vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / mailman.nix
blobf9b43861a12f6a493d9009cd64154278a9e54e97
1 import ./make-test-python.nix {
2   name = "mailman";
4   nodes.machine = { pkgs, ... }: {
5     environment.systemPackages = with pkgs; [ mailutils ];
7     services.mailman.enable = true;
8     services.mailman.serve.enable = true;
9     services.mailman.siteOwner = "postmaster@example.com";
10     services.mailman.webHosts = [ "example.com" ];
12     services.postfix.enable = true;
13     services.postfix.destination = [ "example.com" "example.net" ];
14     services.postfix.relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
15     services.postfix.config.local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" "proxy:unix:passwd.byname" ];
16     services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
18     users.users.user = { isNormalUser = true; };
20     virtualisation.memorySize = 2048;
22     specialisation.restApiPassFileSystem.configuration = {
23       services.mailman.restApiPassFile = "/var/lib/mailman/pass";
24     };
25   };
27   testScript = { nodes, ... }: let
28     restApiPassFileSystem = "${nodes.machine.system.build.toplevel}/specialisation/restApiPassFileSystem";
29   in ''
30     def check_mail(_) -> bool:
31         status, _ = machine.execute("grep -q hello /var/spool/mail/user/new/*")
32         return status == 0
34     def try_api(_) -> bool:
35         status, _ = machine.execute("curl -s http://localhost:8001/")
36         return status == 0
38     def wait_for_api():
39         with machine.nested("waiting for Mailman REST API to be available"):
40             retry(try_api)
42     machine.wait_for_unit("mailman.service")
43     wait_for_api()
45     with subtest("subscription and delivery"):
46         creds = machine.succeed("su -s /bin/sh -c 'mailman info' mailman | grep '^REST credentials: ' | sed 's/^REST credentials: //'").strip()
47         machine.succeed(f"curl --fail-with-body -sLSu {creds} -d mail_host=example.com http://localhost:8001/3.1/domains")
48         machine.succeed(f"curl --fail-with-body -sLSu {creds} -d fqdn_listname=list@example.com http://localhost:8001/3.1/lists")
49         machine.succeed(f"curl --fail-with-body -sLSu {creds} -d list_id=list.example.com -d subscriber=root@example.com -d pre_confirmed=True -d pre_verified=True -d send_welcome_message=False http://localhost:8001/3.1/members")
50         machine.succeed(f"curl --fail-with-body -sLSu {creds} -d list_id=list.example.com -d subscriber=user@example.net -d pre_confirmed=True -d pre_verified=True -d send_welcome_message=False http://localhost:8001/3.1/members")
51         machine.succeed("mail -a 'From: root@example.com' -s hello list@example.com < /dev/null")
52         with machine.nested("waiting for mail from list"):
53             retry(check_mail)
55     with subtest("Postorius"):
56         machine.succeed("curl --fail-with-body -sILS http://localhost/")
58     with subtest("restApiPassFile"):
59         machine.succeed("echo secretpassword > /var/lib/mailman/pass")
60         machine.succeed("${restApiPassFileSystem}/bin/switch-to-configuration test >&2")
61         machine.succeed("grep secretpassword /etc/mailman.cfg")
62         machine.succeed("su -s /bin/sh -c 'mailman info' mailman | grep secretpassword")
63         wait_for_api()
64         machine.succeed("curl --fail-with-body -sLSu restadmin:secretpassword http://localhost:8001/3.1/domains")
65         machine.succeed("curl --fail-with-body -sILS http://localhost/")
67     with subtest("service locking"):
68         machine.fail("su -s /bin/sh -c 'mailman start' mailman")
69         machine.execute("systemctl kill --signal=SIGKILL mailman")
70         machine.succeed("systemctl restart mailman")
71         wait_for_api()
72   '';