Merge branch 'relay' into 'master'

Draft: domains: seperate into domains and relayDomains

See merge request simple-nixos-mailserver/nixos-mailserver!337

default.nix

@@ -41,7 +41,14 @@ in
       type = types.listOf types.str;
       example = [ "example.com" ];
       default = [];
-      description = "The domains that this mail server serves.";
+      description = "The domains served by this mail server for delivery into mailboxes and forwards.";
+    };
+
+    domainsWithoutMailbox = mkOption {
+      type = types.listOf types.str;
+      example = [ "lists.example.com" ];
+      default = [];
+      description = "The domains served by this mail server and forwards.";
     };
 
     certificateDomains = mkOption {

flake.nix

@@ -42,6 +42,7 @@
       "internal"
       "ldap"
       "multiple"
+      "domainsWithoutMailbox"
     ];
 
     genTest = testName: release: let

mail-server/postfix.nix

@@ -94,7 +94,7 @@ let
   reject_recipients_file = builtins.toFile "reject_recipients" (lib.concatStringsSep "\n" (reject_recipients_postfix))  ;
 
   # vhosts_file :: Path
-  vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" cfg.domains);
+  vhosts_file = builtins.toFile "vhosts" (concatStringsSep "\n" (cfg.domainsWithoutMailbox ++ cfg.domains));
 
   # vaccounts_file :: Path
   # see

mail-server/rspamd.nix

@@ -165,7 +165,7 @@ in
           SupplementaryGroups = [ config.services.redis.servers.rspamd.group ];
         }
         (lib.optionalAttrs cfg.dkimSigning {
-          ExecStartPre = map createDkimKeypair cfg.domains;
+          ExecStartPre = map createDkimKeypair (cfg.domainsWithoutMailbox ++ cfg.domains);
           ReadWritePaths = [ cfg.dkimKeyDirectory ];
         })
       ];

tests/domainsWithoutMailbox.nix

@@ -0,0 +1,81 @@
+# This tests is used to test features requiring several mail domains.
+
+{ pkgs, ... }:
+
+let
+  hashPassword = password: pkgs.runCommand
+    "password-${password}-hashed"
+    { buildInputs = [ pkgs.mkpasswd ]; inherit password; }
+    ''
+      mkpasswd -sm bcrypt <<<"$password" > $out
+    '';
+
+  password = pkgs.writeText "password" "password";
+
+  domainGenerator = domain: {
+    imports = [ ../default.nix ];
+    virtualisation.memorySize = 1024;
+    mailserver = {
+      enable = true;
+      fqdn = "mail.${domain}";
+      domains = [ domain ];
+      localDnsResolver = false;
+      loginAccounts = {
+        "user@${domain}" = {
+          hashedPasswordFile = hashPassword "password";
+        };
+      };
+      enableImap = true;
+      enableImapSsl = true;
+    };
+    services = {
+      dnsmasq = {
+        enable = true;
+        settings.mx-host = [ "domain1.com,domain1,10" "domain2.com,domain2,10" ];
+      };
+      # disable rspamd graylisting and other stuff hardful top tests
+      rspamd.extraConfig = ''
+        actions {
+          reject = null; # Disable rejects, default is 15
+          add_header = 6; # Add header when reaching this score
+          greylist = null; # Disable greylisting
+        }
+      '';
+    };
+  };
+
+in
+
+{
+  name = "domainsWithoutMailbox";
+  nodes = {
+    domain1 = {
+      imports = [
+        ../default.nix
+        (domainGenerator "domain1.com")
+      ];
+      mailserver.domainsWithoutMailbox = [ "relay.domain1.com" ];
+      # ip of itself
+      services.postfix.networks = [ "[2001:db8:1::1]/128" ];
+    };
+    domain2 = domainGenerator "domain2.com";
+    client = { pkgs, ... }: {
+      environment.systemPackages = [
+        (pkgs.writeScriptBin "mail-check" ''
+          ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
+        '')
+      ];
+    };
+  };
+  testScript = ''
+    start_all()
+
+    domain1.wait_for_unit("multi-user.target")
+    domain2.wait_for_unit("multi-user.target")
+
+    # user@domain1.com sends a mail to user@domain2.com
+    client.succeed(
+        "mail-check send-and-read --smtp-port 25 --smtp-starttls --smtp-host domain1 --from-addr user@relay.domain1.com --imap-host domain2 --to-addr user@domain2.com --dst-password-file ${password} --ignore-dkim-spf"
+    )
+  '';
+}