GNU bug report logs - #61740
[PATCH] services: Add rspamd-service-type.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Thomas Ieong <th.ieong@HIDDEN>; Keywords: moreinfo patch; dated Thu, 23 Feb 2023 22:05:01 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 61740 <at> debbugs.gnu.org:


Received: (at 61740) by debbugs.gnu.org; 8 Aug 2023 15:34:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Aug 08 11:34:56 2023
Received: from localhost ([127.0.0.1]:37564 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1qTOjY-0001IE-4l
	for submit <at> debbugs.gnu.org; Tue, 08 Aug 2023 11:34:56 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:42796)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1qTOjV-0001I1-PN
 for 61740 <at> debbugs.gnu.org; Tue, 08 Aug 2023 11:34:54 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1qTOjP-0006gJ-Ll; Tue, 08 Aug 2023 11:34:47 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=MZIEW1g0iwRU8VQAtkiVPBorzY8TDqsTkCr9HdbovJw=; b=aAmb0L3gubM+6jCw7vOC
 QE8jIpRHt7fDEzdhDJAuHSCtQUp3Fr6pRnXdDh7+vhOSQnAE4emD+Tydww/aKUssVscRPjvzP45JP
 qThPFgY+YHXajnNC1046V7lE2sws1vkjFn7nHdJe7egM+AzxNJfp1BEnKrMzjn+Zf7GQde4oQn4x0
 FY+UeGwDSJP4Gs1xch6MDNJbpUie8C3WIUQGKs3yNfrE5cmbrkp1klqcvu/NaTH1sBo9gZ339LhbX
 mCHpkxxFSKjcvE9lQj7oEeEb5f3rouwoKS9IHN3hDR1yr1UFq7vbLzTuvJDdCIewUwu23sjwMdp18
 zZW2bpqJwW4/ig==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Thomas Ieong <th.ieong@HIDDEN>
Subject: Re: bug#61740: [PATCH] services: Add rspamd-service-type.
In-Reply-To: <f69ef481-1016-15af-bf28-8f1fa1b1bbfe@HIDDEN> (Bruno
 Victal's message of "Sat, 25 Feb 2023 21:33:57 +0000")
References: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@HIDDEN>
 <f69ef481-1016-15af-bf28-8f1fa1b1bbfe@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Date: Tue, 08 Aug 2023 17:34:45 +0200
Message-ID: <87v8dppmy2.fsf_-_@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 61740
Cc: Bruno Victal <mirai@HIDDEN>, 61740 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Thomas,

It=E2=80=99s been a while.  :-)  Did you have time to consider Bruno=E2=80=
=99s
suggestions to send an updated patch?

  https://issues.guix.gnu.org/61740

Thanks,
Ludo=E2=80=99.

Bruno Victal <mirai@HIDDEN> skribis:

> Hi,
>
> On 2023-02-23 20:16, Thomas Ieong wrote:
>> * gnu/services/mail.scm (rspamd-service-type): New variable.
>> * gnu/tests/mail.scm (%test-rspamd): New variable.
>> * doc/guix.texi: Document it.
>> ---
>>=20
>> Hey Guix!
>>=20
>> First time contributor here, this patch
>> introduces some basic support for rspamd.
>>=20
>> I do need guidance on some points.
>>=20
>> How to handle the extra configs that a user can
>> provide to rspamd?
>>=20
>> On your average linux distro rspamd does expects
>> you to not touch the rspamd.conf and instead put
>> your changes in the /etc/rspamd/{local.d,override.d} directories
>> (local is enough to redefine most settings, but if there are changes mad=
e via the web ui, the web ui changes takes precedence, you need to use over=
ride.d if you want to freeze a setting.)
>>=20
>> For example to set the password of the web ui
>> you're supposed to create /etc/rspamd/local.d/worker-controller.inc
>> and then set password =3D "some_hash";
>>=20
>> Then this will get merged with the config
>> as something like:
>>=20
>> worker {
>>    type =3D "controller";
>>    password =3D "some_hash";
>> }
>>=20
>> The point is we could ignore local.d/override.d
>> and write these blocks directly to rspamd.conf.
>
> For most services, the configuration is expected to be read-only (and gen=
erated & managed by guix)
> though it is possible to have a mix of non guix-managed config files (but=
 discouraged).
>
> If you simply want to store the configuration in separate files, pulseaud=
io-service-type and mympd-service-type is an example that can do this.
>
>>=20
>> Of course it needs some additionals configuration records for the worker=
s and the common options
>> between them.
>>=20
>> And finally for the test I do plan to add integration test with opensmtp=
d when I get the time.
>>=20
>> Are there examples of such integration test?
>
> Specific examples no but gnu/tests/ contains many tests of varying comple=
xity that could serve as inspiration.
> See the NFS or web server tests.
>
>> +
>> +@deftp {Data Type} rspamd-configuration
>> +Data type representing the configuration of @command{rspamd}.
>> +
>> +@table @asis
>> +@item @code{package} (default: @code{rspamd})
>> +The package that provides @command{rspamd}.
>> +
>> +@item @code{config-file} (default: @code{%default-rspamd-config-file})
>> +File-like object of the configuration file to use. By default
>> +all workers are enabled except fuzzy and they are binded
>> +to their usual ports, e.g localhost:11334, localhost:11333 and so on.
>> +
>> +@item @code{user} (default: @code{"rspamd"})
>> +The user to run rspamd as.
>> +
>> +@item @code{group} (default: @code{"rspamd"})
>> +The user to run rspamd as.
>> +
>> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
>> +Where to store the PID file.
>> +
>> +@item @code{debug?} (default: @code{#f})
>> +Force debug output.
>> +
>> +@item @code{insecure?} (default: @code{#f})
>> +Ignore running workers as privileged users (insecure).
>> +
>> +@item @code{skip-template?} (default: @code{#f})
>> +Do not apply Jinja templates.
>> +
>> +@end table
>> +@end deftp
>> +
>
> Was this manually typed? (It seems to be the case since it's missing the =
field type information)
> You can generate the documentation automatically with configuration->docu=
mentation since you're using define-configuration.
>
>> +;;;
>> +;;; Rspamd.
>> +;;;
>> +
>> +(define-maybe boolean)
>> +
>> +(define-configuration rspamd-configuration
>> +  (package
>> +    (file-like rspamd)
>> +    "The package that provides rspamd."
>> +    empty-serializer)
>> +  (config-file
>> +   (file-like %default-rspamd-config-file)
>> +   "File-like object of the configuration file to use. By default
>> +all workers are enabled except fuzzy and they are binded
>> +to their usual ports, e.g localhost:11334, localhost:11333 and so on")
>> +  (user
>> +   (string "rspamd")
>> +   "The user to run rspamd as."
>> +   empty-serializer)
>> +  (group
>> +   (string "rspamd")
>> +   "The group to run rspamd as."
>> +   empty-serializer)
>> +  (pid-file
>> +   (string "/var/run/rspamd/rspamd.pid")
>> +   "Where to store the PID file."
>> +   empty-serializer)
>> +  (debug?
>> +   maybe-boolean
>> +   "Force debug output."
>> +   empty-serializer)
>> +  (insecure?
>> +   maybe-boolean
>> +   "Ignore running workers as privileged users (insecure)."
>> +   empty-serializer)
>> +  (skip-template?
>> +   maybe-boolean
>> +   "Do not apply Jinja templates."
>> +   empty-serializer))
>
> If you're not going to use any serializer, you can use define-configurati=
on/no-serialization instead.
>
>> +
>> +(define (rspamd-activation config)
>> +  (match-record config <rspamd-configuration>
>> +    (package config-file user)
>> +    #~(begin
>> +	(use-modules (guix build utils)
>> +		     (ice-9 match))
>> +	(let ((user (getpwnam #$user)))
>> +	  (mkdir-p/perms "/etc/rspamd" user #o755)
>> +	  (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
>> +	  (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
>> +	  (mkdir-p/perms "/var/run/rspamd" user #o755)
>> +	  (mkdir-p/perms "/var/log/rspamd" user #o755)
>> +	  (mkdir-p/perms "/var/lib/rspamd" user #o755))
>> +	;; Check configuration file syntax.
>> +	(system* (string-append #$package "/bin/rspamadm")
>> +		 "configtest"
>> +		 "-c" #$config-file))))
>
> This should be moved into the service constructor. See how mpd-service-ty=
pe does this.
>
> To expand a bit here, activation-service-type service-extensions are ofte=
n abused for "pre-service launch tasks"
> but this is incorrect usage (see #60657 which covers the pitfalls on doin=
g so).
>
>> +
>> +(define rspamd-profile
>> +  (compose list rspamd-configuration-package))
>
> How about:=20
> (service-extension profile-service-type
>                    (compose list rspamd-configuration-package))
>
>
>> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
>> index f13751b72f..f532d30805 100644
>
> Do not forget to register this file in gnu/local.mk.
>
>
> Cheers,
> Bruno




Information forwarded to guix-patches@HIDDEN:
bug#61740; Package guix-patches. Full text available.
Added tag(s) moreinfo. Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 61740 <at> debbugs.gnu.org:


Received: (at 61740) by debbugs.gnu.org; 25 Feb 2023 21:34:04 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Feb 25 16:34:04 2023
Received: from localhost ([127.0.0.1]:41716 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pW2BA-000674-2c
	for submit <at> debbugs.gnu.org; Sat, 25 Feb 2023 16:34:04 -0500
Received: from smtpm8.myservices.hosting ([185.26.105.209]:46902)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mirai@HIDDEN>) id 1pW2B7-00066e-P6
 for 61740 <at> debbugs.gnu.org; Sat, 25 Feb 2023 16:34:02 -0500
Received: from mail1.netim.hosting (unknown [185.26.106.173])
 by smtpm8.myservices.hosting (Postfix) with ESMTP id BB5F420D41;
 Sat, 25 Feb 2023 22:33:58 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
 by mail1.netim.hosting (Postfix) with ESMTP id 9A9C180098;
 Sat, 25 Feb 2023 22:33:58 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting
Received: from mail1.netim.hosting ([127.0.0.1])
 by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id NeYTg8_Ck_AJ; Sat, 25 Feb 2023 22:33:57 +0100 (CET)
Received: from [192.168.1.239] (unknown [10.192.1.83])
 (Authenticated sender: lumen@HIDDEN)
 by mail1.netim.hosting (Postfix) with ESMTPSA id 85A9980097;
 Sat, 25 Feb 2023 22:33:57 +0100 (CET)
Message-ID: <f69ef481-1016-15af-bf28-8f1fa1b1bbfe@HIDDEN>
Date: Sat, 25 Feb 2023 21:33:57 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.8.0
Subject: Re: [bug#61740] [PATCH] services: Add rspamd-service-type.
Content-Language: en-US
To: Thomas Ieong <th.ieong@HIDDEN>
References: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@HIDDEN>
From: Bruno Victal <mirai@HIDDEN>
In-Reply-To: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Score: -1.1 (-)
X-Debbugs-Envelope-To: 61740
Cc: 61740 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.1 (--)

Hi,

On 2023-02-23 20:16, Thomas Ieong wrote:
> * gnu/services/mail.scm (rspamd-service-type): New variable.
> * gnu/tests/mail.scm (%test-rspamd): New variable.
> * doc/guix.texi: Document it.
> ---
> 
> Hey Guix!
> 
> First time contributor here, this patch
> introduces some basic support for rspamd.
> 
> I do need guidance on some points.
> 
> How to handle the extra configs that a user can
> provide to rspamd?
> 
> On your average linux distro rspamd does expects
> you to not touch the rspamd.conf and instead put
> your changes in the /etc/rspamd/{local.d,override.d} directories
> (local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.)
> 
> For example to set the password of the web ui
> you're supposed to create /etc/rspamd/local.d/worker-controller.inc
> and then set password = "some_hash";
> 
> Then this will get merged with the config
> as something like:
> 
> worker {
>    type = "controller";
>    password = "some_hash";
> }
> 
> The point is we could ignore local.d/override.d
> and write these blocks directly to rspamd.conf.

For most services, the configuration is expected to be read-only (and generated & managed by guix)
though it is possible to have a mix of non guix-managed config files (but discouraged).

If you simply want to store the configuration in separate files, pulseaudio-service-type and mympd-service-type is an example that can do this.

> 
> Of course it needs some additionals configuration records for the workers and the common options
> between them.
> 
> And finally for the test I do plan to add integration test with opensmtpd when I get the time.
> 
> Are there examples of such integration test?

Specific examples no but gnu/tests/ contains many tests of varying complexity that could serve as inspiration.
See the NFS or web server tests.

> +
> +@deftp {Data Type} rspamd-configuration
> +Data type representing the configuration of @command{rspamd}.
> +
> +@table @asis
> +@item @code{package} (default: @code{rspamd})
> +The package that provides @command{rspamd}.
> +
> +@item @code{config-file} (default: @code{%default-rspamd-config-file})
> +File-like object of the configuration file to use. By default
> +all workers are enabled except fuzzy and they are binded
> +to their usual ports, e.g localhost:11334, localhost:11333 and so on.
> +
> +@item @code{user} (default: @code{"rspamd"})
> +The user to run rspamd as.
> +
> +@item @code{group} (default: @code{"rspamd"})
> +The user to run rspamd as.
> +
> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
> +Where to store the PID file.
> +
> +@item @code{debug?} (default: @code{#f})
> +Force debug output.
> +
> +@item @code{insecure?} (default: @code{#f})
> +Ignore running workers as privileged users (insecure).
> +
> +@item @code{skip-template?} (default: @code{#f})
> +Do not apply Jinja templates.
> +
> +@end table
> +@end deftp
> +

Was this manually typed? (It seems to be the case since it's missing the field type information)
You can generate the documentation automatically with configuration->documentation since you're using define-configuration.

> +;;;
> +;;; Rspamd.
> +;;;
> +
> +(define-maybe boolean)
> +
> +(define-configuration rspamd-configuration
> +  (package
> +    (file-like rspamd)
> +    "The package that provides rspamd."
> +    empty-serializer)
> +  (config-file
> +   (file-like %default-rspamd-config-file)
> +   "File-like object of the configuration file to use. By default
> +all workers are enabled except fuzzy and they are binded
> +to their usual ports, e.g localhost:11334, localhost:11333 and so on")
> +  (user
> +   (string "rspamd")
> +   "The user to run rspamd as."
> +   empty-serializer)
> +  (group
> +   (string "rspamd")
> +   "The group to run rspamd as."
> +   empty-serializer)
> +  (pid-file
> +   (string "/var/run/rspamd/rspamd.pid")
> +   "Where to store the PID file."
> +   empty-serializer)
> +  (debug?
> +   maybe-boolean
> +   "Force debug output."
> +   empty-serializer)
> +  (insecure?
> +   maybe-boolean
> +   "Ignore running workers as privileged users (insecure)."
> +   empty-serializer)
> +  (skip-template?
> +   maybe-boolean
> +   "Do not apply Jinja templates."
> +   empty-serializer))

If you're not going to use any serializer, you can use define-configuration/no-serialization instead.

> +
> +(define (rspamd-activation config)
> +  (match-record config <rspamd-configuration>
> +    (package config-file user)
> +    #~(begin
> +	(use-modules (guix build utils)
> +		     (ice-9 match))
> +	(let ((user (getpwnam #$user)))
> +	  (mkdir-p/perms "/etc/rspamd" user #o755)
> +	  (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
> +	  (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
> +	  (mkdir-p/perms "/var/run/rspamd" user #o755)
> +	  (mkdir-p/perms "/var/log/rspamd" user #o755)
> +	  (mkdir-p/perms "/var/lib/rspamd" user #o755))
> +	;; Check configuration file syntax.
> +	(system* (string-append #$package "/bin/rspamadm")
> +		 "configtest"
> +		 "-c" #$config-file))))

This should be moved into the service constructor. See how mpd-service-type does this.

To expand a bit here, activation-service-type service-extensions are often abused for "pre-service launch tasks"
but this is incorrect usage (see #60657 which covers the pitfalls on doing so).

> +
> +(define rspamd-profile
> +  (compose list rspamd-configuration-package))

How about: 
(service-extension profile-service-type
                   (compose list rspamd-configuration-package))


> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
> index f13751b72f..f532d30805 100644

Do not forget to register this file in gnu/local.mk.


Cheers,
Bruno




Information forwarded to guix-patches@HIDDEN:
bug#61740; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 23 Feb 2023 22:04:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 23 17:04:03 2023
Received: from localhost ([127.0.0.1]:35485 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pVJh3-0004rh-NR
	for submit <at> debbugs.gnu.org; Thu, 23 Feb 2023 17:04:02 -0500
Received: from lists.gnu.org ([209.51.188.17]:58306)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <th.ieong@HIDDEN>) id 1pVI2e-00028w-Fo
 for submit <at> debbugs.gnu.org; Thu, 23 Feb 2023 15:18:13 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <th.ieong@HIDDEN>) id 1pVI2e-0003wE-2j
 for guix-patches@HIDDEN; Thu, 23 Feb 2023 15:18:12 -0500
Received: from smtp3-g21.free.fr ([2a01:e0c:1:1599::12])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <th.ieong@HIDDEN>) id 1pVI2b-0000GW-Ft
 for guix-patches@HIDDEN; Thu, 23 Feb 2023 15:18:11 -0500
Received: from localhost.localdomain (unknown
 [IPv6:2a01:e0a:260:e370:f4ab:5c98:aaa3:9b9e])
 (Authenticated sender: th.ieong@HIDDEN)
 by smtp3-g21.free.fr (Postfix) with ESMTPSA id 65C5213F87F;
 Thu, 23 Feb 2023 21:18:03 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=free.fr;
 s=smtp-20201208; t=1677183484;
 bh=TmEskcxlfbx3d7UbITVt05fWiYoyp52wim02KAnC1UQ=;
 h=From:To:Cc:Subject:Date:From;
 b=h1tdUT5UyIywB5eD3GlEG2wmp7FCt5k4jK6EYlvMOI1jrooPTNdhRjKaB0LoSKot/
 ABmokg14FMr6NMHWXgKg7s4Mwvba0Um1hlROugWif6mawcG4lr0GM2Hti2BoL2mTZM
 4EkYz9SPfmpTAdGtKo7rvHYj+wFH7QV9cMkLEgkjel/MDiMjo9XMwd0hGfE+04BHVT
 OZI+W6BMLNfOpNu6+jv4WFE7v7lhEv5ie0RHaaudPgWTGoCG7jSpKgkP0DBTO7Rh5U
 I52PGSEl03/r4OUre0bjJ9mxcFBXFrOSOqHnz7bSr6P6ChlnYsgLDIM3l0SPba0Zdx
 lgkv0Gap7DWOg==
From: Thomas Ieong <th.ieong@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] services: Add rspamd-service-type.
Date: Thu, 23 Feb 2023 21:16:14 +0100
Message-Id: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@HIDDEN>
X-Mailer: git-send-email 2.39.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a01:e0c:1:1599::12;
 envelope-from=th.ieong@HIDDEN; helo=smtp3-g21.free.fr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Thu, 23 Feb 2023 17:04:00 -0500
Cc: Thomas Ieong <th.ieong@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

* gnu/services/mail.scm (rspamd-service-type): New variable.
* gnu/tests/mail.scm (%test-rspamd): New variable.
* doc/guix.texi: Document it.
---

Hey Guix!

First time contributor here, this patch
introduces some basic support for rspamd.

I do need guidance on some points.

How to handle the extra configs that a user can
provide to rspamd?

On your average linux distro rspamd does expects
you to not touch the rspamd.conf and instead put
your changes in the /etc/rspamd/{local.d,override.d} directories
(local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.)

For example to set the password of the web ui
you're supposed to create /etc/rspamd/local.d/worker-controller.inc
and then set password = "some_hash";

Then this will get merged with the config
as something like:

worker {
   type = "controller";
   password = "some_hash";
}

The point is we could ignore local.d/override.d
and write these blocks directly to rspamd.conf.

Of course it needs some additionals configuration records for the workers and the common options
between them.

And finally for the test I do plan to add integration test with opensmtpd when I get the time.

Are there examples of such integration test?

What do you think?

 doc/guix.texi         |  43 ++++++++++
 gnu/services/mail.scm | 191 +++++++++++++++++++++++++++++++++++++++++-
 gnu/tests/mail.scm    |  87 ++++++++++++++++++-
 3 files changed, 319 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 05615b9549..c1070a5244 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -114,6 +114,7 @@
 Copyright @copyright{} 2023 Giacomo Leidi@*
 Copyright @copyright{} 2022 Antero Mejr@*
 Copyright @copyright{} 2023 Bruno Victal@*
+Copyright @copyright{} 2023 Thomas Ieong@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -26365,6 +26366,48 @@ Mail Services
 @end table
 @end deftp
 
+@subsubheading Rspamd Service
+@cindex email
+@cindex spam
+
+@defvar rspamd-service-type
+This is the type of the @uref{https://rspamd.com/, Rspamd} filtering
+system whose value should be a @code{rspamd-configuration}.
+@end defvar
+
+@deftp {Data Type} rspamd-configuration
+Data type representing the configuration of @command{rspamd}.
+
+@table @asis
+@item @code{package} (default: @code{rspamd})
+The package that provides @command{rspamd}.
+
+@item @code{config-file} (default: @code{%default-rspamd-config-file})
+File-like object of the configuration file to use. By default
+all workers are enabled except fuzzy and they are binded
+to their usual ports, e.g localhost:11334, localhost:11333 and so on.
+
+@item @code{user} (default: @code{"rspamd"})
+The user to run rspamd as.
+
+@item @code{group} (default: @code{"rspamd"})
+The user to run rspamd as.
+
+@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"})
+Where to store the PID file.
+
+@item @code{debug?} (default: @code{#f})
+Force debug output.
+
+@item @code{insecure?} (default: @code{#f})
+Ignore running workers as privileged users (insecure).
+
+@item @code{skip-template?} (default: @code{#f})
+Do not apply Jinja templates.
+
+@end table
+@end deftp
+
 @node Messaging Services
 @subsection Messaging Services
 
diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm
index 6f588679b1..8a4af26f66 100644
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice <me@HIDDEN>
 ;;; Copyright © 2019 Kristofer Buffington <kristoferbuffington@HIDDEN>
 ;;; Copyright © 2020 Jonathan Brielmaier <jonathan.brielmaier@HIDDEN>
+;;; Copyright © 2023 Thomas Ieong <th.ieong@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -79,7 +80,11 @@ (define-module (gnu services mail)
             radicale-configuration
             radicale-configuration?
             radicale-service-type
-            %default-radicale-config-file))
+            %default-radicale-config-file
+
+            rspamd-configuration
+	    rspamd-service-type
+	    %default-rspamd-config-file))
 
 ;;; Commentary:
 ;;;
@@ -1984,3 +1989,187 @@ (define radicale-service-type
           (service-extension account-service-type (const %radicale-accounts))
           (service-extension activation-service-type radicale-activation)))
    (default-value (radicale-configuration))))
+
+;;;
+;;; Rspamd.
+;;;
+
+(define-maybe boolean)
+
+(define-configuration rspamd-configuration
+  (package
+    (file-like rspamd)
+    "The package that provides rspamd."
+    empty-serializer)
+  (config-file
+   (file-like %default-rspamd-config-file)
+   "File-like object of the configuration file to use. By default
+all workers are enabled except fuzzy and they are binded
+to their usual ports, e.g localhost:11334, localhost:11333 and so on")
+  (user
+   (string "rspamd")
+   "The user to run rspamd as."
+   empty-serializer)
+  (group
+   (string "rspamd")
+   "The group to run rspamd as."
+   empty-serializer)
+  (pid-file
+   (string "/var/run/rspamd/rspamd.pid")
+   "Where to store the PID file."
+   empty-serializer)
+  (debug?
+   maybe-boolean
+   "Force debug output."
+   empty-serializer)
+  (insecure?
+   maybe-boolean
+   "Ignore running workers as privileged users (insecure)."
+   empty-serializer)
+  (skip-template?
+   maybe-boolean
+   "Do not apply Jinja templates."
+   empty-serializer))
+
+(define %default-rspamd-config-file
+  (plain-file "rspamd.conf" "
+.include \"$CONFDIR/common.conf\"
+
+options {
+    pidfile = \"$RUNDIR/rspamd.pid\";
+    .include \"$CONFDIR/options.inc\"
+    .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/options.inc\"
+    .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/options.inc\"
+}
+
+logging {
+    type = \"file\";
+    filename = \"$LOGDIR/rspamd.log\";
+    .include \"$CONFDIR/logging.inc\"
+    .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/logging.inc\"
+    .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/logging.inc\"
+}
+
+worker \"normal\" {
+    bind_socket = \"localhost:11333\";
+    .include \"$CONFDIR/worker-normal.inc\"
+    .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-normal.inc\"
+    .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-normal.inc\"
+}
+
+worker \"controller\" {
+    bind_socket = \"localhost:11334\";
+    .include \"$CONFDIR/worker-controller.inc\"
+    .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-controller.inc\"
+    .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-controller.inc\"
+}
+
+worker \"rspamd_proxy\" {
+    bind_socket = \"localhost:11332\";
+    .include \"$CONFDIR/worker-proxy.inc\"
+    .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-proxy.inc\"
+    .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-proxy.inc\"
+}
+
+# Local fuzzy storage is disabled by default
+
+worker \"fuzzy\" {
+    bind_socket = \"localhost:11335\";
+    count = -1; # Disable by default
+    .include \"$CONFDIR/worker-fuzzy.inc\"
+    .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-fuzzy.inc\"
+    .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-fuzzy.inc\"
+}
+"))
+
+(define (rspamd-accounts config)
+  (match-record config <rspamd-configuration>
+    (user group)
+    (list (user-group
+	   (name group)
+	   (system? #t))
+	  (user-account
+	   (name user)
+	   (group group)
+	   (system? #t)
+	   (comment "Rspamd daemon")
+	   (home-directory "/var/empty")
+	   (shell (file-append shadow "/sbin/nologin"))))))
+
+(define (rspamd-shepherd-service config)
+  (match-record config <rspamd-configuration>
+    (package config-file user group pid-file debug? insecure? skip-template?)
+    (list (shepherd-service
+	   (provision '(rspamd))
+	   (documentation "Run the rspamd daemon.")
+	   (requirement '(networking))
+	   (start (let ((rspamd (file-append package "/bin/rspamd")))
+		    #~(make-forkexec-constructor
+		       (list #$rspamd "-c" #$config-file
+			     #$@(if debug?
+				    '("--debug")
+				    '())
+			     #$@(if insecure?
+				    '("--insecure")
+				    '())
+			     #$@(if skip-template?
+				    '("--skip-template")
+				    '()))
+		       #:user #$user
+		       #:group #$group
+		       #:pid-file #$pid-file)))
+	   (stop #~(make-kill-destructor))
+	   (actions
+	    (list (shepherd-configuration-action config-file)
+		  (shepherd-action
+		   (name 'reload)
+		   (documentation "Reload rspamd.")
+		   (procedure
+		    #~(lambda (pid)
+			(if pid
+			    (begin
+			      (kill pid SIGHUP)
+			      (display "Service rspamd has been reloaded"))
+			    (format #t "Service rspamd is not running.")))))
+		  (shepherd-action
+		   (name 'reopenlog)
+		   (documentation "Reopen log files.")
+		   (procedure
+		    #~(lambda (pid)
+			(if pid
+			    (begin
+			      (kill pid SIGUSR1)
+			      (display "Reopening the logs for rspamd"))
+			    (format #t "Service rspamd is not running.")))))))))))
+
+(define (rspamd-activation config)
+  (match-record config <rspamd-configuration>
+    (package config-file user)
+    #~(begin
+	(use-modules (guix build utils)
+		     (ice-9 match))
+	(let ((user (getpwnam #$user)))
+	  (mkdir-p/perms "/etc/rspamd" user #o755)
+	  (mkdir-p/perms "/etc/rspamd/local.d" user #o755)
+	  (mkdir-p/perms "/etc/rspamd/override.d" user #o755)
+	  (mkdir-p/perms "/var/run/rspamd" user #o755)
+	  (mkdir-p/perms "/var/log/rspamd" user #o755)
+	  (mkdir-p/perms "/var/lib/rspamd" user #o755))
+	;; Check configuration file syntax.
+	(system* (string-append #$package "/bin/rspamadm")
+		 "configtest"
+		 "-c" #$config-file))))
+
+(define rspamd-profile
+  (compose list rspamd-configuration-package))
+
+(define rspamd-service-type
+  (service-type
+   (name 'rspamd)
+   (description "Run the rapid spam filtering system")
+   (extensions
+    (list (service-extension shepherd-root-service-type rspamd-shepherd-service)
+	  (service-extension account-service-type rspamd-accounts)
+	  (service-extension activation-service-type rspamd-activation)
+	  (service-extension profile-service-type rspamd-profile)))
+   (default-value (rspamd-configuration))))
diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm
index f13751b72f..f532d30805 100644
--- a/gnu/tests/mail.scm
+++ b/gnu/tests/mail.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2018 Clément Lassieur <clement@HIDDEN>
 ;;; Copyright © 2019 Christopher Baines <mail@HIDDEN>
 ;;; Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@HIDDEN>
+;;; Copyright © 2023 Thomas Ieong <th.ieong@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -40,7 +41,8 @@ (define-module (gnu tests mail)
   #:export (%test-opensmtpd
             %test-exim
             %test-dovecot
-            %test-getmail))
+            %test-getmail
+            %test-rspamd))
 
 (define %opensmtpd-os
   (simple-operating-system
@@ -575,3 +577,86 @@ (define %test-getmail
    (name "getmail")
    (description "Connect to a running Getmail server.")
    (value (run-getmail-test))))
+
+(define %rspamd-os
+  (simple-operating-system
+   (service dhcp-client-service-type)
+   (service rspamd-service-type)))
+
+(define (run-rspamd-test)
+  "Return a test of an OS running Rspamd service."
+
+  (define rspamd-ports
+    '((22664 . 11332)    ;; proxy worker
+      (22666 . 11333)    ;; normal worker
+      (22668 . 11334)    ;; web controller
+      (22670 . 11335)))  ;; fuzzy worker
+
+  (define vm
+    (virtual-machine
+     (operating-system (marionette-operating-system
+                        %rspamd-os
+                        #:imported-modules '((gnu services herd))))
+     (port-forwardings rspamd-ports)))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-64)
+                       (srfi srfi-11)
+                       (gnu build marionette)
+                       (web uri)
+                       (web client)
+                       (web response))
+
+          (define marionette
+            (make-marionette '(#$vm)))
+
+          (test-runner-current (system-test-runner #$output))
+          (test-begin "rspamd")
+
+          (test-assert "service is running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'rspamd))
+             marionette))
+
+
+          ;; Check mympd-service-type commit for reference
+          ;; TODO: For this test we need to authorize the controller to
+          ;; listen on other interfaces, e.g *:11334 instead of localhost:11334
+
+          ;; Check that we can access the web ui
+          (test-equal "http-get"
+            200
+            (begin
+              (let-values (((response text)
+                            (http-get "http://localhost:22668/"
+                                      #:decode-body? #t)))
+                (response-code response))))
+
+          (test-assert "rspamd socket ready"
+            (wait-for-unix-socket
+             "/var/lib/rspamd/rspamd.sock"
+             marionette))
+
+          (test-assert "rspamd pid ready"
+            (marionette-eval
+             '(file-exists? "/var/run/rspamd/rspamd.pid")
+             marionette))
+
+          (test-assert "rspamd log file"
+            (marionette-eval
+             '(file-exists? "/var/log/rspamd/rspamd.log")
+             marionette))
+
+          (test-end))))
+
+  (gexp->derivation "rspamd-test" test))
+
+(define %test-rspamd
+  (system-test
+   (name "rspamd")
+   (description "Send an email to a running rspamd server.")
+   (value (run-rspamd-test))))

base-commit: 5e7b0a7735d9956ee8b8c3763e4ce05e2855606f
-- 
2.39.1





Acknowledgement sent to Thomas Ieong <th.ieong@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#61740; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Tue, 8 Aug 2023 15:45:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.