug output.") + (insecure? + (boolean #f) + "Ignore running workers as privileged users.") + (skip-template? + (boolean #f) + "Do not apply Jinja templates.") + (shepherd-requirements + (list-of-symbols '(loopback)) + "This is a list of symbols naming Shepherd services that this service +will depend on.")) + +(define %default-rspamd-account + (user-account + (name "rspamd") + (group "rspamd") + (system? #t) + (comment "Rspamd daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))) + +(define %default-rspamd-group + (user-group + (name "rspamd") + (system? #t))) + +(define %default-rspamd-config-file + (plain-file "rspamd.conf" " +.include \"$CONFDIR/common.conf\" + +options { + pidfile =3D \"$RUNDIR/rspamd.pid\"; + .include \"$CONFDIR/options.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/options.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/option= s.inc\" +} + +logging { + type =3D \"file\"; + filename =3D \"$LOGDIR/rspamd.log\"; + .include \"$CONFDIR/logging.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/logging.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/loggin= g.inc\" +} + +worker \"normal\" { + bind_socket =3D \"localhost:11333\"; + .include \"$CONFDIR/worker-normal.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-normal.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -normal.inc\" +} + +worker \"controller\" { + bind_socket =3D \"localhost:11334\"; + .include \"$CONFDIR/worker-controller.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-controller.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -controller.inc\" +} + +worker \"rspamd_proxy\" { + bind_socket =3D \"localhost:11332\"; + .include \"$CONFDIR/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -proxy.inc\" +} + +# Local fuzzy storage is disabled by default + +worker \"fuzzy\" { + bind_socket =3D \"localhost:11335\"; + count =3D -1; # Disable by default + .include \"$CONFDIR/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -fuzzy.inc\" +} +")) + +(define (rspamd-accounts config) + (match-record config + (user group) + (list group user))) + +(define (rspamd-shepherd-service config) + (match-record config + (package config-file user group debug? insecure? skip-template? + local.d-files override.d-files shepherd-requirements) + (list + (shepherd-service + (provision '(rspamd)) + (documentation "Run the rspamd daemon.") + (requirement shepherd-requirements) + (start (let ((rspamd (file-append package "/bin/rspamd")) + (local-confdir + (file-union + "rspamd-local-confdir" + `(("local.d" ,(file-union "local.d" local.d-files)) + ("override.d" ,(file-union "override.d" override.d= -files)))))) + (with-imported-modules (source-module-closure '((gnu build = activation))) + #~(begin + (use-modules (gnu build activation)) ; for mkdir-p/pe= rms + (let ((user (getpwnam #$(user-account-name user)))) + (mkdir-p/perms "/var/run/rspamd" user #o755) + (mkdir-p/perms "/var/log/rspamd" user #o755) + (mkdir-p/perms "/var/lib/rspamd" user #o755)) + (make-forkexec-constructor + (list #$rspamd "--config" #$config-file + "--var" (string-append "LOCAL_CONFDIR=3D" #$lo= cal-confdir) + "--no-fork" + #$@(if debug? + '("--debug") + '()) + #$@(if insecure? + '("--insecure") + '()) + #$@(if skip-template? + '("--skip-template") + '())) + #:user #$(user-account-name user) + #:group #$(user-group-name group)))))) + (stop #~(make-kill-destructor)) + (actions + (list + (shepherd-configuration-action config-file) + (shepherd-action + (name 'reload) + (documentation "Reload rspamd.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGHUP) + (display "Service rspamd has been reloaded")) + (format #t "Service rspamd is not running."))))) + (shepherd-action + (name 'reopenlog) + (documentation "Reopen log files.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGUSR1) + (display "Reopening the logs for rspamd")) + (format #t "Service rspamd is not running."))))))))))) + +(define rspamd-service-type + (service-type + (name 'rspamd) + (description "Run the rapid spam filtering system.") + (extensions + (list + (service-extension shepherd-root-service-type rspamd-shepherd-service) + (service-extension account-service-type rspamd-accounts) + (service-extension profile-service-type + (compose list rspamd-configuration-package)))) + (default-value (rspamd-configuration)))) diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm index dcb8f08ea8..fc1c69047b 100644 --- a/gnu/tests/mail.scm +++ b/gnu/tests/mail.scm @@ -6,6 +6,7 @@ ;;; Copyright =C2=A9 2018 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2019 Christopher Baines ;;; Copyright =C2=A9 2019, 2020 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2023 Thomas Ieong ;;; ;;; This file is part of GNU Guix. ;;; @@ -40,7 +41,8 @@ (define-module (gnu tests mail) #:export (%test-opensmtpd %test-exim %test-dovecot - %test-getmail)) + %test-getmail + %test-rspamd)) =20 (define %opensmtpd-os (simple-operating-system @@ -579,3 +581,73 @@ (define %test-getmail (name "getmail") (description "Connect to a running Getmail server.") (value (run-getmail-test)))) + +(define %rspamd-os + (simple-operating-system + (service dhcp-client-service-type) + (service rspamd-service-type + (rspamd-configuration + (shepherd-requirements '(networking)) + (local.d-files `(("worker-controller.inc" + ,(plain-file + "rspamd-public-web-controller.conf" + "bind_socket =3D \"0.0.0.0:11334\";")))= ))))) + +(define (run-rspamd-test) + "Return a test of an OS running Rspamd service." + + (define rspamd-ports + '((22668 . 11334))) ;; web controller + + (define vm + (virtual-machine + (operating-system (marionette-operating-system + %rspamd-os + #:imported-modules '((gnu services herd)))) + (port-forwardings rspamd-ports))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette) + (web uri) + (web client) + (web response)) + + (define marionette + (make-marionette '(#$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "rspamd") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'rspamd)) + marionette)) + + (test-assert "rspamd socket ready" + (wait-for-unix-socket + "/var/lib/rspamd/rspamd.sock" + marionette)) + + (test-assert "rspamd log file" + (wait-for-file "/var/log/rspamd/rspamd.log" marionette)) + + ;; Check that we can access the web ui + + (test-equal "http-get" + 200 + (response-code (http-get "http://localhost:22668/"))) ; HEAD i= s unsupported + + (test-end)))) + + (gexp->derivation "rspamd-test" test)) + +(define %test-rspamd + (system-test + (name "rspamd") + (description "Basic rspamd service test.") + (value (run-rspamd-test)))) base-commit: ea88bef3e0579264b20fa8edbf059c02d9cbe104 prerequisite-patch-id: 6b143a0f0a9c696e5214b42bb7928cf2abd7fc52 --=20 2.41.0 --bxgnrao7elkpdkw3-- --f4qc5saaf4smhvxp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmVy0REACgkQJX0oSiod OjLp+w//Q8+W7yyrK1blgzRvvrtb1stL/eOYu8+qZxb8hYBz9qX4BAk6PoR8jDa/ gExL9Fl5KiF8xKUOzYt1loqQf7wnHs9Wn+9fS2g4dd7LElCmZgemtMLvUWytv+sB dyKtIu7l9Aml6CIiXxHhVQMtS3DA10DD8lszTfO36c/LLq62r+o6pt+vePYfCWlW t45BGEoIS8fat/RIhf+zyRFFlPoAPeBKfpCHC6CJPd17eUWEoVeMI1o1zbjUIt6k EdLUyibFrH9KuNhxxUcbRjKXrOCoU2FTrkSy6JL0y/mxelkKXuVCHiV7H6xkV3uY VKNaX64QLS4Babze+wekAf6x9h2wiFjoJ2+8++DUXVVt5k53j8VaUuKAhBRachiw L2rQ1yA8K02BbAUR7L+YNs+Bjr04+36eM0RmFvuUav2CJRAjD25guSpDQ6hUkRDN DXuw6AWodr3q4W65TsIHDS+6uVt4ZI7TqpXlLxCQvAMkJH7vSulrzSCrhBmk8ULX upyONt8S4vapOl2klxrUAxjJ87lVCQhgQC5WgZv43LMd+GSEX2qc8xG07s0cKGL8 gO6fuijQgR6UBx6PnmmGaGbn9vKkYQaj3QmTH/ndumsgMqVYXXCWVYuK8lCHG+hJ eQF/fhtgeqDhTucugcCOxKi1REZACDsTRWoAc3mUnV7aD+c/K4k= =l7Vd -----END PGP SIGNATURE----- --f4qc5saaf4smhvxp--