pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / maddy / tls.nix
at master 3.6 kB view raw
1import ../make-test-python.nix ( 2 { pkgs, ... }: 3 let 4 certs = import ../common/acme/server/snakeoil-certs.nix; 5 domain = certs.domain; 6 in 7 { 8 name = "maddy-tls"; 9 meta = with pkgs.lib.maintainers; { 10 maintainers = [ onny ]; 11 }; 12 13 nodes = { 14 server = 15 { options, ... }: 16 { 17 services.maddy = { 18 enable = true; 19 hostname = domain; 20 primaryDomain = domain; 21 openFirewall = true; 22 ensureAccounts = [ "postmaster@${domain}" ]; 23 ensureCredentials = { 24 # Do not use this in production. This will make passwords world-readable 25 # in the Nix store 26 "postmaster@${domain}".passwordFile = "${pkgs.writeText "postmaster" "test"}"; 27 }; 28 tls = { 29 loader = "file"; 30 certificates = [ 31 { 32 certPath = "${certs.${domain}.cert}"; 33 keyPath = "${certs.${domain}.key}"; 34 } 35 ]; 36 }; 37 # Enable TLS listeners. Configuring this via the module is not yet 38 # implemented. 39 config = 40 builtins.replaceStrings 41 [ 42 "imap tcp://0.0.0.0:143" 43 "submission tcp://0.0.0.0:587" 44 ] 45 [ 46 "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" 47 "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" 48 ] 49 options.services.maddy.config.default; 50 }; 51 # Not covered by openFirewall yet 52 networking.firewall.allowedTCPPorts = [ 53 993 54 465 55 ]; 56 }; 57 58 client = 59 { nodes, ... }: 60 { 61 security.pki.certificateFiles = [ 62 certs.ca.cert 63 ]; 64 networking.extraHosts = '' 65 ${nodes.server.networking.primaryIPAddress} ${domain} 66 ''; 67 environment.systemPackages = [ 68 (pkgs.writers.writePython3Bin "send-testmail" { } '' 69 import smtplib 70 import ssl 71 from email.mime.text import MIMEText 72 73 context = ssl.create_default_context() 74 msg = MIMEText("Hello World") 75 msg['Subject'] = 'Test' 76 msg['From'] = "postmaster@${domain}" 77 msg['To'] = "postmaster@${domain}" 78 with smtplib.SMTP_SSL(host='${domain}', port=465, context=context) as smtp: 79 smtp.login('postmaster@${domain}', 'test') 80 smtp.sendmail( 81 'postmaster@${domain}', 'postmaster@${domain}', msg.as_string() 82 ) 83 '') 84 (pkgs.writers.writePython3Bin "test-imap" { } '' 85 import imaplib 86 87 with imaplib.IMAP4_SSL('${domain}') as imap: 88 imap.login('postmaster@${domain}', 'test') 89 imap.select() 90 status, refs = imap.search(None, 'ALL') 91 assert status == 'OK' 92 assert len(refs) == 1 93 status, msg = imap.fetch(refs[0], 'BODY[TEXT]') 94 assert status == 'OK' 95 assert msg[0][1].strip() == b"Hello World" 96 '') 97 ]; 98 }; 99 }; 100 101 testScript = '' 102 start_all() 103 server.wait_for_unit("maddy.service") 104 server.wait_for_open_port(143) 105 server.wait_for_open_port(993) 106 server.wait_for_open_port(587) 107 server.wait_for_open_port(465) 108 client.succeed("send-testmail") 109 client.succeed("test-imap") 110 ''; 111 } 112)