diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-05 19:06:53 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-09 13:44:40 +0100 |
| commit | ef0b3f491e1868c7b3899aff3f53be0325313c2d (patch) | |
| tree | 913ddeb99ca5ce3e10f49dfe858d37780aea3c12 /tests/by-name/em/email-dns/nodes/mail_server.nix | |
| parent | pkgs/fetchmail-common-name: Patch fetchmail to accept certificates without co... (diff) | |
| download | nixos-server-ef0b3f491e1868c7b3899aff3f53be0325313c2d.zip | |
tests/email-dns: Init
This test is somewhat involved, but tries to exercise our full mail handling capabilities. It effectively only tests that alice can send a message to bob, but it checks nearly all security mechanisms (DNSSEC is currently still missing).
Diffstat (limited to 'tests/by-name/em/email-dns/nodes/mail_server.nix')
| -rw-r--r-- | tests/by-name/em/email-dns/nodes/mail_server.nix | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/tests/by-name/em/email-dns/nodes/mail_server.nix b/tests/by-name/em/email-dns/nodes/mail_server.nix new file mode 100644 index 0000000..ba554ac --- /dev/null +++ b/tests/by-name/em/email-dns/nodes/mail_server.nix @@ -0,0 +1,57 @@ +{ + extraModules, + pkgs, + vhackPackages, +}: { + mkMailServer = serverName: principal: { + config, + lib, + nodes, + ... + }: { + imports = + extraModules + ++ [ + ../../../../../modules + ./acme/client.nix + ]; + + environment.systemPackages = [ + pkgs.bind + pkgs.openssl + ]; + + networking.nameservers = lib.mkForce [ + nodes.name_server.networking.primaryIPAddress + nodes.name_server.networking.primaryIPv6Address + ]; + + age.identityPaths = ["${../secrets/hostKey}"]; + + vhack = { + stalwart-mail = { + enable = true; + fqdn = "${serverName}.server.com"; + admin = "admin@${serverName}.server.com"; + security = { + dkimKeys = let + loadKey = name: { + dkimPublicKey = builtins.readFile (../secrets/dkim + "/${name}/public"); + dkimPrivateKeyPath = ../secrets/dkim + "/${name}/private.age"; + keyAlgorithm = "ed25519-sha256"; + }; + in { + "mail1.server.com" = loadKey "mail1.server.com"; + "mail2.server.com" = loadKey "mail2.server.com"; + "alice.com" = loadKey "alice.com"; + "bob.com" = loadKey "bob.com"; + }; + verificationMode = "strict"; + allowInsecureSmtp = false; + }; + openFirewall = true; + principals = [principal]; + }; + }; + }; +} |