about summary refs log tree commit diff
diff options
context:
space:
mode:
authorBrian Olsen <brian@maven-group.org>2018-11-06 00:26:55 +0100
committerBrian Olsen <brian@maven-group.org>2018-11-06 00:26:55 +0100
commit3a4459a30508419f2498bbcbf85782dabf0178df (patch)
tree15fc49dff3bae0f9798d241de2ebc79bf9a74c40
parent5c63ee6216a78d8d99300cdc52adb2207337780f (diff)
downloadnixlib-3a4459a30508419f2498bbcbf85782dabf0178df.tar
nixlib-3a4459a30508419f2498bbcbf85782dabf0178df.tar.gz
nixlib-3a4459a30508419f2498bbcbf85782dabf0178df.tar.bz2
nixlib-3a4459a30508419f2498bbcbf85782dabf0178df.tar.lz
nixlib-3a4459a30508419f2498bbcbf85782dabf0178df.tar.xz
nixlib-3a4459a30508419f2498bbcbf85782dabf0178df.tar.zst
nixlib-3a4459a30508419f2498bbcbf85782dabf0178df.zip
nixos/rspamd: Support multiple workers
When the workers option for rspamd was originally implemented it was
based on a flawed understanding of how workers are configured in rspamd.
This meant that while rspamd supports configuring multiple workers of
the same type, so that different controller workers could have different
passwords, the NixOS module did not support this because it would write
an invalid configuration file if you tried.

Specifically a configuration like the one below:

```
workers.controller = {};
workers.controller2 = {
  type = "controller";
};
```

Would result in a rspamd configuration of:

```
worker {
  type = "controller";
  count = 1;
  .include "$CONFDIR/worker-controller.inc"
}
worker "controller2" {
  type = "controller";
  count = 1;
}
```

While to get multiple controller workers it should instead be:

```
worker "controller" {
  type = "controller";
  count = 1;
  .include "$CONFDIR/worker-controller.inc"
}
worker "controller" {
  type = "controller";
  count = 1;
}
```
Diffstat
-rw-r--r--nixos/modules/services/mail/rspamd.nix2
-rw-r--r--nixos/tests/rspamd.nix18
2 files changed, 19 insertions, 1 deletions
diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix
index d83d6f1f750c..78d2e7c262bc 100644
--- a/nixos/modules/services/mail/rspamd.nix
+++ b/nixos/modules/services/mail/rspamd.nix
@@ -139,7 +139,7 @@ let
       }
 
       ${concatStringsSep "\n" (mapAttrsToList (name: value: ''
-        worker ${optionalString (value.name != "normal" && value.name != "controller") "${value.name}"} {
+        worker "${value.type}" {
           type = "${value.type}";
           ${optionalString (value.enable != null)
             "enabled = ${if value.enable != false then "yes" else "no"};"}
diff --git a/nixos/tests/rspamd.nix b/nixos/tests/rspamd.nix
index af765f37b91b..f7c27137be98 100644
--- a/nixos/tests/rspamd.nix
+++ b/nixos/tests/rspamd.nix
@@ -28,6 +28,8 @@ let
       ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
       sleep 10;
       $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
       $machine->log($machine->succeed("systemctl cat rspamd.service"));
       $machine->log($machine->succeed("curl http://localhost:11334/auth"));
       $machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
@@ -56,6 +58,8 @@ in
       ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
       ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
       $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
       $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
       $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
     '';
@@ -78,6 +82,15 @@ in
           owner = "root";
           group = "root";
         }];
+        workers.controller2 = {
+          type = "controller";
+          bindSockets = [ "0.0.0.0:11335" ];
+          extraConfig = ''
+            static_dir = "''${WWWDIR}";
+            secure_ip = null;
+            password = "verysecretpassword";
+          '';
+        };
       };
     };
 
@@ -87,8 +100,13 @@ in
       ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
       ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
       $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/rspamd.conf"));
+      $machine->waitUntilSucceeds("journalctl -u rspamd | grep -i 'starting controller process' >&2");
       $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
       $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
+      $machine->log($machine->succeed("curl http://localhost:11335/ping"));
     '';
   };
   customLuaRules = makeTest {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-27 08:58:01 +0000