tests/email-dns: Init

This test is somewhat involved, but tries to exercise our full mail
handling capabilities.
It effectively only tests that alice can send a message to bob, but it
checks nearly all security mechanisms (DNSSEC is currently still missing).

1 files changed, 9 insertions, 0 deletions

diff --git a/secrets.nix b/secrets.nix
index d90b504..8d3ae92 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -5,6 +5,9 @@ let
   server2HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1TUFoCTplkqTVbXQ6qDCyeo2h8+C0vjrIlKu6vmq5f";
   server3HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3s4FjGx7LEVf/GE3WeCl8TmCtPt8gW1J0mp0fUJBNm";
 
+  # WARNING(@bpeetz): ONLY use this key on age files that are meant to be public! <2025-02-23>
+  testingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxdvBk/PC9fC7B5vqe9TvygZKY6LgDQ2mXRdVrthBM/";
+
   publicKeys = {
     "server2" = [
       soispha
@@ -62,3 +65,9 @@ let
     );
 in
   secrets
+  // {
+    "./tests/by-name/em/email-dns/secrets/dkim/alice.com/private.age".publicKeys = [soispha sils testingKey];
+    "./tests/by-name/em/email-dns/secrets/dkim/bob.com/private.age".publicKeys = [soispha sils testingKey];
+    "./tests/by-name/em/email-dns/secrets/dkim/mail1.server.com/private.age".publicKeys = [soispha sils testingKey];
+    "./tests/by-name/em/email-dns/secrets/dkim/mail2.server.com/private.age".publicKeys = [soispha sils testingKey];
+  }