summary refs log blame commit diff
path: root/nixos/tests/rspamd.nix
blob: 6b2e2dd3a53179bae9d108077a322f7bb5926155 (plain) (tree) 
27ee0b9099e ^















908fc5e14b5 ^

27ee0b9099e ^




908fc5e14b5 ^

27ee0b9099e ^











908fc5e14b5 ^

27ee0b9099e ^

908fc5e14b5 ^







27ee0b9099e ^









908fc5e14b5 ^






27ee0b9099e ^













908fc5e14b5 ^


































































27ee0b9099e ^





1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

16

17
18
19
20

21

22
23
24
25
26
27
28
29
30
31
32

33

34

35
36
37
38
39
40
41

42
43
44
45
46
47
48
49
50

51
52
53
54
55
56

57
58
59
60
61
62
63
64
65
66
67
68
69

70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

136
137
138
139
140















                                                                            
                                                         



                            
                                            










                                                                       
                                                               
                                                                       






                                                                                     








                                                                           





                                                                          












                                                                                    

































































                                                                                                           




                                                                                                           
{ system ? builtins.currentSystem }:
with import ../lib/testing.nix { inherit system; };
with pkgs.lib;
let
  initMachine = ''
    startAll
    $machine->waitForUnit("rspamd.service");
    $machine->succeed("id \"rspamd\" >/dev/null");
  '';
  checkSocket = socket: user: group: mode: ''
    $machine->succeed("ls ${socket} >/dev/null");
    $machine->succeed("[[ \"\$(stat -c %U ${socket})\" == \"${user}\" ]]");
    $machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
    $machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
  '';
  simple = name: socketActivation: enableIPv6: makeTest {
    name = "rspamd-${name}";
    machine = {
      services.rspamd = {
        enable = true;
        socketActivation = socketActivation;
      };
      networking.enableIPv6 = enableIPv6;
    };
    testScript = ''
      startAll
      $machine->waitForUnit("multi-user.target");
      $machine->waitForOpenPort(11334);
      $machine->waitForUnit("rspamd.service");
      $machine->succeed("id \"rspamd\" >/dev/null");
      ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
      sleep 10;
      $machine->log($machine->succeed("cat /etc/rspamd.conf"));
      $machine->log($machine->succeed("systemctl cat rspamd.service"));
      ${if socketActivation then ''
        $machine->log($machine->succeed("systemctl cat rspamd-controller-1.socket"));
        $machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
      '' else ''
        $machine->fail("systemctl cat rspamd-controller-1.socket");
        $machine->fail("systemctl cat rspamd-normal-1.socket");
      ''}
      $machine->log($machine->succeed("curl http://localhost:11334/auth"));
      $machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
      ${optionalString enableIPv6 ''
        $machine->log($machine->succeed("curl http://[::1]:11334/auth"));
      ''}
    '';
  };
in
{
  simple = simple "simple" false true;
  ipv4only = simple "ipv4only" false false;
  simple-socketActivated = simple "simple-socketActivated" true true;
  ipv4only-socketActivated = simple "ipv4only-socketActivated" true false;
  deprecated = makeTest {
    name = "rspamd-deprecated";
    machine = {
      services.rspamd = {
        enable = true;
        bindSocket = [ "/run/rspamd.sock mode=0600 user=root group=root" ];
        bindUISocket = [ "/run/rspamd-worker.sock mode=0666 user=root group=root" ];
      };
    };

    testScript = ''
      ${initMachine}
      $machine->waitForFile("/run/rspamd.sock");
      ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
      ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
      $machine->log($machine->succeed("cat /etc/rspamd.conf"));
      $machine->fail("systemctl cat rspamd-normal-1.socket");
      $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
      $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
    '';
  };

  bindports = makeTest {
    name = "rspamd-bindports";
    machine = {
      services.rspamd = {
        enable = true;
        socketActivation = false;
        workers.normal.bindSockets = [{
          socket = "/run/rspamd.sock";
          mode = "0600";
          owner = "root";
          group = "root";
        }];
        workers.controller.bindSockets = [{
          socket = "/run/rspamd-worker.sock";
          mode = "0666";
          owner = "root";
          group = "root";
        }];
      };
    };

    testScript = ''
      ${initMachine}
      $machine->waitForFile("/run/rspamd.sock");
      ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
      ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
      $machine->log($machine->succeed("cat /etc/rspamd.conf"));
      $machine->fail("systemctl cat rspamd-normal-1.socket");
      $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
      $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
    '';
  };
  socketActivated = makeTest {
    name = "rspamd-socketActivated";
    machine = {
      services.rspamd = {
        enable = true;
        workers.normal.bindSockets = [{
          socket = "/run/rspamd.sock";
          mode = "0600";
          owner = "root";
          group = "root";
        }];
        workers.controller.bindSockets = [{
          socket = "/run/rspamd-worker.sock";
          mode = "0666";
          owner = "root";
          group = "root";
        }];
      };
    };

    testScript = ''
      startAll
      $machine->waitForFile("/run/rspamd.sock");
      ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
      ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
      $machine->log($machine->succeed("cat /etc/rspamd.conf"));
      $machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
      $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
      $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
    '';
  };
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-02 04:45:11 +0000