nixpkgs/nixos/tests/postfix.nix

let
  certs = import ./common/acme/server/snakeoil-certs.nix;
  domain = certs.domain;
in
import ./make-test-python.nix {
  name = "postfix";

  nodes.machine =
    { pkgs, ... }:
    {
      imports = [ common/user-account.nix ];
      services.postfix = {
        enable = true;
        enableSubmission = true;
        enableSubmissions = true;
        settings.main = {
          smtp_tls_CAfile = "${certs.ca.cert}";
          smtpd_tls_chain_files = [
            certs.${domain}.key
            certs.${domain}.cert
          ];
          smtpd_sasl_auth_enable = "yes";
          cyrus_sasl_config_path =
            let
              smtpdConf = pkgs.writeTextFile {
                name = "smtpd.conf";
                destination = "/etc/sasl2/smtpd.conf";
                text = ''
                  pwcheck_method: saslauthd
                  mech_list: PLAIN LOGIN
                '';
              };
            in
            "${smtpdConf}/etc/sasl2";
        };
        submissionsOptions = {
          smtpd_sasl_auth_enable = "yes";
          smtpd_client_restrictions = "permit";
          milter_macro_daemon_name = "ORIGINATING";
        };
      };
      services.saslauthd.enable = true;

      security.pki.certificateFiles = [
        certs.ca.cert
      ];
      security.pam.services = {
        # note: no 'd' on the end!
        smtp = {
          name = "smtp";
        };
      };

      networking.extraHosts = ''
        127.0.0.1 ${domain}
      '';

      environment.systemPackages =
        let
          sendTestMail = pkgs.writers.writePython3Bin "send-testmail" { } ''
            import smtplib

            with smtplib.SMTP('${domain}') as smtp:
                smtp.sendmail('root@localhost', 'alice@localhost',
                              'Subject: Test\n\nTest data.')
                smtp.quit()
          '';

          sendTestMailStarttls = pkgs.writers.writePython3Bin "send-testmail-starttls" { } ''
            import smtplib
            import ssl

            ctx = ssl.create_default_context()

            with smtplib.SMTP('${domain}') as smtp:
                smtp.ehlo()
                smtp.starttls(context=ctx)
                smtp.ehlo()
                smtp.sendmail('root@localhost', 'alice@localhost',
                              'Subject: Test STARTTLS\n\nTest data.')
                smtp.quit()
          '';

          sendTestMailSmtps = pkgs.writers.writePython3Bin "send-testmail-smtps" { } ''
            import smtplib
            import ssl

            ctx = ssl.create_default_context()

            with smtplib.SMTP_SSL(host='${domain}', context=ctx) as smtp:
                smtp.sendmail('root@localhost', 'alice@localhost',
                              'Subject: Test SMTPS\n\nTest data.')
                smtp.quit()
          '';

          auth = pkgs.writers.writePython3Bin "auth" { } ''
            import smtplib

            with smtplib.SMTP('${domain}') as smtp:
                smtp.ehlo()
                smtp.login("alice", "foobar")
                smtp.quit()
          '';

          authStarttls = pkgs.writers.writePython3Bin "authStarttls" { } ''
            import smtplib
            import ssl

            ctx = ssl.create_default_context()

            with smtplib.SMTP('${domain}') as smtp:
                smtp.ehlo()
                smtp.starttls(context=ctx)
                smtp.ehlo()
                smtp.login("alice", "foobar")
                smtp.quit()
          '';

          authSmtps = pkgs.writers.writePython3Bin "authSmtps" { } ''
            import smtplib
            import ssl

            ctx = ssl.create_default_context()

            with smtplib.SMTP_SSL('${domain}', context=ctx) as smtp:
                smtp.ehlo()
                smtp.login("alice", "foobar")
                smtp.quit()
          '';
        in
        [
          sendTestMail
          sendTestMailStarttls
          sendTestMailSmtps
          auth
          authStarttls
          authSmtps
        ];
    };

  testScript = ''
    machine.wait_for_unit("postfix.service")
    machine.succeed("send-testmail")
    machine.succeed("send-testmail-starttls")
    machine.succeed("send-testmail-smtps")
    machine.succeed("auth")
    machine.succeed("authStarttls")
    machine.succeed("authSmtps")
  '';
}