blob: a12622b6aa0b84bc7572afb5625a665997a11c21 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
{ system ? builtins.currentSystem }:
with import ../lib/testing.nix { inherit system; };
with pkgs.lib;
let
initMachine = ''
startAll
$machine->waitForUnit("rspamd.service");
$machine->succeed("id \"rspamd\" >/dev/null");
'';
checkSocket = socket: user: group: mode: ''
$machine->succeed("ls ${socket} >/dev/null");
$machine->succeed("[[ \"\$(stat -c %U ${socket})\" == \"${user}\" ]]");
$machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
$machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
'';
simple = name: enableIPv6: makeTest {
name = "rspamd-${name}";
machine = {
services.rspamd.enable = true;
networking.enableIPv6 = enableIPv6;
};
testScript = ''
startAll
$machine->waitForUnit("multi-user.target");
$machine->waitForOpenPort(11334);
$machine->waitForUnit("rspamd.service");
$machine->succeed("id \"rspamd\" >/dev/null");
${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
sleep 10;
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->log($machine->succeed("systemctl cat rspamd.service"));
$machine->log($machine->succeed("curl http://localhost:11334/auth"));
$machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
${optionalString enableIPv6 ''
$machine->log($machine->succeed("curl http://[::1]:11334/auth"));
''}
'';
};
in
{
simple = simple "simple" true;
ipv4only = simple "ipv4only" false;
deprecated = makeTest {
name = "rspamd-deprecated";
machine = {
services.rspamd = {
enable = true;
bindSocket = [ "/run/rspamd.sock mode=0600 user=root group=root" ];
bindUISocket = [ "/run/rspamd-worker.sock mode=0666 user=root group=root" ];
};
};
testScript = ''
${initMachine}
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
'';
};
bindports = makeTest {
name = "rspamd-bindports";
machine = {
services.rspamd = {
enable = true;
workers.normal.bindSockets = [{
socket = "/run/rspamd.sock";
mode = "0600";
owner = "root";
group = "root";
}];
workers.controller.bindSockets = [{
socket = "/run/rspamd-worker.sock";
mode = "0666";
owner = "root";
group = "root";
}];
};
};
testScript = ''
${initMachine}
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
$machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
'';
};
}
|