From 3a4459a30508419f2498bbcbf85782dabf0178df Mon Sep 17 00:00:00 2001 From: Brian Olsen Date: Tue, 6 Nov 2018 00:26:55 +0100 Subject: [PATCH] nixos/rspamd: Support multiple workers When the workers option for rspamd was originally implemented it was based on a flawed understanding of how workers are configured in rspamd. This meant that while rspamd supports configuring multiple workers of the same type, so that different controller workers could have different passwords, the NixOS module did not support this because it would write an invalid configuration file if you tried. Specifically a configuration like the one below: ``` workers.controller = {}; workers.controller2 = { type = "controller"; }; ``` Would result in a rspamd configuration of: ``` worker { type = "controller"; count = 1; .include "$CONFDIR/worker-controller.inc" } worker "controller2" { type = "controller"; count = 1; } ``` While to get multiple controller workers it should instead be: ``` worker "controller" { type = "controller"; count = 1; .include "$CONFDIR/worker-controller.inc" } worker "controller" { type = "controller"; count = 1; } ``` --- nixos/modules/services/mail/rspamd.nix | 2 +- nixos/tests/rspamd.nix | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index d83d6f1f750c..78d2e7c262bc 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -139,7 +139,7 @@ let } ${concatStringsSep "\n" (mapAttrsToList (name: value: '' - worker ${optionalString (value.name != "normal" && value.name != "controller") "${value.name}"} { + worker "${value.type}" { type = "${value.type}"; ${optionalString (value.enable != null) "enabled = ${if value.enable != false then "yes" else "no"};"} diff --git a/nixos/tests/rspamd.nix b/nixos/tests/rspamd.nix index af765f37b91b..f7c27137be98 100644 --- a/nixos/tests/rspamd.nix +++ b/nixos/tests/rspamd.nix @@ -28,6 +28,8 @@ let ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" } sleep 10; $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")); $machine->log($machine->succeed("systemctl cat rspamd.service")); $machine->log($machine->succeed("curl http://localhost:11334/auth")); $machine->log($machine->succeed("curl http://127.0.0.1:11334/auth")); @@ -56,6 +58,8 @@ in ${checkSocket "/run/rspamd.sock" "root" "root" "600" } ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" } $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")); $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat")); $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")); ''; @@ -78,6 +82,15 @@ in owner = "root"; group = "root"; }]; + workers.controller2 = { + type = "controller"; + bindSockets = [ "0.0.0.0:11335" ]; + extraConfig = '' + static_dir = "''${WWWDIR}"; + secure_ip = null; + password = "verysecretpassword"; + ''; + }; }; }; @@ -87,8 +100,13 @@ in ${checkSocket "/run/rspamd.sock" "root" "root" "600" } ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" } $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/rspamd.conf")); + $machine->waitUntilSucceeds("journalctl -u rspamd | grep -i 'starting controller process' >&2"); $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat")); $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")); + $machine->log($machine->succeed("curl http://localhost:11335/ping")); ''; }; customLuaRules = makeTest {