From 1db74d1150827d09b9620457af673b2d9b6c2b07 Mon Sep 17 00:00:00 2001
From: Philipp Kern <pkern@google.com>
Date: Sun, 15 Nov 2020 11:02:28 +0100
Subject: [PATCH] nixos/spamassassin: Fix network requirement on boot

sa-update currently runs as part of the pre-start script of spamd. The
network is not guaranteed to be online at that point and even if we
were to depend on that, it makes the bootup brittle, as there is a
reliance on SpamAssassin's update server as a startup dependency on
boot.

Refactor the setup to move the pre-start script into its own unit.
This allows to perform the setup task only once. Continuous updates
are already done by sa-update.service triggered by sa-update.timer.
Only run sa-update in case /var/lib/spamassassin is empty.

While we are on it, let sa-update.service depend on the network being
online.
---
 nixos/modules/services/mail/spamassassin.nix | 51 ++++++++++++--------
 1 file changed, 32 insertions(+), 19 deletions(-)

diff --git a/nixos/modules/services/mail/spamassassin.nix b/nixos/modules/services/mail/spamassassin.nix
index 4e642542ec6..0bbf2df48d4 100644
--- a/nixos/modules/services/mail/spamassassin.nix
+++ b/nixos/modules/services/mail/spamassassin.nix
@@ -126,6 +126,8 @@ in
     };
 
     systemd.services.sa-update = {
+      wants = [ "network-online.target" ];
+      after = [ "network-online.target" ];
       script = ''
         set +e
         ${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/" spamd
@@ -152,33 +154,44 @@ in
       };
     };
 
+    systemd.services.spamd-init = {
+      serviceConfig = {
+        Type = "oneshot";
+      };
+      script = ''
+        mkdir -p /var/lib/spamassassin
+        chown spamd:spamd /var/lib/spamassassin -R
+        if [ "$(ls -A /var/lib/spamassassin)" = "" ]; then
+          echo "'/var/lib/spamassassin' is empty, running sa-update..."
+          set +e
+          ${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/" spamd
+          v=$?
+          set -e
+          # 0 and 1 no error, exitcode > 1 means error:
+          # https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
+          if [ $v -gt 1 ]; then
+            echo "sa-update execution error"
+            exit $v
+          fi
+          echo "sa-update run successfully."
+        fi
+      '';
+    };
+
     systemd.services.spamd = {
-      description = "Spam Assassin Server";
+      description = "SpamAssassin Server";
 
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" ];
+      wants = [ "spamd-init.service" ];
+      after = [
+        "network.target"
+        "spamd-init.service"
+      ];
 
       serviceConfig = {
         ExecStart = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/run/spamd.pid";
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
       };
-
-      # 0 and 1 no error, exitcode > 1 means error:
-      # https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
-      preStart = ''
-        echo "Recreating '/var/lib/spamasassin' with creating '3.004001' (or similar) and 'sa-update-keys'"
-        mkdir -p /var/lib/spamassassin
-        chown spamd:spamd /var/lib/spamassassin -R
-        set +e
-        ${pkgs.su}/bin/su -s "${pkgs.bash}/bin/bash" -c "${pkgs.spamassassin}/bin/sa-update --gpghomedir=/var/lib/spamassassin/sa-update-keys/" spamd
-        v=$?
-        set -e
-        if [ $v -gt 1 ]; then
-          echo "sa-update execution error"
-          exit $v
-        fi
-        chown spamd:spamd /var/lib/spamassassin -R
-      '';
     };
   };
 }