nixos/rspamd: Support multiple workers
When the workers option for rspamd was originally implemented it was based on a flawed understanding of how workers are configured in rspamd. This meant that while rspamd supports configuring multiple workers of the same type, so that different controller workers could have different passwords, the NixOS module did not support this because it would write an invalid configuration file if you tried. Specifically a configuration like the one below: ``` workers.controller = {}; workers.controller2 = { type = "controller"; }; ``` Would result in a rspamd configuration of: ``` worker { type = "controller"; count = 1; .include "$CONFDIR/worker-controller.inc" } worker "controller2" { type = "controller"; count = 1; } ``` While to get multiple controller workers it should instead be: ``` worker "controller" { type = "controller"; count = 1; .include "$CONFDIR/worker-controller.inc" } worker "controller" { type = "controller"; count = 1; } ```
This commit is contained in:
parent
5c63ee6216
commit
3a4459a305
@ -139,7 +139,7 @@ let
|
||||
}
|
||||
|
||||
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
|
||||
worker ${optionalString (value.name != "normal" && value.name != "controller") "${value.name}"} {
|
||||
worker "${value.type}" {
|
||||
type = "${value.type}";
|
||||
${optionalString (value.enable != null)
|
||||
"enabled = ${if value.enable != false then "yes" else "no"};"}
|
||||
|
@ -28,6 +28,8 @@ let
|
||||
${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
|
||||
sleep 10;
|
||||
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("systemctl cat rspamd.service"));
|
||||
$machine->log($machine->succeed("curl http://localhost:11334/auth"));
|
||||
$machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
|
||||
@ -56,6 +58,8 @@ in
|
||||
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
|
||||
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
|
||||
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
|
||||
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
|
||||
'';
|
||||
@ -78,6 +82,15 @@ in
|
||||
owner = "root";
|
||||
group = "root";
|
||||
}];
|
||||
workers.controller2 = {
|
||||
type = "controller";
|
||||
bindSockets = [ "0.0.0.0:11335" ];
|
||||
extraConfig = ''
|
||||
static_dir = "''${WWWDIR}";
|
||||
secure_ip = null;
|
||||
password = "verysecretpassword";
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -87,8 +100,13 @@ in
|
||||
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
|
||||
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
|
||||
$machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
|
||||
$machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/rspamd.conf"));
|
||||
$machine->waitUntilSucceeds("journalctl -u rspamd | grep -i 'starting controller process' >&2");
|
||||
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
|
||||
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
|
||||
$machine->log($machine->succeed("curl http://localhost:11335/ping"));
|
||||
'';
|
||||
};
|
||||
customLuaRules = makeTest {
|
||||
|
Loading…
Reference in New Issue
Block a user