nixos/dovecot: Fix createMailUser implementation

aszlig · globin · commit f7411b81edee · 2017-09-23T15:00:33.000+02:00
This option got introduced in 7904499 and it didn't check whether mailUser and mailGroup are null, which they are by default. Now we're only creating the user if createMailUser is set in conjunction with mailUser and the group if mailGroup is set as well. I've added a NixOS VM test so that we can verify whether dovecot works without any additional options set, so it serves as a regression test for issue #29466 and other issues that might come up with future changes to the Dovecot service. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Fixes: #29466 Cc: @qknight, @abbradar, @ixmatus, @siddharthist, @peti (cherry picked from commit 3ba2095)
diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
@@ -9,6 +9,8 @@ let
   baseDir = "/run/dovecot2";
   stateDir = "/var/lib/dovecot";
 
+  canCreateMailUserGroup = cfg.mailUser != null && cfg.mailGroup != null;
+
   dovecotConf = concatStrings [
     ''
       base_dir = ${baseDir}
@@ -314,17 +316,18 @@ in
            description = "Dovecot user";
            group = cfg.group;
          }
-      ++ optional cfg.createMailUser
-         { name = cfg.mailUser;
-           description = "Virtual Mail User";
+      ++ optional (cfg.createMailUser && cfg.mailUser != null)
+         ({ name = cfg.mailUser;
+            description = "Virtual Mail User";
+         } // optionalAttrs (cfg.mailGroup != null) {
            group = cfg.mailGroup;
-         };
+         });
 
     users.extraGroups = optional (cfg.group == "dovecot2")
       { name = "dovecot2";
         gid = config.ids.gids.dovecot2;
       }
-    ++ optional cfg.createMailUser
+    ++ optional (cfg.createMailUser && cfg.mailGroup != null)
       { name = cfg.mailGroup;
       };
 
diff --git a/nixos/release.nix b/nixos/release.nix
@@ -234,6 +234,7 @@ in rec {
   tests.containers-hosts = callTest tests/containers-hosts.nix {};
   tests.containers-macvlans = callTest tests/containers-macvlans.nix {};
   tests.docker = hydraJob (import tests/docker.nix { system = "x86_64-linux"; });
+  tests.dovecot = callTest tests/dovecot.nix {};
   tests.dnscrypt-proxy = callTest tests/dnscrypt-proxy.nix { system = "x86_64-linux"; };
   tests.ecryptfs = callTest tests/ecryptfs.nix {};
   tests.etcd = hydraJob (import tests/etcd.nix { system = "x86_64-linux"; });
diff --git a/nixos/tests/dovecot.nix b/nixos/tests/dovecot.nix
@@ -0,0 +1,64 @@
+import ./make-test.nix {
+  name = "dovecot";
+
+  machine = { pkgs, ... }: {
+    imports = [ common/user-account.nix ];
+    services.postfix.enable = true;
+    services.dovecot2.enable = true;
+    services.dovecot2.protocols = [ "imap" "pop3" ];
+    environment.systemPackages = let
+      sendTestMail = pkgs.writeScriptBin "send-testmail" ''
+        #!${pkgs.stdenv.shell}
+        exec sendmail -vt <<MAIL
+        From: root@localhost
+        To: alice@localhost
+        Subject: Very important!
+
+        Hello world!
+        MAIL
+      '';
+
+      testImap = pkgs.writeScriptBin "test-imap" ''
+        #!${pkgs.python3.interpreter}
+        import imaplib
+
+        with imaplib.IMAP4('localhost') as imap:
+          imap.login('alice', 'foobar')
+          imap.select()
+          status, refs = imap.search(None, 'ALL')
+          assert status == 'OK'
+          assert len(refs) == 1
+          status, msg = imap.fetch(refs[0], 'BODY[TEXT]')
+          assert status == 'OK'
+          assert msg[0][1].strip() == b'Hello world!'
+      '';
+
+      testPop = pkgs.writeScriptBin "test-pop" ''
+        #!${pkgs.python3.interpreter}
+        import poplib
+
+        pop = poplib.POP3('localhost')
+        try:
+          pop.user('alice')
+          pop.pass_('foobar')
+          assert len(pop.list()[1]) == 1
+          status, fullmail, size = pop.retr(1)
+          assert status.startswith(b'+OK ')
+          body = b"".join(fullmail[fullmail.index(b""):]).strip()
+          assert body == b'Hello world!'
+        finally:
+          pop.quit()
+      '';
+
+    in [ sendTestMail testImap testPop ];
+  };
+
+  testScript = ''
+    $machine->waitForUnit('postfix.service');
+    $machine->waitForUnit('dovecot2.service');
+    $machine->succeed('send-testmail');
+    $machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]');
+    $machine->succeed('test-imap');
+    $machine->succeed('test-pop');
+  '';
+}
