From 2ee68fb0e28f448758a46172d912566623481164 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 3 Nov 2023 10:12:28 +0100
Subject: [PATCH 1/2] drop xmpp setup again

---
 clanModules/dino.nix         |  3 ---
 clanModules/flake-module.nix |  2 --
 clanModules/prosody.nix      | 30 ------------------------------
 3 files changed, 35 deletions(-)
 delete mode 100644 clanModules/dino.nix
 delete mode 100644 clanModules/prosody.nix

diff --git a/clanModules/dino.nix b/clanModules/dino.nix
deleted file mode 100644
index 0c75af7fe..000000000
--- a/clanModules/dino.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{ pkgs, ... }: {
-  environment.systemPackages = [ pkgs.dino ];
-}
diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix
index 608b7ab83..3e03f07a3 100644
--- a/clanModules/flake-module.nix
+++ b/clanModules/flake-module.nix
@@ -8,8 +8,6 @@
         ];
       })
       (builtins.readDir ./diskLayouts);
-    prosody = ./prosody.nix;
-    dino = ./dino.nix;
     xfce = ./xfce.nix;
   };
 }
diff --git a/clanModules/prosody.nix b/clanModules/prosody.nix
deleted file mode 100644
index d4fc5e374..000000000
--- a/clanModules/prosody.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config
-, ...
-}: {
-  services.prosody = {
-    enable = true;
-    modules.bosh = true;
-    extraModules = [ "private" "vcard" "privacy" "compression" "component" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist" ];
-    virtualHosts = {
-      "${config.clanCore.machineName}.local" = {
-        domain = "${config.clanCore.machineName}.local";
-        enabled = true;
-      };
-    };
-    extraConfig = ''
-      allow_unencrypted_plain_auth = true
-    '';
-    c2sRequireEncryption = false;
-    s2sRequireEncryption = false;
-    muc = [{
-      domain = "muc.${config.clanCore.machineName}.local";
-      maxHistoryMessages = 10000;
-      name = "${config.clanCore.machineName} Prosody";
-    }];
-    uploadHttp = {
-      domain = "upload.${config.clanCore.machineName}.local";
-    };
-  };
-  # xmpp-server
-  networking.firewall.allowedTCPPorts = [ 5269 ];
-}

From f71e56b1110e675100c55f5d4ac317474ecaf0cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 3 Nov 2023 10:26:11 +0100
Subject: [PATCH 2/2] add deltachat module

---
 checks/deltachat/default.nix |  24 ++++++
 checks/flake-module.nix      |   1 +
 clanModules/deltachat.nix    | 139 +++++++++++++++++++++++++++++++++++
 clanModules/flake-module.nix |   1 +
 4 files changed, 165 insertions(+)
 create mode 100644 checks/deltachat/default.nix
 create mode 100644 clanModules/deltachat.nix

diff --git a/checks/deltachat/default.nix b/checks/deltachat/default.nix
new file mode 100644
index 000000000..868883dda
--- /dev/null
+++ b/checks/deltachat/default.nix
@@ -0,0 +1,24 @@
+(import ../lib/container-test.nix) ({ pkgs, ... }: {
+  name = "secrets";
+
+  nodes.machine = { self, ... }: {
+    imports = [
+      ../../clanModules/deltachat.nix
+      self.nixosModules.clanCore
+      {
+        clanCore.machineName = "machine";
+        clanCore.clanDir = ./.;
+      }
+    ];
+  };
+  testScript = ''
+    start_all()
+    machine.wait_for_unit("maddy")
+    # imap
+    machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 143")
+    # smtp submission
+    machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 587")
+    # smtp
+    machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 25")
+  '';
+})
diff --git a/checks/flake-module.nix b/checks/flake-module.nix
index 66447809d..a100503cb 100644
--- a/checks/flake-module.nix
+++ b/checks/flake-module.nix
@@ -15,6 +15,7 @@
           # import our test
           secrets = import ./secrets nixosTestArgs;
           container = import ./container nixosTestArgs;
+          deltachat = import ./deltachat nixosTestArgs;
         };
         schemaTests = pkgs.callPackages ./schemas.nix {
           inherit self;
diff --git a/clanModules/deltachat.nix b/clanModules/deltachat.nix
new file mode 100644
index 000000000..66f3b0499
--- /dev/null
+++ b/clanModules/deltachat.nix
@@ -0,0 +1,139 @@
+{ config, pkgs, ... }: {
+  environment.systemPackages = [ pkgs.deltachat-desktop ];
+
+  services.maddy = {
+    enable = true;
+    primaryDomain = "${config.clanCore.machineName}.local";
+    config = ''
+      # Minimal configuration with TLS disabled, adapted from upstream example
+      # configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
+      # Do not use this in unencrypted networks!
+
+      auth.pass_table local_authdb {
+        table sql_table {
+          driver sqlite3
+          dsn credentials.db
+          table_name passwords
+        }
+      }
+
+      storage.imapsql local_mailboxes {
+        driver sqlite3
+        dsn imapsql.db
+      }
+
+      table.chain local_rewrites {
+        optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
+        optional_step static {
+          entry postmaster postmaster@$(primary_domain)
+        }
+        optional_step file /etc/maddy/aliases
+      }
+
+      msgpipeline local_routing {
+        destination postmaster $(local_domains) {
+          modify {
+            replace_rcpt &local_rewrites
+          }
+          deliver_to &local_mailboxes
+        }
+        default_destination {
+          reject 550 5.1.1 "User doesn't exist"
+        }
+      }
+
+      smtp tcp://[::]:25 {
+        limits {
+          all rate 20 1s
+          all concurrency 10
+        }
+        dmarc yes
+        check {
+          require_mx_record
+          dkim
+          spf
+        }
+        source $(local_domains) {
+          reject 501 5.1.8 "Use Submission for outgoing SMTP"
+        }
+        default_source {
+          destination postmaster $(local_domains) {
+            deliver_to &local_routing
+          }
+          default_destination {
+            reject 550 5.1.1 "User doesn't exist"
+          }
+        }
+      }
+
+      submission tcp://[::1]:587 {
+        limits {
+          all rate 50 1s
+        }
+        auth &local_authdb
+        source $(local_domains) {
+          check {
+              authorize_sender {
+                  prepare_email &local_rewrites
+                  user_to_email identity
+              }
+          }
+          destination postmaster $(local_domains) {
+              deliver_to &local_routing
+          }
+          default_destination {
+              modify {
+                  dkim $(primary_domain) $(local_domains) default
+              }
+              deliver_to &remote_queue
+          }
+        }
+        default_source {
+          reject 501 5.1.8 "Non-local sender domain"
+        }
+      }
+
+      target.remote outbound_delivery {
+        limits {
+          destination rate 20 1s
+          destination concurrency 10
+        }
+        mx_auth {
+          dane
+          mtasts {
+            cache fs
+            fs_dir mtasts_cache/
+          }
+          local_policy {
+              min_tls_level encrypted
+              min_mx_level none
+          }
+        }
+      }
+
+      target.queue remote_queue {
+        target &outbound_delivery
+        autogenerated_msg_domain $(primary_domain)
+        bounce {
+          destination postmaster $(local_domains) {
+            deliver_to &local_routing
+          }
+          default_destination {
+              reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
+          }
+        }
+      }
+
+      imap tcp://[::1]:143 {
+        auth &local_authdb
+        storage &local_mailboxes
+      }
+    '';
+    ensureAccounts = [
+      "user@${config.clanCore.machineName}.local"
+    ];
+    ensureCredentials = {
+      "user@${config.clanCore.machineName}.local".passwordFile = pkgs.writeText "dummy" "foobar";
+    };
+  };
+}
diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix
index 3e03f07a3..332286a3b 100644
--- a/clanModules/flake-module.nix
+++ b/clanModules/flake-module.nix
@@ -8,6 +8,7 @@
         ];
       })
       (builtins.readDir ./diskLayouts);
+    deltachat = ./deltachat.nix;
     xfce = ./xfce.nix;
   };
 }