From 937e40a5a6482cf19c9cc7e10ce2e7d772ddbb65 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Wed, 23 Apr 2025 12:23:15 +0200
Subject: tests/email-http: Use the factored out DNS server

---
 tests/by-name/em/email-http/test.nix | 137 ++++++++++++++++++-----------------
 1 file changed, 71 insertions(+), 66 deletions(-)

(limited to 'tests/by-name/em/email-http/test.nix')

diff --git a/tests/by-name/em/email-http/test.nix b/tests/by-name/em/email-http/test.nix
index 2c7921d..f508b9f 100644
--- a/tests/by-name/em/email-http/test.nix
+++ b/tests/by-name/em/email-http/test.nix
@@ -31,13 +31,38 @@ in
         lib,
         ...
       }: {
-        imports = [../../../common/acme];
-        networking.nameservers = lib.mkForce [
-          nodes.name_server.networking.primaryIPAddress
+        imports = [
+          ../../../common/acme/server.nix
+          ../../../common/dns/client.nix
         ];
       };
 
-      name_server = import ./nodes/name_server.nix {inherit extraModules;};
+      name_server = {nodes, ...}: {
+        imports =
+          extraModules
+          ++ [
+            ../../../common/acme/client.nix
+            ../../../common/dns/server.nix
+          ];
+
+        vhack.dns.zones = {
+          "mail.server.com" = {
+            SOA = {
+              nameServer = "ns";
+              adminEmail = "admin@server.com";
+              serial = 2025012301;
+            };
+            useOrigin = false;
+
+            A = [
+              nodes.mail_server.networking.primaryIPAddress
+            ];
+            AAAA = [
+              nodes.mail_server.networking.primaryIPv6Address
+            ];
+          };
+        };
+      };
 
       mail_server = mkMailServer "mail" null;
 
@@ -45,66 +70,46 @@ in
     };
 
     # TODO(@bpeetz): This test should also test the http JMAP features of stalwart-mail. <2025-04-12>
-    testScript = _:
-    /*
-    python
-    */
-    ''
-      # Start dependencies for the other services
-      acme.start()
-      acme.wait_for_unit("pebble.service")
-      name_server.start()
-      name_server.wait_for_unit("nsd.service")
-
-      # Start the actual testing machines
-      start_all()
-
-      mail_server.wait_for_unit("stalwart-mail.service")
-      mail_server.wait_for_open_port(993) # imap
-      mail_server.wait_for_open_port(465) # smtp
-
-      bob.wait_for_unit("multi-user.target")
-
-      with subtest("Add pebble ca key to all services"):
-        for node in [name_server, mail_server, bob]:
-          node.succeed("${pkgs.writeShellScript "fetch-and-set-ca" ''
-        set -xe
-
-        # Fetch the randomly generated ca certificate
-        curl https://acme.test:15000/roots/0 > /tmp/ca.crt
-        curl https://acme.test:15000/intermediates/0 >> /tmp/ca.crt
-
-        # Append it to the various system stores
-        # The file paths are from <nixpgks>/modules/security/ca.nix
-        for cert_path in "ssl/certs/ca-certificates.crt" "ssl/certs/ca-bundle.crt" "pki/tls/certs/ca-bundle.crt"; do
-          cert_path="/etc/$cert_path"
-
-          mv "$cert_path" "$cert_path.old"
-          cat "$cert_path.old" > "$cert_path"
-          cat /tmp/ca.crt >> "$cert_path"
-        done
-
-        export NIX_SSL_CERT_FILE=/tmp/ca.crt
-        export SSL_CERT_FILE=/tmp/ca.crt
-
-        # TODO
-        # # P11-Kit trust source.
-        # environment.etc."ssl/trust-source".source = "$${cacertPackage.p11kit}/etc/ssl/trust-source";
-      ''}")
-
-      with subtest("The mailserver successfully started all services"):
-        import json
-        def all_services_running(host):
-          (status, output) = host.systemctl("list-units --state=failed --plain --no-pager --output=json")
-          host_failed = json.loads(output)
-          assert len(host_failed) == 0, f"Expected zero failing services, but found: {json.dumps(host_failed, indent=4)}"
-        all_services_running(mail_server)
-
-      with subtest("Bob can use the self-service interface"):
-        bob.succeed("${pkgs.writeShellScript "check-self-service" ''
-        curl mail.server.com --location --output /home/bob/output.html;
-      ''}")
-
-      bob.copy_from_vm("/home/bob", "")
-    '';
+    testScript = _: let
+      acme_scripts = import ../../../common/acme/scripts.nix {inherit pkgs;};
+    in
+      /*
+      python
+      */
+      ''
+        # Start dependencies for the other services
+        acme.start()
+        acme.wait_for_unit("pebble.service")
+        name_server.start()
+        name_server.wait_for_unit("nsd.service")
+
+        # Start the actual testing machines
+        start_all()
+
+        mail_server.wait_for_unit("stalwart-mail.service")
+        mail_server.wait_for_open_port(993) # imap
+        mail_server.wait_for_open_port(465) # smtp
+
+        bob.wait_for_unit("multi-user.target")
+
+        with subtest("Add pebble ca key to all services"):
+          for node in [name_server, mail_server, bob]:
+            node.wait_for_unit("network-online.target")
+            node.succeed("${acme_scripts.add_pebble_acme_ca}")
+
+        with subtest("The mailserver successfully started all services"):
+          import json
+          def all_services_running(host):
+            (status, output) = host.systemctl("list-units --state=failed --plain --no-pager --output=json")
+            host_failed = json.loads(output)
+            assert len(host_failed) == 0, f"Expected zero failing services, but found: {json.dumps(host_failed, indent=4)}"
+          all_services_running(mail_server)
+
+        with subtest("Bob can use the self-service interface"):
+          bob.succeed("${pkgs.writeShellScript "check-self-service" ''
+          curl mail.server.com --location --output /home/bob/output.html;
+        ''}")
+
+        bob.copy_from_vm("/home/bob", "")
+      '';
   }
-- 
cgit 1.4.1