mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-14 14:10:33 +03:00

There exist multiple issues with these options, for example they are not introspectable, since the values are configured in the config part of the module. Also the keypair is always configured for both server and client usage, which is really surprising. The postfix docs even advise against setting up client certificates, if they aren't required. [1] The replacements are the `smtpd_tls_chain_files` for server usage and `smtp_tls_chain_files` for client usage, which are the prefered way to configure keys and certificates since Postfix 3.4.0. [2] [1] https://www.postfix.org/postconf.5.html#smtp_tls_cert_file [2] https://www.postfix.org/postconf.5.html#smtpd_tls_cert_file
87 lines
2.4 KiB
Nix
87 lines
2.4 KiB
Nix
let
|
|
certs = import ./common/acme/server/snakeoil-certs.nix;
|
|
domain = certs.domain;
|
|
in
|
|
import ./make-test-python.nix {
|
|
name = "postfix";
|
|
|
|
nodes.machine =
|
|
{ pkgs, ... }:
|
|
{
|
|
imports = [ common/user-account.nix ];
|
|
services.postfix = {
|
|
enable = true;
|
|
enableSubmission = true;
|
|
enableSubmissions = true;
|
|
tlsTrustedAuthorities = "${certs.ca.cert}";
|
|
config.smtpd_tls_chain_files = [
|
|
certs.${domain}.key
|
|
certs.${domain}.cert
|
|
];
|
|
submissionsOptions = {
|
|
smtpd_sasl_auth_enable = "yes";
|
|
smtpd_client_restrictions = "permit";
|
|
milter_macro_daemon_name = "ORIGINATING";
|
|
};
|
|
};
|
|
|
|
security.pki.certificateFiles = [
|
|
certs.ca.cert
|
|
];
|
|
|
|
networking.extraHosts = ''
|
|
127.0.0.1 ${domain}
|
|
'';
|
|
|
|
environment.systemPackages =
|
|
let
|
|
sendTestMail = pkgs.writeScriptBin "send-testmail" ''
|
|
#!${pkgs.python3.interpreter}
|
|
import smtplib
|
|
|
|
with smtplib.SMTP('${domain}') as smtp:
|
|
smtp.sendmail('root@localhost', 'alice@localhost', 'Subject: Test\n\nTest data.')
|
|
smtp.quit()
|
|
'';
|
|
|
|
sendTestMailStarttls = pkgs.writeScriptBin "send-testmail-starttls" ''
|
|
#!${pkgs.python3.interpreter}
|
|
import smtplib
|
|
import ssl
|
|
|
|
ctx = ssl.create_default_context()
|
|
|
|
with smtplib.SMTP('${domain}') as smtp:
|
|
smtp.ehlo()
|
|
smtp.starttls(context=ctx)
|
|
smtp.ehlo()
|
|
smtp.sendmail('root@localhost', 'alice@localhost', 'Subject: Test STARTTLS\n\nTest data.')
|
|
smtp.quit()
|
|
'';
|
|
|
|
sendTestMailSmtps = pkgs.writeScriptBin "send-testmail-smtps" ''
|
|
#!${pkgs.python3.interpreter}
|
|
import smtplib
|
|
import ssl
|
|
|
|
ctx = ssl.create_default_context()
|
|
|
|
with smtplib.SMTP_SSL(host='${domain}', context=ctx) as smtp:
|
|
smtp.sendmail('root@localhost', 'alice@localhost', 'Subject: Test SMTPS\n\nTest data.')
|
|
smtp.quit()
|
|
'';
|
|
in
|
|
[
|
|
sendTestMail
|
|
sendTestMailStarttls
|
|
sendTestMailSmtps
|
|
];
|
|
};
|
|
|
|
testScript = ''
|
|
machine.wait_for_unit("postfix.service")
|
|
machine.succeed("send-testmail")
|
|
machine.succeed("send-testmail-starttls")
|
|
machine.succeed("send-testmail-smtps")
|
|
'';
|
|
}
|