8b03ae5701
Sets up a declaratively configured OpenLDAP instance with users alice and bob. They each own one email address, First we test that postfix can communicate with LDAP and do the expected lookups using the defined maps. Then we use doveadm to make sure it can look up the two accounts. Next we check the binding between account and mail address, by logging in as alice and trying to send from bob@example.com, which alice is not allowed to do. We expect postfix to reject the sender address here. Finally we check mail delivery between alice and bob. Alice tries to send a mail from alice@example.com to bob@example.com and bob then checks whether it arrived in their mailbox.
128 lines
3.5 KiB
Nix
128 lines
3.5 KiB
Nix
{
|
|
description = "A complete and Simple Nixos Mailserver";
|
|
|
|
inputs = {
|
|
flake-compat = {
|
|
url = "github:edolstra/flake-compat";
|
|
flake = false;
|
|
};
|
|
utils.url = "github:numtide/flake-utils";
|
|
nixpkgs.url = "flake:nixpkgs/nixos-unstable";
|
|
nixpkgs-22_11.url = "flake:nixpkgs/nixos-22.11";
|
|
nixpkgs-23_05.url = "flake:nixpkgs/nixos-23.05";
|
|
blobs = {
|
|
url = "gitlab:simple-nixos-mailserver/blobs";
|
|
flake = false;
|
|
};
|
|
};
|
|
|
|
outputs = { self, utils, blobs, nixpkgs, nixpkgs-22_11, nixpkgs-23_05, ... }: let
|
|
lib = nixpkgs.lib;
|
|
system = "x86_64-linux";
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
releases = [
|
|
{
|
|
name = "unstable";
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
}
|
|
{
|
|
name = "23.05";
|
|
pkgs = nixpkgs-23_05.legacyPackages.${system};
|
|
}
|
|
];
|
|
testNames = [
|
|
"internal"
|
|
"external"
|
|
"clamav"
|
|
"multiple"
|
|
"ldap"
|
|
];
|
|
genTest = testName: release: {
|
|
"name"= "${testName}-${builtins.replaceStrings ["."] ["_"] release.name}";
|
|
"value"= import (./tests/. + "/${testName}.nix") {
|
|
pkgs = release.pkgs;
|
|
inherit blobs;
|
|
};
|
|
};
|
|
# Generate an attribute set such as
|
|
# {
|
|
# external-unstable = <derivation>;
|
|
# external-21_05 = <derivation>;
|
|
# ...
|
|
# }
|
|
allTests = lib.listToAttrs (
|
|
lib.flatten (map (t: map (r: genTest t r) releases) testNames));
|
|
|
|
mailserverModule = import ./.;
|
|
|
|
# Generate a MarkDown file describing the options of the NixOS mailserver module
|
|
optionsDoc = let
|
|
eval = lib.evalModules {
|
|
modules = [
|
|
mailserverModule
|
|
{
|
|
_module.check = false;
|
|
mailserver = {
|
|
fqdn = "mx.example.com";
|
|
domains = [
|
|
"example.com"
|
|
];
|
|
dmarcReporting = {
|
|
organizationName = "Example Corp";
|
|
domain = "example.com";
|
|
};
|
|
};
|
|
}
|
|
];
|
|
};
|
|
options = builtins.toFile "options.json" (builtins.toJSON
|
|
(lib.filter (opt: opt.visible && !opt.internal && lib.head opt.loc == "mailserver")
|
|
(lib.optionAttrSetToDocList eval.options)));
|
|
in pkgs.runCommand "options.md" { buildInputs = [pkgs.python3Minimal]; } ''
|
|
echo "Generating options.md from ${options}"
|
|
python ${./scripts/generate-options.py} ${options} > $out
|
|
'';
|
|
|
|
documentation = pkgs.stdenv.mkDerivation {
|
|
name = "documentation";
|
|
src = lib.sourceByRegex ./docs ["logo\\.png" "conf\\.py" "Makefile" ".*\\.rst"];
|
|
buildInputs = [(
|
|
pkgs.python3.withPackages (p: with p; [
|
|
sphinx
|
|
sphinx_rtd_theme
|
|
myst-parser
|
|
])
|
|
)];
|
|
buildPhase = ''
|
|
cp ${optionsDoc} options.md
|
|
# Workaround for https://github.com/sphinx-doc/sphinx/issues/3451
|
|
unset SOURCE_DATE_EPOCH
|
|
make html
|
|
'';
|
|
installPhase = ''
|
|
cp -Tr _build/html $out
|
|
'';
|
|
};
|
|
|
|
in {
|
|
nixosModules = rec {
|
|
mailserver = mailserverModule;
|
|
default = mailserver;
|
|
};
|
|
nixosModule = self.nixosModules.default; # compatibility
|
|
hydraJobs.${system} = allTests // {
|
|
inherit documentation;
|
|
};
|
|
checks.${system} = allTests;
|
|
packages.${system} = {
|
|
inherit optionsDoc documentation;
|
|
};
|
|
devShells.${system}.default = pkgs.mkShell {
|
|
inputsFrom = [ documentation ];
|
|
packages = with pkgs; [
|
|
clamav
|
|
];
|
|
};
|
|
devShell.${system} = self.devShells.${system}.default; # compatibility
|
|
};
|
|
}
|