[PATCH] services: Add rspamd-service-type.

  • Done
  • quality assurance status badge
Details
5 participants
  • Felix Lechner
  • Ludovic Courtès
  • Bruno Victal
  • Saku Laesvuori
  • Thomas Ieong
Owner
unassigned
Submitted by
Thomas Ieong
Severity
normal

Debbugs page

T
T
Thomas Ieong wrote on 23 Feb 2023 12:16
(address . guix-patches@gnu.org)(name . Thomas Ieong)(address . th.ieong@free.fr)
68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr
* gnu/services/mail.scm (rspamd-service-type): New variable.
* gnu/tests/mail.scm (%test-rspamd): New variable.
* doc/guix.texi: Document it.
---

Hey Guix!

First time contributor here, this patch
introduces some basic support for rspamd.

I do need guidance on some points.

How to handle the extra configs that a user can
provide to rspamd?

On your average linux distro rspamd does expects
you to not touch the rspamd.conf and instead put
your changes in the /etc/rspamd/{local.d,override.d} directories
(local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.)

For example to set the password of the web ui
you're supposed to create /etc/rspamd/local.d/worker-controller.inc
and then set password = "some_hash";

Then this will get merged with the config
as something like:

worker {
type = "controller";
password = "some_hash";
}

The point is we could ignore local.d/override.d
and write these blocks directly to rspamd.conf.

Of course it needs some additionals configuration records for the workers and the common options
between them.

And finally for the test I do plan to add integration test with opensmtpd when I get the time.

Are there examples of such integration test?

What do you think?

doc/guix.texi | 43 ++++++++++
gnu/services/mail.scm | 191 +++++++++++++++++++++++++++++++++++++++++-
gnu/tests/mail.scm | 87 ++++++++++++++++++-
3 files changed, 319 insertions(+), 2 deletions(-)

Toggle diff (387 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 05615b9549..c1070a5244 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -114,6 +114,7 @@
Copyright @copyright{} 2023 Giacomo Leidi@*
Copyright @copyright{} 2022 Antero Mejr@*
Copyright @copyright{} 2023 Bruno Victal@*
+Copyright @copyright{} 2023 Thomas Ieong@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -26365,6 +26366,48 @@ Mail Services
@end table
@end deftp
+@subsubheading Rspamd Service
+@cindex email
+@cindex spam
+
+@defvar rspamd-service-type
+This is the type of the @uref{https://rspamd.com/, Rspamd} filtering
+system whose value should be a @code{rspamd-configuration}.
+@end defvar
+
+@deftp {Data Type} rspamd-configuration
+Data type representing the configuration of @command{rspamd}.
+
+@table @asis
+@item @code{package} (default: @code{rspamd})
+The package that provides @command{rspamd}.
+
+@item @code{config-file} (default: @code{%default-rspamd-config-file})
+File-like object of the configuration file to use. By default
+all workers are enabled except fuzzy and they are binded
+to their usual ports, e.g localhost:11334, localhost:11333 and so on.
+
+@item @code{user} (default: @code{"rspamd"})
+The user to run rspamd as.
+
+@item @code{group} (default: @code{"rspamd"})
+The user to run rspamd as.
+
+@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
+Where to store the PID file.
+
+@item @code{debug?} (default: @code{#f})
+Force debug output.
+
+@item @code{insecure?} (default: @code{#f})
+Ignore running workers as privileged users (insecure).
+
+@item @code{skip-template?} (default: @code{#f})
+Do not apply Jinja templates.
+
+@end table
+@end deftp
+
@node Messaging Services
@subsection Messaging Services
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 6f588679b1..8a4af26f66 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@gmail.com>
;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2023 Thomas Ieong <th.ieong@free.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -79,7 +80,11 @@ (define-module (gnu services mail)
radicale-configuration
radicale-configuration?
radicale-service-type
- %default-radicale-config-file))
+ %default-radicale-config-file
+
+ rspamd-configuration
+ rspamd-service-type
+ %default-rspamd-config-file))
;;; Commentary:
;;;
@@ -1984,3 +1989,187 @@ (define radicale-service-type
(service-extension account-service-type (const %radicale-accounts))
(service-extension activation-service-type radicale-activation)))
(default-value (radicale-configuration))))
+
+;;;
+;;; Rspamd.
+;;;
+
+(define-maybe boolean)
+
+(define-configuration rspamd-configuration
+ (package
+ (file-like rspamd)
+ "The package that provides rspamd."
+ empty-serializer)
+ (config-file
+ (file-like %default-rspamd-config-file)
+ "File-like object of the configuration file to use. By default
+all workers are enabled except fuzzy and they are binded
+to their usual ports, e.g localhost:11334, localhost:11333 and so on")
+ (user
+ (string "rspamd")
+ "The user to run rspamd as."
+ empty-serializer)
+ (group
+ (string "rspamd")
+ "The group to run rspamd as."
+ empty-serializer)
+ (pid-file
+ (string "/var/run/rspamd/rspamd.pid")
+ "Where to store the PID file."
+ empty-serializer)
+ (debug?
+ maybe-boolean
+ "Force debug output."
+ empty-serializer)
+ (insecure?
+ maybe-boolean
+ "Ignore running workers as privileged users (insecure)."
+ empty-serializer)
+ (skip-template?
+ maybe-boolean
+ "Do not apply Jinja templates."
+ empty-serializer))
+
+(define %default-rspamd-config-file
+ (plain-file "rspamd.conf" "
+.include \"$CONFDIR/common.conf\"
+
+options {
+ pidfile = \"$RUNDIR/rspamd.pid\";
+ .include \"$CONFDIR/options.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/options.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/options.inc\"
+}
+
+logging {
+ type = \"file\";
+ filename = \"$LOGDIR/rspamd.log\";
+ .include \"$CONFDIR/logging.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/logging.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/logging.inc\"
+}
+
+worker \"normal\" {
+ bind_socket = \"localhost:11333\";
+ .include \"$CONFDIR/worker-normal.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-normal.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-normal.inc\"
+}
+
+worker \"controller\" {
+ bind_socket = \"localhost:11334\";
+ .include \"$CONFDIR/worker-controller.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-controller.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-controller.inc\"
+}
+
+worker \"rspamd_proxy\" {
+ bind_socket = \"localhost:11332\";
+ .include \"$CONFDIR/worker-proxy.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-proxy.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-proxy.inc\"
+}
+
+# Local fuzzy storage is disabled by default
+
+worker \"fuzzy\" {
+ bind_socket = \"localhost:11335\";
+ count = -1; # Disable by default
+ .include \"$CONFDIR/worker-fuzzy.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-fuzzy.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-fuzzy.inc\"
+}
+"))
+
+(define (rspamd-accounts config)
+ (match-record config <rspamd-configuration>
+ (user group)
+ (list (user-group
+ (name group)
+ (system? #t))
+ (user-account
+ (name user)
+ (group group)
+ (system? #t)
+ (comment "Rspamd daemon")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin"))))))
+
+(define (rspamd-shepherd-service config)
+ (match-record config <rspamd-configuration>
+ (package config-file user group pid-file debug? insecure? skip-template?)
+ (list (shepherd-service
+ (provision '(rspamd))
+ (documentation "Run the rspamd daemon.")
+ (requirement '(networking))
+ (start (let ((rspamd (file-append package "/bin/rspamd")))
+ #~(make-forkexec-constructor
+ (list #$rspamd "-c" #$config-file
+ #$@(if debug?
+ '("--debug")
+ '())
+ #$@(if insecure?
+ '("--insecure")
+ '())
+ #$@(if skip-template?
+ '("--skip-template")
+ '()))
+ #:user #$user
+ #:group #$group
+ #:pid-file #$pid-file)))
+ (stop #~(make-kill-destructor))
+ (actions
+ (list (shepherd-configuration-action config-file)
+ (shepherd-action
+ (name 'reload)
+ (documentation "Reload rspamd.")
+ (procedure
+ #~(lambda (pid)
+ (if pid
+ (begin
+ (kill pid SIGHUP)
+ (display "Service rspamd has been reloaded"))
+ (format #t "Service rspamd is not running.")))))
+ (shepherd-action
+ (name 'reopenlog)
+ (documentation "Reopen log files.")
+ (procedure
+ #~(lambda (pid)
+ (if pid
+ (begin
+ (kill pid SIGUSR1)
+ (display "Reopening the logs for rspamd"))
+ (format #t "Service rspamd is not running.")))))))))))
+
+(define (rspamd-activation config)
+ (match-record config <rspamd-configuration>
+ (package config-file user)
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 match))
+ (let ((user (getpwnam #$user)))
+ (mkdir-p/perms "/etc/rspamd" user #o755)
+ (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
+ (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
+ (mkdir-p/perms "/var/run/rspamd" user #o755)
+ (mkdir-p/perms "/var/log/rspamd" user #o755)
+ (mkdir-p/perms "/var/lib/rspamd" user #o755))
+ ;; Check configuration file syntax.
+ (system* (string-append #$package "/bin/rspamadm")
+ "configtest"
+ "-c" #$config-file))))
+
+(define rspamd-profile
+ (compose list rspamd-configuration-package))
+
+(define rspamd-service-type
+ (service-type
+ (name 'rspamd)
+ (description "Run the rapid spam filtering system")
+ (extensions
+ (list (service-extension shepherd-root-service-type rspamd-shepherd-service)
+ (service-extension account-service-type rspamd-accounts)
+ (service-extension activation-service-type rspamd-activation)
+ (service-extension profile-service-type rspamd-profile)))
+ (default-value (rspamd-configuration))))
diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
index f13751b72f..f532d30805 100644
--- a/gnu/tests/mail.scm
+++ b/gnu/tests/mail.scm
@@ -6,6 +6,7 @@
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2019 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2023 Thomas Ieong <th.ieong@free.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -40,7 +41,8 @@ (define-module (gnu tests mail)
#:export (%test-opensmtpd
%test-exim
%test-dovecot
- %test-getmail))
+ %test-getmail
+ %test-rspamd))
(define %opensmtpd-os
(simple-operating-system
@@ -575,3 +577,86 @@ (define %test-getmail
(name "getmail")
(description "Connect to a running Getmail server.")
(value (run-getmail-test))))
+
+(define %rspamd-os
+ (simple-operating-system
+ (service dhcp-client-service-type)
+ (service rspamd-service-type)))
+
+(define (run-rspamd-test)
+ "Return a test of an OS running Rspamd service."
+
+ (define rspamd-ports
+ '((22664 . 11332) ;; proxy worker
+ (22666 . 11333) ;; normal worker
+ (22668 . 11334) ;; web controller
+ (22670 . 11335))) ;; fuzzy worker
+
+ (define vm
+ (virtual-machine
+ (operating-system (marionette-operating-system
+ %rspamd-os
+ #:imported-modules '((gnu services herd))))
+ (port-forwardings rspamd-ports)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (srfi srfi-64)
+ (srfi srfi-11)
+ (gnu build marionette)
+ (web uri)
+ (web client)
+ (web response))
+
+ (define marionette
+ (make-marionette '(#$vm)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "rspamd")
+
+ (test-assert "service is running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'rspamd))
+ marionette))
+
+
+ ;; Check mympd-service-type commit for reference
+ ;; TODO: For this test we need to authorize the controller to
+ ;; listen on other interfaces, e.g *:11334 instead of localhost:11334
+
+ ;; Check that we can access the web ui
+ (test-equal "http-get"
+ 200
+ (begin
+ (let-values (((response text)
+ (http-get "http://localhost:22668/"
+ #:decode-body? #t)))
+ (response-code response))))
+
+ (test-assert "rspamd socket ready"
+ (wait-for-unix-socket
+ "/var/lib/rspamd/rspamd.sock"
+ marionette))
+
+ (test-assert "rspamd pid ready"
+ (marionette-eval
+ '(file-exists? "/var/run/rspamd/rspamd.pid")
+ marionette))
+
+ (test-assert "rspamd log file"
+ (marionette-eval
+ '(file-exists? "/var/log/rspamd/rspamd.log")
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "rspamd-test" test))
+
+(define %test-rspamd
+ (system-test
+ (name "rspamd")
+ (description "Send an email to a running rspamd server.")
+ (value (run-rspamd-test))))

base-commit: 5e7b0a7735d9956ee8b8c3763e4ce05e2855606f
--
2.39.1
B
B
Bruno Victal wrote on 25 Feb 2023 13:33
(name . Thomas Ieong)(address . th.ieong@free.fr)(address . 61740@debbugs.gnu.org)
f69ef481-1016-15af-bf28-8f1fa1b1bbfe@makinata.eu
Hi,

On 2023-02-23 20:16, Thomas Ieong wrote:
Toggle quote (35 lines)
> * gnu/services/mail.scm (rspamd-service-type): New variable.
> * gnu/tests/mail.scm (%test-rspamd): New variable.
> * doc/guix.texi: Document it.
> ---
>
> Hey Guix!
>
> First time contributor here, this patch
> introduces some basic support for rspamd.
>
> I do need guidance on some points.
>
> How to handle the extra configs that a user can
> provide to rspamd?
>
> On your average linux distro rspamd does expects
> you to not touch the rspamd.conf and instead put
> your changes in the /etc/rspamd/{local.d,override.d} directories
> (local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.)
>
> For example to set the password of the web ui
> you're supposed to create /etc/rspamd/local.d/worker-controller.inc
> and then set password = "some_hash";
>
> Then this will get merged with the config
> as something like:
>
> worker {
> type = "controller";
> password = "some_hash";
> }
>
> The point is we could ignore local.d/override.d
> and write these blocks directly to rspamd.conf.

For most services, the configuration is expected to be read-only (and generated & managed by guix)
though it is possible to have a mix of non guix-managed config files (but discouraged).

If you simply want to store the configuration in separate files, pulseaudio-service-type and mympd-service-type is an example that can do this.

Toggle quote (8 lines)
>
> Of course it needs some additionals configuration records for the workers and the common options
> between them.
>
> And finally for the test I do plan to add integration test with opensmtpd when I get the time.
>
> Are there examples of such integration test?

Specific examples no but gnu/tests/ contains many tests of varying complexity that could serve as inspiration.
See the NFS or web server tests.

Toggle quote (35 lines)
> +
> +@deftp {Data Type} rspamd-configuration
> +Data type representing the configuration of @command{rspamd}.
> +
> +@table @asis
> +@item @code{package} (default: @code{rspamd})
> +The package that provides @command{rspamd}.
> +
> +@item @code{config-file} (default: @code{%default-rspamd-config-file})
> +File-like object of the configuration file to use. By default
> +all workers are enabled except fuzzy and they are binded
> +to their usual ports, e.g localhost:11334, localhost:11333 and so on.
> +
> +@item @code{user} (default: @code{"rspamd"})
> +The user to run rspamd as.
> +
> +@item @code{group} (default: @code{"rspamd"})
> +The user to run rspamd as.
> +
> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
> +Where to store the PID file.
> +
> +@item @code{debug?} (default: @code{#f})
> +Force debug output.
> +
> +@item @code{insecure?} (default: @code{#f})
> +Ignore running workers as privileged users (insecure).
> +
> +@item @code{skip-template?} (default: @code{#f})
> +Do not apply Jinja templates.
> +
> +@end table
> +@end deftp
> +

Was this manually typed? (It seems to be the case since it's missing the field type information)
You can generate the documentation automatically with configuration->documentation since you're using define-configuration.

Toggle quote (41 lines)
> +;;;
> +;;; Rspamd.
> +;;;
> +
> +(define-maybe boolean)
> +
> +(define-configuration rspamd-configuration
> + (package
> + (file-like rspamd)
> + "The package that provides rspamd."
> + empty-serializer)
> + (config-file
> + (file-like %default-rspamd-config-file)
> + "File-like object of the configuration file to use. By default
> +all workers are enabled except fuzzy and they are binded
> +to their usual ports, e.g localhost:11334, localhost:11333 and so on")
> + (user
> + (string "rspamd")
> + "The user to run rspamd as."
> + empty-serializer)
> + (group
> + (string "rspamd")
> + "The group to run rspamd as."
> + empty-serializer)
> + (pid-file
> + (string "/var/run/rspamd/rspamd.pid")
> + "Where to store the PID file."
> + empty-serializer)
> + (debug?
> + maybe-boolean
> + "Force debug output."
> + empty-serializer)
> + (insecure?
> + maybe-boolean
> + "Ignore running workers as privileged users (insecure)."
> + empty-serializer)
> + (skip-template?
> + maybe-boolean
> + "Do not apply Jinja templates."
> + empty-serializer))

If you're not going to use any serializer, you can use define-configuration/no-serialization instead.

Toggle quote (19 lines)
> +
> +(define (rspamd-activation config)
> + (match-record config <rspamd-configuration>
> + (package config-file user)
> + #~(begin
> + (use-modules (guix build utils)
> + (ice-9 match))
> + (let ((user (getpwnam #$user)))
> + (mkdir-p/perms "/etc/rspamd" user #o755)
> + (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
> + (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
> + (mkdir-p/perms "/var/run/rspamd" user #o755)
> + (mkdir-p/perms "/var/log/rspamd" user #o755)
> + (mkdir-p/perms "/var/lib/rspamd" user #o755))
> + ;; Check configuration file syntax.
> + (system* (string-append #$package "/bin/rspamadm")
> + "configtest"
> + "-c" #$config-file))))

This should be moved into the service constructor. See how mpd-service-type does this.

To expand a bit here, activation-service-type service-extensions are often abused for "pre-service launch tasks"
but this is incorrect usage (see #60657 which covers the pitfalls on doing so).

Toggle quote (4 lines)
> +
> +(define rspamd-profile
> + (compose list rspamd-configuration-package))

How about:
(service-extension profile-service-type
(compose list rspamd-configuration-package))


Toggle quote (3 lines)
> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
> index f13751b72f..f532d30805 100644

Do not forget to register this file in gnu/local.mk.


Cheers,
Bruno
L
L
Ludovic Courtès wrote on 5 Mar 2023 14:06
control message for bug #61740
(address . control@debbugs.gnu.org)
87ilfeonty.fsf@gnu.org
tags 61740 + moreinfo
quit
L
L
Ludovic Courtès wrote on 8 Aug 2023 08:34
Re: bug#61740: [PATCH] services: Add rspamd-service-type.
(name . Thomas Ieong)(address . th.ieong@free.fr)
87v8dppmy2.fsf_-_@gnu.org
Hi Thomas,

It’s been a while. :-) Did you have time to consider Bruno’s
suggestions to send an updated patch?


Thanks,
Ludo’.

Bruno Victal <mirai@makinata.eu> skribis:

Toggle quote (176 lines)
> Hi,
>
> On 2023-02-23 20:16, Thomas Ieong wrote:
>> * gnu/services/mail.scm (rspamd-service-type): New variable.
>> * gnu/tests/mail.scm (%test-rspamd): New variable.
>> * doc/guix.texi: Document it.
>> ---
>>
>> Hey Guix!
>>
>> First time contributor here, this patch
>> introduces some basic support for rspamd.
>>
>> I do need guidance on some points.
>>
>> How to handle the extra configs that a user can
>> provide to rspamd?
>>
>> On your average linux distro rspamd does expects
>> you to not touch the rspamd.conf and instead put
>> your changes in the /etc/rspamd/{local.d,override.d} directories
>> (local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.)
>>
>> For example to set the password of the web ui
>> you're supposed to create /etc/rspamd/local.d/worker-controller.inc
>> and then set password = "some_hash";
>>
>> Then this will get merged with the config
>> as something like:
>>
>> worker {
>> type = "controller";
>> password = "some_hash";
>> }
>>
>> The point is we could ignore local.d/override.d
>> and write these blocks directly to rspamd.conf.
>
> For most services, the configuration is expected to be read-only (and generated & managed by guix)
> though it is possible to have a mix of non guix-managed config files (but discouraged).
>
> If you simply want to store the configuration in separate files, pulseaudio-service-type and mympd-service-type is an example that can do this.
>
>>
>> Of course it needs some additionals configuration records for the workers and the common options
>> between them.
>>
>> And finally for the test I do plan to add integration test with opensmtpd when I get the time.
>>
>> Are there examples of such integration test?
>
> Specific examples no but gnu/tests/ contains many tests of varying complexity that could serve as inspiration.
> See the NFS or web server tests.
>
>> +
>> +@deftp {Data Type} rspamd-configuration
>> +Data type representing the configuration of @command{rspamd}.
>> +
>> +@table @asis
>> +@item @code{package} (default: @code{rspamd})
>> +The package that provides @command{rspamd}.
>> +
>> +@item @code{config-file} (default: @code{%default-rspamd-config-file})
>> +File-like object of the configuration file to use. By default
>> +all workers are enabled except fuzzy and they are binded
>> +to their usual ports, e.g localhost:11334, localhost:11333 and so on.
>> +
>> +@item @code{user} (default: @code{"rspamd"})
>> +The user to run rspamd as.
>> +
>> +@item @code{group} (default: @code{"rspamd"})
>> +The user to run rspamd as.
>> +
>> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
>> +Where to store the PID file.
>> +
>> +@item @code{debug?} (default: @code{#f})
>> +Force debug output.
>> +
>> +@item @code{insecure?} (default: @code{#f})
>> +Ignore running workers as privileged users (insecure).
>> +
>> +@item @code{skip-template?} (default: @code{#f})
>> +Do not apply Jinja templates.
>> +
>> +@end table
>> +@end deftp
>> +
>
> Was this manually typed? (It seems to be the case since it's missing the field type information)
> You can generate the documentation automatically with configuration->documentation since you're using define-configuration.
>
>> +;;;
>> +;;; Rspamd.
>> +;;;
>> +
>> +(define-maybe boolean)
>> +
>> +(define-configuration rspamd-configuration
>> + (package
>> + (file-like rspamd)
>> + "The package that provides rspamd."
>> + empty-serializer)
>> + (config-file
>> + (file-like %default-rspamd-config-file)
>> + "File-like object of the configuration file to use. By default
>> +all workers are enabled except fuzzy and they are binded
>> +to their usual ports, e.g localhost:11334, localhost:11333 and so on")
>> + (user
>> + (string "rspamd")
>> + "The user to run rspamd as."
>> + empty-serializer)
>> + (group
>> + (string "rspamd")
>> + "The group to run rspamd as."
>> + empty-serializer)
>> + (pid-file
>> + (string "/var/run/rspamd/rspamd.pid")
>> + "Where to store the PID file."
>> + empty-serializer)
>> + (debug?
>> + maybe-boolean
>> + "Force debug output."
>> + empty-serializer)
>> + (insecure?
>> + maybe-boolean
>> + "Ignore running workers as privileged users (insecure)."
>> + empty-serializer)
>> + (skip-template?
>> + maybe-boolean
>> + "Do not apply Jinja templates."
>> + empty-serializer))
>
> If you're not going to use any serializer, you can use define-configuration/no-serialization instead.
>
>> +
>> +(define (rspamd-activation config)
>> + (match-record config <rspamd-configuration>
>> + (package config-file user)
>> + #~(begin
>> + (use-modules (guix build utils)
>> + (ice-9 match))
>> + (let ((user (getpwnam #$user)))
>> + (mkdir-p/perms "/etc/rspamd" user #o755)
>> + (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
>> + (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
>> + (mkdir-p/perms "/var/run/rspamd" user #o755)
>> + (mkdir-p/perms "/var/log/rspamd" user #o755)
>> + (mkdir-p/perms "/var/lib/rspamd" user #o755))
>> + ;; Check configuration file syntax.
>> + (system* (string-append #$package "/bin/rspamadm")
>> + "configtest"
>> + "-c" #$config-file))))
>
> This should be moved into the service constructor. See how mpd-service-type does this.
>
> To expand a bit here, activation-service-type service-extensions are often abused for "pre-service launch tasks"
> but this is incorrect usage (see #60657 which covers the pitfalls on doing so).
>
>> +
>> +(define rspamd-profile
>> + (compose list rspamd-configuration-package))
>
> How about:
> (service-extension profile-service-type
> (compose list rspamd-configuration-package))
>
>
>> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
>> index f13751b72f..f532d30805 100644
>
> Do not forget to register this file in gnu/local.mk.
>
>
> Cheers,
> Bruno
S
S
Saku Laesvuori wrote on 5 Sep 2023 12:06
Re: [bug#61740] [PATCH] services: Add rspamd-service-type.
(name . Ludovic Courtès)(address . ludo@gnu.org)
gvndebyuqjkrpgypbdj5xlaarpwcp4slv5pn2ray34o3epoxxg@fkubt4jbaava
Toggle quote (10 lines)
> Hi Thomas,
>
> It’s been a while. :-) Did you have time to consider Bruno’s
> suggestions to send an updated patch?
>
> https://issues.guix.gnu.org/61740
>
> Thanks,
> Ludo’.

I happened to need rspamd myself so I cleaned this patch a little and
thought it would be useful to submit a v2 of it. I don't really know how
co-authored patches should be sent (because I expect the From: in the
patch to interfere with email) so I added it as an attachment.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmT3fBkACgkQJX0oSiod
OjI0WBAAv99T0FMl44P8kJo/0ds5Muy0kk3GXxdq4oCDNGjiWzgnw0lA6R26KAYO
uRsaJ6TuTkupV3MJ3Zhv5WRIc/PAyal8tB5rux8xajwq8Ig3d9wrT9syV9R6TndV
gNoWmzH9VGoEkRGHoJ4ye+H3BRka6nXffgilEX7vkbJY30AKybQX3tkvMDK6ln4w
ubu8pPNcANAuHPVghKxuSAwuZR4xXhq4L+WIUqn8sBGuFaLjpuqe2DfBWMNefcVf
pXicpLTkwtoTJ4LozehQfBCf3CMpVQT7DC0z6NP2IFD///L077EUh9CmKvewgl7D
0hwyGwiUTRPzgJ8fFRPWuj59wz2zZrCyTFLm62K8j5TfBs9KNoGWXHAyWAycI4+f
FhYqfESCiv8cYVUqk5deZpdnXYADAjT4uk0/sAukixnmsmIrbaFI4+cfUv+SzuDG
KSrMZerTQNMNBAEejQmmc6oTTmyT6aGO6st6r5nq0muwBgxj0RANz5KasyFJ4CQJ
yFp7rPxe730CLC/zoj5ijKD5H4axBTajbIiwBtV8TDA/Ww2NLChcqrg2Cs5xEH+Q
aVDVMyxiocKEjSD9gVFyyJdHxw24wcZUQbV5c0EdeppJ+ZRO53sDIaThJ1dzA/rI
8+Mhwh/3NS5U+uuLleh4rpwA+00OJfbTosH8kwLe9T/3zNbRjNM=
=Z20Q
-----END PGP SIGNATURE-----


F
F
Felix Lechner wrote on 15 Sep 2023 13:47
Re: [PATCH] services: Add rspamd-service-type.
(name . Saku Laesvuori)(address . saku@laesvuori.fi)
87sf7fqi3x.fsf@lease-up.com
Hi Saku,

Toggle quote (2 lines)
> I happened to need rspamd myself

So do I but it does not seem to start locally. It created some folders
and, per the log, the configuration file passed the syntax check, but
then the boot stalls.

I used (service rspamd-service-type) and nothing else in my system
configuration. Should it be sufficient? Thanks!

Kind regards
Felix
S
S
Saku Laesvuori wrote on 16 Sep 2023 13:10
(name . Felix Lechner)(address . felix.lechner@lease-up.com)
e2kz4e54vf2gbop4n6b5xnbwiqdgelbiug4in76z5ozm4rfdhy@hvrgaiostytj
On Fri, Sep 15, 2023 at 01:47:14PM -0700, Felix Lechner wrote:
Toggle quote (11 lines)
> Hi Saku,
>
> > I happened to need rspamd myself
>
> So do I but it does not seem to start locally. It created some folders
> and, per the log, the configuration file passed the syntax check, but
> then the boot stalls.
>
> I used (service rspamd-service-type) and nothing else in my system
> configuration. Should it be sufficient? Thanks!

Oops, the version I tested (and am running right now) used
activation-service-type and I forgot to test that it was still working
after moving the code from there to the shepherd service. A fixed v3 is
attached.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmUGC6wACgkQJX0oSiod
OjLN5RAAlOC4A0Ps5ynly792hGultMvda+QrNyTJrW9zQnwSB/0nFGCku3DuSKyl
58THolYBb/YkZLTlDuqPSaq0Dll35iqK1Wj1mn/KZG5smUzTnN/GlOWZV6VG+Btd
iUW4VriGR2rmsyEE3sBuNvsInO4VeFQ7SDcmteOqPHheceC2m8hO4/PAF7QotxYA
l7Cn+srWL+OjIc3EmdPUbMe5KE7Q9Xm2aYdfBJv4yS7QMSyonKJdTQ8KN2J6+Oe9
ihG7qVyNbmPFqqNFG6NDBstNLBeVk7cdrHBpG41qLZMP0DW/uSbXdFnsd+y6fvGh
RC6pjnq/072DKwu7LIh2vR3Kb2RmP/Fke6io9GWt8Pi6lUkbE8RTrMrMgNoS3zp2
tlgDqqIcr/QteEZLkV/o22B96bWn05UKAq5Ppq6CFTKXNinxjf2AW2t0VIg4g8cq
v3megnZhhHto2Qxoa0hkU8mbgOy0EvhtW3m3x3z6Ehq/Kj8s6xtJnqghbLOKaIE2
u/7sGs1iLWMBjFGSwvw+u3kl8SVMEZNLaiAJpa5FNMMaOL+x0xLXqraOQKxl4TSl
j4gyn0Yv+sqOAFCiAFBJhM0slHCweFoMpQkDXEDOxIwgXyTaoWPJ24oRFWD1fkAX
7a2Xtvzm/7j2PlCs84mYZuwwHy08I7kDZGi/4nd6t9cSIjEGDj0=
=GAFM
-----END PGP SIGNATURE-----


F
F
Felix Lechner wrote on 30 Nov 2023 19:11
(address . 61740@debbugs.gnu.org)
87plzqk46j.fsf@lease-up.com
Hi,

This patch is ready to be merged.

I have been running the v3 patch of the rspamd-service-type, which was
posted here attached and not inline, on my production equipment since
the day Saku shared it.

I use it with OpenSMTPd like this. [1]

Kind regards
Felix

[1]
B
B
Bruno Victal wrote on 6 Dec 2023 06:58
Re: [bug#61740] [PATCH v3] services: Add rspamd-service-type. (was [bug#61740] [PATCH] services: Add rspamd-service-type.)
fede9b59-593b-4006-8043-79fd90a7648a@makinata.eu
Hi Saku,

Some comments:

Toggle quote (7 lines)
> +(define (directory-tree? xs)
> + (match xs
> + (((file-name file-like) ...)
> + (and (every string? file-name)
> + (every file-like? file-like)))
> + (_ #f)))

You can express this more compactly as:

Toggle snippet (6 lines)
(define directory-tree?
(match-lambda
((((? string?) (? file-like?)) ...) #t)
(_ #f)))

Toggle quote (7 lines)
> + (user
> + (string "rspamd")
> + "The user to run rspamd as.")
> + (group
> + (string "rspamd")
> + "The group to run rspamd as.")

How about using user-account and user-group records instead? (see
vnstat-service-type for an example)

Toggle quote (4 lines)
> + (pid-file
> + (string "/var/run/rspamd/rspamd.pid")
> + "Where to store the PID file.")

Is it useful to expose this?


Toggle quote (4 lines)
> + (insecure?
> + (boolean #f)
> + "Ignore running workers as privileged users (insecure).")

To me it seems redundant to restate “(insecure)” in the description.

Toggle quote (3 lines)
> + (make-forkexec-constructor
> + (list #$rspamd "-c" #$config-file

I'd prefer the long-name --config over the shorter ones here.

Toggle quote (2 lines)
> + "--var" (string-append "LOCAL_CONFDIR=" #$local-confdir)

Curiously I don't see this listed in the 'rspamd' manpage although
it is on the 'rspamadm' one. Can you confirm whether this works
and if so, report to upstream that their docs are missing this?

Toggle quote (3 lines)
> + (service-extension profile-service-type
> + (compose list rspamd-configuration-package))

What's the motivation for adding the rspamd package to the profile?

Toggle quote (5 lines)
> +(define %rspamd-os
> + (simple-operating-system
> + (service dhcp-client-service-type)
> + (service rspamd-service-type)))

Is 'dhcp-client-service-type' needed for this system test?
I haven't tested it but it looks unnecessary to me.

Toggle quote (9 lines)
> + ;; Check that we can access the web ui
> + (test-equal "http-get"
> + 200
> + (begin
> + (let-values (((response text)
> + (http-get "http://localhost:22668/"
> + #:decode-body? #t)))
> + (response-code response))))

IMO if you're only interested in the HTTP response code a http-head
is the better option, unless the program handles those requests
differently. Also, since 'text' isn't used you can simplify this to:

Toggle snippet (7 lines)
;; Don't forget to remove the unused (srfi srfi-11) import.

(test-equal "Web UI is accessible"
200
(response-code (http-head "http://localhost:22668/")))

Toggle quote (5 lines)
> + (test-assert "rspamd pid ready"
> + (marionette-eval
> + '(file-exists? "/var/run/rspamd/rspamd.pid")
> + marionette))

There's a procedure dedicated for this:

Toggle snippet (4 lines)
(test-assert "rspamd pid ready"
(wait-for-file #$(rspamd-configuration-pid-file (rspamd-configuration)) marionette)))

Note: I used (rspamd-configuration) since it you're using the default
rspamd-configuration value here.

Toggle quote (6 lines)
> +(define %test-rspamd
> + (system-test
> + (name "rspamd")
> + (description "Send an email to a running rspamd server.")
> + (value (run-rspamd-test))))

I'd change the description to something like "Basic rspamd service test."
as the current one is misleading.

--
Furthermore, I consider that nonfree software must be eradicated.

Cheers,
Bruno.
S
S
Saku Laesvuori wrote on 8 Dec 2023 00:17
(name . Bruno Victal)(address . mirai@makinata.eu)
4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro
On Wed, Dec 06, 2023 at 02:58:19PM +0000, Bruno Victal wrote:
Toggle quote (20 lines)
> Hi Saku,
>
> Some comments:
>
> > +(define (directory-tree? xs)
> > + (match xs
> > + (((file-name file-like) ...)
> > + (and (every string? file-name)
> > + (every file-like? file-like)))
> > + (_ #f)))
>
> You can express this more compactly as:
>
> --8<---------------cut here---------------start------------->8---
> (define directory-tree?
> (match-lambda
> ((((? string?) (? file-like?)) ...) #t)
> (_ #f)))
> --8<---------------cut here---------------end--------------->8---

Done in v4.

Toggle quote (11 lines)
>
> > + (user
> > + (string "rspamd")
> > + "The user to run rspamd as.")
> > + (group
> > + (string "rspamd")
> > + "The group to run rspamd as.")
>
> How about using user-account and user-group records instead? (see
> vnstat-service-type for an example)

Done in v4.

Toggle quote (7 lines)
>
> > + (pid-file
> > + (string "/var/run/rspamd/rspamd.pid")
> > + "Where to store the PID file.")
>
> Is it useful to expose this?

I don't know. It was there when I picked up this patch but I can't come
up with a case in which one would want to change it. Removed in v4.

Toggle quote (8 lines)
>
>
> > + (insecure?
> > + (boolean #f)
> > + "Ignore running workers as privileged users (insecure).")
>
> To me it seems redundant to restate “(insecure)” in the description.

True. Removed in v4.

Toggle quote (6 lines)
>
> > + (make-forkexec-constructor
> > + (list #$rspamd "-c" #$config-file
>
> I'd prefer the long-name --config over the shorter ones here.

Done in v4.

Toggle quote (6 lines)
> > + "--var" (string-append "LOCAL_CONFDIR=" #$local-confdir)
>
> Curiously I don't see this listed in the 'rspamd' manpage although
> it is on the 'rspamadm' one. Can you confirm whether this works
> and if so, report to upstream that their docs are missing this?

It does work; I've used it since before I submitted this patch. The
`--var` option is listed on `rspamd --help`. Unfortunately, Rspamd
tracks their issues on Github and I'd prefer not registering an account
there.

Toggle quote (5 lines)
> > + (service-extension profile-service-type
> > + (compose list rspamd-configuration-package))
>
> What's the motivation for adding the rspamd package to the profile?

That was also there when I picked up this patch. I assume it is added to
the profile so that the `rspamadm` and `rspamc` programs are available
and compatible with the daemon. I don't have strong feelings about this
in either direction.

Toggle quote (8 lines)
> > +(define %rspamd-os
> > + (simple-operating-system
> > + (service dhcp-client-service-type)
> > + (service rspamd-service-type)))
>
> Is 'dhcp-client-service-type' needed for this system test?
> I haven't tested it but it looks unnecessary to me.

It provides 'networking for the http test. Apparently the test wasn't
working yet anyway (I had no experience in Guix tests when I sent my
versions of the patch and just assumed that they were working in Thomas'
version). The tests are now fixed in v4.

Toggle quote (21 lines)
> > + ;; Check that we can access the web ui
> > + (test-equal "http-get"
> > + 200
> > + (begin
> > + (let-values (((response text)
> > + (http-get "http://localhost:22668/"
> > + #:decode-body? #t)))
> > + (response-code response))))
>
> IMO if you're only interested in the HTTP response code a http-head
> is the better option, unless the program handles those requests
> differently. Also, since 'text' isn't used you can simplify this to:
>
> --8<---------------cut here---------------start------------->8---
> ;; Don't forget to remove the unused (srfi srfi-11) import.
>
> (test-equal "Web UI is accessible"
> 200
> (response-code (http-head "http://localhost:22668/")))
> --8<---------------cut here---------------end--------------->8---

Done in v4.

Toggle quote (12 lines)
> > + (test-assert "rspamd pid ready"
> > + (marionette-eval
> > + '(file-exists? "/var/run/rspamd/rspamd.pid")
> > + marionette))
>
> There's a procedure dedicated for this:
>
> --8<---------------cut here---------------start------------->8---
> (test-assert "rspamd pid ready"
> (wait-for-file #$(rspamd-configuration-pid-file (rspamd-configuration)) marionette)))
> --8<---------------cut here---------------end--------------->8---

Done in v4.

Toggle quote (9 lines)
> > +(define %test-rspamd
> > + (system-test
> > + (name "rspamd")
> > + (description "Send an email to a running rspamd server.")
> > + (value (run-rspamd-test))))
>
> I'd change the description to something like "Basic rspamd service test."
> as the current one is misleading.

Done in v4.
Attachment: file
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmVy0REACgkQJX0oSiod
OjLp+w//Q8+W7yyrK1blgzRvvrtb1stL/eOYu8+qZxb8hYBz9qX4BAk6PoR8jDa/
gExL9Fl5KiF8xKUOzYt1loqQf7wnHs9Wn+9fS2g4dd7LElCmZgemtMLvUWytv+sB
dyKtIu7l9Aml6CIiXxHhVQMtS3DA10DD8lszTfO36c/LLq62r+o6pt+vePYfCWlW
t45BGEoIS8fat/RIhf+zyRFFlPoAPeBKfpCHC6CJPd17eUWEoVeMI1o1zbjUIt6k
EdLUyibFrH9KuNhxxUcbRjKXrOCoU2FTrkSy6JL0y/mxelkKXuVCHiV7H6xkV3uY
VKNaX64QLS4Babze+wekAf6x9h2wiFjoJ2+8++DUXVVt5k53j8VaUuKAhBRachiw
L2rQ1yA8K02BbAUR7L+YNs+Bjr04+36eM0RmFvuUav2CJRAjD25guSpDQ6hUkRDN
DXuw6AWodr3q4W65TsIHDS+6uVt4ZI7TqpXlLxCQvAMkJH7vSulrzSCrhBmk8ULX
upyONt8S4vapOl2klxrUAxjJ87lVCQhgQC5WgZv43LMd+GSEX2qc8xG07s0cKGL8
gO6fuijQgR6UBx6PnmmGaGbn9vKkYQaj3QmTH/ndumsgMqVYXXCWVYuK8lCHG+hJ
eQF/fhtgeqDhTucugcCOxKi1REZACDsTRWoAc3mUnV7aD+c/K4k=
=l7Vd
-----END PGP SIGNATURE-----


B
B
Bruno Victal wrote on 11 Dec 2023 11:19
Re: [bug#61740] [PATCH v4] services: Add rspamd-service-type. (was [bug#61740] [PATCH v3] services: Add rspamd-service-type.)
(name . Saku Laesvuori)(address . saku@laesvuori.fi)
cf2b94ce-b33d-43b7-960a-d01ddfea9014@makinata.eu
Hi Saku,

On 2023-12-08 08:17, Saku Laesvuori wrote:
Toggle quote (13 lines)
> On Wed, Dec 06, 2023 at 02:58:19PM +0000, Bruno Victal wrote:
>> On 2023-09-16 21:10, Saku Laesvuori wrote:
>>> + "--var" (string-append "LOCAL_CONFDIR=" #$local-confdir)
>>
>> Curiously I don't see this listed in the 'rspamd' manpage although
>> it is on the 'rspamadm' one. Can you confirm whether this works
>> and if so, report to upstream that their docs are missing this?
>
> It does work; I've used it since before I submitted this patch. The
> `--var` option is listed on `rspamd --help`. Unfortunately, Rspamd
> tracks their issues on Github and I'd prefer not registering an account
> there.

Forwarded with [1].

Toggle quote (10 lines)
>>> + (service-extension profile-service-type
>>> + (compose list rspamd-configuration-package))
>>
>> What's the motivation for adding the rspamd package to the profile?
>
> That was also there when I picked up this patch. I assume it is added to
> the profile so that the `rspamadm` and `rspamc` programs are available
> and compatible with the daemon. I don't have strong feelings about this
> in either direction.

I think it's better to omit this, users who are interested in the tools
can use 'guix shell rspamd'.

Toggle quote (4 lines)
> +(define (list-of-symbols? x)
> + (and (list? x)
> + (every symbol? x)))

list-of-symbols? is already defined in (gnu services configuration),
you can omit this.

Toggle quote (4 lines)
> + (shepherd-action
> + (name 'reopenlog)
> + (documentation "Reopen log files.")

Missed this in my previous reply, I'd prefer naming this action as
'reopen instead.

Toggle quote (4 lines)
> +(define %rspamd-os
> + (simple-operating-system
> + (service dhcp-client-service-type)

[…]

Toggle quote (8 lines)
> + (service rspamd-service-type
> + (rspamd-configuration
> + (shepherd-requirements '(networking))
> + (local.d-files `(("worker-controller.inc"
> + ,(plain-file
> + "rspamd-public-web-controller.conf"
> + "bind_socket = \"0.0.0.0:11334\";"))))))))

I wonder if you could remove dhcp-client-service-type and use the
loopback device for this test instead, by binding to '[::1]' or '127.0.0.1'.
(You don't need to add %loopback-static-networking here since it is already
included in %base-services.)

Toggle quote (6 lines)
> +(define (run-rspamd-test)
> + "Return a test of an OS running Rspamd service."
> +
> + (define rspamd-ports
> + '((22668 . 11334))) ;; web controller

[…]

Toggle quote (8 lines)
> +
> + (define vm
> + (virtual-machine
> + (operating-system (marionette-operating-system
> + %rspamd-os
> + #:imported-modules '((gnu services herd))))
> + (port-forwardings rspamd-ports)))

[…]

Toggle quote (6 lines)
> + ;; Check that we can access the web ui
> +
> + (test-equal "http-get"
> + 200
> + (response-code (http-get "http://localhost:22668/"))) ; HEAD is unsupported

Actually I've realized that these port-forwards are unnecessary
and it would be better to instead do:

Toggle snippet (14 lines)
;; Note: remove (web client) and (web response) in the imports above
;; i.e. after the #~(begin (use-modules …

(test-equal "http-get"
200
(marionette-eval
'(begin
(use-modules (web client)
(web response))
(response-code (http-head "http://localhost:11334/")))
marionette))



--
Furthermore, I consider that nonfree software must be eradicated.

Cheers,
Bruno.
S
S
Saku Laesvuori wrote on 11 Dec 2023 22:58
[bug#61740] [PATCH v5] services: Add rspamd-service-type (was [PATCH v4] services: Add rspamd-service-type.)
(name . Bruno Victal)(address . mirai@makinata.eu)
botsmh6qhzc3noij37cclvygj5rs7ot6b77zsgafn2xgpajqim@lqdq5afei6dn
Toggle quote (13 lines)
> >>> + (service-extension profile-service-type
> >>> + (compose list rspamd-configuration-package))
> >>
> >> What's the motivation for adding the rspamd package to the profile?
> >
> > That was also there when I picked up this patch. I assume it is added to
> > the profile so that the `rspamadm` and `rspamc` programs are available
> > and compatible with the daemon. I don't have strong feelings about this
> > in either direction.
>
> I think it's better to omit this, users who are interested in the tools
> can use 'guix shell rspamd'.

Yes, except if the rspamd package in the configuration is incompatible
with the one in the user's Guix. Anyway, this is now removed in v5.

Toggle quote (7 lines)
> > +(define (list-of-symbols? x)
> > + (and (list? x)
> > + (every symbol? x)))
>
> list-of-symbols? is already defined in (gnu services configuration),
> you can omit this.

Done after a rebase in v5. Apparently it also defines some other useful
functions that I didn't know about.

Toggle quote (7 lines)
> > + (shepherd-action
> > + (name 'reopenlog)
> > + (documentation "Reopen log files.")
>
> Missed this in my previous reply, I'd prefer naming this action as
> 'reopen instead.

Done in v5.

Toggle quote (19 lines)
> > +(define %rspamd-os
> > + (simple-operating-system
> > + (service dhcp-client-service-type)
>
> […]
>
> > + (service rspamd-service-type
> > + (rspamd-configuration
> > + (shepherd-requirements '(networking))
> > + (local.d-files `(("worker-controller.inc"
> > + ,(plain-file
> > + "rspamd-public-web-controller.conf"
> > + "bind_socket = \"0.0.0.0:11334\";"))))))))
>
> I wonder if you could remove dhcp-client-service-type and use the
> loopback device for this test instead, by binding to '[::1]' or '127.0.0.1'.
> (You don't need to add %loopback-static-networking here since it is already
> included in %base-services.)

I tried that but it didn't work because the vm does not have an IP route
configured to the host...

Toggle quote (42 lines)
>
> > +(define (run-rspamd-test)
> > + "Return a test of an OS running Rspamd service."
> > +
> > + (define rspamd-ports
> > + '((22668 . 11334))) ;; web controller
>
> […]
>
> > +
> > + (define vm
> > + (virtual-machine
> > + (operating-system (marionette-operating-system
> > + %rspamd-os
> > + #:imported-modules '((gnu services herd))))
> > + (port-forwardings rspamd-ports)))
>
> […]
>
> > + ;; Check that we can access the web ui
> > +
> > + (test-equal "http-get"
> > + 200
> > + (response-code (http-get "http://localhost:22668/"))) ; HEAD is unsupported
>
> Actually I've realized that these port-forwards are unnecessary
> and it would be better to instead do:
>
> --8<---------------cut here---------------start------------->8---
> ;; Note: remove (web client) and (web response) in the imports above
> ;; i.e. after the #~(begin (use-modules …
>
> (test-equal "http-get"
> 200
> (marionette-eval
> '(begin
> (use-modules (web client)
> (web response))
> (response-code (http-head "http://localhost:11334/")))
> marionette))
> --8<---------------cut here---------------end--------------->8---

... However with changes like these it does work in v5.
Attachment: file
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmV4BKEACgkQJX0oSiod
OjJc8RAAjfQ+eEV+QE8sKjnrFBMIcFO5HG72bJSJl8RymsmzMzoZYExfMmYbwfmw
0KMijd+s+3iq7sMXFhUjkGBN0q7OwdBavFsE7Zd9Xn7pNCNiYITZvYxxz5a6edow
KF1oK3njFtOscpibJ2TmdiQZzfTfptuzFB5a3Yl8wUMZEk8GW2g/O/lLPzZn2Xms
CvRI77n674H3Fhe9x7zNUD2FoRlBRH/tblUrfkk5DOUzmkI4ccuuvMdS2e9vUGp/
FCK9GjmzUrVntpCd0EQRMLGc60boEI9WOLOBtJkH+0UtZbd7OwUZsdmn/VeKmWGG
d0XkDnKJNxhShFBCb8eUG9ca3h1Dwmc0tYtzhSpCk3o1tceZAGPv2DP0CBzxIHCM
a/UlZV0R3BeDquw1RwpSi2wvQXbf5lSyxLNX8mkpEuXmGsnkV5rw0UUgan2xsKzZ
nOJnLlCr5T45OqfBI9612UyA7NNexHjoeQ+iDQ9lqYpm02L6qweDJZnx/sa/YmfQ
mnM/1Jhn6HmacmBFypYsnGeZ4sMlT3VWEztoW8RBFxw5rgHnrLni4bv2XL41wkSs
joEsvT7RGKIdthNm8SBCK6bNvdBMV72dNYr3k6rzP8pJn92++dyFfbwJn7gak+4U
3p3qjpImCejPDy5QTPm7qjFz9ZzKYmvrUvHlX/PNSsrbzYaZqro=
=8QwL
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 14 Dec 2023 14:09
(name . Saku Laesvuori)(address . saku@laesvuori.fi)
875y10tp1f.fsf@gnu.org
Hello,

Saku Laesvuori <saku@laesvuori.fi> skribis:

Toggle quote (7 lines)
> * gnu/services/mail.scm (rspamd-service-type): New variable.
> * gnu/tests/mail.scm (%test-rspamd): New variable.
> * doc/guix.texi: Document it.
>
> Co-authored-by: Saku Laesvuori <saku@laesvuori.fi>
> Change-Id: I7196643f087ffe9fc91aab231b69d5ed8dc9d198

Finally applied. Thanks a lot to everyone involved, great team work!

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 61740@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 61740
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch