nixos/rspamd: Put extraConfig in included files

The lines stored in `extraConfig` and `worker.<name?>.extraConfig` should take precedent over values from included files but in order to do this in rspamd UCL they need to be stored in a file that then gets included with a high priority. This commit uses the overrides option to store the value of the two `extraConfig` options in `extra-config.inc` and `worker-<name?>.inc` respectively.
2018-11-06 00:34:23 +01:00 · 2018-11-06 00:34:23 +01:00 · fba69f388b
parent 46ef075e7d
commit fba69f388b
2 changed files with 21 additions and 4 deletions
--- a/nixos/modules/services/mail/rspamd.nix
+++ b/nixos/modules/services/mail/rspamd.nix
@ -140,7 +140,10 @@ let
        .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc"
      }

-      ${concatStringsSep "\n" (mapAttrsToList (name: value: ''
+      ${concatStringsSep "\n" (mapAttrsToList (name: value: let
+          includeName = if name == "rspamd_proxy" then "proxy" else name;
+          tryOverride = if value.extraConfig == "" then "true" else "false";
+        in ''
        worker "${value.type}" {
          type = "${value.type}";
          ${optionalString (value.enable != null)
@ -148,11 +151,14 @@ let
          ${mkBindSockets value.enable value.bindSockets}
          ${optionalString (value.count != null) "count = ${toString value.count};"}
          ${concatStringsSep "\n  " (map (each: ".include \"${each}\"") value.includes)}
-          ${value.extraConfig}
+          .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-${includeName}.inc"
+          .include(try=${tryOverride}; priority=10) "$LOCAL_CONFDIR/override.d/worker-${includeName}.inc"
        }
      '') cfg.workers)}

-      ${cfg.extraConfig}
+      ${optionalString (cfg.extraConfig != "") ''
+        .include(priority=10) "$LOCAL_CONFDIR/override.d/extra-config.inc"
+      ''}
   '';

  rspamdDir = pkgs.linkFarm "etc-rspamd-dir" (
@ -190,6 +196,15 @@ let
        in mkDefault (pkgs.writeText name' config.text));
    };
  };
+
+  configOverrides =
+    (mapAttrs' (n: v: nameValuePair "worker-${if n == "rspamd_proxy" then "proxy" else n}.inc" {
+      text = v.extraConfig;
+    })
+    (filterAttrs (n: v: v.extraConfig != "") cfg.workers))
+    // (if cfg.extraConfig == "" then {} else {
+      "extra-config.inc".text = cfg.extraConfig;
+    });
 in

 {
@ -302,6 +317,7 @@ in
  ###### implementation

  config = mkIf cfg.enable {
+    services.rspamd.overrides = configOverrides;

    # Allow users to run 'rspamc' and 'rspamadm'.
    environment.systemPackages = [ pkgs.rspamd ];
--- a/nixos/tests/rspamd.nix
+++ b/nixos/tests/rspamd.nix
@ -102,7 +102,8 @@ in
      $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf"));
      $machine->log($machine->succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf"));
      $machine->log($machine->succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf"));
-      $machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'LOCAL_CONFDIR/override.d/worker-controller2.inc' /etc/rspamd/rspamd.conf"));
+      $machine->log($machine->succeed("grep 'verysecretpassword' /etc/rspamd/override.d/worker-controller2.inc"));
      $machine->waitUntilSucceeds("journalctl -u rspamd | grep -i 'starting controller process' >&2");
      $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
      $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));