about summary refs log tree commit diff stats
path: root/tests/by-name/em/email-http/nodes/name_server.nix
diff options
context:
space:
mode:
Diffstat (limited to 'tests/by-name/em/email-http/nodes/name_server.nix')
-rw-r--r--tests/by-name/em/email-http/nodes/name_server.nix210
1 files changed, 0 insertions, 210 deletions
diff --git a/tests/by-name/em/email-http/nodes/name_server.nix b/tests/by-name/em/email-http/nodes/name_server.nix
deleted file mode 100644
index a7e3ce9..0000000
--- a/tests/by-name/em/email-http/nodes/name_server.nix
+++ /dev/null
@@ -1,210 +0,0 @@
-{extraModules}: {
-  config,
-  lib,
-  nodes,
-  pkgs,
-  ...
-}: let
-  keyAlgoToKeyType = keyAlgo:
-    if keyAlgo == "ed25519-sha256"
-    then "ed25519"
-    else if keyAlgo == "rsa-sha-256" || keyAlgo == "rsa-sha-1"
-    then "rsa"
-    else builtins.throw "Impossible";
-
-  mkZone = user: nodes: lib: cfg: {
-    SOA = {
-      nameServer = "ns.server.com";
-      adminEmail = "${user}@${user}.com";
-      serial = 2024012301;
-    };
-
-    MX = [
-      {
-        preference = 10;
-        exchange = "${cfg.fqdn}.";
-      }
-    ];
-
-    # https://www.rfc-editor.org/rfc/rfc8461.html#section-3.1
-    # Also see the policy in the hmtl part.
-    MTA-STS = [
-      {
-        id = "20250228Z";
-      }
-    ];
-
-    # https://www.rfc-editor.org/rfc/rfc7208.html
-    # https://en.wikipedia.org/wiki/Sender_Policy_Framework
-    TXT = [
-      (builtins.concatStringsSep " "
-        [
-          "v=spf1" # The version.
-          "+mx" # Allow mail from this domain MX record.
-          "-all" # Reject all other emails if the previous mechanism did not match.
-        ])
-    ];
-
-    # https://www.rfc-editor.org/rfc/rfc6376.html#section-3.6.1
-    # https://www.rfc-editor.org/rfc/rfc6376.html#section-7.5
-    DKIM = [
-      {
-        selector = "mail";
-        k = keyAlgoToKeyType cfg.security.dkimKeys."${user}.com".keyAlgorithm;
-        p = cfg.security.dkimKeys."${user}.com".dkimPublicKey;
-        s = ["email"];
-        t = ["s"];
-      }
-    ];
-
-    # https://www.rfc-editor.org/rfc/rfc7489.html#section-6.3
-    DMARC = [
-      {
-        adkim = "strict";
-        aspf = "strict";
-        fo = ["0" "1" "d" "s"];
-        p = "quarantine";
-        rua = cfg.admin;
-        ruf = [cfg.admin];
-      }
-    ];
-
-    A = [
-      nodes.${user}.networking.primaryIPAddress
-    ];
-    AAAA = [
-      nodes.${user}.networking.primaryIPv6Address
-    ];
-  };
-  mkServerZone = serverName: nodes: lib: let
-    cfg = nodes."${serverName}_server".vhack.stalwart-mail;
-  in {
-    SOA = {
-      nameServer = "ns.server.com";
-      adminEmail = "admin@server.com";
-      serial = 2024012301;
-    };
-    MX = [
-      {
-        preference = 10;
-        exchange = "${serverName}.server.com.";
-      }
-    ];
-
-    # https://www.rfc-editor.org/rfc/rfc6376.html#section-3.6.1
-    # https://www.rfc-editor.org/rfc/rfc6376.html#section-7.5
-    DKIM = [
-      {
-        selector = "mail";
-        k = keyAlgoToKeyType cfg.security.dkimKeys."${serverName}.server.com".keyAlgorithm;
-        p = cfg.security.dkimKeys."${serverName}.server.com".dkimPublicKey;
-        s = ["email"];
-        t = ["s"];
-      }
-    ];
-
-    # https://www.rfc-editor.org/rfc/rfc7489.html#section-6.3
-    DMARC = [
-      {
-        adkim = "strict";
-        aspf = "strict";
-        fo = ["0" "1" "d" "s"];
-        p = "reject";
-        rua = cfg.admin;
-        ruf = [cfg.admin];
-      }
-    ];
-
-    # https://www.rfc-editor.org/rfc/rfc7208.html
-    # NOTE(@bpeetz): This server might not be directly sending mail, but it is still required for
-    # the SMTP EHLO check. <2025-02-25>
-    TXT = [
-      (builtins.concatStringsSep " "
-        [
-          "v=spf1" # The version.
-          "+mx" # Allow mail from this domain MX record.
-          "-all" # Reject all other emails if the previous mechanism did not match.
-        ])
-    ];
-
-    A = [
-      nodes."${serverName}_server".networking.primaryIPAddress
-    ];
-    AAAA = [
-      nodes."${serverName}_server".networking.primaryIPv6Address
-    ];
-  };
-in {
-  imports =
-    extraModules
-    ++ [
-      ../../../../../modules
-      ../../../../common/acme/client.nix
-    ];
-
-  networking.nameservers = lib.mkForce [
-    nodes.name_server.networking.primaryIPAddress
-    nodes.name_server.networking.primaryIPv6Address
-  ];
-
-  vhack = {
-    nginx = {
-      enable = true;
-    };
-    dns = {
-      enable = true;
-      openFirewall = true;
-      interfaces = [
-        nodes.name_server.networking.primaryIPAddress
-        nodes.name_server.networking.primaryIPv6Address
-      ];
-
-      zones = {
-        "bob.com" = mkZone "bob" nodes lib nodes.mail_server.vhack.stalwart-mail;
-        "mail.server.com" = mkServerZone "mail" nodes lib;
-        "ns.server.com" = {
-          SOA = {
-            nameServer = "ns";
-            adminEmail = "admin@server.com";
-            serial = 2025012301;
-          };
-          useOrigin = false;
-
-          A = [
-            nodes.name_server.networking.primaryIPAddress
-          ];
-          AAAA = [
-            nodes.name_server.networking.primaryIPv6Address
-          ];
-        };
-        "acme.test" = {
-          SOA = {
-            nameServer = "ns";
-            adminEmail = "admin@server.com";
-            serial = 2025012301;
-          };
-          useOrigin = false;
-
-          A = [
-            nodes.acme.networking.primaryIPAddress
-          ];
-          AAAA = [
-            nodes.acme.networking.primaryIPv6Address
-          ];
-        };
-        "server.com" = {
-          SOA = {
-            nameServer = "ns";
-            adminEmail = "admin@server.com";
-            serial = 2025012301;
-          };
-
-          useOrigin = false;
-          NS = [
-            "ns.server.com."
-          ];
-        };
-      };
-    };
-  };
-}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-24 06:49:35 +0000