diff options
| author | Philipp Kern <pkern@google.com> | 2020-11-15 11:02:28 +0100 |
|---|---|---|
| committer | Philipp Kern <pkern@google.com> | 2021-02-11 10:09:45 +0100 |
| commit | 1db74d1150827d09b9620457af673b2d9b6c2b07 (patch) | |
| tree | 7916ca37dedeb15557fa4785eb3a11feb98db814 | |
| parent | 2e474e88f7753182ba0253933de0e0dc75e718b8 (diff) | |
| download | nixpkgs-1db74d1150827d09b9620457af673b2d9b6c2b07.tar nixpkgs-1db74d1150827d09b9620457af673b2d9b6c2b07.tar.gz nixpkgs-1db74d1150827d09b9620457af673b2d9b6c2b07.tar.bz2 nixpkgs-1db74d1150827d09b9620457af673b2d9b6c2b07.tar.lz nixpkgs-1db74d1150827d09b9620457af673b2d9b6c2b07.tar.xz nixpkgs-1db74d1150827d09b9620457af673b2d9b6c2b07.tar.zst nixpkgs-1db74d1150827d09b9620457af673b2d9b6c2b07.zip | |
nixos/spamassassin: Fix network requirement on boot
sa-update currently runs as part of the pre-start script of spamd. The network is not guaranteed to be online at that point and even if we were to depend on that, it makes the bootup brittle, as there is a reliance on SpamAssassin's update server as a startup dependency on boot. Refactor the setup to move the pre-start script into its own unit. This allows to perform the setup task only once. Continuous updates are already done by sa-update.service triggered by sa-update.timer. Only run sa-update in case /var/lib/spamassassin is empty. While we are on it, let sa-update.service depend on the network being online.
| -rw-r--r-- | nixos/modules/services/mail/spamassassin.nix | 51 |
1 files changed, 32 insertions, 19 deletions
diff --git a/nixos/modules/services/mail/spamassassin.nix b/nixos/modules/services/mail/spamassassin.nix index 4e642542ec6..0bbf2df48d4 100644 --- a/nixos/modules/services/mail/spamassassin.nix +++ b/nixos/modules/services/mail/spamassassin.nix @@ -126,6 +126,8 @@ in }; systemd.services.sa-update = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; script = '' set +e ${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/" spamd @@ -152,33 +154,44 @@ in }; }; + systemd.services.spamd-init = { + serviceConfig = { + Type = "oneshot"; + }; + script = '' + mkdir -p /var/lib/spamassassin + chown spamd:spamd /var/lib/spamassassin -R + if [ "$(ls -A /var/lib/spamassassin)" = "" ]; then + echo "'/var/lib/spamassassin' is empty, running sa-update..." + set +e + ${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/" spamd + v=$? + set -e + # 0 and 1 no error, exitcode > 1 means error: + # https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes + if [ $v -gt 1 ]; then + echo "sa-update execution error" + exit $v + fi + echo "sa-update run successfully." + fi + ''; + }; + systemd.services.spamd = { - description = "Spam Assassin Server"; + description = "SpamAssassin Server"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + wants = [ "spamd-init.service" ]; + after = [ + "network.target" + "spamd-init.service" + ]; serviceConfig = { ExecStart = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/run/spamd.pid"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; }; - - # 0 and 1 no error, exitcode > 1 means error: - # https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes - preStart = '' - echo "Recreating '/var/lib/spamasassin' with creating '3.004001' (or similar) and 'sa-update-keys'" - mkdir -p /var/lib/spamassassin - chown spamd:spamd /var/lib/spamassassin -R - set +e - ${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/" spamd - v=$? - set -e - if [ $v -gt 1 ]; then - echo "sa-update execution error" - exit $v - fi - chown spamd:spamd /var/lib/spamassassin -R - ''; }; }; } |