[PATCH] services: Add rspamd-service-type.

  • Open
  • quality assurance status badge
Details
5 participants
  • Felix Lechner
  • Ludovic Courtès
  • Bruno Victal
  • Saku Laesvuori
  • Thomas Ieong
Owner
unassigned
Submitted by
Thomas Ieong
Severity
normal
T
T
Thomas Ieong wrote on 23 Feb 21:16 +0100
Download
(address . guix-patches@gnu.org)(name . Thomas Ieong)(address . th.ieong@free.fr)
68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr
Download
* gnu/services/mail.scm (rspamd-service-type): New variable.
* gnu/tests/mail.scm (%test-rspamd): New variable.
* doc/guix.texi: Document it.
---

Hey Guix!

First time contributor here, this patch
introduces some basic support for rspamd.

I do need guidance on some points.

How to handle the extra configs that a user can
provide to rspamd?

On your average linux distro rspamd does expects
you to not touch the rspamd.conf and instead put
your changes in the /etc/rspamd/{local.d,override.d} directories
(local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.)

For example to set the password of the web ui
you're supposed to create /etc/rspamd/local.d/worker-controller.inc
and then set password = "some_hash";

Then this will get merged with the config
as something like:

worker {
type = "controller";
password = "some_hash";
}

The point is we could ignore local.d/override.d
and write these blocks directly to rspamd.conf.

Of course it needs some additionals configuration records for the workers and the common options
between them.

And finally for the test I do plan to add integration test with opensmtpd when I get the time.

Are there examples of such integration test?

What do you think?

doc/guix.texi | 43 ++++++++++
gnu/services/mail.scm | 191 +++++++++++++++++++++++++++++++++++++++++-
gnu/tests/mail.scm | 87 ++++++++++++++++++-
3 files changed, 319 insertions(+), 2 deletions(-)

Toggle diff (387 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 05615b9549..c1070a5244 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -114,6 +114,7 @@
Copyright @copyright{} 2023 Giacomo Leidi@*
Copyright @copyright{} 2022 Antero Mejr@*
Copyright @copyright{} 2023 Bruno Victal@*
+Copyright @copyright{} 2023 Thomas Ieong@*
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -26365,6 +26366,48 @@ Mail Services
@end table
@end deftp
+@subsubheading Rspamd Service
+@cindex email
+@cindex spam
+
+@defvar rspamd-service-type
+This is the type of the @uref{https://rspamd.com/, Rspamd} filtering
+system whose value should be a @code{rspamd-configuration}.
+@end defvar
+
+@deftp {Data Type} rspamd-configuration
+Data type representing the configuration of @command{rspamd}.
+
+@table @asis
+@item @code{package} (default: @code{rspamd})
+The package that provides @command{rspamd}.
+
+@item @code{config-file} (default: @code{%default-rspamd-config-file})
+File-like object of the configuration file to use. By default
+all workers are enabled except fuzzy and they are binded
+to their usual ports, e.g localhost:11334, localhost:11333 and so on.
+
+@item @code{user} (default: @code{"rspamd"})
+The user to run rspamd as.
+
+@item @code{group} (default: @code{"rspamd"})
+The user to run rspamd as.
+
+@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
+Where to store the PID file.
+
+@item @code{debug?} (default: @code{#f})
+Force debug output.
+
+@item @code{insecure?} (default: @code{#f})
+Ignore running workers as privileged users (insecure).
+
+@item @code{skip-template?} (default: @code{#f})
+Do not apply Jinja templates.
+
+@end table
+@end deftp
+
@node Messaging Services
@subsection Messaging Services
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 6f588679b1..8a4af26f66 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@gmail.com>
;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2023 Thomas Ieong <th.ieong@free.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -79,7 +80,11 @@ (define-module (gnu services mail)
radicale-configuration
radicale-configuration?
radicale-service-type
- %default-radicale-config-file))
+ %default-radicale-config-file
+
+ rspamd-configuration
+ rspamd-service-type
+ %default-rspamd-config-file))
;;; Commentary:
;;;
@@ -1984,3 +1989,187 @@ (define radicale-service-type
(service-extension account-service-type (const %radicale-accounts))
(service-extension activation-service-type radicale-activation)))
(default-value (radicale-configuration))))
+
+;;;
+;;; Rspamd.
+;;;
+
+(define-maybe boolean)
+
+(define-configuration rspamd-configuration
+ (package
+ (file-like rspamd)
+ "The package that provides rspamd."
+ empty-serializer)
+ (config-file
+ (file-like %default-rspamd-config-file)
+ "File-like object of the configuration file to use. By default
+all workers are enabled except fuzzy and they are binded
+to their usual ports, e.g localhost:11334, localhost:11333 and so on")
+ (user
+ (string "rspamd")
+ "The user to run rspamd as."
+ empty-serializer)
+ (group
+ (string "rspamd")
+ "The group to run rspamd as."
+ empty-serializer)
+ (pid-file
+ (string "/var/run/rspamd/rspamd.pid")
+ "Where to store the PID file."
+ empty-serializer)
+ (debug?
+ maybe-boolean
+ "Force debug output."
+ empty-serializer)
+ (insecure?
+ maybe-boolean
+ "Ignore running workers as privileged users (insecure)."
+ empty-serializer)
+ (skip-template?
+ maybe-boolean
+ "Do not apply Jinja templates."
+ empty-serializer))
+
+(define %default-rspamd-config-file
+ (plain-file "rspamd.conf" "
+.include \"$CONFDIR/common.conf\"
+
+options {
+ pidfile = \"$RUNDIR/rspamd.pid\";
+ .include \"$CONFDIR/options.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/options.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/options.inc\"
+}
+
+logging {
+ type = \"file\";
+ filename = \"$LOGDIR/rspamd.log\";
+ .include \"$CONFDIR/logging.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/logging.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/logging.inc\"
+}
+
+worker \"normal\" {
+ bind_socket = \"localhost:11333\";
+ .include \"$CONFDIR/worker-normal.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-normal.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-normal.inc\"
+}
+
+worker \"controller\" {
+ bind_socket = \"localhost:11334\";
+ .include \"$CONFDIR/worker-controller.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-controller.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-controller.inc\"
+}
+
+worker \"rspamd_proxy\" {
+ bind_socket = \"localhost:11332\";
+ .include \"$CONFDIR/worker-proxy.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-proxy.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-proxy.inc\"
+}
+
+# Local fuzzy storage is disabled by default
+
+worker \"fuzzy\" {
+ bind_socket = \"localhost:11335\";
+ count = -1; # Disable by default
+ .include \"$CONFDIR/worker-fuzzy.inc\"
+ .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-fuzzy.inc\"
+ .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-fuzzy.inc\"
+}
+"))
+
+(define (rspamd-accounts config)
+ (match-record config <rspamd-configuration>
+ (user group)
+ (list (user-group
+ (name group)
+ (system? #t))
+ (user-account
+ (name user)
+ (group group)
+ (system? #t)
+ (comment "Rspamd daemon")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin"))))))
+
+(define (rspamd-shepherd-service config)
+ (match-record config <rspamd-configuration>
+ (package config-file user group pid-file debug? insecure? skip-template?)
+ (list (shepherd-service
+ (provision '(rspamd))
+ (documentation "Run the rspamd daemon.")
+ (requirement '(networking))
+ (start (let ((rspamd (file-append package "/bin/rspamd")))
+ #~(make-forkexec-constructor
+ (list #$rspamd "-c" #$config-file
+ #$@(if debug?
+ '("--debug")
+ '())
+ #$@(if insecure?
+ '("--insecure")
+ '())
+ #$@(if skip-template?
+ '("--skip-template")
+ '()))
+ #:user #$user
+ #:group #$group
+ #:pid-file #$pid-file)))
+ (stop #~(make-kill-destructor))
+ (actions
+ (list (shepherd-configuration-action config-file)
+ (shepherd-action
+ (name 'reload)
+ (documentation "Reload rspamd.")
+ (procedure
+ #~(lambda (pid)
+ (if pid
+ (begin
+ (kill pid SIGHUP)
+ (display "Service rspamd has been reloaded"))
+ (format #t "Service rspamd is not running.")))))
+ (shepherd-action
+ (name 'reopenlog)
+ (documentation "Reopen log files.")
+ (procedure
+ #~(lambda (pid)
+ (if pid
+ (begin
+ (kill pid SIGUSR1)
+ (display "Reopening the logs for rspamd"))
+ (format #t "Service rspamd is not running.")))))))))))
+
+(define (rspamd-activation config)
+ (match-record config <rspamd-configuration>
+ (package config-file user)
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 match))
+ (let ((user (getpwnam #$user)))
+ (mkdir-p/perms "/etc/rspamd" user #o755)
+ (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
+ (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
+ (mkdir-p/perms "/var/run/rspamd" user #o755)
+ (mkdir-p/perms "/var/log/rspamd" user #o755)
+ (mkdir-p/perms "/var/lib/rspamd" user #o755))
+ ;; Check configuration file syntax.
+ (system* (string-append #$package "/bin/rspamadm")
+ "configtest"
+ "-c" #$config-file))))
+
+(define rspamd-profile
+ (compose list rspamd-configuration-package))
+
+(define rspamd-service-type
+ (service-type
+ (name 'rspamd)
+ (description "Run the rapid spam filtering system")
+ (extensions
+ (list (service-extension shepherd-root-service-type rspamd-shepherd-service)
+ (service-extension account-service-type rspamd-accounts)
+ (service-extension activation-service-type rspamd-activation)
+ (service-extension profile-service-type rspamd-profile)))
+ (default-value (rspamd-configuration))))
diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
index f13751b72f..f532d30805 100644
--- a/gnu/tests/mail.scm
+++ b/gnu/tests/mail.scm
@@ -6,6 +6,7 @@
;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
;;; Copyright © 2019 Christopher Baines <mail@cbaines.net>
;;; Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2023 Thomas Ieong <th.ieong@free.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -40,7 +41,8 @@ (define-module (gnu tests mail)
#:export (%test-opensmtpd
%test-exim
%test-dovecot
- %test-getmail))
+ %test-getmail
+ %test-rspamd))
(define %opensmtpd-os
(simple-operating-system
@@ -575,3 +577,86 @@ (define %test-getmail
(name "getmail")
(description "Connect to a running Getmail server.")
(value (run-getmail-test))))
+
+(define %rspamd-os
+ (simple-operating-system
+ (service dhcp-client-service-type)
+ (service rspamd-service-type)))
+
+(define (run-rspamd-test)
+ "Return a test of an OS running Rspamd service."
+
+ (define rspamd-ports
+ '((22664 . 11332) ;; proxy worker
+ (22666 . 11333) ;; normal worker
+ (22668 . 11334) ;; web controller
+ (22670 . 11335))) ;; fuzzy worker
+
+ (define vm
+ (virtual-machine
+ (operating-system (marionette-operating-system
+ %rspamd-os
+ #:imported-modules '((gnu services herd))))
+ (port-forwardings rspamd-ports)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (srfi srfi-64)
+ (srfi srfi-11)
+ (gnu build marionette)
+ (web uri)
+ (web client)
+ (web response))
+
+ (define marionette
+ (make-marionette '(#$vm)))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "rspamd")
+
+ (test-assert "service is running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (start-service 'rspamd))
+ marionette))
+
+
+ ;; Check mympd-service-type commit for reference
+ ;; TODO: For this test we need to authorize the controller to
+ ;; listen on other interfaces, e.g *:11334 instead of localhost:11334
+
+ ;; Check that we can access the web ui
+ (test-equal "http-get"
+ 200
+ (begin
+ (let-values (((response text)
+ (http-get "http://localhost:22668/"
+ #:decode-body? #t)))
+ (response-code response))))
+
+ (test-assert "rspamd socket ready"
+ (wait-for-unix-socket
+ "/var/lib/rspamd/rspamd.sock"
+ marionette))
+
+ (test-assert "rspamd pid ready"
+ (marionette-eval
+ '(file-exists? "/var/run/rspamd/rspamd.pid")
+ marionette))
+
+ (test-assert "rspamd log file"
+ (marionette-eval
+ '(file-exists? "/var/log/rspamd/rspamd.log")
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "rspamd-test" test))
+
+(define %test-rspamd
+ (system-test
+ (name "rspamd")
+ (description "Send an email to a running rspamd server.")
+ (value (run-rspamd-test))))

base-commit: 5e7b0a7735d9956ee8b8c3763e4ce05e2855606f
--
2.39.1
B
B
Bruno Victal wrote on 25 Feb 22:33 +0100
Download
(name . Thomas Ieong)(address . th.ieong@free.fr)(address . 61740@debbugs.gnu.org)
f69ef481-1016-15af-bf28-8f1fa1b1bbfe@makinata.eu
Download
Hi,

On 2023-02-23 20:16, Thomas Ieong wrote:
Toggle quote (35 lines)
> * gnu/services/mail.scm (rspamd-service-type): New variable.
> * gnu/tests/mail.scm (%test-rspamd): New variable.
> * doc/guix.texi: Document it.
> ---
>
> Hey Guix!
>
> First time contributor here, this patch
> introduces some basic support for rspamd.
>
> I do need guidance on some points.
>
> How to handle the extra configs that a user can
> provide to rspamd?
>
> On your average linux distro rspamd does expects
> you to not touch the rspamd.conf and instead put
> your changes in the /etc/rspamd/{local.d,override.d} directories
> (local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.)
>
> For example to set the password of the web ui
> you're supposed to create /etc/rspamd/local.d/worker-controller.inc
> and then set password = "some_hash";
>
> Then this will get merged with the config
> as something like:
>
> worker {
> type = "controller";
> password = "some_hash";
> }
>
> The point is we could ignore local.d/override.d
> and write these blocks directly to rspamd.conf.

For most services, the configuration is expected to be read-only (and generated & managed by guix)
though it is possible to have a mix of non guix-managed config files (but discouraged).

If you simply want to store the configuration in separate files, pulseaudio-service-type and mympd-service-type is an example that can do this.

Toggle quote (8 lines)
>
> Of course it needs some additionals configuration records for the workers and the common options
> between them.
>
> And finally for the test I do plan to add integration test with opensmtpd when I get the time.
>
> Are there examples of such integration test?

Specific examples no but gnu/tests/ contains many tests of varying complexity that could serve as inspiration.
See the NFS or web server tests.

Toggle quote (35 lines)
> +
> +@deftp {Data Type} rspamd-configuration
> +Data type representing the configuration of @command{rspamd}.
> +
> +@table @asis
> +@item @code{package} (default: @code{rspamd})
> +The package that provides @command{rspamd}.
> +
> +@item @code{config-file} (default: @code{%default-rspamd-config-file})
> +File-like object of the configuration file to use. By default
> +all workers are enabled except fuzzy and they are binded
> +to their usual ports, e.g localhost:11334, localhost:11333 and so on.
> +
> +@item @code{user} (default: @code{"rspamd"})
> +The user to run rspamd as.
> +
> +@item @code{group} (default: @code{"rspamd"})
> +The user to run rspamd as.
> +
> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
> +Where to store the PID file.
> +
> +@item @code{debug?} (default: @code{#f})
> +Force debug output.
> +
> +@item @code{insecure?} (default: @code{#f})
> +Ignore running workers as privileged users (insecure).
> +
> +@item @code{skip-template?} (default: @code{#f})
> +Do not apply Jinja templates.
> +
> +@end table
> +@end deftp
> +

Was this manually typed? (It seems to be the case since it's missing the field type information)
You can generate the documentation automatically with configuration->documentation since you're using define-configuration.

Toggle quote (41 lines)
> +;;;
> +;;; Rspamd.
> +;;;
> +
> +(define-maybe boolean)
> +
> +(define-configuration rspamd-configuration
> + (package
> + (file-like rspamd)
> + "The package that provides rspamd."
> + empty-serializer)
> + (config-file
> + (file-like %default-rspamd-config-file)
> + "File-like object of the configuration file to use. By default
> +all workers are enabled except fuzzy and they are binded
> +to their usual ports, e.g localhost:11334, localhost:11333 and so on")
> + (user
> + (string "rspamd")
> + "The user to run rspamd as."
> + empty-serializer)
> + (group
> + (string "rspamd")
> + "The group to run rspamd as."
> + empty-serializer)
> + (pid-file
> + (string "/var/run/rspamd/rspamd.pid")
> + "Where to store the PID file."
> + empty-serializer)
> + (debug?
> + maybe-boolean
> + "Force debug output."
> + empty-serializer)
> + (insecure?
> + maybe-boolean
> + "Ignore running workers as privileged users (insecure)."
> + empty-serializer)
> + (skip-template?
> + maybe-boolean
> + "Do not apply Jinja templates."
> + empty-serializer))

If you're not going to use any serializer, you can use define-configuration/no-serialization instead.

Toggle quote (19 lines)
> +
> +(define (rspamd-activation config)
> + (match-record config <rspamd-configuration>
> + (package config-file user)
> + #~(begin
> + (use-modules (guix build utils)
> + (ice-9 match))
> + (let ((user (getpwnam #$user)))
> + (mkdir-p/perms "/etc/rspamd" user #o755)
> + (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
> + (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
> + (mkdir-p/perms "/var/run/rspamd" user #o755)
> + (mkdir-p/perms "/var/log/rspamd" user #o755)
> + (mkdir-p/perms "/var/lib/rspamd" user #o755))
> + ;; Check configuration file syntax.
> + (system* (string-append #$package "/bin/rspamadm")
> + "configtest"
> + "-c" #$config-file))))

This should be moved into the service constructor. See how mpd-service-type does this.

To expand a bit here, activation-service-type service-extensions are often abused for "pre-service launch tasks"
but this is incorrect usage (see #60657 which covers the pitfalls on doing so).

Toggle quote (4 lines)
> +
> +(define rspamd-profile
> + (compose list rspamd-configuration-package))

How about:
(service-extension profile-service-type
(compose list rspamd-configuration-package))


Toggle quote (3 lines)
> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
> index f13751b72f..f532d30805 100644

Do not forget to register this file in gnu/local.mk.


Cheers,
Bruno
L
L
Ludovic Courtès wrote on 5 Mar 23:06 +0100
Download
control message for bug #61740
(address . control@debbugs.gnu.org)
87ilfeonty.fsf@gnu.org
Download
tags 61740 + moreinfo
quit
L
L
Ludovic Courtès wrote on 8 Aug 17:34 +0200
Download
Re: bug#61740: [PATCH] services: Add rspamd-service-type.
(name . Thomas Ieong)(address . th.ieong@free.fr)
87v8dppmy2.fsf_-_@gnu.org
Download
Hi Thomas,

It’s been a while. :-) Did you have time to consider Bruno’s
suggestions to send an updated patch?


Thanks,
Ludo’.

Bruno Victal <mirai@makinata.eu> skribis:

Toggle quote (176 lines)
> Hi,
>
> On 2023-02-23 20:16, Thomas Ieong wrote:
>> * gnu/services/mail.scm (rspamd-service-type): New variable.
>> * gnu/tests/mail.scm (%test-rspamd): New variable.
>> * doc/guix.texi: Document it.
>> ---
>>
>> Hey Guix!
>>
>> First time contributor here, this patch
>> introduces some basic support for rspamd.
>>
>> I do need guidance on some points.
>>
>> How to handle the extra configs that a user can
>> provide to rspamd?
>>
>> On your average linux distro rspamd does expects
>> you to not touch the rspamd.conf and instead put
>> your changes in the /etc/rspamd/{local.d,override.d} directories
>> (local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.)
>>
>> For example to set the password of the web ui
>> you're supposed to create /etc/rspamd/local.d/worker-controller.inc
>> and then set password = "some_hash";
>>
>> Then this will get merged with the config
>> as something like:
>>
>> worker {
>> type = "controller";
>> password = "some_hash";
>> }
>>
>> The point is we could ignore local.d/override.d
>> and write these blocks directly to rspamd.conf.
>
> For most services, the configuration is expected to be read-only (and generated & managed by guix)
> though it is possible to have a mix of non guix-managed config files (but discouraged).
>
> If you simply want to store the configuration in separate files, pulseaudio-service-type and mympd-service-type is an example that can do this.
>
>>
>> Of course it needs some additionals configuration records for the workers and the common options
>> between them.
>>
>> And finally for the test I do plan to add integration test with opensmtpd when I get the time.
>>
>> Are there examples of such integration test?
>
> Specific examples no but gnu/tests/ contains many tests of varying complexity that could serve as inspiration.
> See the NFS or web server tests.
>
>> +
>> +@deftp {Data Type} rspamd-configuration
>> +Data type representing the configuration of @command{rspamd}.
>> +
>> +@table @asis
>> +@item @code{package} (default: @code{rspamd})
>> +The package that provides @command{rspamd}.
>> +
>> +@item @code{config-file} (default: @code{%default-rspamd-config-file})
>> +File-like object of the configuration file to use. By default
>> +all workers are enabled except fuzzy and they are binded
>> +to their usual ports, e.g localhost:11334, localhost:11333 and so on.
>> +
>> +@item @code{user} (default: @code{"rspamd"})
>> +The user to run rspamd as.
>> +
>> +@item @code{group} (default: @code{"rspamd"})
>> +The user to run rspamd as.
>> +
>> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
>> +Where to store the PID file.
>> +
>> +@item @code{debug?} (default: @code{#f})
>> +Force debug output.
>> +
>> +@item @code{insecure?} (default: @code{#f})
>> +Ignore running workers as privileged users (insecure).
>> +
>> +@item @code{skip-template?} (default: @code{#f})
>> +Do not apply Jinja templates.
>> +
>> +@end table
>> +@end deftp
>> +
>
> Was this manually typed? (It seems to be the case since it's missing the field type information)
> You can generate the documentation automatically with configuration->documentation since you're using define-configuration.
>
>> +;;;
>> +;;; Rspamd.
>> +;;;
>> +
>> +(define-maybe boolean)
>> +
>> +(define-configuration rspamd-configuration
>> + (package
>> + (file-like rspamd)
>> + "The package that provides rspamd."
>> + empty-serializer)
>> + (config-file
>> + (file-like %default-rspamd-config-file)
>> + "File-like object of the configuration file to use. By default
>> +all workers are enabled except fuzzy and they are binded
>> +to their usual ports, e.g localhost:11334, localhost:11333 and so on")
>> + (user
>> + (string "rspamd")
>> + "The user to run rspamd as."
>> + empty-serializer)
>> + (group
>> + (string "rspamd")
>> + "The group to run rspamd as."
>> + empty-serializer)
>> + (pid-file
>> + (string "/var/run/rspamd/rspamd.pid")
>> + "Where to store the PID file."
>> + empty-serializer)
>> + (debug?
>> + maybe-boolean
>> + "Force debug output."
>> + empty-serializer)
>> + (insecure?
>> + maybe-boolean
>> + "Ignore running workers as privileged users (insecure)."
>> + empty-serializer)
>> + (skip-template?
>> + maybe-boolean
>> + "Do not apply Jinja templates."
>> + empty-serializer))
>
> If you're not going to use any serializer, you can use define-configuration/no-serialization instead.
>
>> +
>> +(define (rspamd-activation config)
>> + (match-record config <rspamd-configuration>
>> + (package config-file user)
>> + #~(begin
>> + (use-modules (guix build utils)
>> + (ice-9 match))
>> + (let ((user (getpwnam #$user)))
>> + (mkdir-p/perms "/etc/rspamd" user #o755)
>> + (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
>> + (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
>> + (mkdir-p/perms "/var/run/rspamd" user #o755)
>> + (mkdir-p/perms "/var/log/rspamd" user #o755)
>> + (mkdir-p/perms "/var/lib/rspamd" user #o755))
>> + ;; Check configuration file syntax.
>> + (system* (string-append #$package "/bin/rspamadm")
>> + "configtest"
>> + "-c" #$config-file))))
>
> This should be moved into the service constructor. See how mpd-service-type does this.
>
> To expand a bit here, activation-service-type service-extensions are often abused for "pre-service launch tasks"
> but this is incorrect usage (see #60657 which covers the pitfalls on doing so).
>
>> +
>> +(define rspamd-profile
>> + (compose list rspamd-configuration-package))
>
> How about:
> (service-extension profile-service-type
> (compose list rspamd-configuration-package))
>
>
>> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
>> index f13751b72f..f532d30805 100644
>
> Do not forget to register this file in gnu/local.mk.
>
>
> Cheers,
> Bruno
S
S
Saku Laesvuori wrote on 5 Sep 21:06 +0200
Download
Re: [bug#61740] [PATCH] services: Add rspamd-service-type.
(name . Ludovic Courtès)(address . ludo@gnu.org)
gvndebyuqjkrpgypbdj5xlaarpwcp4slv5pn2ray34o3epoxxg@fkubt4jbaava
Download
Toggle quote (10 lines)
> Hi Thomas,
>
> It’s been a while. :-) Did you have time to consider Bruno’s
> suggestions to send an updated patch?
>
> https://issues.guix.gnu.org/61740
>
> Thanks,
> Ludo’.

I happened to need rspamd myself so I cleaned this patch a little and
thought it would be useful to submit a v2 of it. I don't really know how
co-authored patches should be sent (because I expect the From: in the
patch to interfere with email) so I added it as an attachment.
Attachment: v2-0001-services-Add-rspamd-service-type.patch
Download
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmT3fBkACgkQJX0oSiod
OjI0WBAAv99T0FMl44P8kJo/0ds5Muy0kk3GXxdq4oCDNGjiWzgnw0lA6R26KAYO
uRsaJ6TuTkupV3MJ3Zhv5WRIc/PAyal8tB5rux8xajwq8Ig3d9wrT9syV9R6TndV
gNoWmzH9VGoEkRGHoJ4ye+H3BRka6nXffgilEX7vkbJY30AKybQX3tkvMDK6ln4w
ubu8pPNcANAuHPVghKxuSAwuZR4xXhq4L+WIUqn8sBGuFaLjpuqe2DfBWMNefcVf
pXicpLTkwtoTJ4LozehQfBCf3CMpVQT7DC0z6NP2IFD///L077EUh9CmKvewgl7D
0hwyGwiUTRPzgJ8fFRPWuj59wz2zZrCyTFLm62K8j5TfBs9KNoGWXHAyWAycI4+f
FhYqfESCiv8cYVUqk5deZpdnXYADAjT4uk0/sAukixnmsmIrbaFI4+cfUv+SzuDG
KSrMZerTQNMNBAEejQmmc6oTTmyT6aGO6st6r5nq0muwBgxj0RANz5KasyFJ4CQJ
yFp7rPxe730CLC/zoj5ijKD5H4axBTajbIiwBtV8TDA/Ww2NLChcqrg2Cs5xEH+Q
aVDVMyxiocKEjSD9gVFyyJdHxw24wcZUQbV5c0EdeppJ+ZRO53sDIaThJ1dzA/rI
8+Mhwh/3NS5U+uuLleh4rpwA+00OJfbTosH8kwLe9T/3zNbRjNM=
=Z20Q
-----END PGP SIGNATURE-----


F
F
Felix Lechner wrote on 15 Sep 22:47 +0200
Download
Re: [PATCH] services: Add rspamd-service-type.
(name . Saku Laesvuori)(address . saku@laesvuori.fi)
87sf7fqi3x.fsf@lease-up.com
Download
Hi Saku,

Toggle quote (2 lines)
> I happened to need rspamd myself

So do I but it does not seem to start locally. It created some folders
and, per the log, the configuration file passed the syntax check, but
then the boot stalls.

I used (service rspamd-service-type) and nothing else in my system
configuration. Should it be sufficient? Thanks!

Kind regards
Felix
S
S
Saku Laesvuori wrote on 16 Sep 22:10 +0200
Download
(name . Felix Lechner)(address . felix.lechner@lease-up.com)
e2kz4e54vf2gbop4n6b5xnbwiqdgelbiug4in76z5ozm4rfdhy@hvrgaiostytj
Download
On Fri, Sep 15, 2023 at 01:47:14PM -0700, Felix Lechner wrote:
Toggle quote (11 lines)
> Hi Saku,
>
> > I happened to need rspamd myself
>
> So do I but it does not seem to start locally. It created some folders
> and, per the log, the configuration file passed the syntax check, but
> then the boot stalls.
>
> I used (service rspamd-service-type) and nothing else in my system
> configuration. Should it be sufficient? Thanks!

Oops, the version I tested (and am running right now) used
activation-service-type and I forgot to test that it was still working
after moving the code from there to the shepherd service. A fixed v3 is
attached.
Attachment: v3-0001-services-Add-rspamd-service-type.patch
Download
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmUGC6wACgkQJX0oSiod
OjLN5RAAlOC4A0Ps5ynly792hGultMvda+QrNyTJrW9zQnwSB/0nFGCku3DuSKyl
58THolYBb/YkZLTlDuqPSaq0Dll35iqK1Wj1mn/KZG5smUzTnN/GlOWZV6VG+Btd
iUW4VriGR2rmsyEE3sBuNvsInO4VeFQ7SDcmteOqPHheceC2m8hO4/PAF7QotxYA
l7Cn+srWL+OjIc3EmdPUbMe5KE7Q9Xm2aYdfBJv4yS7QMSyonKJdTQ8KN2J6+Oe9
ihG7qVyNbmPFqqNFG6NDBstNLBeVk7cdrHBpG41qLZMP0DW/uSbXdFnsd+y6fvGh
RC6pjnq/072DKwu7LIh2vR3Kb2RmP/Fke6io9GWt8Pi6lUkbE8RTrMrMgNoS3zp2
tlgDqqIcr/QteEZLkV/o22B96bWn05UKAq5Ppq6CFTKXNinxjf2AW2t0VIg4g8cq
v3megnZhhHto2Qxoa0hkU8mbgOy0EvhtW3m3x3z6Ehq/Kj8s6xtJnqghbLOKaIE2
u/7sGs1iLWMBjFGSwvw+u3kl8SVMEZNLaiAJpa5FNMMaOL+x0xLXqraOQKxl4TSl
j4gyn0Yv+sqOAFCiAFBJhM0slHCweFoMpQkDXEDOxIwgXyTaoWPJ24oRFWD1fkAX
7a2Xtvzm/7j2PlCs84mYZuwwHy08I7kDZGi/4nd6t9cSIjEGDj0=
=GAFM
-----END PGP SIGNATURE-----


F
F
Felix Lechner wrote 4 days ago
Download
(address . 61740@debbugs.gnu.org)
87plzqk46j.fsf@lease-up.com
Download
Hi,

This patch is ready to be merged.

I have been running the v3 patch of the rspamd-service-type, which was
posted here attached and not inline, on my production equipment since
the day Saku shared it.

I use it with OpenSMTPd like this. [1]

Kind regards
Felix

[1]
?