aboutsummaryrefslogtreecommitdiffstats
path: root/tests/by-name/em/email-dns
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2025-04-22 21:34:56 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2025-04-22 21:35:32 +0200
commit4fecaae82e6de19f9f1b5a5a5c9984e911d75bf1 (patch)
treefe59f1550d1f4798152c62346352ab02adbf8768 /tests/by-name/em/email-dns
parenttests/email-dns: Factor out all of the secrets/acme stuff into a common dir (diff)
downloadnixos-server-4fecaae82e6de19f9f1b5a5a5c9984e911d75bf1.zip
tests/{common,email-dns}: Move last part of acme and dns handling to common
This makes re-using it even easier.
Diffstat (limited to '')
-rw-r--r--tests/by-name/em/email-dns/nodes/mail_server.nix6
-rw-r--r--tests/by-name/em/email-dns/nodes/name_server.nix232
-rw-r--r--tests/by-name/em/email-dns/nodes/user.nix6
-rw-r--r--tests/by-name/em/email-dns/test.nix34
4 files changed, 110 insertions, 168 deletions
diff --git a/tests/by-name/em/email-dns/nodes/mail_server.nix b/tests/by-name/em/email-dns/nodes/mail_server.nix
index 89dbc4a..279d289 100644
--- a/tests/by-name/em/email-dns/nodes/mail_server.nix
+++ b/tests/by-name/em/email-dns/nodes/mail_server.nix
@@ -14,6 +14,7 @@
++ [
../../../../../modules
../../../../common/acme/client.nix
+ ../../../../common/dns/client.nix
];
environment.systemPackages = [
@@ -21,11 +22,6 @@
pkgs.openssl
];
- networking.nameservers = lib.mkForce [
- nodes.name_server.networking.primaryIPAddress
- nodes.name_server.networking.primaryIPv6Address
- ];
-
age.identityPaths = ["${../../../../common/email/hostKey}"];
vhack = {
diff --git a/tests/by-name/em/email-dns/nodes/name_server.nix b/tests/by-name/em/email-dns/nodes/name_server.nix
index 48ce496..d9d3617 100644
--- a/tests/by-name/em/email-dns/nodes/name_server.nix
+++ b/tests/by-name/em/email-dns/nodes/name_server.nix
@@ -140,13 +140,9 @@ in {
++ [
../../../../../modules
../../../../common/acme/client.nix
+ ../../../../common/dns/server.nix
];
- networking.nameservers = lib.mkForce [
- nodes.name_server.networking.primaryIPAddress
- nodes.name_server.networking.primaryIPv6Address
- ];
-
services.nginx = {
logError = "stderr debug";
virtualHosts = let
@@ -175,145 +171,121 @@ in {
nginx = {
enable = true;
};
- dns = {
- enable = true;
- openFirewall = true;
- interfaces = [
- nodes.name_server.networking.primaryIPAddress
- nodes.name_server.networking.primaryIPv6Address
- ];
-
- zones = let
- stsZone = {
- SOA = {
- nameServer = "ns";
- adminEmail = "admin@server.com";
- serial = 2025012301;
- };
+ dns.zones = let
+ stsZone = {
+ SOA = {
+ nameServer = "ns";
+ adminEmail = "admin@server.com";
+ serial = 2025012301;
+ };
- useOrigin = false;
+ useOrigin = false;
- A = [
- nodes.name_server.networking.primaryIPAddress
- ];
- AAAA = [
- nodes.name_server.networking.primaryIPv6Address
- ];
+ A = [
+ nodes.name_server.networking.primaryIPAddress
+ ];
+ AAAA = [
+ nodes.name_server.networking.primaryIPv6Address
+ ];
+ };
+ in {
+ "arpa" = {
+ SOA = {
+ nameServer = "ns";
+ adminEmail = "admin@server.com";
+ serial = 2025012301;
};
- in {
- "arpa" = {
- SOA = {
- nameServer = "ns";
- adminEmail = "admin@server.com";
- serial = 2025012301;
- };
- useOrigin = false;
+ useOrigin = false;
- PTR = [
- {
- name = "acme.test";
- ip.v4 = nodes.acme.networking.primaryIPAddress;
- }
- {
- name = "acme.test";
- ip.v6 = nodes.acme.networking.primaryIPv6Address;
- }
+ PTR = [
+ {
+ name = "acme.test";
+ ip.v4 = nodes.acme.networking.primaryIPAddress;
+ }
+ {
+ name = "acme.test";
+ ip.v6 = nodes.acme.networking.primaryIPv6Address;
+ }
- {
- name = "alice.com";
- ip.v4 = nodes.alice.networking.primaryIPAddress;
- }
- {
- name = "alice.com";
- ip.v6 = nodes.alice.networking.primaryIPv6Address;
- }
+ {
+ name = "alice.com";
+ ip.v4 = nodes.alice.networking.primaryIPAddress;
+ }
+ {
+ name = "alice.com";
+ ip.v6 = nodes.alice.networking.primaryIPv6Address;
+ }
- {
- name = "bob";
- ip.v4 = nodes.bob.networking.primaryIPAddress;
- }
- {
- name = "bob";
- ip.v6 = nodes.bob.networking.primaryIPv6Address;
- }
+ {
+ name = "bob";
+ ip.v4 = nodes.bob.networking.primaryIPAddress;
+ }
+ {
+ name = "bob";
+ ip.v6 = nodes.bob.networking.primaryIPv6Address;
+ }
- {
- name = "mail1.server.com";
- ip.v4 = nodes.mail1_server.networking.primaryIPAddress;
- }
- {
- name = "mail1.server.com";
- ip.v6 = nodes.mail1_server.networking.primaryIPv6Address;
- }
+ {
+ name = "mail1.server.com";
+ ip.v4 = nodes.mail1_server.networking.primaryIPAddress;
+ }
+ {
+ name = "mail1.server.com";
+ ip.v6 = nodes.mail1_server.networking.primaryIPv6Address;
+ }
- {
- name = "mail2.server.com";
- ip.v4 = nodes.mail2_server.networking.primaryIPAddress;
- }
- {
- name = "mail2.server.com";
- ip.v6 = nodes.mail2_server.networking.primaryIPv6Address;
- }
+ {
+ name = "mail2.server.com";
+ ip.v4 = nodes.mail2_server.networking.primaryIPAddress;
+ }
+ {
+ name = "mail2.server.com";
+ ip.v6 = nodes.mail2_server.networking.primaryIPv6Address;
+ }
- {
- name = "ns.server.com";
- ip.v4 = nodes.name_server.networking.primaryIPAddress;
- }
- {
- name = "ns.server.com";
- ip.v6 = nodes.name_server.networking.primaryIPv6Address;
- }
- ];
- };
-
- "alice.com" = mkZone "alice" nodes lib nodes.mail2_server.vhack.stalwart-mail;
- "mta-sts.alice.com" = stsZone;
- "bob.com" = mkZone "bob" nodes lib nodes.mail1_server.vhack.stalwart-mail;
- "mta-sts.bob.com" = stsZone;
- "mail1.server.com" = mkServerZone "mail1" nodes lib;
- "mail2.server.com" = mkServerZone "mail2" nodes lib;
- "ns.server.com" = {
- SOA = {
- nameServer = "ns";
- adminEmail = "admin@server.com";
- serial = 2025012301;
- };
- useOrigin = false;
+ {
+ name = "ns.server.com";
+ ip.v4 = nodes.name_server.networking.primaryIPAddress;
+ }
+ {
+ name = "ns.server.com";
+ ip.v6 = nodes.name_server.networking.primaryIPv6Address;
+ }
+ ];
+ };
- A = [
- nodes.name_server.networking.primaryIPAddress
- ];
- AAAA = [
- nodes.name_server.networking.primaryIPv6Address
- ];
+ "alice.com" = mkZone "alice" nodes lib nodes.mail2_server.vhack.stalwart-mail;
+ "mta-sts.alice.com" = stsZone;
+ "bob.com" = mkZone "bob" nodes lib nodes.mail1_server.vhack.stalwart-mail;
+ "mta-sts.bob.com" = stsZone;
+ "mail1.server.com" = mkServerZone "mail1" nodes lib;
+ "mail2.server.com" = mkServerZone "mail2" nodes lib;
+ "ns.server.com" = {
+ SOA = {
+ nameServer = "ns";
+ adminEmail = "admin@server.com";
+ serial = 2025012301;
};
- "acme.test" = {
- SOA = {
- nameServer = "ns";
- adminEmail = "admin@server.com";
- serial = 2025012301;
- };
- useOrigin = false;
+ useOrigin = false;
- A = [
- nodes.acme.networking.primaryIPAddress
- ];
- AAAA = [
- nodes.acme.networking.primaryIPv6Address
- ];
+ A = [
+ nodes.name_server.networking.primaryIPAddress
+ ];
+ AAAA = [
+ nodes.name_server.networking.primaryIPv6Address
+ ];
+ };
+ "server.com" = {
+ SOA = {
+ nameServer = "ns";
+ adminEmail = "admin@server.com";
+ serial = 2025012301;
};
- "server.com" = {
- SOA = {
- nameServer = "ns";
- adminEmail = "admin@server.com";
- serial = 2025012301;
- };
- useOrigin = false;
- NS = [
- "ns.server.com."
- ];
- };
+ useOrigin = false;
+ NS = [
+ "ns.server.com."
+ ];
};
};
};
diff --git a/tests/by-name/em/email-dns/nodes/user.nix b/tests/by-name/em/email-dns/nodes/user.nix
index 55a4609..fba02ce 100644
--- a/tests/by-name/em/email-dns/nodes/user.nix
+++ b/tests/by-name/em/email-dns/nodes/user.nix
@@ -9,6 +9,7 @@
}: {
imports = [
../../../../common/acme/client.nix
+ ../../../../common/dns/client.nix
];
environment.systemPackages = [
@@ -20,11 +21,6 @@
pkgs.openssl
];
- networking.nameservers = lib.mkForce [
- nodes.name_server.networking.primaryIPAddress
- nodes.name_server.networking.primaryIPv6Address
- ];
-
users.users."${user}" = {isNormalUser = true;};
systemd.tmpfiles.rules = [
diff --git a/tests/by-name/em/email-dns/test.nix b/tests/by-name/em/email-dns/test.nix
index 7391c86..6812d32 100644
--- a/tests/by-name/em/email-dns/test.nix
+++ b/tests/by-name/em/email-dns/test.nix
@@ -31,9 +31,9 @@ in
lib,
...
}: {
- imports = [../../../common/acme];
- networking.nameservers = lib.mkForce [
- nodes.name_server.networking.primaryIPAddress
+ imports = [
+ ../../../common/acme/server.nix
+ ../../../common/dns/client.nix
];
};
@@ -89,7 +89,8 @@ in
exit 1
}
'';
- inherit (pkgs) lib;
+
+ acme_scripts = import ../../../common/acme/scripts.nix {inherit pkgs;};
in
/*
python
@@ -121,30 +122,7 @@ in
with subtest("Add pebble ca key to all services"):
for node in [name_server, mail1_server, mail2_server, alice, bob]:
- node.succeed("${pkgs.writeShellScript "fetch-and-set-ca" ''
- set -xe
-
- # Fetch the randomly generated ca certificate
- curl https://acme.test:15000/roots/0 > /tmp/ca.crt
- curl https://acme.test:15000/intermediates/0 >> /tmp/ca.crt
-
- # Append it to the various system stores
- # The file paths are from <nixpgks>/modules/security/ca.nix
- for cert_path in "ssl/certs/ca-certificates.crt" "ssl/certs/ca-bundle.crt" "pki/tls/certs/ca-bundle.crt"; do
- cert_path="/etc/$cert_path"
-
- mv "$cert_path" "$cert_path.old"
- cat "$cert_path.old" > "$cert_path"
- cat /tmp/ca.crt >> "$cert_path"
- done
-
- export NIX_SSL_CERT_FILE=/tmp/ca.crt
- export SSL_CERT_FILE=/tmp/ca.crt
-
- # TODO
- # # P11-Kit trust source.
- # environment.etc."ssl/trust-source".source = "$${cacertPackage.p11kit}/etc/ssl/trust-source";
- ''}")
+ node.succeed("${acme_scripts.add_pebble_acme_ca}")
with subtest("Both mailserver successfully started all services"):
import json
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-31 11:24:14 +0000