From ef0b3f491e1868c7b3899aff3f53be0325313c2d Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Wed, 5 Mar 2025 19:06:53 +0100
Subject: tests/email-dns: Init

This test is somewhat involved, but tries to exercise our full mail
handling capabilities.
It effectively only tests that alice can send a message to bob, but it
checks nearly all security mechanisms (DNSSEC is currently still missing).
---
 tests/by-name/em/email-dns/nodes/mail_server.nix | 57 ++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 tests/by-name/em/email-dns/nodes/mail_server.nix

(limited to 'tests/by-name/em/email-dns/nodes/mail_server.nix')

diff --git a/tests/by-name/em/email-dns/nodes/mail_server.nix b/tests/by-name/em/email-dns/nodes/mail_server.nix
new file mode 100644
index 0000000..ba554ac
--- /dev/null
+++ b/tests/by-name/em/email-dns/nodes/mail_server.nix
@@ -0,0 +1,57 @@
+{
+  extraModules,
+  pkgs,
+  vhackPackages,
+}: {
+  mkMailServer = serverName: principal: {
+    config,
+    lib,
+    nodes,
+    ...
+  }: {
+    imports =
+      extraModules
+      ++ [
+        ../../../../../modules
+        ./acme/client.nix
+      ];
+
+    environment.systemPackages = [
+      pkgs.bind
+      pkgs.openssl
+    ];
+
+    networking.nameservers = lib.mkForce [
+      nodes.name_server.networking.primaryIPAddress
+      nodes.name_server.networking.primaryIPv6Address
+    ];
+
+    age.identityPaths = ["${../secrets/hostKey}"];
+
+    vhack = {
+      stalwart-mail = {
+        enable = true;
+        fqdn = "${serverName}.server.com";
+        admin = "admin@${serverName}.server.com";
+        security = {
+          dkimKeys = let
+            loadKey = name: {
+              dkimPublicKey = builtins.readFile (../secrets/dkim + "/${name}/public");
+              dkimPrivateKeyPath = ../secrets/dkim + "/${name}/private.age";
+              keyAlgorithm = "ed25519-sha256";
+            };
+          in {
+            "mail1.server.com" = loadKey "mail1.server.com";
+            "mail2.server.com" = loadKey "mail2.server.com";
+            "alice.com" = loadKey "alice.com";
+            "bob.com" = loadKey "bob.com";
+          };
+          verificationMode = "strict";
+          allowInsecureSmtp = false;
+        };
+        openFirewall = true;
+        principals = [principal];
+      };
+    };
+  };
+}
-- 
cgit 1.4.1