1 files changed, 110 insertions, 0 deletions
diff --git a/tests/by-name/em/email-http/test.nix b/tests/by-name/em/email-http/test.nix
new file mode 100644
index 0000000..2c7921d
--- /dev/null
+++ b/tests/by-name/em/email-http/test.nix
@@ -0,0 +1,110 @@
+{
+  nixos-lib,
+  pkgsUnstable,
+  nixpkgs-unstable,
+  vhackPackages,
+  pkgs,
+  extraModules,
+  nixLib,
+  ...
+}: let
+  mail_server = import ./nodes/mail_server.nix {inherit extraModules pkgs vhackPackages;};
+  inherit (mail_server) mkMailServer;
+  user = import ./nodes/user.nix {inherit pkgs vhackPackages;};
+  inherit (user) mkUser;
+in
+  nixos-lib.runTest {
+    hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
+
+    name = "email-http";
+
+    node = {
+      specialArgs = {inherit pkgsUnstable vhackPackages nixpkgs-unstable nixLib;};
+
+      # Use the nixpkgs as constructed by the `nixpkgs.*` options
+      pkgs = null;
+    };
+
+    nodes = {
+      acme = {
+        nodes,
+        lib,
+        ...
+      }: {
+        imports = [../../../common/acme];
+        networking.nameservers = lib.mkForce [
+          nodes.name_server.networking.primaryIPAddress
+        ];
+      };
+
+      name_server = import ./nodes/name_server.nix {inherit extraModules;};
+
+      mail_server = mkMailServer "mail" null;
+
+      bob = mkUser "bob" "mail";
+    };
+
+    # TODO(@bpeetz): This test should also test the http JMAP features of stalwart-mail. <2025-04-12>
+    testScript = _:
+    /*
+    python
+    */
+    ''
+      # Start dependencies for the other services
+      acme.start()
+      acme.wait_for_unit("pebble.service")
+      name_server.start()
+      name_server.wait_for_unit("nsd.service")
+
+      # Start the actual testing machines
+      start_all()
+
+      mail_server.wait_for_unit("stalwart-mail.service")
+      mail_server.wait_for_open_port(993) # imap
+      mail_server.wait_for_open_port(465) # smtp
+
+      bob.wait_for_unit("multi-user.target")
+
+      with subtest("Add pebble ca key to all services"):
+        for node in [name_server, mail_server, bob]:
+          node.succeed("${pkgs.writeShellScript "fetch-and-set-ca" ''
+        set -xe
+
+        # Fetch the randomly generated ca certificate
+        curl https://acme.test:15000/roots/0 > /tmp/ca.crt
+        curl https://acme.test:15000/intermediates/0 >> /tmp/ca.crt
+
+        # Append it to the various system stores
+        # The file paths are from <nixpgks>/modules/security/ca.nix
+        for cert_path in "ssl/certs/ca-certificates.crt" "ssl/certs/ca-bundle.crt" "pki/tls/certs/ca-bundle.crt"; do
+          cert_path="/etc/$cert_path"
+
+          mv "$cert_path" "$cert_path.old"
+          cat "$cert_path.old" > "$cert_path"
+          cat /tmp/ca.crt >> "$cert_path"
+        done
+
+        export NIX_SSL_CERT_FILE=/tmp/ca.crt
+        export SSL_CERT_FILE=/tmp/ca.crt
+
+        # TODO
+        # # P11-Kit trust source.
+        # environment.etc."ssl/trust-source".source = "$${cacertPackage.p11kit}/etc/ssl/trust-source";
+      ''}")
+
+      with subtest("The mailserver successfully started all services"):
+        import json
+        def all_services_running(host):
+          (status, output) = host.systemctl("list-units --state=failed --plain --no-pager --output=json")
+          host_failed = json.loads(output)
+          assert len(host_failed) == 0, f"Expected zero failing services, but found: {json.dumps(host_failed, indent=4)}"
+        all_services_running(mail_server)
+
+      with subtest("Bob can use the self-service interface"):
+        bob.succeed("${pkgs.writeShellScript "check-self-service" ''
+        curl mail.server.com --location --output /home/bob/output.html;
+      ''}")
+
+      bob.copy_from_vm("/home/bob", "")
+    '';
+  }