pyrox.dev
1{ ... }:
2{
3 name = "mailman";
4
5 nodes.machine =
6 { pkgs, ... }:
7 {
8 environment.systemPackages = with pkgs; [ mailutils ];
9
10 services.mailman.enable = true;
11 services.mailman.serve.enable = true;
12 services.mailman.siteOwner = "postmaster@example.com";
13 services.mailman.webHosts = [ "example.com" ];
14
15 services.postfix.enable = true;
16 services.postfix.destination = [
17 "example.com"
18 "example.net"
19 ];
20 services.postfix.relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
21 services.postfix.config.local_recipient_maps = [
22 "hash:/var/lib/mailman/data/postfix_lmtp"
23 "proxy:unix:passwd.byname"
24 ];
25 services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
26
27 users.users.user = {
28 isNormalUser = true;
29 };
30
31 virtualisation.memorySize = 2048;
32
33 specialisation.restApiPassFileSystem.configuration = {
34 services.mailman.restApiPassFile = "/var/lib/mailman/pass";
35 };
36 };
37
38 testScript =
39 { nodes, ... }:
40 let
41 restApiPassFileSystem = "${nodes.machine.system.build.toplevel}/specialisation/restApiPassFileSystem";
42 in
43 ''
44 def check_mail(_) -> bool:
45 status, _ = machine.execute("grep -q hello /var/spool/mail/user/new/*")
46 return status == 0
47
48 def try_api(_) -> bool:
49 status, _ = machine.execute("curl -s http://localhost:8001/")
50 return status == 0
51
52 def wait_for_api():
53 with machine.nested("waiting for Mailman REST API to be available"):
54 retry(try_api)
55
56 machine.wait_for_unit("mailman.service")
57 wait_for_api()
58
59 with subtest("subscription and delivery"):
60 creds = machine.succeed("su -s /bin/sh -c 'mailman info' mailman | grep '^REST credentials: ' | sed 's/^REST credentials: //'").strip()
61 machine.succeed(f"curl --fail-with-body -sLSu {creds} -d mail_host=example.com http://localhost:8001/3.1/domains")
62 machine.succeed(f"curl --fail-with-body -sLSu {creds} -d fqdn_listname=list@example.com http://localhost:8001/3.1/lists")
63 machine.succeed(f"curl --fail-with-body -sLSu {creds} -d list_id=list.example.com -d subscriber=root@example.com -d pre_confirmed=True -d pre_verified=True -d send_welcome_message=False http://localhost:8001/3.1/members")
64 machine.succeed(f"curl --fail-with-body -sLSu {creds} -d list_id=list.example.com -d subscriber=user@example.net -d pre_confirmed=True -d pre_verified=True -d send_welcome_message=False http://localhost:8001/3.1/members")
65 machine.succeed("mail -a 'From: root@example.com' -s hello list@example.com < /dev/null")
66 with machine.nested("waiting for mail from list"):
67 retry(check_mail)
68
69 with subtest("Postorius"):
70 machine.succeed("curl --fail-with-body -sILS http://localhost/")
71
72 with subtest("restApiPassFile"):
73 machine.succeed("echo secretpassword > /var/lib/mailman/pass")
74 machine.succeed("${restApiPassFileSystem}/bin/switch-to-configuration test >&2")
75 machine.succeed("grep secretpassword /etc/mailman.cfg")
76 machine.succeed("su -s /bin/sh -c 'mailman info' mailman | grep secretpassword")
77 wait_for_api()
78 machine.succeed("curl --fail-with-body -sLSu restadmin:secretpassword http://localhost:8001/3.1/domains")
79 machine.succeed("curl --fail-with-body -sILS http://localhost/")
80
81 with subtest("service locking"):
82 machine.fail("su -s /bin/sh -c 'mailman start' mailman")
83 machine.execute("systemctl kill --signal=SIGKILL mailman")
84 machine.succeed("systemctl restart mailman")
85 wait_for_api()
86 '';
87}