From 2487dcbf51d8f11e1ff0795eb76faf2659f7fe36 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sat, 14 Jun 2025 17:05:35 +0200
Subject: [PATCH] nixos/tests/tlsrpt: init

---
 nixos/tests/all-tests.nix                   |  1 +
 nixos/tests/tlsrpt.nix                      | 41 +++++++++++++++++++++
 pkgs/by-name/tl/tlsrpt-reporter/package.nix |  5 +++
 3 files changed, 47 insertions(+)
 create mode 100644 nixos/tests/tlsrpt.nix

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 6cb04827cb77..03e046c24ddb 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1396,6 +1396,7 @@ in
   tinydns = runTest ./tinydns.nix;
   tinyproxy = runTest ./tinyproxy.nix;
   tinywl = runTest ./tinywl.nix;
+  tlsrpt = runTest ./tlsrpt.nix;
   tmate-ssh-server = runTest ./tmate-ssh-server.nix;
   tomcat = runTest ./tomcat.nix;
   tor = runTest ./tor.nix;
diff --git a/nixos/tests/tlsrpt.nix b/nixos/tests/tlsrpt.nix
new file mode 100644
index 000000000000..ccbb5c25e0fc
--- /dev/null
+++ b/nixos/tests/tlsrpt.nix
@@ -0,0 +1,41 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  name = "tlsrpt";
+
+  meta = {
+    inherit (pkgs.tlsrpt-reporter.meta) maintainers;
+  };
+
+  nodes.machine = {
+    services.tlsrpt = {
+      enable = true;
+      reportd.settings = {
+        organization_name = "NixOS Testers United";
+        contact_info = "smtp-tls-report@localhost";
+        sender_address = "noreply@localhost";
+      };
+    };
+
+    # To test the postfix integration
+    services.postfix.enable = true;
+  };
+
+  testScript = ''
+    machine.wait_for_unit("tlsrpt-collectd.service")
+    machine.wait_for_unit("tlsrpt-reportd.service")
+
+    machine.wait_for_file("/run/tlsrpt/collectd.sock")
+    machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-collectd | grep -Pq 'Database .* setup finished'")
+    machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd | grep -Pq 'Database .* setup finished'")
+
+    # Enabling postfix should put sendmail as the sendmail setting
+    machine.succeed("grep -q sendmail_script=sendmail /etc/tlsrpt/reportd.cfg")
+    machine.succeed("systemctl show --property SupplementaryGroups postfix.service | grep tlsrpt")
+
+    machine.log(machine.succeed("systemd-analyze security tlsrpt-collectd.service tlsrpt-reportd.service | grep -v ✓"))
+  '';
+}
diff --git a/pkgs/by-name/tl/tlsrpt-reporter/package.nix b/pkgs/by-name/tl/tlsrpt-reporter/package.nix
index 62ae4b631305..713870ae063e 100644
--- a/pkgs/by-name/tl/tlsrpt-reporter/package.nix
+++ b/pkgs/by-name/tl/tlsrpt-reporter/package.nix
@@ -5,6 +5,7 @@
   installShellFiles,
   python3,
   fetchFromGitHub,
+  nixosTests,
 }:
 
 python3.pkgs.buildPythonApplication rec {
@@ -50,6 +51,10 @@ python3.pkgs.buildPythonApplication rec {
     "tlsrpt_reporter"
   ];
 
+  passthru.tests = {
+    inherit (nixosTests) tlsrpt;
+  };
+
   meta = {
     description = "Application suite to receive TLSRPT datagrams and to generate and deliver TLSRPT reports";
     homepage = "https://github.com/sys4/tlsrpt-reporter";