nixos/tests/rspamd.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / rspamd.nix
at 18.09-beta 5.1 kB view raw
  1{ system ? builtins.currentSystem }:
  2with import ../lib/testing.nix { inherit system; };
  3with pkgs.lib;
  4let
  5  initMachine = ''
  6    startAll
  7    $machine->waitForUnit("rspamd.service");
  8    $machine->succeed("id \"rspamd\" >/dev/null");
  9  '';
 10  checkSocket = socket: user: group: mode: ''
 11    $machine->succeed("ls ${socket} >/dev/null");
 12    $machine->succeed("[[ \"\$(stat -c %U ${socket})\" == \"${user}\" ]]");
 13    $machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
 14    $machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
 15  '';
 16  simple = name: socketActivation: enableIPv6: makeTest {
 17    name = "rspamd-${name}";
 18    machine = {
 19      services.rspamd = {
 20        enable = true;
 21        socketActivation = socketActivation;
 22      };
 23      networking.enableIPv6 = enableIPv6;
 24    };
 25    testScript = ''
 26      startAll
 27      $machine->waitForUnit("multi-user.target");
 28      $machine->waitForOpenPort(11334);
 29      $machine->waitForUnit("rspamd.service");
 30      $machine->succeed("id \"rspamd\" >/dev/null");
 31      ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
 32      sleep 10;
 33      $machine->log($machine->succeed("cat /etc/rspamd.conf"));
 34      $machine->log($machine->succeed("systemctl cat rspamd.service"));
 35      ${if socketActivation then ''
 36        $machine->log($machine->succeed("systemctl cat rspamd-controller-1.socket"));
 37        $machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
 38      '' else ''
 39        $machine->fail("systemctl cat rspamd-controller-1.socket");
 40        $machine->fail("systemctl cat rspamd-normal-1.socket");
 41      ''}
 42      $machine->log($machine->succeed("curl http://localhost:11334/auth"));
 43      $machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
 44      ${optionalString enableIPv6 ''
 45        $machine->log($machine->succeed("curl http://[::1]:11334/auth"));
 46      ''}
 47    '';
 48  };
 49in
 50{
 51  simple = simple "simple" false true;
 52  ipv4only = simple "ipv4only" false false;
 53  simple-socketActivated = simple "simple-socketActivated" true true;
 54  ipv4only-socketActivated = simple "ipv4only-socketActivated" true false;
 55  deprecated = makeTest {
 56    name = "rspamd-deprecated";
 57    machine = {
 58      services.rspamd = {
 59        enable = true;
 60        bindSocket = [ "/run/rspamd.sock mode=0600 user=root group=root" ];
 61        bindUISocket = [ "/run/rspamd-worker.sock mode=0666 user=root group=root" ];
 62      };
 63    };
 64
 65    testScript = ''
 66      ${initMachine}
 67      $machine->waitForFile("/run/rspamd.sock");
 68      ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
 69      ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
 70      $machine->log($machine->succeed("cat /etc/rspamd.conf"));
 71      $machine->fail("systemctl cat rspamd-normal-1.socket");
 72      $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
 73      $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
 74    '';
 75  };
 76
 77  bindports = makeTest {
 78    name = "rspamd-bindports";
 79    machine = {
 80      services.rspamd = {
 81        enable = true;
 82        socketActivation = false;
 83        workers.normal.bindSockets = [{
 84          socket = "/run/rspamd.sock";
 85          mode = "0600";
 86          owner = "root";
 87          group = "root";
 88        }];
 89        workers.controller.bindSockets = [{
 90          socket = "/run/rspamd-worker.sock";
 91          mode = "0666";
 92          owner = "root";
 93          group = "root";
 94        }];
 95      };
 96    };
 97
 98    testScript = ''
 99      ${initMachine}
100      $machine->waitForFile("/run/rspamd.sock");
101      ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
102      ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
103      $machine->log($machine->succeed("cat /etc/rspamd.conf"));
104      $machine->fail("systemctl cat rspamd-normal-1.socket");
105      $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
106      $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
107    '';
108  };
109  socketActivated = makeTest {
110    name = "rspamd-socketActivated";
111    machine = {
112      services.rspamd = {
113        enable = true;
114        workers.normal.bindSockets = [{
115          socket = "/run/rspamd.sock";
116          mode = "0600";
117          owner = "root";
118          group = "root";
119        }];
120        workers.controller.bindSockets = [{
121          socket = "/run/rspamd-worker.sock";
122          mode = "0666";
123          owner = "root";
124          group = "root";
125        }];
126      };
127    };
128
129    testScript = ''
130      startAll
131      $machine->waitForFile("/run/rspamd.sock");
132      ${checkSocket "/run/rspamd.sock" "root" "root" "600" }
133      ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
134      $machine->log($machine->succeed("cat /etc/rspamd.conf"));
135      $machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
136      $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
137      $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
138    '';
139  };
140}