From unknown Sun Jun 22 03:52:44 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#61740 <61740@debbugs.gnu.org> To: bug#61740 <61740@debbugs.gnu.org> Subject: Status: [PATCH] services: Add rspamd-service-type. Reply-To: bug#61740 <61740@debbugs.gnu.org> Date: Sun, 22 Jun 2025 10:52:44 +0000 retitle 61740 [PATCH] services: Add rspamd-service-type. reassign 61740 guix-patches submitter 61740 Thomas Ieong severity 61740 normal tag 61740 moreinfo patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 23 17:04:03 2023 Received: (at submit) by debbugs.gnu.org; 23 Feb 2023 22:04:03 +0000 Received: from localhost ([127.0.0.1]:35485 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVJh3-0004rh-NR for submit@debbugs.gnu.org; Thu, 23 Feb 2023 17:04:02 -0500 Received: from lists.gnu.org ([209.51.188.17]:58306) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pVI2e-00028w-Fo for submit@debbugs.gnu.org; Thu, 23 Feb 2023 15:18:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVI2e-0003wE-2j for guix-patches@gnu.org; Thu, 23 Feb 2023 15:18:12 -0500 Received: from smtp3-g21.free.fr ([2a01:e0c:1:1599::12]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pVI2b-0000GW-Ft for guix-patches@gnu.org; Thu, 23 Feb 2023 15:18:11 -0500 Received: from localhost.localdomain (unknown [IPv6:2a01:e0a:260:e370:f4ab:5c98:aaa3:9b9e]) (Authenticated sender: th.ieong@free.fr) by smtp3-g21.free.fr (Postfix) with ESMTPSA id 65C5213F87F; Thu, 23 Feb 2023 21:18:03 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=free.fr; s=smtp-20201208; t=1677183484; bh=TmEskcxlfbx3d7UbITVt05fWiYoyp52wim02KAnC1UQ=; h=From:To:Cc:Subject:Date:From; b=h1tdUT5UyIywB5eD3GlEG2wmp7FCt5k4jK6EYlvMOI1jrooPTNdhRjKaB0LoSKot/ ABmokg14FMr6NMHWXgKg7s4Mwvba0Um1hlROugWif6mawcG4lr0GM2Hti2BoL2mTZM 4EkYz9SPfmpTAdGtKo7rvHYj+wFH7QV9cMkLEgkjel/MDiMjo9XMwd0hGfE+04BHVT OZI+W6BMLNfOpNu6+jv4WFE7v7lhEv5ie0RHaaudPgWTGoCG7jSpKgkP0DBTO7Rh5U I52PGSEl03/r4OUre0bjJ9mxcFBXFrOSOqHnz7bSr6P6ChlnYsgLDIM3l0SPba0Zdx lgkv0Gap7DWOg== From: Thomas Ieong To: guix-patches@gnu.org Subject: [PATCH] services: Add rspamd-service-type. Date: Thu, 23 Feb 2023 21:16:14 +0100 Message-Id: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a01:e0c:1:1599::12; envelope-from=th.ieong@free.fr; helo=smtp3-g21.free.fr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Thu, 23 Feb 2023 17:04:00 -0500 Cc: Thomas Ieong X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) * gnu/services/mail.scm (rspamd-service-type): New variable. * gnu/tests/mail.scm (%test-rspamd): New variable. * doc/guix.texi: Document it. --- Hey Guix! First time contributor here, this patch introduces some basic support for rspamd. I do need guidance on some points. How to handle the extra configs that a user can provide to rspamd? On your average linux distro rspamd does expects you to not touch the rspamd.conf and instead put your changes in the /etc/rspamd/{local.d,override.d} directories (local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.) For example to set the password of the web ui you're supposed to create /etc/rspamd/local.d/worker-controller.inc and then set password = "some_hash"; Then this will get merged with the config as something like: worker { type = "controller"; password = "some_hash"; } The point is we could ignore local.d/override.d and write these blocks directly to rspamd.conf. Of course it needs some additionals configuration records for the workers and the common options between them. And finally for the test I do plan to add integration test with opensmtpd when I get the time. Are there examples of such integration test? What do you think? doc/guix.texi | 43 ++++++++++ gnu/services/mail.scm | 191 +++++++++++++++++++++++++++++++++++++++++- gnu/tests/mail.scm | 87 ++++++++++++++++++- 3 files changed, 319 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 05615b9549..c1070a5244 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -114,6 +114,7 @@ Copyright @copyright{} 2023 Giacomo Leidi@* Copyright @copyright{} 2022 Antero Mejr@* Copyright @copyright{} 2023 Bruno Victal@* +Copyright @copyright{} 2023 Thomas Ieong@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -26365,6 +26366,48 @@ Mail Services @end table @end deftp +@subsubheading Rspamd Service +@cindex email +@cindex spam + +@defvar rspamd-service-type +This is the type of the @uref{https://rspamd.com/, Rspamd} filtering +system whose value should be a @code{rspamd-configuration}. +@end defvar + +@deftp {Data Type} rspamd-configuration +Data type representing the configuration of @command{rspamd}. + +@table @asis +@item @code{package} (default: @code{rspamd}) +The package that provides @command{rspamd}. + +@item @code{config-file} (default: @code{%default-rspamd-config-file}) +File-like object of the configuration file to use. By default +all workers are enabled except fuzzy and they are binded +to their usual ports, e.g localhost:11334, localhost:11333 and so on. + +@item @code{user} (default: @code{"rspamd"}) +The user to run rspamd as. + +@item @code{group} (default: @code{"rspamd"}) +The user to run rspamd as. + +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"}) +Where to store the PID file. + +@item @code{debug?} (default: @code{#f}) +Force debug output. + +@item @code{insecure?} (default: @code{#f}) +Ignore running workers as privileged users (insecure). + +@item @code{skip-template?} (default: @code{#f}) +Do not apply Jinja templates. + +@end table +@end deftp + @node Messaging Services @subsection Messaging Services diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 6f588679b1..8a4af26f66 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2017, 2020 Tobias Geerinckx-Rice ;;; Copyright © 2019 Kristofer Buffington ;;; Copyright © 2020 Jonathan Brielmaier +;;; Copyright © 2023 Thomas Ieong ;;; ;;; This file is part of GNU Guix. ;;; @@ -79,7 +80,11 @@ (define-module (gnu services mail) radicale-configuration radicale-configuration? radicale-service-type - %default-radicale-config-file)) + %default-radicale-config-file + + rspamd-configuration + rspamd-service-type + %default-rspamd-config-file)) ;;; Commentary: ;;; @@ -1984,3 +1989,187 @@ (define radicale-service-type (service-extension account-service-type (const %radicale-accounts)) (service-extension activation-service-type radicale-activation))) (default-value (radicale-configuration)))) + +;;; +;;; Rspamd. +;;; + +(define-maybe boolean) + +(define-configuration rspamd-configuration + (package + (file-like rspamd) + "The package that provides rspamd." + empty-serializer) + (config-file + (file-like %default-rspamd-config-file) + "File-like object of the configuration file to use. By default +all workers are enabled except fuzzy and they are binded +to their usual ports, e.g localhost:11334, localhost:11333 and so on") + (user + (string "rspamd") + "The user to run rspamd as." + empty-serializer) + (group + (string "rspamd") + "The group to run rspamd as." + empty-serializer) + (pid-file + (string "/var/run/rspamd/rspamd.pid") + "Where to store the PID file." + empty-serializer) + (debug? + maybe-boolean + "Force debug output." + empty-serializer) + (insecure? + maybe-boolean + "Ignore running workers as privileged users (insecure)." + empty-serializer) + (skip-template? + maybe-boolean + "Do not apply Jinja templates." + empty-serializer)) + +(define %default-rspamd-config-file + (plain-file "rspamd.conf" " +.include \"$CONFDIR/common.conf\" + +options { + pidfile = \"$RUNDIR/rspamd.pid\"; + .include \"$CONFDIR/options.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/options.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/options.inc\" +} + +logging { + type = \"file\"; + filename = \"$LOGDIR/rspamd.log\"; + .include \"$CONFDIR/logging.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/logging.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/logging.inc\" +} + +worker \"normal\" { + bind_socket = \"localhost:11333\"; + .include \"$CONFDIR/worker-normal.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-normal.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-normal.inc\" +} + +worker \"controller\" { + bind_socket = \"localhost:11334\"; + .include \"$CONFDIR/worker-controller.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-controller.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-controller.inc\" +} + +worker \"rspamd_proxy\" { + bind_socket = \"localhost:11332\"; + .include \"$CONFDIR/worker-proxy.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-proxy.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-proxy.inc\" +} + +# Local fuzzy storage is disabled by default + +worker \"fuzzy\" { + bind_socket = \"localhost:11335\"; + count = -1; # Disable by default + .include \"$CONFDIR/worker-fuzzy.inc\" + .include(try=true; priority=1,duplicate=merge) \"$LOCAL_CONFDIR/local.d/worker-fuzzy.inc\" + .include(try=true; priority=10) \"$LOCAL_CONFDIR/override.d/worker-fuzzy.inc\" +} +")) + +(define (rspamd-accounts config) + (match-record config + (user group) + (list (user-group + (name group) + (system? #t)) + (user-account + (name user) + (group group) + (system? #t) + (comment "Rspamd daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))))) + +(define (rspamd-shepherd-service config) + (match-record config + (package config-file user group pid-file debug? insecure? skip-template?) + (list (shepherd-service + (provision '(rspamd)) + (documentation "Run the rspamd daemon.") + (requirement '(networking)) + (start (let ((rspamd (file-append package "/bin/rspamd"))) + #~(make-forkexec-constructor + (list #$rspamd "-c" #$config-file + #$@(if debug? + '("--debug") + '()) + #$@(if insecure? + '("--insecure") + '()) + #$@(if skip-template? + '("--skip-template") + '())) + #:user #$user + #:group #$group + #:pid-file #$pid-file))) + (stop #~(make-kill-destructor)) + (actions + (list (shepherd-configuration-action config-file) + (shepherd-action + (name 'reload) + (documentation "Reload rspamd.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGHUP) + (display "Service rspamd has been reloaded")) + (format #t "Service rspamd is not running."))))) + (shepherd-action + (name 'reopenlog) + (documentation "Reopen log files.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGUSR1) + (display "Reopening the logs for rspamd")) + (format #t "Service rspamd is not running."))))))))))) + +(define (rspamd-activation config) + (match-record config + (package config-file user) + #~(begin + (use-modules (guix build utils) + (ice-9 match)) + (let ((user (getpwnam #$user))) + (mkdir-p/perms "/etc/rspamd" user #o755) + (mkdir-p/perms "/etc/rspamd/local.d" user #o755) + (mkdir-p/perms "/etc/rspamd/override.d" user #o755) + (mkdir-p/perms "/var/run/rspamd" user #o755) + (mkdir-p/perms "/var/log/rspamd" user #o755) + (mkdir-p/perms "/var/lib/rspamd" user #o755)) + ;; Check configuration file syntax. + (system* (string-append #$package "/bin/rspamadm") + "configtest" + "-c" #$config-file)))) + +(define rspamd-profile + (compose list rspamd-configuration-package)) + +(define rspamd-service-type + (service-type + (name 'rspamd) + (description "Run the rapid spam filtering system") + (extensions + (list (service-extension shepherd-root-service-type rspamd-shepherd-service) + (service-extension account-service-type rspamd-accounts) + (service-extension activation-service-type rspamd-activation) + (service-extension profile-service-type rspamd-profile))) + (default-value (rspamd-configuration)))) diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm index f13751b72f..f532d30805 100644 --- a/gnu/tests/mail.scm +++ b/gnu/tests/mail.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2018 Clément Lassieur ;;; Copyright © 2019 Christopher Baines ;;; Copyright © 2019, 2020 Tobias Geerinckx-Rice +;;; Copyright © 2023 Thomas Ieong ;;; ;;; This file is part of GNU Guix. ;;; @@ -40,7 +41,8 @@ (define-module (gnu tests mail) #:export (%test-opensmtpd %test-exim %test-dovecot - %test-getmail)) + %test-getmail + %test-rspamd)) (define %opensmtpd-os (simple-operating-system @@ -575,3 +577,86 @@ (define %test-getmail (name "getmail") (description "Connect to a running Getmail server.") (value (run-getmail-test)))) + +(define %rspamd-os + (simple-operating-system + (service dhcp-client-service-type) + (service rspamd-service-type))) + +(define (run-rspamd-test) + "Return a test of an OS running Rspamd service." + + (define rspamd-ports + '((22664 . 11332) ;; proxy worker + (22666 . 11333) ;; normal worker + (22668 . 11334) ;; web controller + (22670 . 11335))) ;; fuzzy worker + + (define vm + (virtual-machine + (operating-system (marionette-operating-system + %rspamd-os + #:imported-modules '((gnu services herd)))) + (port-forwardings rspamd-ports))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (srfi srfi-11) + (gnu build marionette) + (web uri) + (web client) + (web response)) + + (define marionette + (make-marionette '(#$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "rspamd") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'rspamd)) + marionette)) + + + ;; Check mympd-service-type commit for reference + ;; TODO: For this test we need to authorize the controller to + ;; listen on other interfaces, e.g *:11334 instead of localhost:11334 + + ;; Check that we can access the web ui + (test-equal "http-get" + 200 + (begin + (let-values (((response text) + (http-get "http://localhost:22668/" + #:decode-body? #t))) + (response-code response)))) + + (test-assert "rspamd socket ready" + (wait-for-unix-socket + "/var/lib/rspamd/rspamd.sock" + marionette)) + + (test-assert "rspamd pid ready" + (marionette-eval + '(file-exists? "/var/run/rspamd/rspamd.pid") + marionette)) + + (test-assert "rspamd log file" + (marionette-eval + '(file-exists? "/var/log/rspamd/rspamd.log") + marionette)) + + (test-end)))) + + (gexp->derivation "rspamd-test" test)) + +(define %test-rspamd + (system-test + (name "rspamd") + (description "Send an email to a running rspamd server.") + (value (run-rspamd-test)))) base-commit: 5e7b0a7735d9956ee8b8c3763e4ce05e2855606f -- 2.39.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 25 16:34:04 2023 Received: (at 61740) by debbugs.gnu.org; 25 Feb 2023 21:34:04 +0000 Received: from localhost ([127.0.0.1]:41716 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pW2BA-000674-2c for submit@debbugs.gnu.org; Sat, 25 Feb 2023 16:34:04 -0500 Received: from smtpm8.myservices.hosting ([185.26.105.209]:46902) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pW2B7-00066e-P6 for 61740@debbugs.gnu.org; Sat, 25 Feb 2023 16:34:02 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm8.myservices.hosting (Postfix) with ESMTP id BB5F420D41; Sat, 25 Feb 2023 22:33:58 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 9A9C180098; Sat, 25 Feb 2023 22:33:58 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id NeYTg8_Ck_AJ; Sat, 25 Feb 2023 22:33:57 +0100 (CET) Received: from [192.168.1.239] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 85A9980097; Sat, 25 Feb 2023 22:33:57 +0100 (CET) Message-ID: Date: Sat, 25 Feb 2023 21:33:57 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [bug#61740] [PATCH] services: Add rspamd-service-type. Content-Language: en-US To: Thomas Ieong References: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr> From: Bruno Victal In-Reply-To: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: 61740 Cc: 61740@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) Hi, On 2023-02-23 20:16, Thomas Ieong wrote: > * gnu/services/mail.scm (rspamd-service-type): New variable. > * gnu/tests/mail.scm (%test-rspamd): New variable. > * doc/guix.texi: Document it. > --- > > Hey Guix! > > First time contributor here, this patch > introduces some basic support for rspamd. > > I do need guidance on some points. > > How to handle the extra configs that a user can > provide to rspamd? > > On your average linux distro rspamd does expects > you to not touch the rspamd.conf and instead put > your changes in the /etc/rspamd/{local.d,override.d} directories > (local is enough to redefine most settings, but if there are changes made via the web ui, the web ui changes takes precedence, you need to use override.d if you want to freeze a setting.) > > For example to set the password of the web ui > you're supposed to create /etc/rspamd/local.d/worker-controller.inc > and then set password = "some_hash"; > > Then this will get merged with the config > as something like: > > worker { > type = "controller"; > password = "some_hash"; > } > > The point is we could ignore local.d/override.d > and write these blocks directly to rspamd.conf. For most services, the configuration is expected to be read-only (and generated & managed by guix) though it is possible to have a mix of non guix-managed config files (but discouraged). If you simply want to store the configuration in separate files, pulseaudio-service-type and mympd-service-type is an example that can do this. > > Of course it needs some additionals configuration records for the workers and the common options > between them. > > And finally for the test I do plan to add integration test with opensmtpd when I get the time. > > Are there examples of such integration test? Specific examples no but gnu/tests/ contains many tests of varying complexity that could serve as inspiration. See the NFS or web server tests. > + > +@deftp {Data Type} rspamd-configuration > +Data type representing the configuration of @command{rspamd}. > + > +@table @asis > +@item @code{package} (default: @code{rspamd}) > +The package that provides @command{rspamd}. > + > +@item @code{config-file} (default: @code{%default-rspamd-config-file}) > +File-like object of the configuration file to use. By default > +all workers are enabled except fuzzy and they are binded > +to their usual ports, e.g localhost:11334, localhost:11333 and so on. > + > +@item @code{user} (default: @code{"rspamd"}) > +The user to run rspamd as. > + > +@item @code{group} (default: @code{"rspamd"}) > +The user to run rspamd as. > + > +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"}) > +Where to store the PID file. > + > +@item @code{debug?} (default: @code{#f}) > +Force debug output. > + > +@item @code{insecure?} (default: @code{#f}) > +Ignore running workers as privileged users (insecure). > + > +@item @code{skip-template?} (default: @code{#f}) > +Do not apply Jinja templates. > + > +@end table > +@end deftp > + Was this manually typed? (It seems to be the case since it's missing the field type information) You can generate the documentation automatically with configuration->documentation since you're using define-configuration. > +;;; > +;;; Rspamd. > +;;; > + > +(define-maybe boolean) > + > +(define-configuration rspamd-configuration > + (package > + (file-like rspamd) > + "The package that provides rspamd." > + empty-serializer) > + (config-file > + (file-like %default-rspamd-config-file) > + "File-like object of the configuration file to use. By default > +all workers are enabled except fuzzy and they are binded > +to their usual ports, e.g localhost:11334, localhost:11333 and so on") > + (user > + (string "rspamd") > + "The user to run rspamd as." > + empty-serializer) > + (group > + (string "rspamd") > + "The group to run rspamd as." > + empty-serializer) > + (pid-file > + (string "/var/run/rspamd/rspamd.pid") > + "Where to store the PID file." > + empty-serializer) > + (debug? > + maybe-boolean > + "Force debug output." > + empty-serializer) > + (insecure? > + maybe-boolean > + "Ignore running workers as privileged users (insecure)." > + empty-serializer) > + (skip-template? > + maybe-boolean > + "Do not apply Jinja templates." > + empty-serializer)) If you're not going to use any serializer, you can use define-configuration/no-serialization instead. > + > +(define (rspamd-activation config) > + (match-record config > + (package config-file user) > + #~(begin > + (use-modules (guix build utils) > + (ice-9 match)) > + (let ((user (getpwnam #$user))) > + (mkdir-p/perms "/etc/rspamd" user #o755) > + (mkdir-p/perms "/etc/rspamd/local.d" user #o755) > + (mkdir-p/perms "/etc/rspamd/override.d" user #o755) > + (mkdir-p/perms "/var/run/rspamd" user #o755) > + (mkdir-p/perms "/var/log/rspamd" user #o755) > + (mkdir-p/perms "/var/lib/rspamd" user #o755)) > + ;; Check configuration file syntax. > + (system* (string-append #$package "/bin/rspamadm") > + "configtest" > + "-c" #$config-file)))) This should be moved into the service constructor. See how mpd-service-type does this. To expand a bit here, activation-service-type service-extensions are often abused for "pre-service launch tasks" but this is incorrect usage (see #60657 which covers the pitfalls on doing so). > + > +(define rspamd-profile > + (compose list rspamd-configuration-package)) How about: (service-extension profile-service-type (compose list rspamd-configuration-package)) > diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm > index f13751b72f..f532d30805 100644 Do not forget to register this file in gnu/local.mk. Cheers, Bruno From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 05 17:06:26 2023 Received: (at control) by debbugs.gnu.org; 5 Mar 2023 22:06:26 +0000 Received: from localhost ([127.0.0.1]:40901 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pYwUr-0005nL-PK for submit@debbugs.gnu.org; Sun, 05 Mar 2023 17:06:26 -0500 Received: from eggs.gnu.org ([209.51.188.92]:53548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pYwUq-0005n8-Am for control@debbugs.gnu.org; Sun, 05 Mar 2023 17:06:24 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pYwUl-0001kr-4R for control@debbugs.gnu.org; Sun, 05 Mar 2023 17:06:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to: references; bh=vGPIODeClTgBQGiMcloTv8xV01TUYoOIn5mdH4bmBiY=; b=B+QyDCmtYEt3Z9 YMK6WHDcPqORet/Rn9Ao36bWdiIjm6Kxc7x1jKMAVDK4306bIxZ9KxP5JZAHuA/V72h1N63I8JQkO mOxocSliKeWx2SPR+ueRIQFmUGdpgeQ5c3wQhPDVSxwOVnUH7D0JLHpYF8B6e7hGwQyCo9vK31VzM d8dQIbsEyGmLSqRMhYWlNDPodRwrC3jVHlIa4icSxAEi9eGVkCWObFCyBgk8sazNow9d9dSQQMR+s I+zO9ewcP7Or3OORCHjkHIVRlLQGlHmZQXDpLCuG2gLiFDJJ90pEtixv6VrAhPdQPnkRvYH6MiqlU 3GxAEnmDt2HdvFo6yYcA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pYwUk-0003sZ-Nl for control@debbugs.gnu.org; Sun, 05 Mar 2023 17:06:18 -0500 Date: Sun, 05 Mar 2023 23:06:17 +0100 Message-Id: <87ilfeonty.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #61740 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) tags 61740 + moreinfo quit From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 08 11:34:56 2023 Received: (at 61740) by debbugs.gnu.org; 8 Aug 2023 15:34:56 +0000 Received: from localhost ([127.0.0.1]:37564 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTOjY-0001IE-4l for submit@debbugs.gnu.org; Tue, 08 Aug 2023 11:34:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42796) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTOjV-0001I1-PN for 61740@debbugs.gnu.org; Tue, 08 Aug 2023 11:34:54 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qTOjP-0006gJ-Ll; Tue, 08 Aug 2023 11:34:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=MZIEW1g0iwRU8VQAtkiVPBorzY8TDqsTkCr9HdbovJw=; b=aAmb0L3gubM+6jCw7vOC QE8jIpRHt7fDEzdhDJAuHSCtQUp3Fr6pRnXdDh7+vhOSQnAE4emD+Tydww/aKUssVscRPjvzP45JP qThPFgY+YHXajnNC1046V7lE2sws1vkjFn7nHdJe7egM+AzxNJfp1BEnKrMzjn+Zf7GQde4oQn4x0 FY+UeGwDSJP4Gs1xch6MDNJbpUie8C3WIUQGKs3yNfrE5cmbrkp1klqcvu/NaTH1sBo9gZ339LhbX mCHpkxxFSKjcvE9lQj7oEeEb5f3rouwoKS9IHN3hDR1yr1UFq7vbLzTuvJDdCIewUwu23sjwMdp18 zZW2bpqJwW4/ig==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Thomas Ieong Subject: Re: bug#61740: [PATCH] services: Add rspamd-service-type. In-Reply-To: (Bruno Victal's message of "Sat, 25 Feb 2023 21:33:57 +0000") References: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) Date: Tue, 08 Aug 2023 17:34:45 +0200 Message-ID: <87v8dppmy2.fsf_-_@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 61740 Cc: Bruno Victal , 61740@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Thomas, It=E2=80=99s been a while. :-) Did you have time to consider Bruno=E2=80= =99s suggestions to send an updated patch? https://issues.guix.gnu.org/61740 Thanks, Ludo=E2=80=99. Bruno Victal skribis: > Hi, > > On 2023-02-23 20:16, Thomas Ieong wrote: >> * gnu/services/mail.scm (rspamd-service-type): New variable. >> * gnu/tests/mail.scm (%test-rspamd): New variable. >> * doc/guix.texi: Document it. >> --- >>=20 >> Hey Guix! >>=20 >> First time contributor here, this patch >> introduces some basic support for rspamd. >>=20 >> I do need guidance on some points. >>=20 >> How to handle the extra configs that a user can >> provide to rspamd? >>=20 >> On your average linux distro rspamd does expects >> you to not touch the rspamd.conf and instead put >> your changes in the /etc/rspamd/{local.d,override.d} directories >> (local is enough to redefine most settings, but if there are changes mad= e via the web ui, the web ui changes takes precedence, you need to use over= ride.d if you want to freeze a setting.) >>=20 >> For example to set the password of the web ui >> you're supposed to create /etc/rspamd/local.d/worker-controller.inc >> and then set password =3D "some_hash"; >>=20 >> Then this will get merged with the config >> as something like: >>=20 >> worker { >> type =3D "controller"; >> password =3D "some_hash"; >> } >>=20 >> The point is we could ignore local.d/override.d >> and write these blocks directly to rspamd.conf. > > For most services, the configuration is expected to be read-only (and gen= erated & managed by guix) > though it is possible to have a mix of non guix-managed config files (but= discouraged). > > If you simply want to store the configuration in separate files, pulseaud= io-service-type and mympd-service-type is an example that can do this. > >>=20 >> Of course it needs some additionals configuration records for the worker= s and the common options >> between them. >>=20 >> And finally for the test I do plan to add integration test with opensmtp= d when I get the time. >>=20 >> Are there examples of such integration test? > > Specific examples no but gnu/tests/ contains many tests of varying comple= xity that could serve as inspiration. > See the NFS or web server tests. > >> + >> +@deftp {Data Type} rspamd-configuration >> +Data type representing the configuration of @command{rspamd}. >> + >> +@table @asis >> +@item @code{package} (default: @code{rspamd}) >> +The package that provides @command{rspamd}. >> + >> +@item @code{config-file} (default: @code{%default-rspamd-config-file}) >> +File-like object of the configuration file to use. By default >> +all workers are enabled except fuzzy and they are binded >> +to their usual ports, e.g localhost:11334, localhost:11333 and so on. >> + >> +@item @code{user} (default: @code{"rspamd"}) >> +The user to run rspamd as. >> + >> +@item @code{group} (default: @code{"rspamd"}) >> +The user to run rspamd as. >> + >> +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"}) >> +Where to store the PID file. >> + >> +@item @code{debug?} (default: @code{#f}) >> +Force debug output. >> + >> +@item @code{insecure?} (default: @code{#f}) >> +Ignore running workers as privileged users (insecure). >> + >> +@item @code{skip-template?} (default: @code{#f}) >> +Do not apply Jinja templates. >> + >> +@end table >> +@end deftp >> + > > Was this manually typed? (It seems to be the case since it's missing the = field type information) > You can generate the documentation automatically with configuration->docu= mentation since you're using define-configuration. > >> +;;; >> +;;; Rspamd. >> +;;; >> + >> +(define-maybe boolean) >> + >> +(define-configuration rspamd-configuration >> + (package >> + (file-like rspamd) >> + "The package that provides rspamd." >> + empty-serializer) >> + (config-file >> + (file-like %default-rspamd-config-file) >> + "File-like object of the configuration file to use. By default >> +all workers are enabled except fuzzy and they are binded >> +to their usual ports, e.g localhost:11334, localhost:11333 and so on") >> + (user >> + (string "rspamd") >> + "The user to run rspamd as." >> + empty-serializer) >> + (group >> + (string "rspamd") >> + "The group to run rspamd as." >> + empty-serializer) >> + (pid-file >> + (string "/var/run/rspamd/rspamd.pid") >> + "Where to store the PID file." >> + empty-serializer) >> + (debug? >> + maybe-boolean >> + "Force debug output." >> + empty-serializer) >> + (insecure? >> + maybe-boolean >> + "Ignore running workers as privileged users (insecure)." >> + empty-serializer) >> + (skip-template? >> + maybe-boolean >> + "Do not apply Jinja templates." >> + empty-serializer)) > > If you're not going to use any serializer, you can use define-configurati= on/no-serialization instead. > >> + >> +(define (rspamd-activation config) >> + (match-record config >> + (package config-file user) >> + #~(begin >> + (use-modules (guix build utils) >> + (ice-9 match)) >> + (let ((user (getpwnam #$user))) >> + (mkdir-p/perms "/etc/rspamd" user #o755) >> + (mkdir-p/perms "/etc/rspamd/local.d" user #o755) >> + (mkdir-p/perms "/etc/rspamd/override.d" user #o755) >> + (mkdir-p/perms "/var/run/rspamd" user #o755) >> + (mkdir-p/perms "/var/log/rspamd" user #o755) >> + (mkdir-p/perms "/var/lib/rspamd" user #o755)) >> + ;; Check configuration file syntax. >> + (system* (string-append #$package "/bin/rspamadm") >> + "configtest" >> + "-c" #$config-file)))) > > This should be moved into the service constructor. See how mpd-service-ty= pe does this. > > To expand a bit here, activation-service-type service-extensions are ofte= n abused for "pre-service launch tasks" > but this is incorrect usage (see #60657 which covers the pitfalls on doin= g so). > >> + >> +(define rspamd-profile >> + (compose list rspamd-configuration-package)) > > How about:=20 > (service-extension profile-service-type > (compose list rspamd-configuration-package)) > > >> diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm >> index f13751b72f..f532d30805 100644 > > Do not forget to register this file in gnu/local.mk. > > > Cheers, > Bruno From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 05 15:06:14 2023 Received: (at 61740) by debbugs.gnu.org; 5 Sep 2023 19:06:14 +0000 Received: from localhost ([127.0.0.1]:59298 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qdbNN-0003zm-Kk for submit@debbugs.gnu.org; Tue, 05 Sep 2023 15:06:14 -0400 Received: from vmi571514.contaboserver.net ([75.119.130.101]:60246 helo=mail.laesvuori.fi) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qdbNJ-0003zZ-4K for 61740@debbugs.gnu.org; Tue, 05 Sep 2023 15:06:12 -0400 Received: from X-kone (88-113-24-127.elisa-laajakaista.fi [88.113.24.127]) by mail.laesvuori.fi (Postfix) with ESMTPSA id 7F87F342FBE; Tue, 5 Sep 2023 21:06:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1693940792; bh=xNL1ukIUb7BzTB2WUCm7CKx2GmLgBANjCpaEgNROKSw=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=WkVIgODCD1fin1RdkFkDDo8fwGb4WVmPxUOK4Wz6lKCt98gv+pAMm33O7+b/7ICLY zDGkMLEBh0yzeprobqbyZ9AtGwpAtuOi0GLztSaOaKiAAbB0d1+UHrahsybqUCEu2p A1SQckdC7Aiq/U1/BC8p+TF7x7vQbQM/MamHwric= Date: Tue, 5 Sep 2023 22:06:01 +0300 From: Saku Laesvuori To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#61740] [PATCH] services: Add rspamd-service-type. Message-ID: References: <68b32de839c2abda283be3539eef38aebd53d82e.1677183321.git.th.ieong@free.fr> <87v8dppmy2.fsf_-_@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zstcuoycj7qgl5v4" Content-Disposition: inline In-Reply-To: <87v8dppmy2.fsf_-_@gnu.org> X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 61740 Cc: Thomas Ieong , Bruno Victal , 61740@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --zstcuoycj7qgl5v4 Content-Type: multipart/mixed; boundary="vjgogpwgy6alpyss" Content-Disposition: inline --vjgogpwgy6alpyss Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > Hi Thomas, >=20 > It=E2=80=99s been a while. :-) Did you have time to consider Bruno=E2= =80=99s > suggestions to send an updated patch? >=20 > https://issues.guix.gnu.org/61740 >=20 > Thanks, > Ludo=E2=80=99. I happened to need rspamd myself so I cleaned this patch a little and thought it would be useful to submit a v2 of it. I don't really know how co-authored patches should be sent (because I expect the From: in the patch to interfere with email) so I added it as an attachment. --vjgogpwgy6alpyss Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="v2-0001-services-Add-rspamd-service-type.patch" Content-Transfer-Encoding: quoted-printable =46rom 0de51c84aaccfa389276188cc617ddb6c05772f1 Mon Sep 17 00:00:00 2001 Message-ID: <0de51c84aaccfa389276188cc617ddb6c05772f1.1693939190.git.saku@l= aesvuori.fi> =46rom: Thomas Ieong Date: Thu, 23 Feb 2023 21:16:14 +0100 Subject: [PATCH v2] services: Add rspamd-service-type. * gnu/services/mail.scm (rspamd-service-type): New variable. * gnu/tests/mail.scm (%test-rspamd): New variable. * doc/guix.texi: Document it. Co-authored-by: Saku Laesvuori --- doc/guix.texi | 61 +++++++++++++ gnu/services/mail.scm | 201 +++++++++++++++++++++++++++++++++++++++++- gnu/tests/mail.scm | 87 +++++++++++++++++- 3 files changed, 347 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index f82bb99069..04e4a60f97 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -119,6 +119,8 @@ Copyright @copyright{} 2023 Zheng Junjie@* Copyright @copyright{} 2023 Brian Cully@* Copyright @copyright{} 2023 Felix Lechner@* +Copyright @copyright{} 2023 Thomas Ieong@* +Copyright @copyright{} 2023 Saku Laesvuori@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -27393,6 +27395,65 @@ Mail Services @end table @end deftp =20 +@subsubheading Rspamd Service +@cindex email +@cindex spam + +@defvar rspamd-service-type +This is the type of the @uref{https://rspamd.com/, Rspamd} filtering +system whose value should be a @code{rspamd-configuration}. +@end defvar + +@c %start of fragment + +@deftp {Data Type} rspamd-configuration +Available @code{rspamd-configuration} fields are: + +@table @asis +@item @code{package} (default: @code{rspamd}) (type: file-like) +The package that provides rspamd. + +@item @code{config-file} (type: file-like) +File-like object of the configuration file to use. By default all +workers are enabled except fuzzy and they are binded to their usual +ports, e.g localhost:11334, localhost:11333 and so on + +@item @code{local.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in local.d, provided as a list of two element lists +where the first element is the filename and the second one is a +file-like object. Settings in these files will be merged with the +defaults. + +@item @code{override.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in override.d, provided as a list of two element +lists where the first element is the filename and the second one is a +file-like object. Settings in these files will override the defaults. + +@item @code{user} (default: @code{"rspamd"}) (type: string) +The user to run rspamd as. + +@item @code{group} (default: @code{"rspamd"}) (type: string) +The group to run rspamd as. + +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"}) (type= : string) +Where to store the PID file. + +@item @code{debug?} (default: @code{#f}) (type: boolean) +Force debug output. + +@item @code{insecure?} (default: @code{#f}) (type: boolean) +Ignore running workers as privileged users (insecure). + +@item @code{skip-template?} (default: @code{#f}) (type: boolean) +Do not apply Jinja templates. + +@end table + +@end deftp + + +@c %end of fragment + @node Messaging Services @subsection Messaging Services =20 diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 12dcc8e71d..43d39ecfe6 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -5,6 +5,8 @@ ;;; Copyright =C2=A9 2017, 2020 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2019 Kristofer Buffington ;;; Copyright =C2=A9 2020 Jonathan Brielmaier +;;; Copyright =C2=A9 2023 Thomas Ieong +;;; Copyright =C2=A9 2023 Saku Laesvuori ;;; ;;; This file is part of GNU Guix. ;;; @@ -80,7 +82,11 @@ (define-module (gnu services mail) radicale-configuration radicale-configuration? radicale-service-type - %default-radicale-config-file)) + %default-radicale-config-file + + rspamd-configuration + rspamd-service-type + %default-rspamd-config-file)) =20 ;;; Commentary: ;;; @@ -1987,3 +1993,196 @@ (define radicale-service-type (service-extension account-service-type (const %radicale-account= s)) (service-extension activation-service-type radicale-activation))) (default-value (radicale-configuration)))) + +;;; +;;; Rspamd. +;;; + +(define (directory-tree? xs) + (match xs + (((file-name file-like) ...) + (and (every string? file-name) + (every file-like? file-like))) + (_ #f))) + +(define-configuration/no-serialization rspamd-configuration + (package + (file-like rspamd) + "The package that provides rspamd.") + (config-file + (file-like %default-rspamd-config-file) + "File-like object of the configuration file to use. By default +all workers are enabled except fuzzy and they are binded +to their usual ports, e.g localhost:11334, localhost:11333 and so on") + (local.d-files + (directory-tree '()) + "Configuration files in local.d, provided as a list of two element list= s where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will be merged with the defaults.") + (override.d-files + (directory-tree '()) + "Configuration files in override.d, provided as a list of two element l= ists where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will override the defaults.") + (user + (string "rspamd") + "The user to run rspamd as.") + (group + (string "rspamd") + "The group to run rspamd as.") + (pid-file + (string "/var/run/rspamd/rspamd.pid") + "Where to store the PID file.") + (debug? + (boolean #f) + "Force debug output.") + (insecure? + (boolean #f) + "Ignore running workers as privileged users (insecure).") + (skip-template? + (boolean #f) + "Do not apply Jinja templates.")) + +(define %default-rspamd-config-file + (plain-file "rspamd.conf" " +.include \"$CONFDIR/common.conf\" + +options { + pidfile =3D \"$RUNDIR/rspamd.pid\"; + .include \"$CONFDIR/options.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/options.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/option= s.inc\" +} + +logging { + type =3D \"file\"; + filename =3D \"$LOGDIR/rspamd.log\"; + .include \"$CONFDIR/logging.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/logging.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/loggin= g.inc\" +} + +worker \"normal\" { + bind_socket =3D \"localhost:11333\"; + .include \"$CONFDIR/worker-normal.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-normal.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -normal.inc\" +} + +worker \"controller\" { + bind_socket =3D \"localhost:11334\"; + .include \"$CONFDIR/worker-controller.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-controller.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -controller.inc\" +} + +worker \"rspamd_proxy\" { + bind_socket =3D \"localhost:11332\"; + .include \"$CONFDIR/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -proxy.inc\" +} + +# Local fuzzy storage is disabled by default + +worker \"fuzzy\" { + bind_socket =3D \"localhost:11335\"; + count =3D -1; # Disable by default + .include \"$CONFDIR/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -fuzzy.inc\" +} +")) + +(define (rspamd-accounts config) + (match-record config + (user group) + (list + (user-group + (name group) + (system? #t)) + (user-account + (name user) + (group group) + (system? #t) + (comment "Rspamd daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))))) + +(define (rspamd-shepherd-service config) + (match-record config + (package config-file user group pid-file debug? insecure? skip-templat= e? + local.d-files override.d-files) + (list + (shepherd-service + (provision '(rspamd)) + (documentation "Run the rspamd daemon.") + (requirement '(networking)) + (start (let ((rspamd (file-append package "/bin/rspamd")) + (local-confdir + (file-union + "rspamd-local-confdir" + `(("local.d" ,(file-union "local.d" local.d-files)) + ("override.d" ,(file-union "override.d" override.d= -files)))))) + #~(begin + (use-modules (guix build utils) + (ice-9 match)) + (let ((user (getpwnam #$user))) + (mkdir-p/perms "/var/run/rspamd" user #o755) + (mkdir-p/perms "/var/log/rspamd" user #o755) + (mkdir-p/perms "/var/lib/rspamd" user #o755)) + ;; Check configuration file syntax. + (system* (string-append #$package "/bin/rspamadm") + "configtest" + "-c" #$config-file) + (make-forkexec-constructor + (list #$rspamd "-c" #$config-file + "--var" (string-append "LOCAL_CONFDIR=3D" #$local-co= nfdir) + "--no-fork" + #$@(if debug? + '("--debug") + '()) + #$@(if insecure? + '("--insecure") + '()) + #$@(if skip-template? + '("--skip-template") + '())) + #:user #$user + #:group #$group)))) + (stop #~(make-kill-destructor)) + (actions + (list + (shepherd-configuration-action config-file) + (shepherd-action + (name 'reload) + (documentation "Reload rspamd.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGHUP) + (display "Service rspamd has been reloaded")) + (format #t "Service rspamd is not running."))))) + (shepherd-action + (name 'reopenlog) + (documentation "Reopen log files.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGUSR1) + (display "Reopening the logs for rspamd")) + (format #t "Service rspamd is not running."))))))))))) + +(define rspamd-service-type + (service-type + (name 'rspamd) + (description "Run the rapid spam filtering system.") + (extensions + (list + (service-extension shepherd-root-service-type rspamd-shepherd-service) + (service-extension account-service-type rspamd-accounts) + (service-extension profile-service-type + (compose list rspamd-configuration-package)))) + (default-value (rspamd-configuration)))) diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm index dcb8f08ea8..4dae6886b2 100644 --- a/gnu/tests/mail.scm +++ b/gnu/tests/mail.scm @@ -6,6 +6,7 @@ ;;; Copyright =C2=A9 2018 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2019 Christopher Baines ;;; Copyright =C2=A9 2019, 2020 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2023 Thomas Ieong ;;; ;;; This file is part of GNU Guix. ;;; @@ -40,7 +41,8 @@ (define-module (gnu tests mail) #:export (%test-opensmtpd %test-exim %test-dovecot - %test-getmail)) + %test-getmail + %test-rspamd)) =20 (define %opensmtpd-os (simple-operating-system @@ -579,3 +581,86 @@ (define %test-getmail (name "getmail") (description "Connect to a running Getmail server.") (value (run-getmail-test)))) + +(define %rspamd-os + (simple-operating-system + (service dhcp-client-service-type) + (service rspamd-service-type))) + +(define (run-rspamd-test) + "Return a test of an OS running Rspamd service." + + (define rspamd-ports + '((22664 . 11332) ;; proxy worker + (22666 . 11333) ;; normal worker + (22668 . 11334) ;; web controller + (22670 . 11335))) ;; fuzzy worker + + (define vm + (virtual-machine + (operating-system (marionette-operating-system + %rspamd-os + #:imported-modules '((gnu services herd)))) + (port-forwardings rspamd-ports))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (srfi srfi-11) + (gnu build marionette) + (web uri) + (web client) + (web response)) + + (define marionette + (make-marionette '(#$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "rspamd") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'rspamd)) + marionette)) + + + ;; Check mympd-service-type commit for reference + ;; TODO: For this test we need to authorize the controller to + ;; listen on other interfaces, e.g *:11334 instead of localhost:= 11334 + + ;; Check that we can access the web ui + (test-equal "http-get" + 200 + (begin + (let-values (((response text) + (http-get "http://localhost:22668/" + #:decode-body? #t))) + (response-code response)))) + + (test-assert "rspamd socket ready" + (wait-for-unix-socket + "/var/lib/rspamd/rspamd.sock" + marionette)) + + (test-assert "rspamd pid ready" + (marionette-eval + '(file-exists? "/var/run/rspamd/rspamd.pid") + marionette)) + + (test-assert "rspamd log file" + (marionette-eval + '(file-exists? "/var/log/rspamd/rspamd.log") + marionette)) + + (test-end)))) + + (gexp->derivation "rspamd-test" test)) + +(define %test-rspamd + (system-test + (name "rspamd") + (description "Send an email to a running rspamd server.") + (value (run-rspamd-test)))) base-commit: 2d4d147839b81ba8761c9e50cabe9b60025dc670 --=20 2.41.0 --vjgogpwgy6alpyss-- --zstcuoycj7qgl5v4 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmT3fBkACgkQJX0oSiod OjI0WBAAv99T0FMl44P8kJo/0ds5Muy0kk3GXxdq4oCDNGjiWzgnw0lA6R26KAYO uRsaJ6TuTkupV3MJ3Zhv5WRIc/PAyal8tB5rux8xajwq8Ig3d9wrT9syV9R6TndV gNoWmzH9VGoEkRGHoJ4ye+H3BRka6nXffgilEX7vkbJY30AKybQX3tkvMDK6ln4w ubu8pPNcANAuHPVghKxuSAwuZR4xXhq4L+WIUqn8sBGuFaLjpuqe2DfBWMNefcVf pXicpLTkwtoTJ4LozehQfBCf3CMpVQT7DC0z6NP2IFD///L077EUh9CmKvewgl7D 0hwyGwiUTRPzgJ8fFRPWuj59wz2zZrCyTFLm62K8j5TfBs9KNoGWXHAyWAycI4+f FhYqfESCiv8cYVUqk5deZpdnXYADAjT4uk0/sAukixnmsmIrbaFI4+cfUv+SzuDG KSrMZerTQNMNBAEejQmmc6oTTmyT6aGO6st6r5nq0muwBgxj0RANz5KasyFJ4CQJ yFp7rPxe730CLC/zoj5ijKD5H4axBTajbIiwBtV8TDA/Ww2NLChcqrg2Cs5xEH+Q aVDVMyxiocKEjSD9gVFyyJdHxw24wcZUQbV5c0EdeppJ+ZRO53sDIaThJ1dzA/rI 8+Mhwh/3NS5U+uuLleh4rpwA+00OJfbTosH8kwLe9T/3zNbRjNM= =Z20Q -----END PGP SIGNATURE----- --zstcuoycj7qgl5v4-- From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 15 16:47:38 2023 Received: (at 61740) by debbugs.gnu.org; 15 Sep 2023 20:47:38 +0000 Received: from localhost ([127.0.0.1]:44971 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qhFj0-0001Ew-0Z for submit@debbugs.gnu.org; Fri, 15 Sep 2023 16:47:38 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]:53362) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qhFiu-0001Ej-UW for 61740@debbugs.gnu.org; Fri, 15 Sep 2023 16:47:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=KrKwmVRljwD+UT7 ZLBQ4wmVkLwOlEDRzvZY6SpRXSCk=; h=date:subject:cc:to:from; d=lease-up.com; b=FE6PWPkZiW849VT0TYhnGDgYeNY0W2Qi6M1VtdH+miV+3pbsDIGl C3f69PodqmQgI0unWer7jGZvn92M62SY4PeqJN9UCq0nL7eYBBkodcErdr/pNrPzObkIXc AK8rTtgiNCGitM6zHDcVzw+oM5L5cQ0Vx7yvHAHGHaq6zqit8= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 60822269 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Fri, 15 Sep 2023 20:47:23 +0000 (UTC) From: Felix Lechner To: Saku Laesvuori Subject: Re: [PATCH] services: Add rspamd-service-type. Date: Fri, 15 Sep 2023 13:47:14 -0700 Message-ID: <87sf7fqi3x.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 61740 Cc: Thomas Ieong , Bruno Victal , Ludovic =?utf-8?Q?Court=C3=A8s?= , 61740@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Saku, > I happened to need rspamd myself So do I but it does not seem to start locally. It created some folders and, per the log, the configuration file passed the syntax check, but then the boot stalls. I used (service rspamd-service-type) and nothing else in my system configuration. Should it be sufficient? Thanks! Kind regards Felix From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 16 16:10:37 2023 Received: (at 61740) by debbugs.gnu.org; 16 Sep 2023 20:10:37 +0000 Received: from localhost ([127.0.0.1]:48588 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qhbci-0000sQ-4s for submit@debbugs.gnu.org; Sat, 16 Sep 2023 16:10:37 -0400 Received: from vmi571514.contaboserver.net ([75.119.130.101]:40888 helo=mail.laesvuori.fi) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qhbce-0000sD-GI for 61740@debbugs.gnu.org; Sat, 16 Sep 2023 16:10:35 -0400 Received: from X-kone (88-113-24-127.elisa-laajakaista.fi [88.113.24.127]) by mail.laesvuori.fi (Postfix) with ESMTPSA id 03B023400C6; Sat, 16 Sep 2023 22:10:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1694895055; bh=ai7qN6wZqCQhLnHdwhbFjXUqGUciXO3VUaawG0cZzdI=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=ej/kyQMEjt+ScxkvoYBQAr7UxFEBjCn/wLj9V+XYkV57rcQ7iizF1VztD/5rLazBe rjxoMJczpVN9aYB2ff2wsp86DuiOL6wv8D4SlYtb9RzYqqOetJkqfJ8BGoZLA2Yu4R xni21ffcdgPVi4JDbLHiDD3syo5kBtG66NPyTVns= Date: Sat, 16 Sep 2023 23:10:20 +0300 From: Saku Laesvuori To: Felix Lechner Subject: Re: [PATCH] services: Add rspamd-service-type. Message-ID: References: <87sf7fqi3x.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="k26lrbqyetcc6pst" Content-Disposition: inline In-Reply-To: <87sf7fqi3x.fsf@lease-up.com> X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 61740 Cc: Thomas Ieong , Bruno Victal , Ludovic =?utf-8?Q?Court=C3=A8s?= , 61740@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --k26lrbqyetcc6pst Content-Type: multipart/mixed; boundary="qbiyyw2betezacki" Content-Disposition: inline --qbiyyw2betezacki Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 15, 2023 at 01:47:14PM -0700, Felix Lechner wrote: > Hi Saku, >=20 > > I happened to need rspamd myself >=20 > So do I but it does not seem to start locally. It created some folders > and, per the log, the configuration file passed the syntax check, but > then the boot stalls. >=20 > I used (service rspamd-service-type) and nothing else in my system > configuration. Should it be sufficient? Thanks! Oops, the version I tested (and am running right now) used activation-service-type and I forgot to test that it was still working after moving the code from there to the shepherd service. A fixed v3 is attached. --qbiyyw2betezacki Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="v3-0001-services-Add-rspamd-service-type.patch" Content-Transfer-Encoding: quoted-printable =46rom 886c32091bdc032c4180d490125a131df79b705c Mon Sep 17 00:00:00 2001 Message-ID: <886c32091bdc032c4180d490125a131df79b705c.1694894798.git.saku@l= aesvuori.fi> =46rom: Thomas Ieong Date: Thu, 23 Feb 2023 21:16:14 +0100 Subject: [PATCH v3] services: Add rspamd-service-type. * gnu/services/mail.scm (rspamd-service-type): New variable. * gnu/tests/mail.scm (%test-rspamd): New variable. * doc/guix.texi: Document it. Co-authored-by: Saku Laesvuori --- This version imports (gnu build activation) in the shepherd start action and removes the syntax check, because I expect the service to fail anyway if the configuration file syntax is invalid and the check seemed to prevent booting (no idea why). doc/guix.texi | 61 +++++++++++++ gnu/services/mail.scm | 197 +++++++++++++++++++++++++++++++++++++++++- gnu/tests/mail.scm | 87 ++++++++++++++++++- 3 files changed, 343 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index f82bb99069..04e4a60f97 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -119,6 +119,8 @@ Copyright @copyright{} 2023 Zheng Junjie@* Copyright @copyright{} 2023 Brian Cully@* Copyright @copyright{} 2023 Felix Lechner@* +Copyright @copyright{} 2023 Thomas Ieong@* +Copyright @copyright{} 2023 Saku Laesvuori@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -27393,6 +27395,65 @@ Mail Services @end table @end deftp =20 +@subsubheading Rspamd Service +@cindex email +@cindex spam + +@defvar rspamd-service-type +This is the type of the @uref{https://rspamd.com/, Rspamd} filtering +system whose value should be a @code{rspamd-configuration}. +@end defvar + +@c %start of fragment + +@deftp {Data Type} rspamd-configuration +Available @code{rspamd-configuration} fields are: + +@table @asis +@item @code{package} (default: @code{rspamd}) (type: file-like) +The package that provides rspamd. + +@item @code{config-file} (type: file-like) +File-like object of the configuration file to use. By default all +workers are enabled except fuzzy and they are binded to their usual +ports, e.g localhost:11334, localhost:11333 and so on + +@item @code{local.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in local.d, provided as a list of two element lists +where the first element is the filename and the second one is a +file-like object. Settings in these files will be merged with the +defaults. + +@item @code{override.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in override.d, provided as a list of two element +lists where the first element is the filename and the second one is a +file-like object. Settings in these files will override the defaults. + +@item @code{user} (default: @code{"rspamd"}) (type: string) +The user to run rspamd as. + +@item @code{group} (default: @code{"rspamd"}) (type: string) +The group to run rspamd as. + +@item @code{pid-file} (default: @code{"/var/run/rspamd/rspamd.pid"}) (type= : string) +Where to store the PID file. + +@item @code{debug?} (default: @code{#f}) (type: boolean) +Force debug output. + +@item @code{insecure?} (default: @code{#f}) (type: boolean) +Ignore running workers as privileged users (insecure). + +@item @code{skip-template?} (default: @code{#f}) (type: boolean) +Do not apply Jinja templates. + +@end table + +@end deftp + + +@c %end of fragment + @node Messaging Services @subsection Messaging Services =20 diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 12dcc8e71d..d8720907c8 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -5,6 +5,8 @@ ;;; Copyright =C2=A9 2017, 2020 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2019 Kristofer Buffington ;;; Copyright =C2=A9 2020 Jonathan Brielmaier +;;; Copyright =C2=A9 2023 Thomas Ieong +;;; Copyright =C2=A9 2023 Saku Laesvuori ;;; ;;; This file is part of GNU Guix. ;;; @@ -80,7 +82,11 @@ (define-module (gnu services mail) radicale-configuration radicale-configuration? radicale-service-type - %default-radicale-config-file)) + %default-radicale-config-file + + rspamd-configuration + rspamd-service-type + %default-rspamd-config-file)) =20 ;;; Commentary: ;;; @@ -1987,3 +1993,192 @@ (define radicale-service-type (service-extension account-service-type (const %radicale-account= s)) (service-extension activation-service-type radicale-activation))) (default-value (radicale-configuration)))) + +;;; +;;; Rspamd. +;;; + +(define (directory-tree? xs) + (match xs + (((file-name file-like) ...) + (and (every string? file-name) + (every file-like? file-like))) + (_ #f))) + +(define-configuration/no-serialization rspamd-configuration + (package + (file-like rspamd) + "The package that provides rspamd.") + (config-file + (file-like %default-rspamd-config-file) + "File-like object of the configuration file to use. By default +all workers are enabled except fuzzy and they are binded +to their usual ports, e.g localhost:11334, localhost:11333 and so on") + (local.d-files + (directory-tree '()) + "Configuration files in local.d, provided as a list of two element list= s where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will be merged with the defaults.") + (override.d-files + (directory-tree '()) + "Configuration files in override.d, provided as a list of two element l= ists where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will override the defaults.") + (user + (string "rspamd") + "The user to run rspamd as.") + (group + (string "rspamd") + "The group to run rspamd as.") + (pid-file + (string "/var/run/rspamd/rspamd.pid") + "Where to store the PID file.") + (debug? + (boolean #f) + "Force debug output.") + (insecure? + (boolean #f) + "Ignore running workers as privileged users (insecure).") + (skip-template? + (boolean #f) + "Do not apply Jinja templates.")) + +(define %default-rspamd-config-file + (plain-file "rspamd.conf" " +.include \"$CONFDIR/common.conf\" + +options { + pidfile =3D \"$RUNDIR/rspamd.pid\"; + .include \"$CONFDIR/options.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/options.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/option= s.inc\" +} + +logging { + type =3D \"file\"; + filename =3D \"$LOGDIR/rspamd.log\"; + .include \"$CONFDIR/logging.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/logging.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/loggin= g.inc\" +} + +worker \"normal\" { + bind_socket =3D \"localhost:11333\"; + .include \"$CONFDIR/worker-normal.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-normal.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -normal.inc\" +} + +worker \"controller\" { + bind_socket =3D \"localhost:11334\"; + .include \"$CONFDIR/worker-controller.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-controller.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -controller.inc\" +} + +worker \"rspamd_proxy\" { + bind_socket =3D \"localhost:11332\"; + .include \"$CONFDIR/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -proxy.inc\" +} + +# Local fuzzy storage is disabled by default + +worker \"fuzzy\" { + bind_socket =3D \"localhost:11335\"; + count =3D -1; # Disable by default + .include \"$CONFDIR/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -fuzzy.inc\" +} +")) + +(define (rspamd-accounts config) + (match-record config + (user group) + (list + (user-group + (name group) + (system? #t)) + (user-account + (name user) + (group group) + (system? #t) + (comment "Rspamd daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))))) + +(define (rspamd-shepherd-service config) + (match-record config + (package config-file user group pid-file debug? insecure? skip-templat= e? + local.d-files override.d-files) + (list + (shepherd-service + (provision '(rspamd)) + (documentation "Run the rspamd daemon.") + (requirement '(networking)) + (start (let ((rspamd (file-append package "/bin/rspamd")) + (local-confdir + (file-union + "rspamd-local-confdir" + `(("local.d" ,(file-union "local.d" local.d-files)) + ("override.d" ,(file-union "override.d" override.d= -files)))))) + (with-imported-modules (source-module-closure '((gnu build = activation))) + #~(begin + (use-modules (gnu build activation)) ; for mkdir-p/pe= rms + (let ((user (getpwnam #$user))) + (mkdir-p/perms "/var/run/rspamd" user #o755) + (mkdir-p/perms "/var/log/rspamd" user #o755) + (mkdir-p/perms "/var/lib/rspamd" user #o755)) + (make-forkexec-constructor + (list #$rspamd "-c" #$config-file + "--var" (string-append "LOCAL_CONFDIR=3D" #$lo= cal-confdir) + "--no-fork" + #$@(if debug? + '("--debug") + '()) + #$@(if insecure? + '("--insecure") + '()) + #$@(if skip-template? + '("--skip-template") + '())) + #:user #$user + #:group #$group))))) + (stop #~(make-kill-destructor)) + (actions + (list + (shepherd-configuration-action config-file) + (shepherd-action + (name 'reload) + (documentation "Reload rspamd.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGHUP) + (display "Service rspamd has been reloaded")) + (format #t "Service rspamd is not running."))))) + (shepherd-action + (name 'reopenlog) + (documentation "Reopen log files.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGUSR1) + (display "Reopening the logs for rspamd")) + (format #t "Service rspamd is not running."))))))))))) + +(define rspamd-service-type + (service-type + (name 'rspamd) + (description "Run the rapid spam filtering system.") + (extensions + (list + (service-extension shepherd-root-service-type rspamd-shepherd-service) + (service-extension account-service-type rspamd-accounts) + (service-extension profile-service-type + (compose list rspamd-configuration-package)))) + (default-value (rspamd-configuration)))) diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm index dcb8f08ea8..4dae6886b2 100644 --- a/gnu/tests/mail.scm +++ b/gnu/tests/mail.scm @@ -6,6 +6,7 @@ ;;; Copyright =C2=A9 2018 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2019 Christopher Baines ;;; Copyright =C2=A9 2019, 2020 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2023 Thomas Ieong ;;; ;;; This file is part of GNU Guix. ;;; @@ -40,7 +41,8 @@ (define-module (gnu tests mail) #:export (%test-opensmtpd %test-exim %test-dovecot - %test-getmail)) + %test-getmail + %test-rspamd)) =20 (define %opensmtpd-os (simple-operating-system @@ -579,3 +581,86 @@ (define %test-getmail (name "getmail") (description "Connect to a running Getmail server.") (value (run-getmail-test)))) + +(define %rspamd-os + (simple-operating-system + (service dhcp-client-service-type) + (service rspamd-service-type))) + +(define (run-rspamd-test) + "Return a test of an OS running Rspamd service." + + (define rspamd-ports + '((22664 . 11332) ;; proxy worker + (22666 . 11333) ;; normal worker + (22668 . 11334) ;; web controller + (22670 . 11335))) ;; fuzzy worker + + (define vm + (virtual-machine + (operating-system (marionette-operating-system + %rspamd-os + #:imported-modules '((gnu services herd)))) + (port-forwardings rspamd-ports))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (srfi srfi-11) + (gnu build marionette) + (web uri) + (web client) + (web response)) + + (define marionette + (make-marionette '(#$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "rspamd") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'rspamd)) + marionette)) + + + ;; Check mympd-service-type commit for reference + ;; TODO: For this test we need to authorize the controller to + ;; listen on other interfaces, e.g *:11334 instead of localhost:= 11334 + + ;; Check that we can access the web ui + (test-equal "http-get" + 200 + (begin + (let-values (((response text) + (http-get "http://localhost:22668/" + #:decode-body? #t))) + (response-code response)))) + + (test-assert "rspamd socket ready" + (wait-for-unix-socket + "/var/lib/rspamd/rspamd.sock" + marionette)) + + (test-assert "rspamd pid ready" + (marionette-eval + '(file-exists? "/var/run/rspamd/rspamd.pid") + marionette)) + + (test-assert "rspamd log file" + (marionette-eval + '(file-exists? "/var/log/rspamd/rspamd.log") + marionette)) + + (test-end)))) + + (gexp->derivation "rspamd-test" test)) + +(define %test-rspamd + (system-test + (name "rspamd") + (description "Send an email to a running rspamd server.") + (value (run-rspamd-test)))) base-commit: 2d4d147839b81ba8761c9e50cabe9b60025dc670 --=20 2.41.0 --qbiyyw2betezacki-- --k26lrbqyetcc6pst Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmUGC6wACgkQJX0oSiod OjLN5RAAlOC4A0Ps5ynly792hGultMvda+QrNyTJrW9zQnwSB/0nFGCku3DuSKyl 58THolYBb/YkZLTlDuqPSaq0Dll35iqK1Wj1mn/KZG5smUzTnN/GlOWZV6VG+Btd iUW4VriGR2rmsyEE3sBuNvsInO4VeFQ7SDcmteOqPHheceC2m8hO4/PAF7QotxYA l7Cn+srWL+OjIc3EmdPUbMe5KE7Q9Xm2aYdfBJv4yS7QMSyonKJdTQ8KN2J6+Oe9 ihG7qVyNbmPFqqNFG6NDBstNLBeVk7cdrHBpG41qLZMP0DW/uSbXdFnsd+y6fvGh RC6pjnq/072DKwu7LIh2vR3Kb2RmP/Fke6io9GWt8Pi6lUkbE8RTrMrMgNoS3zp2 tlgDqqIcr/QteEZLkV/o22B96bWn05UKAq5Ppq6CFTKXNinxjf2AW2t0VIg4g8cq v3megnZhhHto2Qxoa0hkU8mbgOy0EvhtW3m3x3z6Ehq/Kj8s6xtJnqghbLOKaIE2 u/7sGs1iLWMBjFGSwvw+u3kl8SVMEZNLaiAJpa5FNMMaOL+x0xLXqraOQKxl4TSl j4gyn0Yv+sqOAFCiAFBJhM0slHCweFoMpQkDXEDOxIwgXyTaoWPJ24oRFWD1fkAX 7a2Xtvzm/7j2PlCs84mYZuwwHy08I7kDZGi/4nd6t9cSIjEGDj0= =GAFM -----END PGP SIGNATURE----- --k26lrbqyetcc6pst-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 30 22:11:29 2023 Received: (at 61740) by debbugs.gnu.org; 1 Dec 2023 03:11:29 +0000 Received: from localhost ([127.0.0.1]:54874 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r8tw9-0003u5-0M for submit@debbugs.gnu.org; Thu, 30 Nov 2023 22:11:29 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]:36790) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r8tw6-0003tw-HT for 61740@debbugs.gnu.org; Thu, 30 Nov 2023 22:11:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=d7xHwDQ32egLDVK si62BQc09KQrc00I6iLsgS0nUMfE=; h=date:subject:cc:to:from; d=lease-up.com; b=j3ZsdxsCPO6Qm0KdMyzi9ZQjgx+f936Jt9IKxGOG0ZcRX7fTuB7W IflquVUhdZHHSkPTN0k/HQse1DeSIpNJdKK5Mqsjhti1TSObSBG0A2OtJQ86gCdzfkJIXl ZhmoTcvwMU8fT6DDDke4mYd9YB+Nlq7ieloJ+T9kdypwT96yI= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 29b02e4e (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Fri, 1 Dec 2023 03:11:16 +0000 (UTC) From: Felix Lechner To: 61740@debbugs.gnu.org Subject: Re: [PATCH] services: Add rspamd-service-type. Date: Thu, 30 Nov 2023 19:11:16 -0800 Message-ID: <87plzqk46j.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 61740 Cc: Thomas Ieong , Bruno Victal , Ludovic =?utf-8?Q?Court=C3=A8s?= , Saku Laesvuori X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, This patch is ready to be merged. I have been running the v3 patch of the rspamd-service-type, which was posted here attached and not inline, on my production equipment since the day Saku shared it. I use it with OpenSMTPd like this. [1] Kind regards Felix [1] https://codeberg.org/lechner/system-config/src/commit/047830c4248076cec9e29ecd4f3c77d151afb102/host/wallace-server/operating-system.scm#L1226 From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 06 09:58:39 2023 Received: (at 61740) by debbugs.gnu.org; 6 Dec 2023 14:58:39 +0000 Received: from localhost ([127.0.0.1]:40162 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rAtME-0005yf-Qm for submit@debbugs.gnu.org; Wed, 06 Dec 2023 09:58:39 -0500 Received: from smtpmciv2.myservices.hosting ([185.26.107.238]:49592) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rAtMC-0005yV-JU for 61740@debbugs.gnu.org; Wed, 06 Dec 2023 09:58:37 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv2.myservices.hosting (Postfix) with ESMTP id 517EF20CAF; Wed, 6 Dec 2023 15:58:22 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id ADDDF80095; Wed, 6 Dec 2023 15:58:21 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 22Fg1guxZq_z; Wed, 6 Dec 2023 15:58:21 +0100 (CET) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 908DA80067; Wed, 6 Dec 2023 15:58:20 +0100 (CET) Message-ID: Date: Wed, 6 Dec 2023 14:58:19 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Bruno Victal Subject: Re: [bug#61740] [PATCH v3] services: Add rspamd-service-type. (was [bug#61740] [PATCH] services: Add rspamd-service-type.) To: Saku Laesvuori , Thomas Ieong References: <87sf7fqi3x.fsf@lease-up.com> Content-Language: en-US In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------8yW2BoaS4L6AF2x2e7I8mTII" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 61740 Cc: =?UTF-8?Q?Ludovic_Court=C3=A8s?= , 61740@debbugs.gnu.org, Felix Lechner X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------8yW2BoaS4L6AF2x2e7I8mTII Content-Type: multipart/mixed; boundary="------------AseMUcHg90az0Qb4pSy8Epmo"; protected-headers="v1" From: Bruno Victal To: Saku Laesvuori , Thomas Ieong Cc: =?UTF-8?Q?Ludovic_Court=C3=A8s?= , Felix Lechner , 61740@debbugs.gnu.org Message-ID: Subject: Re: [bug#61740] [PATCH v3] services: Add rspamd-service-type. (was [bug#61740] [PATCH] services: Add rspamd-service-type.) References: <87sf7fqi3x.fsf@lease-up.com> In-Reply-To: --------------AseMUcHg90az0Qb4pSy8Epmo Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Saku, Some comments: > +(define (directory-tree? xs) > + (match xs > + (((file-name file-like) ...) > + (and (every string? file-name) > + (every file-like? file-like))) > + (_ #f))) You can express this more compactly as: --8<---------------cut here---------------start------------->8--- (define directory-tree? (match-lambda ((((? string?) (? file-like?)) ...) #t) (_ #f))) --8<---------------cut here---------------end--------------->8--- > + (user > + (string "rspamd") > + "The user to run rspamd as.") > + (group > + (string "rspamd") > + "The group to run rspamd as.") How about using user-account and user-group records instead? (see vnstat-service-type for an example) > + (pid-file > + (string "/var/run/rspamd/rspamd.pid") > + "Where to store the PID file.") Is it useful to expose this? > + (insecure? > + (boolean #f) > + "Ignore running workers as privileged users (insecure).") To me it seems redundant to restate =E2=80=9C(insecure)=E2=80=9D in the d= escription. > + (make-forkexec-constructor > + (list #$rspamd "-c" #$config-file I'd prefer the long-name --config over the shorter ones here. > + "--var" (string-append "LOCAL_CONFDIR=3D" = #$local-confdir) Curiously I don't see this listed in the 'rspamd' manpage although it is on the 'rspamadm' one. Can you confirm whether this works and if so, report to upstream that their docs are missing this? > + (service-extension profile-service-type > + (compose list rspamd-configuration-package)) What's the motivation for adding the rspamd package to the profile? > +(define %rspamd-os > + (simple-operating-system > + (service dhcp-client-service-type) > + (service rspamd-service-type))) Is 'dhcp-client-service-type' needed for this system test? I haven't tested it but it looks unnecessary to me. > + ;; Check that we can access the web ui > + (test-equal "http-get" > + 200 > + (begin > + (let-values (((response text) > + (http-get "http://localhost:22668/" > + #:decode-body? #t))) > + (response-code response)))) IMO if you're only interested in the HTTP response code a http-head is the better option, unless the program handles those requests differently. Also, since 'text' isn't used you can simplify this to: --8<---------------cut here---------------start------------->8--- ;; Don't forget to remove the unused (srfi srfi-11) import. (test-equal "Web UI is accessible" 200 (response-code (http-head "http://localhost:22668/"))) --8<---------------cut here---------------end--------------->8--- > + (test-assert "rspamd pid ready" > + (marionette-eval > + '(file-exists? "/var/run/rspamd/rspamd.pid") > + marionette)) There's a procedure dedicated for this: --8<---------------cut here---------------start------------->8--- (test-assert "rspamd pid ready" (wait-for-file #$(rspamd-configuration-pid-file (rspamd-configuration))= marionette))) --8<---------------cut here---------------end--------------->8--- Note: I used (rspamd-configuration) since it you're using the default rspamd-configuration value here. > +(define %test-rspamd > + (system-test > + (name "rspamd") > + (description "Send an email to a running rspamd server.") > + (value (run-rspamd-test)))) I'd change the description to something like "Basic rspamd service test."= as the current one is misleading. --=20 Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno. --------------AseMUcHg90az0Qb4pSy8Epmo-- --------------8yW2BoaS4L6AF2x2e7I8mTII Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTAPCseV0HOaN0YFheobOGDL+spVQUCZXCMCwAKCRCobOGDL+sp VeKvAQDccYdL2rmGJnj7eEkhYCeONz7dcyx8F0nnFkLNMp7YBgD7B5cht2FmR0vg jeUNJLu4aXZUDFwyB3/eoA6Mi1PQxw0= =Knj7 -----END PGP SIGNATURE----- --------------8yW2BoaS4L6AF2x2e7I8mTII-- From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 08 03:17:46 2023 Received: (at 61740) by debbugs.gnu.org; 8 Dec 2023 08:17:47 +0000 Received: from localhost ([127.0.0.1]:43737 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rBW3N-0003Or-M4 for submit@debbugs.gnu.org; Fri, 08 Dec 2023 03:17:46 -0500 Received: from vmi571514.contaboserver.net ([75.119.130.101]:57422 helo=mail.laesvuori.fi) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rBW3G-0003ON-SV for 61740@debbugs.gnu.org; Fri, 08 Dec 2023 03:17:44 -0500 Received: from X-kone (unknown [130.233.144.30]) by mail.laesvuori.fi (Postfix) with ESMTPSA id B92B9340121; Fri, 8 Dec 2023 09:17:25 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1702023446; bh=QGwxNjRhgUdumYWXxJ7DYi294tmcAu8n3g0SJOxacwo=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=H0ZvpGJ9jOvBa396ONRLH61BAyJSU1ntGbtiyrocD0QwEdlqoAyhLgvuO8d4Gbahy hKvrjWfbboB+00MoQu7MLVSVinWrHNNzW+PtdNyzd/7OMnF45diLidMiWBiYT35/Hu pIBL+UdJt/Uz/G/+QNrxO9ixSzSRDIVGa78Auk3c= Date: Fri, 8 Dec 2023 10:17:21 +0200 From: Saku Laesvuori To: Bruno Victal Subject: Re: [bug#61740] [PATCH v3] services: Add rspamd-service-type. (was [bug#61740] [PATCH] services: Add rspamd-service-type.) Message-ID: <4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro> References: <87sf7fqi3x.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="f4qc5saaf4smhvxp" Content-Disposition: inline In-Reply-To: X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 61740 Cc: Thomas Ieong , Ludovic =?utf-8?Q?Court=C3=A8s?= , Felix Lechner , 61740@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --f4qc5saaf4smhvxp Content-Type: multipart/mixed; boundary="bxgnrao7elkpdkw3" Content-Disposition: inline --bxgnrao7elkpdkw3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 06, 2023 at 02:58:19PM +0000, Bruno Victal wrote: > Hi Saku, >=20 > Some comments: >=20 > > +(define (directory-tree? xs) > > + (match xs > > + (((file-name file-like) ...) > > + (and (every string? file-name) > > + (every file-like? file-like))) > > + (_ #f))) >=20 > You can express this more compactly as: >=20 > --8<---------------cut here---------------start------------->8--- > (define directory-tree? > (match-lambda > ((((? string?) (? file-like?)) ...) #t) > (_ #f))) > --8<---------------cut here---------------end--------------->8--- Done in v4. >=20 > > + (user > > + (string "rspamd") > > + "The user to run rspamd as.") > > + (group > > + (string "rspamd") > > + "The group to run rspamd as.") >=20 > How about using user-account and user-group records instead? (see > vnstat-service-type for an example) Done in v4. >=20 > > + (pid-file > > + (string "/var/run/rspamd/rspamd.pid") > > + "Where to store the PID file.") >=20 > Is it useful to expose this? I don't know. It was there when I picked up this patch but I can't come up with a case in which one would want to change it. Removed in v4. >=20 >=20 > > + (insecure? > > + (boolean #f) > > + "Ignore running workers as privileged users (insecure).") >=20 > To me it seems redundant to restate =E2=80=9C(insecure)=E2=80=9D in the d= escription. True. Removed in v4. >=20 > > + (make-forkexec-constructor > > + (list #$rspamd "-c" #$config-file >=20 > I'd prefer the long-name --config over the shorter ones here. Done in v4. > > + "--var" (string-append "LOCAL_CONFDIR=3D" = #$local-confdir) >=20 > Curiously I don't see this listed in the 'rspamd' manpage although > it is on the 'rspamadm' one. Can you confirm whether this works > and if so, report to upstream that their docs are missing this? It does work; I've used it since before I submitted this patch. The `--var` option is listed on `rspamd --help`. Unfortunately, Rspamd tracks their issues on Github and I'd prefer not registering an account there. > > + (service-extension profile-service-type > > + (compose list rspamd-configuration-package)) >=20 > What's the motivation for adding the rspamd package to the profile? That was also there when I picked up this patch. I assume it is added to the profile so that the `rspamadm` and `rspamc` programs are available and compatible with the daemon. I don't have strong feelings about this in either direction. > > +(define %rspamd-os > > + (simple-operating-system > > + (service dhcp-client-service-type) > > + (service rspamd-service-type))) >=20 > Is 'dhcp-client-service-type' needed for this system test? > I haven't tested it but it looks unnecessary to me. It provides 'networking for the http test. Apparently the test wasn't working yet anyway (I had no experience in Guix tests when I sent my versions of the patch and just assumed that they were working in Thomas' version). The tests are now fixed in v4. > > + ;; Check that we can access the web ui > > + (test-equal "http-get" > > + 200 > > + (begin > > + (let-values (((response text) > > + (http-get "http://localhost:22668/" > > + #:decode-body? #t))) > > + (response-code response)))) >=20 > IMO if you're only interested in the HTTP response code a http-head > is the better option, unless the program handles those requests > differently. Also, since 'text' isn't used you can simplify this to: >=20 > --8<---------------cut here---------------start------------->8--- > ;; Don't forget to remove the unused (srfi srfi-11) import. >=20 > (test-equal "Web UI is accessible" > 200 > (response-code (http-head "http://localhost:22668/"))) > --8<---------------cut here---------------end--------------->8--- Done in v4. > > + (test-assert "rspamd pid ready" > > + (marionette-eval > > + '(file-exists? "/var/run/rspamd/rspamd.pid") > > + marionette)) >=20 > There's a procedure dedicated for this: >=20 > --8<---------------cut here---------------start------------->8--- > (test-assert "rspamd pid ready" > (wait-for-file #$(rspamd-configuration-pid-file (rspamd-configuration))= marionette))) > --8<---------------cut here---------------end--------------->8--- Done in v4. > > +(define %test-rspamd > > + (system-test > > + (name "rspamd") > > + (description "Send an email to a running rspamd server.") > > + (value (run-rspamd-test)))) >=20 > I'd change the description to something like "Basic rspamd service test." > as the current one is misleading. Done in v4. --bxgnrao7elkpdkw3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =46rom 1a2a4378304e77ee6ac4823734b916c8810b0834 Mon Sep 17 00:00:00 2001 Message-ID: <1a2a4378304e77ee6ac4823734b916c8810b0834.1702023246.git.saku@l= aesvuori.fi> =46rom: Thomas Ieong Date: Thu, 23 Feb 2023 21:16:14 +0100 Subject: [PATCH v4] services: Add rspamd-service-type. * gnu/services/mail.scm (rspamd-service-type): New variable. * gnu/tests/mail.scm (%test-rspamd): New variable. * doc/guix.texi: Document it. Co-authored-by: Saku Laesvuori Change-Id: I7196643f087ffe9fc91aab231b69d5ed8dc9d198 --- doc/guix.texi | 62 +++++++++++++ gnu/services/mail.scm | 206 +++++++++++++++++++++++++++++++++++++++++- gnu/tests/mail.scm | 74 ++++++++++++++- 3 files changed, 340 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index f82bb99069..5875008ec3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -119,6 +119,8 @@ Copyright @copyright{} 2023 Zheng Junjie@* Copyright @copyright{} 2023 Brian Cully@* Copyright @copyright{} 2023 Felix Lechner@* +Copyright @copyright{} 2023 Thomas Ieong@* +Copyright @copyright{} 2023 Saku Laesvuori@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -27393,6 +27395,66 @@ Mail Services @end table @end deftp =20 +@subsubheading Rspamd Service +@cindex email +@cindex spam + +@defvar rspamd-service-type +This is the type of the @uref{https://rspamd.com/, Rspamd} filtering +system whose value should be a @code{rspamd-configuration}. +@end defvar + +@c %start of fragment + +@deftp {Data Type} rspamd-configuration +Available @code{rspamd-configuration} fields are: + +@table @asis +@item @code{package} (default: @code{rspamd}) (type: file-like) +The package that provides rspamd. + +@item @code{config-file} (default: @code{%default-rspamd-config-file}) (ty= pe: file-like) +File-like object of the configuration file to use. By default all +workers are enabled except fuzzy and they are binded to their usual +ports, e.g localhost:11334, localhost:11333 and so on + +@item @code{local.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in local.d, provided as a list of two element lists +where the first element is the filename and the second one is a +file-like object. Settings in these files will be merged with the +defaults. + +@item @code{override.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in override.d, provided as a list of two element +lists where the first element is the filename and the second one is a +file-like object. Settings in these files will override the defaults. + +@item @code{user} (default: @code{%default-rspamd-account}) (type: user-ac= count) +The user to run rspamd as. + +@item @code{group} (default: @code{%default-rspamd-group}) (type: user-gro= up) +The group to run rspamd as. + +@item @code{debug?} (default: @code{#f}) (type: boolean) +Force debug output. + +@item @code{insecure?} (default: @code{#f}) (type: boolean) +Ignore running workers as privileged users. + +@item @code{skip-template?} (default: @code{#f}) (type: boolean) +Do not apply Jinja templates. + +@item @code{shepherd-requirements} (default: @code{(loopback)}) (type: lis= t-of-symbols) +This is a list of symbols naming Shepherd services that this service +will depend on. + +@end table + +@end deftp + + +@c %end of fragment + @node Messaging Services @subsection Messaging Services =20 diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 12dcc8e71d..0ec0c43a4d 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -5,6 +5,8 @@ ;;; Copyright =C2=A9 2017, 2020 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2019 Kristofer Buffington ;;; Copyright =C2=A9 2020 Jonathan Brielmaier +;;; Copyright =C2=A9 2023 Thomas Ieong +;;; Copyright =C2=A9 2023 Saku Laesvuori ;;; ;;; This file is part of GNU Guix. ;;; @@ -80,7 +82,13 @@ (define-module (gnu services mail) radicale-configuration radicale-configuration? radicale-service-type - %default-radicale-config-file)) + %default-radicale-config-file + + rspamd-configuration + rspamd-service-type + %default-rspamd-account + %default-rspamd-config-file + %default-rspamd-group)) =20 ;;; Commentary: ;;; @@ -1987,3 +1995,199 @@ (define radicale-service-type (service-extension account-service-type (const %radicale-account= s)) (service-extension activation-service-type radicale-activation))) (default-value (radicale-configuration)))) + +;;; +;;; Rspamd. +;;; + +(define (directory-tree? xs) + (match xs + ((((? string?) (? file-like?)) ...) #t) + (_ #f))) + +(define (list-of-symbols? x) + (and (list? x) + (every symbol? x))) + +(define-configuration/no-serialization rspamd-configuration + (package + (file-like rspamd) + "The package that provides rspamd.") + (config-file + (file-like %default-rspamd-config-file) + "File-like object of the configuration file to use. By default +all workers are enabled except fuzzy and they are binded +to their usual ports, e.g localhost:11334, localhost:11333 and so on") + (local.d-files + (directory-tree '()) + "Configuration files in local.d, provided as a list of two element list= s where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will be merged with the defaults.") + (override.d-files + (directory-tree '()) + "Configuration files in override.d, provided as a list of two element l= ists where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will override the defaults.") + (user + (user-account %default-rspamd-account) + "The user to run rspamd as.") + (group + (user-group %default-rspamd-group) + "The group to run rspamd as.") + (debug? + (boolean #f) + "Force debug output.") + (insecure? + (boolean #f) + "Ignore running workers as privileged users.") + (skip-template? + (boolean #f) + "Do not apply Jinja templates.") + (shepherd-requirements + (list-of-symbols '(loopback)) + "This is a list of symbols naming Shepherd services that this service +will depend on.")) + +(define %default-rspamd-account + (user-account + (name "rspamd") + (group "rspamd") + (system? #t) + (comment "Rspamd daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))) + +(define %default-rspamd-group + (user-group + (name "rspamd") + (system? #t))) + +(define %default-rspamd-config-file + (plain-file "rspamd.conf" " +.include \"$CONFDIR/common.conf\" + +options { + pidfile =3D \"$RUNDIR/rspamd.pid\"; + .include \"$CONFDIR/options.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/options.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/option= s.inc\" +} + +logging { + type =3D \"file\"; + filename =3D \"$LOGDIR/rspamd.log\"; + .include \"$CONFDIR/logging.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/logging.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/loggin= g.inc\" +} + +worker \"normal\" { + bind_socket =3D \"localhost:11333\"; + .include \"$CONFDIR/worker-normal.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-normal.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -normal.inc\" +} + +worker \"controller\" { + bind_socket =3D \"localhost:11334\"; + .include \"$CONFDIR/worker-controller.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-controller.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -controller.inc\" +} + +worker \"rspamd_proxy\" { + bind_socket =3D \"localhost:11332\"; + .include \"$CONFDIR/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -proxy.inc\" +} + +# Local fuzzy storage is disabled by default + +worker \"fuzzy\" { + bind_socket =3D \"localhost:11335\"; + count =3D -1; # Disable by default + .include \"$CONFDIR/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -fuzzy.inc\" +} +")) + +(define (rspamd-accounts config) + (match-record config + (user group) + (list group user))) + +(define (rspamd-shepherd-service config) + (match-record config + (package config-file user group debug? insecure? skip-template? + local.d-files override.d-files shepherd-requirements) + (list + (shepherd-service + (provision '(rspamd)) + (documentation "Run the rspamd daemon.") + (requirement shepherd-requirements) + (start (let ((rspamd (file-append package "/bin/rspamd")) + (local-confdir + (file-union + "rspamd-local-confdir" + `(("local.d" ,(file-union "local.d" local.d-files)) + ("override.d" ,(file-union "override.d" override.d= -files)))))) + (with-imported-modules (source-module-closure '((gnu build = activation))) + #~(begin + (use-modules (gnu build activation)) ; for mkdir-p/pe= rms + (let ((user (getpwnam #$(user-account-name user)))) + (mkdir-p/perms "/var/run/rspamd" user #o755) + (mkdir-p/perms "/var/log/rspamd" user #o755) + (mkdir-p/perms "/var/lib/rspamd" user #o755)) + (make-forkexec-constructor + (list #$rspamd "--config" #$config-file + "--var" (string-append "LOCAL_CONFDIR=3D" #$lo= cal-confdir) + "--no-fork" + #$@(if debug? + '("--debug") + '()) + #$@(if insecure? + '("--insecure") + '()) + #$@(if skip-template? + '("--skip-template") + '())) + #:user #$(user-account-name user) + #:group #$(user-group-name group)))))) + (stop #~(make-kill-destructor)) + (actions + (list + (shepherd-configuration-action config-file) + (shepherd-action + (name 'reload) + (documentation "Reload rspamd.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGHUP) + (display "Service rspamd has been reloaded")) + (format #t "Service rspamd is not running."))))) + (shepherd-action + (name 'reopenlog) + (documentation "Reopen log files.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGUSR1) + (display "Reopening the logs for rspamd")) + (format #t "Service rspamd is not running."))))))))))) + +(define rspamd-service-type + (service-type + (name 'rspamd) + (description "Run the rapid spam filtering system.") + (extensions + (list + (service-extension shepherd-root-service-type rspamd-shepherd-service) + (service-extension account-service-type rspamd-accounts) + (service-extension profile-service-type + (compose list rspamd-configuration-package)))) + (default-value (rspamd-configuration)))) diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm index dcb8f08ea8..fc1c69047b 100644 --- a/gnu/tests/mail.scm +++ b/gnu/tests/mail.scm @@ -6,6 +6,7 @@ ;;; Copyright =C2=A9 2018 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2019 Christopher Baines ;;; Copyright =C2=A9 2019, 2020 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2023 Thomas Ieong ;;; ;;; This file is part of GNU Guix. ;;; @@ -40,7 +41,8 @@ (define-module (gnu tests mail) #:export (%test-opensmtpd %test-exim %test-dovecot - %test-getmail)) + %test-getmail + %test-rspamd)) =20 (define %opensmtpd-os (simple-operating-system @@ -579,3 +581,73 @@ (define %test-getmail (name "getmail") (description "Connect to a running Getmail server.") (value (run-getmail-test)))) + +(define %rspamd-os + (simple-operating-system + (service dhcp-client-service-type) + (service rspamd-service-type + (rspamd-configuration + (shepherd-requirements '(networking)) + (local.d-files `(("worker-controller.inc" + ,(plain-file + "rspamd-public-web-controller.conf" + "bind_socket =3D \"0.0.0.0:11334\";")))= ))))) + +(define (run-rspamd-test) + "Return a test of an OS running Rspamd service." + + (define rspamd-ports + '((22668 . 11334))) ;; web controller + + (define vm + (virtual-machine + (operating-system (marionette-operating-system + %rspamd-os + #:imported-modules '((gnu services herd)))) + (port-forwardings rspamd-ports))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette) + (web uri) + (web client) + (web response)) + + (define marionette + (make-marionette '(#$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "rspamd") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'rspamd)) + marionette)) + + (test-assert "rspamd socket ready" + (wait-for-unix-socket + "/var/lib/rspamd/rspamd.sock" + marionette)) + + (test-assert "rspamd log file" + (wait-for-file "/var/log/rspamd/rspamd.log" marionette)) + + ;; Check that we can access the web ui + + (test-equal "http-get" + 200 + (response-code (http-get "http://localhost:22668/"))) ; HEAD i= s unsupported + + (test-end)))) + + (gexp->derivation "rspamd-test" test)) + +(define %test-rspamd + (system-test + (name "rspamd") + (description "Basic rspamd service test.") + (value (run-rspamd-test)))) base-commit: ea88bef3e0579264b20fa8edbf059c02d9cbe104 prerequisite-patch-id: 6b143a0f0a9c696e5214b42bb7928cf2abd7fc52 --=20 2.41.0 --bxgnrao7elkpdkw3-- --f4qc5saaf4smhvxp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmVy0REACgkQJX0oSiod OjLp+w//Q8+W7yyrK1blgzRvvrtb1stL/eOYu8+qZxb8hYBz9qX4BAk6PoR8jDa/ gExL9Fl5KiF8xKUOzYt1loqQf7wnHs9Wn+9fS2g4dd7LElCmZgemtMLvUWytv+sB dyKtIu7l9Aml6CIiXxHhVQMtS3DA10DD8lszTfO36c/LLq62r+o6pt+vePYfCWlW t45BGEoIS8fat/RIhf+zyRFFlPoAPeBKfpCHC6CJPd17eUWEoVeMI1o1zbjUIt6k EdLUyibFrH9KuNhxxUcbRjKXrOCoU2FTrkSy6JL0y/mxelkKXuVCHiV7H6xkV3uY VKNaX64QLS4Babze+wekAf6x9h2wiFjoJ2+8++DUXVVt5k53j8VaUuKAhBRachiw L2rQ1yA8K02BbAUR7L+YNs+Bjr04+36eM0RmFvuUav2CJRAjD25guSpDQ6hUkRDN DXuw6AWodr3q4W65TsIHDS+6uVt4ZI7TqpXlLxCQvAMkJH7vSulrzSCrhBmk8ULX upyONt8S4vapOl2klxrUAxjJ87lVCQhgQC5WgZv43LMd+GSEX2qc8xG07s0cKGL8 gO6fuijQgR6UBx6PnmmGaGbn9vKkYQaj3QmTH/ndumsgMqVYXXCWVYuK8lCHG+hJ eQF/fhtgeqDhTucugcCOxKi1REZACDsTRWoAc3mUnV7aD+c/K4k= =l7Vd -----END PGP SIGNATURE----- --f4qc5saaf4smhvxp-- From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 11 14:20:08 2023 Received: (at 61740) by debbugs.gnu.org; 11 Dec 2023 19:20:08 +0000 Received: from localhost ([127.0.0.1]:54665 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rClp2-00087K-8Z for submit@debbugs.gnu.org; Mon, 11 Dec 2023 14:20:08 -0500 Received: from smtpmciv1.myservices.hosting ([185.26.107.237]:34370) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rClov-00086m-Aw for 61740@debbugs.gnu.org; Mon, 11 Dec 2023 14:20:07 -0500 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpmciv1.myservices.hosting (Postfix) with ESMTP id E783220CC6; Mon, 11 Dec 2023 20:19:43 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id 4168C80095; Mon, 11 Dec 2023 20:19:40 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id mBvvahDoex9F; Mon, 11 Dec 2023 20:19:39 +0100 (CET) Received: from [192.168.1.116] (unknown [10.192.1.83]) (Authenticated sender: lumen@makinata.eu) by mail1.netim.hosting (Postfix) with ESMTPSA id 7675780067; Mon, 11 Dec 2023 20:19:39 +0100 (CET) Message-ID: Date: Mon, 11 Dec 2023 19:19:38 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Bruno Victal Subject: Re: [bug#61740] [PATCH v4] services: Add rspamd-service-type. (was [bug#61740] [PATCH v3] services: Add rspamd-service-type.) To: Saku Laesvuori References: <87sf7fqi3x.fsf@lease-up.com> <4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro> Content-Language: en-US In-Reply-To: <4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------88T2wO5LZuLoHNkUGT2FVh82" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 61740 Cc: Thomas Ieong , =?UTF-8?Q?Ludovic_Court=C3=A8s?= , Felix Lechner , 61740@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------88T2wO5LZuLoHNkUGT2FVh82 Content-Type: multipart/mixed; boundary="------------IEbkRgHoBQlJxFJTmRaSzV0g"; protected-headers="v1" From: Bruno Victal To: Saku Laesvuori Cc: Thomas Ieong , =?UTF-8?Q?Ludovic_Court=C3=A8s?= , Felix Lechner , 61740@debbugs.gnu.org Message-ID: Subject: Re: [bug#61740] [PATCH v4] services: Add rspamd-service-type. (was [bug#61740] [PATCH v3] services: Add rspamd-service-type.) References: <87sf7fqi3x.fsf@lease-up.com> <4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro> In-Reply-To: <4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro> --------------IEbkRgHoBQlJxFJTmRaSzV0g Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Saku, On 2023-12-08 08:17, Saku Laesvuori wrote: > On Wed, Dec 06, 2023 at 02:58:19PM +0000, Bruno Victal wrote: >> On 2023-09-16 21:10, Saku Laesvuori wrote: >>> + "--var" (string-append "LOCAL_CONFDIR=3D= " #$local-confdir) >> >> Curiously I don't see this listed in the 'rspamd' manpage although >> it is on the 'rspamadm' one. Can you confirm whether this works >> and if so, report to upstream that their docs are missing this? >=20 > It does work; I've used it since before I submitted this patch. The > `--var` option is listed on `rspamd --help`. Unfortunately, Rspamd > tracks their issues on Github and I'd prefer not registering an account= > there. Forwarded with [1]. >>> + (service-extension profile-service-type >>> + (compose list rspamd-configuration-package))= >> >> What's the motivation for adding the rspamd package to the profile? >=20 > That was also there when I picked up this patch. I assume it is added t= o > the profile so that the `rspamadm` and `rspamc` programs are available > and compatible with the daemon. I don't have strong feelings about this= > in either direction. I think it's better to omit this, users who are interested in the tools can use 'guix shell rspamd'. > +(define (list-of-symbols? x) > + (and (list? x) > + (every symbol? x))) list-of-symbols? is already defined in (gnu services configuration), you can omit this. > + (shepherd-action > + (name 'reopenlog) > + (documentation "Reopen log files.") Missed this in my previous reply, I'd prefer naming this action as 'reopen instead. > +(define %rspamd-os > + (simple-operating-system > + (service dhcp-client-service-type) [=E2=80=A6] > + (service rspamd-service-type > + (rspamd-configuration > + (shepherd-requirements '(networking)) > + (local.d-files `(("worker-controller.inc" > + ,(plain-file > + "rspamd-public-web-controller.conf"= > + "bind_socket =3D \"0.0.0.0:11334\";= ")))))))) I wonder if you could remove dhcp-client-service-type and use the loopback device for this test instead, by binding to '[::1]' or '127.0.0.= 1'. (You don't need to add %loopback-static-networking here since it is alrea= dy included in %base-services.) > +(define (run-rspamd-test) > + "Return a test of an OS running Rspamd service." > + > + (define rspamd-ports > + '((22668 . 11334))) ;; web controller [=E2=80=A6] > + > + (define vm > + (virtual-machine > + (operating-system (marionette-operating-system > + %rspamd-os > + #:imported-modules '((gnu services herd)))) > + (port-forwardings rspamd-ports))) [=E2=80=A6] > + ;; Check that we can access the web ui > + > + (test-equal "http-get" > + 200 > + (response-code (http-get "http://localhost:22668/"))) ; HE= AD is unsupported Actually I've realized that these port-forwards are unnecessary and it would be better to instead do: --8<---------------cut here---------------start------------->8--- ;; Note: remove (web client) and (web response) in the imports above ;; i.e. after the #~(begin (use-modules =E2=80=A6 (test-equal "http-get" 200 (marionette-eval '(begin (use-modules (web client) (web response)) (response-code (http-head "http://localhost:11334/"))) marionette)) --8<---------------cut here---------------end--------------->8--- [1]: --=20 Furthermore, I consider that nonfree software must be eradicated. Cheers, Bruno. --------------IEbkRgHoBQlJxFJTmRaSzV0g-- --------------88T2wO5LZuLoHNkUGT2FVh82 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTAPCseV0HOaN0YFheobOGDL+spVQUCZXdgygAKCRCobOGDL+sp VQXcAQDIEX5vu6RzZrHpxrOy9MPkh1BLg5xkfXm8pj2kfuR7/QEArqJ8UnYysHHo tVn0C1yDXHuGZijrJ9pMwyFOrsWZMQQ= =WwOB -----END PGP SIGNATURE----- --------------88T2wO5LZuLoHNkUGT2FVh82-- From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 12 01:59:06 2023 Received: (at 61740) by debbugs.gnu.org; 12 Dec 2023 06:59:06 +0000 Received: from localhost ([127.0.0.1]:55146 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCwjR-0005Qo-Fy for submit@debbugs.gnu.org; Tue, 12 Dec 2023 01:59:06 -0500 Received: from vmi571514.contaboserver.net ([75.119.130.101]:59490 helo=mail.laesvuori.fi) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCwjN-0005QJ-SK for 61740@debbugs.gnu.org; Tue, 12 Dec 2023 01:59:04 -0500 Received: from X-kone (unknown [130.233.144.30]) by mail.laesvuori.fi (Postfix) with ESMTPSA id 5C26E342469; Tue, 12 Dec 2023 07:58:48 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=laesvuori.fi; s=mail; t=1702364328; bh=7B+n0wqkcrqav6QQTpOvwHUxccohCwUPY84+gSLEECI=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=Rt9p1jk2xQlarQgufPbBiffAIXe0jfh4mFMsr3HI2BZ+v0WvbILWDCLdgGwfUuOeQ 6O8irqBbv2XpKlAJgGHqEavoMUXtnmdZ6rCOvsYYSnxuvCJbuQ1Bexo3sP/kDhZvVn CAyA/+U4B6JP1W/FMfledOWajMG/3rIv9QiO3pq8= Date: Tue, 12 Dec 2023 08:58:41 +0200 From: Saku Laesvuori To: Bruno Victal Subject: [bug#61740] [PATCH v5] services: Add rspamd-service-type (was [PATCH v4] services: Add rspamd-service-type.) Message-ID: References: <87sf7fqi3x.fsf@lease-up.com> <4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xpjbuzuxmc7l3piz" Content-Disposition: inline In-Reply-To: X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 61740 Cc: Thomas Ieong , Ludovic =?utf-8?Q?Court=C3=A8s?= , Felix Lechner , 61740@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --xpjbuzuxmc7l3piz Content-Type: multipart/mixed; boundary="peahjj64yl6nprpm" Content-Disposition: inline --peahjj64yl6nprpm Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > >>> + (service-extension profile-service-type > >>> + (compose list rspamd-configuration-package)) > >> > >> What's the motivation for adding the rspamd package to the profile? > >=20 > > That was also there when I picked up this patch. I assume it is added to > > the profile so that the `rspamadm` and `rspamc` programs are available > > and compatible with the daemon. I don't have strong feelings about this > > in either direction. >=20 > I think it's better to omit this, users who are interested in the tools > can use 'guix shell rspamd'. Yes, except if the rspamd package in the configuration is incompatible with the one in the user's Guix. Anyway, this is now removed in v5. > > +(define (list-of-symbols? x) > > + (and (list? x) > > + (every symbol? x))) >=20 > list-of-symbols? is already defined in (gnu services configuration), > you can omit this. Done after a rebase in v5. Apparently it also defines some other useful functions that I didn't know about. > > + (shepherd-action > > + (name 'reopenlog) > > + (documentation "Reopen log files.") >=20 > Missed this in my previous reply, I'd prefer naming this action as > 'reopen instead. Done in v5. > > +(define %rspamd-os > > + (simple-operating-system > > + (service dhcp-client-service-type) >=20 > [=E2=80=A6] >=20 > > + (service rspamd-service-type > > + (rspamd-configuration > > + (shepherd-requirements '(networking)) > > + (local.d-files `(("worker-controller.inc" > > + ,(plain-file > > + "rspamd-public-web-controller.conf" > > + "bind_socket =3D \"0.0.0.0:11334\";= ")))))))) >=20 > I wonder if you could remove dhcp-client-service-type and use the > loopback device for this test instead, by binding to '[::1]' or '127.0.0.= 1'. > (You don't need to add %loopback-static-networking here since it is alrea= dy > included in %base-services.) I tried that but it didn't work because the vm does not have an IP route configured to the host... >=20 > > +(define (run-rspamd-test) > > + "Return a test of an OS running Rspamd service." > > + > > + (define rspamd-ports > > + '((22668 . 11334))) ;; web controller >=20 > [=E2=80=A6] >=20 > > + > > + (define vm > > + (virtual-machine > > + (operating-system (marionette-operating-system > > + %rspamd-os > > + #:imported-modules '((gnu services herd)))) > > + (port-forwardings rspamd-ports))) >=20 > [=E2=80=A6] >=20 > > + ;; Check that we can access the web ui > > + > > + (test-equal "http-get" > > + 200 > > + (response-code (http-get "http://localhost:22668/"))) ; HE= AD is unsupported >=20 > Actually I've realized that these port-forwards are unnecessary > and it would be better to instead do: >=20 > --8<---------------cut here---------------start------------->8--- > ;; Note: remove (web client) and (web response) in the imports above > ;; i.e. after the #~(begin (use-modules =E2=80=A6 >=20 > (test-equal "http-get" > 200 > (marionette-eval > '(begin > (use-modules (web client) > (web response)) > (response-code (http-head "http://localhost:11334/"))) > marionette)) > --8<---------------cut here---------------end--------------->8--- =2E.. However with changes like these it does work in v5. --peahjj64yl6nprpm Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =46rom 7aee03ff1a7ada82436ff424fe7fdbac117fbf29 Mon Sep 17 00:00:00 2001 Message-ID: <7aee03ff1a7ada82436ff424fe7fdbac117fbf29.1702364088.git.saku@l= aesvuori.fi> =46rom: Thomas Ieong Date: Thu, 23 Feb 2023 21:16:14 +0100 Subject: [PATCH v5] services: Add rspamd-service-type. * gnu/services/mail.scm (rspamd-service-type): New variable. * gnu/tests/mail.scm (%test-rspamd): New variable. * doc/guix.texi: Document it. Co-authored-by: Saku Laesvuori Change-Id: I7196643f087ffe9fc91aab231b69d5ed8dc9d198 --- doc/guix.texi | 62 +++++++++++++ gnu/services/mail.scm | 200 +++++++++++++++++++++++++++++++++++++++++- gnu/tests/mail.scm | 67 +++++++++++++- 3 files changed, 327 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 3ad8508a32..9dabd51f87 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -120,6 +120,8 @@ Copyright @copyright{} 2023 Brian Cully@* Copyright @copyright{} 2023 Felix Lechner@* Copyright @copyright{} 2023 Foundation Devices, Inc.@* +Copyright @copyright{} 2023 Thomas Ieong@* +Copyright @copyright{} 2023 Saku Laesvuori@* =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -27617,6 +27619,66 @@ Mail Services @end table @end deftp =20 +@subsubheading Rspamd Service +@cindex email +@cindex spam + +@defvar rspamd-service-type +This is the type of the @uref{https://rspamd.com/, Rspamd} filtering +system whose value should be a @code{rspamd-configuration}. +@end defvar + +@c %start of fragment + +@deftp {Data Type} rspamd-configuration +Available @code{rspamd-configuration} fields are: + +@table @asis +@item @code{package} (default: @code{rspamd}) (type: file-like) +The package that provides rspamd. + +@item @code{config-file} (default: @code{%default-rspamd-config-file}) (ty= pe: file-like) +File-like object of the configuration file to use. By default all +workers are enabled except fuzzy and they are binded to their usual +ports, e.g localhost:11334, localhost:11333 and so on + +@item @code{local.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in local.d, provided as a list of two element lists +where the first element is the filename and the second one is a +file-like object. Settings in these files will be merged with the +defaults. + +@item @code{override.d-files} (default: @code{()}) (type: directory-tree) +Configuration files in override.d, provided as a list of two element +lists where the first element is the filename and the second one is a +file-like object. Settings in these files will override the defaults. + +@item @code{user} (default: @code{%default-rspamd-account}) (type: user-ac= count) +The user to run rspamd as. + +@item @code{group} (default: @code{%default-rspamd-group}) (type: user-gro= up) +The group to run rspamd as. + +@item @code{debug?} (default: @code{#f}) (type: boolean) +Force debug output. + +@item @code{insecure?} (default: @code{#f}) (type: boolean) +Ignore running workers as privileged users. + +@item @code{skip-template?} (default: @code{#f}) (type: boolean) +Do not apply Jinja templates. + +@item @code{shepherd-requirements} (default: @code{(loopback)}) (type: lis= t-of-symbols) +This is a list of symbols naming Shepherd services that this service +will depend on. + +@end table + +@end deftp + + +@c %end of fragment + @node Messaging Services @subsection Messaging Services =20 diff --git a/gnu/services/mail.scm b/gnu/services/mail.scm index 12dcc8e71d..afe1bb6016 100644 --- a/gnu/services/mail.scm +++ b/gnu/services/mail.scm @@ -5,6 +5,8 @@ ;;; Copyright =C2=A9 2017, 2020 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2019 Kristofer Buffington ;;; Copyright =C2=A9 2020 Jonathan Brielmaier +;;; Copyright =C2=A9 2023 Thomas Ieong +;;; Copyright =C2=A9 2023 Saku Laesvuori ;;; ;;; This file is part of GNU Guix. ;;; @@ -80,7 +82,13 @@ (define-module (gnu services mail) radicale-configuration radicale-configuration? radicale-service-type - %default-radicale-config-file)) + %default-radicale-config-file + + rspamd-configuration + rspamd-service-type + %default-rspamd-account + %default-rspamd-config-file + %default-rspamd-group)) =20 ;;; Commentary: ;;; @@ -1987,3 +1995,193 @@ (define radicale-service-type (service-extension account-service-type (const %radicale-account= s)) (service-extension activation-service-type radicale-activation))) (default-value (radicale-configuration)))) + +;;; +;;; Rspamd. +;;; + +(define (directory-tree? xs) + (match xs + ((((? string?) (? file-like?)) ...) #t) + (_ #f))) + +(define-configuration/no-serialization rspamd-configuration + (package + (file-like rspamd) + "The package that provides rspamd.") + (config-file + (file-like %default-rspamd-config-file) + "File-like object of the configuration file to use. By default +all workers are enabled except fuzzy and they are binded +to their usual ports, e.g localhost:11334, localhost:11333 and so on") + (local.d-files + (directory-tree '()) + "Configuration files in local.d, provided as a list of two element list= s where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will be merged with the defaults.") + (override.d-files + (directory-tree '()) + "Configuration files in override.d, provided as a list of two element l= ists where +the first element is the filename and the second one is a file-like object= =2E Settings +in these files will override the defaults.") + (user + (user-account %default-rspamd-account) + "The user to run rspamd as.") + (group + (user-group %default-rspamd-group) + "The group to run rspamd as.") + (debug? + (boolean #f) + "Force debug output.") + (insecure? + (boolean #f) + "Ignore running workers as privileged users.") + (skip-template? + (boolean #f) + "Do not apply Jinja templates.") + (shepherd-requirements + (list-of-symbols '(loopback)) + "This is a list of symbols naming Shepherd services that this service +will depend on.")) + +(define %default-rspamd-account + (user-account + (name "rspamd") + (group "rspamd") + (system? #t) + (comment "Rspamd daemon") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin")))) + +(define %default-rspamd-group + (user-group + (name "rspamd") + (system? #t))) + +(define %default-rspamd-config-file + (plain-file "rspamd.conf" " +.include \"$CONFDIR/common.conf\" + +options { + pidfile =3D \"$RUNDIR/rspamd.pid\"; + .include \"$CONFDIR/options.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/options.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/option= s.inc\" +} + +logging { + type =3D \"file\"; + filename =3D \"$LOGDIR/rspamd.log\"; + .include \"$CONFDIR/logging.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/logging.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/loggin= g.inc\" +} + +worker \"normal\" { + bind_socket =3D \"localhost:11333\"; + .include \"$CONFDIR/worker-normal.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-normal.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -normal.inc\" +} + +worker \"controller\" { + bind_socket =3D \"localhost:11334\"; + .include \"$CONFDIR/worker-controller.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-controller.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -controller.inc\" +} + +worker \"rspamd_proxy\" { + bind_socket =3D \"localhost:11332\"; + .include \"$CONFDIR/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-proxy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -proxy.inc\" +} + +# Local fuzzy storage is disabled by default + +worker \"fuzzy\" { + bind_socket =3D \"localhost:11335\"; + count =3D -1; # Disable by default + .include \"$CONFDIR/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D1,duplicate=3Dmerge) \"$LOCAL_CONFDIR/= local.d/worker-fuzzy.inc\" + .include(try=3Dtrue; priority=3D10) \"$LOCAL_CONFDIR/override.d/worker= -fuzzy.inc\" +} +")) + +(define (rspamd-accounts config) + (match-record config + (user group) + (list group user))) + +(define (rspamd-shepherd-service config) + (match-record config + (package config-file user group debug? insecure? skip-template? + local.d-files override.d-files shepherd-requirements) + (list + (shepherd-service + (provision '(rspamd)) + (documentation "Run the rspamd daemon.") + (requirement shepherd-requirements) + (start (let ((rspamd (file-append package "/bin/rspamd")) + (local-confdir + (file-union + "rspamd-local-confdir" + `(("local.d" ,(file-union "local.d" local.d-files)) + ("override.d" ,(file-union "override.d" override.d= -files)))))) + (with-imported-modules (source-module-closure '((gnu build = activation))) + #~(begin + (use-modules (gnu build activation)) ; for mkdir-p/pe= rms + (let ((user (getpwnam #$(user-account-name user)))) + (mkdir-p/perms "/var/run/rspamd" user #o755) + (mkdir-p/perms "/var/log/rspamd" user #o755) + (mkdir-p/perms "/var/lib/rspamd" user #o755)) + (make-forkexec-constructor + (list #$rspamd "--config" #$config-file + "--var" (string-append "LOCAL_CONFDIR=3D" #$lo= cal-confdir) + "--no-fork" + #$@(if debug? + '("--debug") + '()) + #$@(if insecure? + '("--insecure") + '()) + #$@(if skip-template? + '("--skip-template") + '())) + #:user #$(user-account-name user) + #:group #$(user-group-name group)))))) + (stop #~(make-kill-destructor)) + (actions + (list + (shepherd-configuration-action config-file) + (shepherd-action + (name 'reload) + (documentation "Reload rspamd.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGHUP) + (display "Service rspamd has been reloaded")) + (format #t "Service rspamd is not running."))))) + (shepherd-action + (name 'reopen) + (documentation "Reopen log files.") + (procedure + #~(lambda (pid) + (if pid + (begin + (kill pid SIGUSR1) + (display "Reopening the logs for rspamd")) + (format #t "Service rspamd is not running."))))))))))) + +(define rspamd-service-type + (service-type + (name 'rspamd) + (description "Run the rapid spam filtering system.") + (extensions + (list + (service-extension shepherd-root-service-type rspamd-shepherd-service) + (service-extension account-service-type rspamd-accounts))) + (default-value (rspamd-configuration)))) diff --git a/gnu/tests/mail.scm b/gnu/tests/mail.scm index dcb8f08ea8..176e7c1d07 100644 --- a/gnu/tests/mail.scm +++ b/gnu/tests/mail.scm @@ -6,6 +6,7 @@ ;;; Copyright =C2=A9 2018 Cl=C3=A9ment Lassieur ;;; Copyright =C2=A9 2019 Christopher Baines ;;; Copyright =C2=A9 2019, 2020 Tobias Geerinckx-Rice +;;; Copyright =C2=A9 2023 Thomas Ieong ;;; ;;; This file is part of GNU Guix. ;;; @@ -40,7 +41,8 @@ (define-module (gnu tests mail) #:export (%test-opensmtpd %test-exim %test-dovecot - %test-getmail)) + %test-getmail + %test-rspamd)) =20 (define %opensmtpd-os (simple-operating-system @@ -579,3 +581,66 @@ (define %test-getmail (name "getmail") (description "Connect to a running Getmail server.") (value (run-getmail-test)))) + +(define %rspamd-os + (simple-operating-system + (service rspamd-service-type))) + +(define (run-rspamd-test) + "Return a test of an OS running Rspamd service." + + (define vm + (virtual-machine + (marionette-operating-system + %rspamd-os + #:imported-modules '((gnu services herd))))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette '(#$vm))) + + (test-runner-current (system-test-runner #$output)) + (test-begin "rspamd") + + (test-assert "service is running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'rspamd)) + marionette)) + + (test-assert "rspamd socket ready" + (wait-for-unix-socket + "/var/lib/rspamd/rspamd.sock" + marionette)) + + (test-assert "rspamd log file" + (wait-for-file "/var/log/rspamd/rspamd.log" marionette)) + + ;; Check that we can access the web ui + + (test-equal "http-get" + 200 + (marionette-eval + '(begin + (use-modules (web client) + (web response)) + ;; HEAD returns 500 internal server error, so use GET eve= n though + ;; only the headers are relevant + (response-code (http-get "http://localhost:11334"))) + marionette)) + + (test-end)))) + + (gexp->derivation "rspamd-test" test)) + +(define %test-rspamd + (system-test + (name "rspamd") + (description "Basic rspamd service test.") + (value (run-rspamd-test)))) base-commit: 06587003b896755f876ecd57b848e1d663fafb87 --=20 2.41.0 --peahjj64yl6nprpm-- --xpjbuzuxmc7l3piz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoMkZR3NPB29fCOn/JX0oSiodOjIFAmV4BKEACgkQJX0oSiod OjJc8RAAjfQ+eEV+QE8sKjnrFBMIcFO5HG72bJSJl8RymsmzMzoZYExfMmYbwfmw 0KMijd+s+3iq7sMXFhUjkGBN0q7OwdBavFsE7Zd9Xn7pNCNiYITZvYxxz5a6edow KF1oK3njFtOscpibJ2TmdiQZzfTfptuzFB5a3Yl8wUMZEk8GW2g/O/lLPzZn2Xms CvRI77n674H3Fhe9x7zNUD2FoRlBRH/tblUrfkk5DOUzmkI4ccuuvMdS2e9vUGp/ FCK9GjmzUrVntpCd0EQRMLGc60boEI9WOLOBtJkH+0UtZbd7OwUZsdmn/VeKmWGG d0XkDnKJNxhShFBCb8eUG9ca3h1Dwmc0tYtzhSpCk3o1tceZAGPv2DP0CBzxIHCM a/UlZV0R3BeDquw1RwpSi2wvQXbf5lSyxLNX8mkpEuXmGsnkV5rw0UUgan2xsKzZ nOJnLlCr5T45OqfBI9612UyA7NNexHjoeQ+iDQ9lqYpm02L6qweDJZnx/sa/YmfQ mnM/1Jhn6HmacmBFypYsnGeZ4sMlT3VWEztoW8RBFxw5rgHnrLni4bv2XL41wkSs joEsvT7RGKIdthNm8SBCK6bNvdBMV72dNYr3k6rzP8pJn92++dyFfbwJn7gak+4U 3p3qjpImCejPDy5QTPm7qjFz9ZzKYmvrUvHlX/PNSsrbzYaZqro= =8QwL -----END PGP SIGNATURE----- --xpjbuzuxmc7l3piz-- From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 14 17:09:13 2023 Received: (at 61740-done) by debbugs.gnu.org; 14 Dec 2023 22:09:13 +0000 Received: from localhost ([127.0.0.1]:51112 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rDttJ-0008Ov-FK for submit@debbugs.gnu.org; Thu, 14 Dec 2023 17:09:13 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50172) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rDttH-0008Og-8b for 61740-done@debbugs.gnu.org; Thu, 14 Dec 2023 17:09:12 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rDtt9-0001Y8-V3; Thu, 14 Dec 2023 17:09:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=lkwGZQa/Tf/txMEGSCVL/npyv4Cde+9ZVY6+EyDNerE=; b=Ui8i06G09DfxSMvNOYDD D1GBsn6UkvRfst+RbX9lOXT2UZNg9NAkTKhCDTkuFqdmSWe/nq5AaXVmORz+bZvzuPAwfXK7fUtDP nrTIsfnILHk8Vrdtg+GaonqSjvN7wqlBGSB0XvZ/dHhxM/UbQ4VrKtNz8jjqoHNgGmPySWIodQyKu XvsughVDQ+Nkn2DgxmMhx7rX181xl1eWqHlWeeY+CU5H9AjlNyLrapDUoaSAqukX79Oh/k/c+8GuO K6mJ9mKicljdaLsRXvOW2KuLjtnEJKk165T/PUEWEt2gty6wLpq2lE7t/JYI5w9EBnZxvLAw5Z/WX FYDKTA2OvHmJ3A==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Saku Laesvuori Subject: Re: [bug#61740] [PATCH v5] services: Add rspamd-service-type (was [PATCH v4] services: Add rspamd-service-type.) In-Reply-To: (Saku Laesvuori's message of "Tue, 12 Dec 2023 08:58:41 +0200") References: <87sf7fqi3x.fsf@lease-up.com> <4xf4fec5gensjq534b7iyxpxlfg4foinwyls3mvwigubs3vagj@sujka7hlplro> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 24 Frimaire an 232 de la =?utf-8?Q?R=C3=A9v?= =?utf-8?Q?olution=2C?= jour de l'Oseille X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 14 Dec 2023 23:09:00 +0100 Message-ID: <875y10tp1f.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 61740-done Cc: Thomas Ieong , Bruno Victal , Felix Lechner , 61740-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Saku Laesvuori skribis: > * gnu/services/mail.scm (rspamd-service-type): New variable. > * gnu/tests/mail.scm (%test-rspamd): New variable. > * doc/guix.texi: Document it. > > Co-authored-by: Saku Laesvuori > Change-Id: I7196643f087ffe9fc91aab231b69d5ed8dc9d198 Finally applied. Thanks a lot to everyone involved, great team work! Ludo=E2=80=99. From unknown Sun Jun 22 03:52:44 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 12 Jan 2024 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator