diff options
author | Brian Olsen <brian@maven-group.org> | 2018-11-06 00:34:23 +0100 |
---|---|---|
committer | Brian Olsen <brian@maven-group.org> | 2018-11-06 00:34:23 +0100 |
commit | fba69f388bbb7ab9f79b646e55ef1ef78daa1213 (patch) | |
tree | d57c9e4d6abfeeca4d50bf37ae6db4dac3d0e47f | |
parent | 46ef075e7daad1bcaab1d4d1258c7d6c64a87b63 (diff) | |
download | nixpkgs-fba69f388bbb7ab9f79b646e55ef1ef78daa1213.tar nixpkgs-fba69f388bbb7ab9f79b646e55ef1ef78daa1213.tar.gz nixpkgs-fba69f388bbb7ab9f79b646e55ef1ef78daa1213.tar.bz2 nixpkgs-fba69f388bbb7ab9f79b646e55ef1ef78daa1213.tar.lz nixpkgs-fba69f388bbb7ab9f79b646e55ef1ef78daa1213.tar.xz nixpkgs-fba69f388bbb7ab9f79b646e55ef1ef78daa1213.tar.zst nixpkgs-fba69f388bbb7ab9f79b646e55ef1ef78daa1213.zip |
nixos/rspamd: Put extraConfig in included files
The lines stored in `extraConfig` and `worker.<name?>.extraConfig` should take precedent over values from included files but in order to do this in rspamd UCL they need to be stored in a file that then gets included with a high priority. This commit uses the overrides option to store the value of the two `extraConfig` options in `extra-config.inc` and `worker-<name?>.inc` respectively.
-rw-r--r-- | nixos/modules/services/mail/rspamd.nix | 22 | ||||
-rw-r--r-- | nixos/tests/rspamd.nix | 3 |
2 files changed, 21 insertions, 4 deletions
diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index 3489227f083..927fc4d6a35 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -140,7 +140,10 @@ let .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc" } - ${concatStringsSep "\n" (mapAttrsToList (name: value: '' + ${concatStringsSep "\n" (mapAttrsToList (name: value: let + includeName = if name == "rspamd_proxy" then "proxy" else name; + tryOverride = if value.extraConfig == "" then "true" else "false"; + in '' worker "${value.type}" { type = "${value.type}"; ${optionalString (value.enable != null) @@ -148,11 +151,14 @@ let ${mkBindSockets value.enable value.bindSockets} ${optionalString (value.count != null) "count = ${toString value.count};"} ${concatStringsSep "\n " (map (each: ".include \"${each}\"") value.includes)} - ${value.extraConfig} + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-${includeName}.inc" + .include(try=${tryOverride}; priority=10) "$LOCAL_CONFDIR/override.d/worker-${includeName}.inc" } '') cfg.workers)} - ${cfg.extraConfig} + ${optionalString (cfg.extraConfig != "") '' + .include(priority=10) "$LOCAL_CONFDIR/override.d/extra-config.inc" + ''} ''; rspamdDir = pkgs.linkFarm "etc-rspamd-dir" ( @@ -190,6 +196,15 @@ let in mkDefault (pkgs.writeText name' config.text)); }; }; + + configOverrides = + (mapAttrs' (n: v: nameValuePair "worker-${if n == "rspamd_proxy" then "proxy" else n}.inc" { + text = v.extraConfig; + }) + (filterAttrs (n: v: v.extraConfig != "") cfg.workers)) + // (if cfg.extraConfig == "" then {} else { + "extra-config.inc".text = cfg.extraConfig; + }); in { @@ -302,6 +317,7 @@ in ###### implementation config = mkIf cfg.enable { + services.rspamd.overrides = configOverrides; # Allow users to run 'rspamc' and 'rspamadm'. environment.systemPackages = [ pkgs.rspamd ]; diff --git a/nixos/tests/rspamd.nix b/nixos/tests/rspamd.nix index f7c27137be9..ccfe8f7bb0d 100644 --- a/nixos/tests/rspamd.nix +++ b/nixos/tests/rspamd.nix @@ -102,7 +102,8 @@ in $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf")); $machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf")); $machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")); - $machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'LOCAL_CONFDIR/override.d/worker-controller2.inc' /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/override.d/worker-controller2.inc")); $machine->waitUntilSucceeds("journalctl -u rspamd | grep -i 'starting controller process' >&2"); $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat")); $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")); |