From 9687dbaae197a9c0d145d083c6fadd3e7977cad8 Mon Sep 17 00:00:00 2001
From: Thomas Preisner <mail@tpreisner.de>
Date: Sat, 7 Dec 2024 02:35:16 +0100
Subject: [PATCH] Add minimal (internal) tests

---
 flake.nix               |  9 +++++++++
 tests/common/server.nix | 13 +++++++++++++
 tests/internal.nix      | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+)
 create mode 100644 tests/common/server.nix
 create mode 100644 tests/internal.nix

diff --git a/flake.nix b/flake.nix
index 3d105bb..0952f09 100644
--- a/flake.nix
+++ b/flake.nix
@@ -32,6 +32,15 @@
         system,
         ...
       }: {
+        checks = let
+          tests = ["internal"];
+          genTest = testName: {
+            "name" = testName;
+            "value" = import (./tests + "/${testName}.nix") {inherit pkgs;};
+          };
+        in
+          pkgs.lib.listToAttrs (map genTest tests);
+
         devShells.default = pkgs.mkShell {
           packages = with pkgs; [
             alejandra
diff --git a/tests/common/server.nix b/tests/common/server.nix
new file mode 100644
index 0000000..9a47284
--- /dev/null
+++ b/tests/common/server.nix
@@ -0,0 +1,13 @@
+{...}: {
+  imports = [./../../mailsystem];
+  config = {
+    virtualisation.memorySize = 1024;
+    mailsystem = {
+      enable = true;
+
+      roundcube.enable = false;
+      rspamd.webUi.enable = false;
+      certificateScheme = "selfsigned";
+    };
+  };
+}
diff --git a/tests/internal.nix b/tests/internal.nix
new file mode 100644
index 0000000..a22a67d
--- /dev/null
+++ b/tests/internal.nix
@@ -0,0 +1,40 @@
+{pkgs, ...}:
+pkgs.nixosTest {
+  name = "internal";
+  nodes.machine = {...}: {
+    imports = [./common/server.nix];
+    mailsystem = {
+      fqdn = "mail.example.com";
+      domains = ["example.com"];
+      accounts = {};
+      vmailUserName = "vmail";
+      vmailGroupName = "vmail";
+      vmailUID = 5000;
+    };
+  };
+  testScript = {nodes, ...}: let
+    pkgs = nodes.machine.nixpkgs.pkgs;
+  in ''
+    machine.start()
+    machine.wait_for_unit("multi-user.target")
+
+    with subtest("imap is only available via port 993 and is encrypted"):
+        machine.wait_for_closed_port(143)
+        machine.wait_for_open_port(993)
+        machine.succeed(
+            "echo | ${pkgs.openssl}/bin/openssl s_client -connect localhost:993 | grep 'New, TLS'"
+        )
+
+    with subtest("smtp is only available via port 465 and is encrypted"):
+        machine.wait_for_closed_port(587)
+        machine.wait_for_open_port(465)
+        machine.succeed(
+            "echo | ${pkgs.openssl}/bin/openssl s_client -connect localhost:465 | grep 'New, TLS'"
+        )
+
+    with subtest("`postfix check` succeeds"):
+        machine.succeed(
+            "${pkgs.postfix}/bin/postfix check"
+        )
+  '';
+}