From 5b85b1368f81b7eed8efef9d07ae8c077bac73c4 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Fri, 17 Mar 2023 07:04:22 -0300 Subject: Test for expected output of Postfix config files --- .gitignore | 3 ++- Makefile | 25 +++++++++++++++++++---- tests/internet-system.scm | 33 ------------------------------ tests/internet/main.cf.in | 36 +++++++++++++++++++++++++++++++++ tests/internet/master.cf | 51 +++++++++++++++++++++++++++++++++++++++++++++++ tests/internet/system.scm | 33 ++++++++++++++++++++++++++++++ tests/local-system.scm | 25 ----------------------- tests/local/main.cf | 21 +++++++++++++++++++ tests/local/master.cf | 30 ++++++++++++++++++++++++++++ tests/local/system.scm | 39 ++++++++++++++++++++++++++++++++++++ 10 files changed, 233 insertions(+), 63 deletions(-) delete mode 100644 tests/internet-system.scm create mode 100644 tests/internet/main.cf.in create mode 100644 tests/internet/master.cf create mode 100644 tests/internet/system.scm delete mode 100644 tests/local-system.scm create mode 100644 tests/local/main.cf create mode 100644 tests/local/master.cf create mode 100644 tests/local/system.scm diff --git a/.gitignore b/.gitignore index c4a847d..6b54c16 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -/result +/result* +/tests/internet/main.cf diff --git a/Makefile b/Makefile index 9cdb2db..26893ea 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,20 @@ .POSIX: +.SUFFIXES: +.SUFFIXES: .in + +.in: + sed \ + -e "s|@HOSTNAME@|`hostname`|g" \ + < $< > $@ + if [ -x $< ]; then chmod +x $@; fi + + all: EuAndreh.key guix nix + guix: guix-packages guix-services guix-packages: @@ -12,10 +23,16 @@ guix-packages: -f src/org/euandre/queue.scm \ guix-services-local: - guix system -v3 -Lsrc/ -K build tests/local-system.scm + rm -f result-local + guix system -v3 -Lsrc/ -K -r result-local build tests/local/system.scm + cmp -s result-local/etc/postfix/master.cf tests/local/master.cf + cmp -s result-local/etc/postfix/main.cf tests/local/main.cf -guix-services-internet: - guix system -v3 -Lsrc/ -K build tests/internet-system.scm +guix-services-internet: tests/internet/main.cf + rm -f result-internet + guix system -v3 -Lsrc/ -K -r result-internet build tests/internet/system.scm + cmp -s result-internet/etc/postfix/master.cf tests/internet/master.cf + cmp -s result-internet/etc/postfix/main.cf tests/internet/main.cf guix-services: guix-services-local guix-services-internet @@ -30,7 +47,7 @@ check: clean: rm -rf \ - result + result* .paku/ deb/ tests/internet/main.cf public: diff --git a/tests/internet-system.scm b/tests/internet-system.scm deleted file mode 100644 index 1267911..0000000 --- a/tests/internet-system.scm +++ /dev/null @@ -1,33 +0,0 @@ -(use-modules - ((org euandre queue) #:prefix queue:) - (gnu)) -(use-package-modules) -(use-service-modules - certbot - mail) - -(operating-system - (host-name "a-internet-test-host") - (services - (append - (list - (service queue:shadow-group-service-type) - (service queue:dkimproxyout-service-type) - (service queue:cyrus-sasl-service-type) - (service queue:dovecot2-service-type) - (service queue:internet-postfix-service-type) - (service certbot-service-type (certbot-configuration)) - (service mail-aliases-service-type '())) - %base-services)) - (bootloader - (bootloader-configuration - (bootloader grub-bootloader))) - (file-systems - (append - (list - (file-system - (mount-point "/") - (type "btrfs") - (device - (uuid "2c66de32-dde7-ea35-750a-a1ca47a58d45" 'btrfs)))) - %base-file-systems))) diff --git a/tests/internet/main.cf.in b/tests/internet/main.cf.in new file mode 100644 index 0000000..566dbcd --- /dev/null +++ b/tests/internet/main.cf.in @@ -0,0 +1,36 @@ +compatibility_level = 3.6 + +queue_directory = /var/spool/postfix +data_directory = /var/lib/postfix +mail_owner = postfix +setgid_group = postdrop + +header_checks = regexp:{ { /^Received:.*/ IGNORE }, { /^X-Originating-IP:.*/ IGNORE } } + +mail_spool_directory = /var/mail/ + +myhostname = @HOSTNAME@ + +smtpd_use_tls = yes +smtpd_tls_cert_file = /etc/letsencrypt/live/@HOSTNAME@/fullchain.pem +smtpd_tls_key_file = /etc/letsencrypt/live/@HOSTNAME@/privkey.pem +smtp_use_tls = $smtpd_use_tls +smtp_tls_cert_file = $smtpd_tls_cert_file +smtp_tls_key_file = $smtpd_tls_key_file + +smtp_tls_security_level = may + +recipient_delimiter = + + +smtpd_sasl_tls_security_options = noanonymous +smtpd_tls_security_level = may +smtpd_tls_auth_only = yes + +smtpd_relay_restrictions = $smtpd_recipient_restrictions +smtpd_recipient_restrictions = permit_mynetworks, + permit_sasl_authenticated, reject_unauth_destination +smtpd_sasl_auth_enable = yes +cyrus_sasl_config_path = /etc/sasl2 +debug_peer_list = 127.0.0.1 + +milter_default_action = accept diff --git a/tests/internet/master.cf b/tests/internet/master.cf new file mode 100644 index 0000000..9125c29 --- /dev/null +++ b/tests/internet/master.cf @@ -0,0 +1,51 @@ +# ============================================================================================================ +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ============================================================================================================= + +anvil unix - - n - 1 anvil +bounce unix - - n - 0 bounce +cleanup unix n - n - 0 cleanup +defer unix - - n - 0 bounce +discard unix - - n - - discard +error unix - - n - - error +flush unix n - n 1000? 0 flush +lmtp unix - - n - - lmtp +local unix - n n - - local +pickup unix n - n 60 1 pickup + -o content_filter=dksign:[127.0.0.1]:10027 +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +qmgr unix n - n 300 1 qmgr +relay unix - - n - - smtp +retry unix - - n - - error +rewrite unix - - n - - trivial-rewrite +scache unix - - n - 1 scache +showq unix n - n - - showq +smtp inet n - n - - smtpd -v -o syslog_name=postfix/smtp +smtp unix - - n - - smtp +tlsmgr unix - - n 1000? 1 tlsmgr +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +virtual unix - n n - - virtual +postlog unix-dgram n - n - 1 postlogd + +submission inet n - n - - smtpd -o syslog_name=postfix/submission + -o smtpd_tls_security_level=encrypt + -o content_filter=dksign:[127.0.0.1]:10027 + +dksign unix - - n - - smtp + -o syslog_name=postfix/dkimproxyout-listen + -o smtp_send_xforward_command=yes + -o smtp_discard_ehlo_keywords=8bitmime,starttls + +127.0.0.1:10028 inet n - n - - smtpd + -o syslog_name=postfix/dkimproxyout-relay + -o content_filter= + -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks + -o smtpd_helo_restrictions= + -o smtpd_client_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks=127.0.0.0/8 + -o smtpd_authorized_xforward_hosts=127.0.0.0/8 diff --git a/tests/internet/system.scm b/tests/internet/system.scm new file mode 100644 index 0000000..1267911 --- /dev/null +++ b/tests/internet/system.scm @@ -0,0 +1,33 @@ +(use-modules + ((org euandre queue) #:prefix queue:) + (gnu)) +(use-package-modules) +(use-service-modules + certbot + mail) + +(operating-system + (host-name "a-internet-test-host") + (services + (append + (list + (service queue:shadow-group-service-type) + (service queue:dkimproxyout-service-type) + (service queue:cyrus-sasl-service-type) + (service queue:dovecot2-service-type) + (service queue:internet-postfix-service-type) + (service certbot-service-type (certbot-configuration)) + (service mail-aliases-service-type '())) + %base-services)) + (bootloader + (bootloader-configuration + (bootloader grub-bootloader))) + (file-systems + (append + (list + (file-system + (mount-point "/") + (type "btrfs") + (device + (uuid "2c66de32-dde7-ea35-750a-a1ca47a58d45" 'btrfs)))) + %base-file-systems))) diff --git a/tests/local-system.scm b/tests/local-system.scm deleted file mode 100644 index abf09a8..0000000 --- a/tests/local-system.scm +++ /dev/null @@ -1,25 +0,0 @@ -(use-modules - ((org euandre queue) #:prefix queue:) - (gnu)) -(use-package-modules) -(use-service-modules) - -(operating-system - (host-name "a-local-test-host") - (services - (append - (list - (service queue:local-postfix-service-type)) - %base-services)) - (bootloader - (bootloader-configuration - (bootloader grub-bootloader))) - (file-systems - (append - (list - (file-system - (mount-point "/") - (type "btrfs") - (device - (uuid "2c66de32-dde7-ea35-750a-a1ca47a58d45" 'btrfs)))) - %base-file-systems))) diff --git a/tests/local/main.cf b/tests/local/main.cf new file mode 100644 index 0000000..f9eee9e --- /dev/null +++ b/tests/local/main.cf @@ -0,0 +1,21 @@ +compatibility_level = 3.6 + +queue_directory = /var/spool/postfix +data_directory = /var/lib/postfix +mail_owner = postfix +setgid_group = postdrop + +header_checks = regexp:{ { /^Received:.*/ IGNORE }, { /^X-Originating-IP:.*/ IGNORE } } + +mail_spool_directory = /var/mail/ +smtp_sender_dependent_authentication = yes +sender_dependent_relayhost_maps = hash:/var/lib/private/postfix/relayhosts-maps +smtp_sasl_password_maps = hash:/var/lib/private/postfix/sasl-password +smtp_sasl_auth_enable = yes +smtp_sasl_security_options = noanonymous +smtp_sasl_mechanism_filter = login, plain +smtp_use_tls = yes +smtp_tls_security_level = encrypt +smtp_tls_note_starttls_offer = yes + +mynetworks = 127.0.0.0/8 diff --git a/tests/local/master.cf b/tests/local/master.cf new file mode 100644 index 0000000..80b769a --- /dev/null +++ b/tests/local/master.cf @@ -0,0 +1,30 @@ +# ============================================================================================================ +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ============================================================================================================= + +anvil unix - - n - 1 anvil +bounce unix - - n - 0 bounce +cleanup unix n - n - 0 cleanup +defer unix - - n - 0 bounce +discard unix - - n - - discard +error unix - - n - - error +flush unix n - n 1000? 0 flush +lmtp unix - - n - - lmtp +local unix - n n - - local +pickup unix n - n 60 1 pickup +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +qmgr unix n - n 300 1 qmgr +relay unix - - n - - smtp +retry unix - - n - - error +rewrite unix - - n - - trivial-rewrite +scache unix - - n - 1 scache +showq unix n - n - - showq +smtp inet n - n - - smtpd -v -o syslog_name=postfix/smtp +smtp unix - - n - - smtp +tlsmgr unix - - n 1000? 1 tlsmgr +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +virtual unix - n n - - virtual +postlog unix-dgram n - n - 1 postlogd diff --git a/tests/local/system.scm b/tests/local/system.scm new file mode 100644 index 0000000..a520ee1 --- /dev/null +++ b/tests/local/system.scm @@ -0,0 +1,39 @@ +(use-modules + ((org euandre queue) #:prefix queue:) + ((xyz euandreh heredoc) #:prefix heredoc:) + (gnu)) +(use-package-modules) +(use-service-modules) +(heredoc:enable-syntax) + +(operating-system + (host-name "a-local-test-host") + (services + (append + (list + (service queue:local-postfix-service-type + (queue:postfix-configuration + (main.cf-extra #"- + smtp_sender_dependent_authentication = yes + sender_dependent_relayhost_maps = hash:/var/lib/private/postfix/relayhosts-maps + smtp_sasl_password_maps = hash:/var/lib/private/postfix/sasl-password + smtp_sasl_auth_enable = yes + smtp_sasl_security_options = noanonymous + smtp_sasl_mechanism_filter = login, plain + smtp_use_tls = yes + smtp_tls_security_level = encrypt + smtp_tls_note_starttls_offer = yes + "#)))) + %base-services)) + (bootloader + (bootloader-configuration + (bootloader grub-bootloader))) + (file-systems + (append + (list + (file-system + (mount-point "/") + (type "btrfs") + (device + (uuid "2c66de32-dde7-ea35-750a-a1ca47a58d45" 'btrfs)))) + %base-file-systems))) -- cgit v1.2.3