From 5e9849d94f1b204930eeaf46cf7f9495caff85ba Mon Sep 17 00:00:00 2001
From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Date: Sat, 4 Mar 2023 10:45:43 +0100
Subject: [PATCH] rspamd: rename `ENABLE_REDIS` & add persistence for Redis
 (#3143)

---
 docs/content/config/environment.md               |  2 +-
 mailserver.env                                   |  2 +-
 target/scripts/start-mailserver.sh               |  4 ++--
 target/scripts/startup/daemons-stack.sh          |  2 +-
 target/scripts/startup/setup.d/mail_state.sh     | 16 +++++++++-------
 .../scripts/startup/setup.d/security/rspamd.sh   | 15 ++++++++++++++-
 target/scripts/startup/variables-stack.sh        |  2 +-
 target/supervisor/conf.d/supervisor-app.conf     |  4 ++--
 test/tests/parallel/set1/spam_virus/rspamd.bats  |  2 +-
 9 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
index 40c2fe98..47cffe03 100644
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -80,7 +80,7 @@ Enable or disable Rspamd.
 - **0** => disabled
 - 1 => enabled
 
-##### ENABLE_REDIS
+##### ENABLE_RSPAMD_REDIS
 
 Explicit control over running a Redis instance within the container. By default, this value will match what is set for [`ENABLE_RSPAMD`](#enable_rspamd).
 
diff --git a/mailserver.env b/mailserver.env
index 91e5e181..68af83b0 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -123,7 +123,7 @@ ENABLE_RSPAMD=0
 # This setting provides an opt-out to allow using an external instance instead.
 # 0 => Disabled
 # 1 => Enabled
-ENABLE_REDIS=
+ENABLE_RSPAMD_REDIS=
 
 # Amavis content filter (used for ClamAV & SpamAssassin)
 # 0 => Disabled
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index 596e1a21..94a6fc15 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -127,8 +127,8 @@ function _register_functions
   [[ ${SMTP_ONLY}               -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
 
   [[ ${ENABLE_UPDATE_CHECK}     -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
-  [[ ${ENABLE_REDIS}            -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd'
-  [[ ${ENABLE_RSPAMD}           -eq 1 ]] && _register_start_daemon '_start_daemon_redis'
+  [[ ${ENABLE_RSPAMD}           -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd'
+  [[ ${ENABLE_RSPAMD_REDIS}     -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd_redis'
   [[ ${ENABLE_UPDATE_CHECK}     -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
 
   # needs to be started before SASLauthd
diff --git a/target/scripts/startup/daemons-stack.sh b/target/scripts/startup/daemons-stack.sh
index 7ccbd796..99c57df6 100644
--- a/target/scripts/startup/daemons-stack.sh
+++ b/target/scripts/startup/daemons-stack.sh
@@ -43,8 +43,8 @@ function _start_daemon_opendkim       { _default_start_daemon 'opendkim'       ;
 function _start_daemon_opendmarc      { _default_start_daemon 'opendmarc'      ; }
 function _start_daemon_postgrey       { _default_start_daemon 'postgrey'       ; }
 function _start_daemon_postsrsd       { _default_start_daemon 'postsrsd'       ; }
-function _start_daemon_redis          { _default_start_daemon 'redis'          ; }
 function _start_daemon_rspamd         { _default_start_daemon 'rspamd'         ; }
+function _start_daemon_rspamd_redis   { _default_start_daemon 'rspamd-redis'   ; }
 function _start_daemon_rsyslog        { _default_start_daemon 'rsyslog'        ; }
 function _start_daemon_update_check   { _default_start_daemon 'update-check'   ; }
 
diff --git a/target/scripts/startup/setup.d/mail_state.sh b/target/scripts/startup/setup.d/mail_state.sh
index 5dd53390..e3d9fff2 100644
--- a/target/scripts/startup/setup.d/mail_state.sh
+++ b/target/scripts/startup/setup.d/mail_state.sh
@@ -21,14 +21,15 @@ function _setup_save_states
 
     # Only consolidate state for services that are enabled
     # Notably avoids copying over 200MB for the ClamAV database
-    [[ ${ENABLE_AMAVIS} -eq 1 ]] && FILES+=('lib/amavis')
-    [[ ${ENABLE_CLAMAV} -eq 1 ]] && FILES+=('lib/clamav')
-    [[ ${ENABLE_FAIL2BAN} -eq 1 ]] && FILES+=('lib/fail2ban')
-    [[ ${ENABLE_FETCHMAIL} -eq 1 ]] && FILES+=('lib/fetchmail')
-    [[ ${ENABLE_POSTGREY} -eq 1 ]] && FILES+=('lib/postgrey')
-    [[ ${ENABLE_RSPAMD} -eq 1 ]] && FILES+=('lib/rspamd')
+    [[ ${ENABLE_AMAVIS}       -eq 1 ]] && FILES+=('lib/amavis')
+    [[ ${ENABLE_CLAMAV}       -eq 1 ]] && FILES+=('lib/clamav')
+    [[ ${ENABLE_FAIL2BAN}     -eq 1 ]] && FILES+=('lib/fail2ban')
+    [[ ${ENABLE_FETCHMAIL}    -eq 1 ]] && FILES+=('lib/fetchmail')
+    [[ ${ENABLE_POSTGREY}     -eq 1 ]] && FILES+=('lib/postgrey')
+    [[ ${ENABLE_RSPAMD}       -eq 1 ]] && FILES+=('lib/rspamd')
+    [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && FILES+=('lib/redis')
     [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && FILES+=('lib/spamassassin')
-    [[ ${SMTP_ONLY} -ne 1 ]] && FILES+=('lib/dovecot')
+    [[ ${SMTP_ONLY}           -ne 1 ]] && FILES+=('lib/dovecot')
 
     for FILE in "${FILES[@]}"
     do
@@ -65,6 +66,7 @@ function _setup_save_states
     [[ ${ENABLE_FETCHMAIL}    -eq 1 ]] && chown -R fetchmail:nogroup         /var/mail-state/lib-fetchmail
     [[ ${ENABLE_POSTGREY}     -eq 1 ]] && chown -R postgrey:postgrey         /var/mail-state/lib-postgrey
     [[ ${ENABLE_RSPAMD}       -eq 1 ]] && chown -R _rspamd:_rspamd           /var/mail-state/lib-rspamd
+    [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && chown -R redis:redis               /var/mail-state/lib-redis
     [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && chown -R debian-spamd:debian-spamd /var/mail-state/lib-spamassassin
 
     chown -R root:root /var/mail-state/lib-logrotate
diff --git a/target/scripts/startup/setup.d/security/rspamd.sh b/target/scripts/startup/setup.d/security/rspamd.sh
index f9ebab32..a476bd46 100644
--- a/target/scripts/startup/setup.d/security/rspamd.sh
+++ b/target/scripts/startup/setup.d/security/rspamd.sh
@@ -47,7 +47,7 @@ function __rspamd__preflight_checks
     __rspamd__log 'debug' 'Rspamd will not use ClamAV (which has not been enabled)'
   fi
 
-  if [[ ${ENABLE_REDIS} -eq 1 ]]
+  if [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]]
   then
     __rspamd__log 'trace' 'Internal Redis is enabled, adding configuration'
     cat >/etc/rspamd/local.d/redis.conf << "EOF"
@@ -57,6 +57,19 @@ servers = "127.0.0.1:6379";
 expand_keys = true;
 
 EOF
+
+    # Here we adjust the Redis default configuration that we supply to Redis
+    # when starting it. Note that `/var/lib/redis/` is linked to
+    # `/var/mail-state/redis/` (for persisting it) if `ONE_DIR=1`.
+    sedfile -i -E                                  \
+      -e 's|^(bind).*|\1 127.0.0.1|g'          \
+      -e 's|^(daemonize).*|\1 no|g'            \
+      -e 's|^(port).*|\1 6379|g'               \
+      -e 's|^(loglevel).*|\1 warning|g'        \
+      -e 's|^(logfile).*|\1 ""|g'              \
+      -e 's|^(dir).*|\1 /var/lib/redis|g'      \
+      -e 's|^(dbfilename).*|\1 dms-dump.rdb|g' \
+      /etc/redis/redis.conf
   else
     __rspamd__log 'debug' 'Rspamd will not use internal Redis (which has been disabled)'
   fi
diff --git a/target/scripts/startup/variables-stack.sh b/target/scripts/startup/variables-stack.sh
index d149a38f..20a94847 100644
--- a/target/scripts/startup/variables-stack.sh
+++ b/target/scripts/startup/variables-stack.sh
@@ -77,7 +77,7 @@ function __environment_variables_general_setup
   VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
   VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
   VARS[ENABLE_RSPAMD]="${ENABLE_RSPAMD:=0}"
-  VARS[ENABLE_REDIS]="${ENABLE_REDIS:=${ENABLE_RSPAMD}}"
+  VARS[ENABLE_RSPAMD_REDIS]="${ENABLE_RSPAMD_REDIS:=${ENABLE_RSPAMD}}"
   VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}"
   VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}"
   VARS[ENABLE_SPAMASSASSIN_KAM]="${ENABLE_SPAMASSASSIN_KAM:=0}"
diff --git a/target/supervisor/conf.d/supervisor-app.conf b/target/supervisor/conf.d/supervisor-app.conf
index 4b4e9a6a..4c6c10d1 100644
--- a/target/supervisor/conf.d/supervisor-app.conf
+++ b/target/supervisor/conf.d/supervisor-app.conf
@@ -105,14 +105,14 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
 command=/usr/bin/rspamd --no-fork --user=_rspamd --group=_rspamd
 
-[program:redis]
+[program:rspamd-redis]
 startsecs=0
 stopwaitsecs=55
 autostart=false
 autorestart=true
 stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
-command=redis-server --daemonize no --bind 127.0.0.1 --port 6379 --loglevel warning
+command=redis-server /etc/redis/redis.conf
 
 [program:fetchmail]
 startsecs=0
diff --git a/test/tests/parallel/set1/spam_virus/rspamd.bats b/test/tests/parallel/set1/spam_virus/rspamd.bats
index f7b1f23a..6c385553 100644
--- a/test/tests/parallel/set1/spam_virus/rspamd.bats
+++ b/test/tests/parallel/set1/spam_virus/rspamd.bats
@@ -23,7 +23,7 @@ function setup_file() {
   # wait for ClamAV to be fully setup or we will get errors on the log
   _repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
 
-  _wait_for_service redis
+  _wait_for_service rspamd-redis
   _wait_for_service rspamd
   _wait_for_service clamav
   _wait_for_service postfix