diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2021-08-23 23:19:10 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-23 23:19:10 +0200 |
| commit | 23e1e165cdde17ddf4da6fda179d9966b8aa05d1 (patch) | |
| tree | d6762bdaa4671649d1c43c4ae98fbc67ee93f945 /nixos | |
| parent | a11d6ad8f8d0c6dd4e887458daf23904ce75effa (diff) | |
| parent | 076074a8b4f735ac4c42d8383f24cbe2436c0e13 (diff) | |
| download | nixpkgs-23e1e165cdde17ddf4da6fda179d9966b8aa05d1.tar nixpkgs-23e1e165cdde17ddf4da6fda179d9966b8aa05d1.tar.gz nixpkgs-23e1e165cdde17ddf4da6fda179d9966b8aa05d1.tar.bz2 nixpkgs-23e1e165cdde17ddf4da6fda179d9966b8aa05d1.tar.lz nixpkgs-23e1e165cdde17ddf4da6fda179d9966b8aa05d1.tar.xz nixpkgs-23e1e165cdde17ddf4da6fda179d9966b8aa05d1.tar.zst nixpkgs-23e1e165cdde17ddf4da6fda179d9966b8aa05d1.zip | |
Merge pull request #135094 from mguentner/matrix-synapse-modern-twisted
matrix-synapse: add e-mail delivery regression test
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/tests/matrix-synapse.nix | 105 |
1 files changed, 104 insertions, 1 deletions
diff --git a/nixos/tests/matrix-synapse.nix b/nixos/tests/matrix-synapse.nix index 9a1ff8a0d3e..21e8c24e471 100644 --- a/nixos/tests/matrix-synapse.nix +++ b/nixos/tests/matrix-synapse.nix @@ -26,6 +26,13 @@ import ./make-test-python.nix ({ pkgs, ... } : let -days 365 ''; + + mailerCerts = import ./common/acme/server/snakeoil-certs.nix; + mailerDomain = mailerCerts.domain; + registrationSharedSecret = "unsecure123"; + testUser = "alice"; + testPassword = "alicealice"; + testEmail = "alice@example.com"; in { name = "matrix-synapse"; @@ -35,7 +42,10 @@ in { nodes = { # Since 0.33.0, matrix-synapse doesn't allow underscores in server names - serverpostgres = { pkgs, ... }: { + serverpostgres = { pkgs, nodes, ... }: let + mailserverIP = nodes.mailserver.config.networking.primaryIPAddress; + in + { services.matrix-synapse = { enable = true; database_type = "psycopg2"; @@ -44,6 +54,16 @@ in { database_args = { password = "synapse"; }; + registration_shared_secret = registrationSharedSecret; + public_baseurl = "https://example.com"; + extraConfig = '' + email: + smtp_host: "${mailerDomain}" + smtp_port: 25 + require_transport_security: true + notif_from: "matrix <matrix@${mailerDomain}>" + app_name: "Matrix" + ''; }; services.postgresql = { enable = true; @@ -61,6 +81,85 @@ in { LC_CTYPE = "C"; ''; }; + + networking.extraHosts = '' + ${mailserverIP} ${mailerDomain} + ''; + + security.pki.certificateFiles = [ + mailerCerts.ca.cert ca_pem + ]; + + environment.systemPackages = let + sendTestMailStarttls = pkgs.writeScriptBin "send-testmail-starttls" '' + #!${pkgs.python3.interpreter} + import smtplib + import ssl + + ctx = ssl.create_default_context() + + with smtplib.SMTP('${mailerDomain}') as smtp: + smtp.ehlo() + smtp.starttls(context=ctx) + smtp.ehlo() + smtp.sendmail('matrix@${mailerDomain}', '${testEmail}', 'Subject: Test STARTTLS\n\nTest data.') + smtp.quit() + ''; + + obtainTokenAndRegisterEmail = let + # adding the email through the API is quite complicated as it involves more than one step and some + # client-side calculation + insertEmailForAlice = pkgs.writeText "alice-email.sql" '' + INSERT INTO user_threepids (user_id, medium, address, validated_at, added_at) VALUES ('${testUser}@serverpostgres', 'email', '${testEmail}', '1629149927271', '1629149927270'); + ''; + in + pkgs.writeScriptBin "obtain-token-and-register-email" '' + #!${pkgs.runtimeShell} + set -o errexit + set -o pipefail + set -o nounset + su postgres -c "psql -d matrix-synapse -f ${insertEmailForAlice}" + curl --fail -XPOST 'https://localhost:8448/_matrix/client/r0/account/password/email/requestToken' -d '{"email":"${testEmail}","client_secret":"foobar","send_attempt":1}' -v + ''; + in [ sendTestMailStarttls pkgs.matrix-synapse obtainTokenAndRegisterEmail ]; + }; + + # test mail delivery + mailserver = args: let + in + { + security.pki.certificateFiles = [ + mailerCerts.ca.cert + ]; + + networking.firewall.enable = false; + + services.postfix = { + enable = true; + hostname = "${mailerDomain}"; + # open relay for subnet + networksStyle = "subnet"; + enableSubmission = true; + tlsTrustedAuthorities = "${mailerCerts.ca.cert}"; + sslCert = "${mailerCerts.${mailerDomain}.cert}"; + sslKey = "${mailerCerts.${mailerDomain}.key}"; + + # blackhole transport + transport = "example.com discard:silently"; + + config = { + debug_peer_level = "10"; + smtpd_relay_restrictions = [ + "permit_mynetworks" "reject_unauth_destination" + ]; + + # disable obsolete protocols, something old versions of twisted are still using + smtpd_tls_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3"; + smtp_tls_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3"; + smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3"; + smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3"; + }; + }; }; serversqlite = args: { @@ -75,11 +174,15 @@ in { testScript = '' start_all() + mailserver.wait_for_unit("postfix.service") + serverpostgres.succeed("send-testmail-starttls") serverpostgres.wait_for_unit("matrix-synapse.service") serverpostgres.wait_until_succeeds( "curl --fail -L --cacert ${ca_pem} https://localhost:8448/" ) serverpostgres.require_unit_state("postgresql.service") + serverpostgres.succeed("register_new_matrix_user -u ${testUser} -p ${testPassword} -a -k ${registrationSharedSecret} ") + serverpostgres.succeed("obtain-token-and-register-email") serversqlite.wait_for_unit("matrix-synapse.service") serversqlite.wait_until_succeeds( "curl --fail -L --cacert ${ca_pem} https://localhost:8448/" |