From 88eaa6fa81befd46bf27151edfcd5c8da5f75884 Mon Sep 17 00:00:00 2001
From: Brian Olsen <brian@maven-group.org>
Date: Wed, 8 Apr 2020 18:47:12 +0200
Subject: [PATCH] email: Support webmail without TLS and fix test

---
 modules/services/email/nixcloud-email.nix | 8 +++++---
 modules/services/email/test/default.nix   | 6 ++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/modules/services/email/nixcloud-email.nix b/modules/services/email/nixcloud-email.nix
index 69a7822..989c6cf 100644
--- a/modules/services/email/nixcloud-email.nix
+++ b/modules/services/email/nixcloud-email.nix
@@ -37,7 +37,9 @@ let
     proxyOptions = {
       domain = "${extraFQDN}";
       port = port;
-      TLS = "${primaryFQDN}";
+      TLS = lib.mkIf cfg.enableTLS "${primaryFQDN}";
+      http.mode = if cfg.enableTLS then "redirect_to_https" else "on";
+      https.mode = if cfg.enableTLS then "on" else "off";
     };
   };
   # unique set of primary FQDN and additional domains in nixcloud.email, prefixed with `mail.` depending on `autoMailDomain`
@@ -297,8 +299,6 @@ in {
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
     (lib.mkIf cfg.enableTLS {
-      nixcloud.reverse-proxy.enable = true;
-
       systemd.services.postfix.after = [ "nixcloud.TLS-certificates.target" ];
       systemd.services.postfix.wants = [ "nixcloud.TLS-certificates.target" ];
 
@@ -492,6 +492,8 @@ in {
         ];
       };
 
+      nixcloud.reverse-proxy.enable = cfg.enableTLS || cfg.webmail.enable;
+
       services.mailUsers.users = cfg.users;
 
       nixcloud.tests.wanted = [ ./test ];
diff --git a/modules/services/email/test/default.nix b/modules/services/email/test/default.nix
index 6514999..289c41f 100644
--- a/modules/services/email/test/default.nix
+++ b/modules/services/email/test/default.nix
@@ -183,9 +183,7 @@ in {
     '');
   };
 
-  testScript = let
-    rcSearchFor = "<title>Roundcube</title>";
-  in ''
+  testScript = ''
     startAll;
     $dns->waitForUnit('bind.service');
     $mail1->waitForUnit('multi-user.target');
@@ -197,7 +195,7 @@ in {
     $mail2->waitForOpenPort(80);
     $mail1->waitForOpenPort(8993);
     $mail2->waitForOpenPort(8993);
-    $mail1->succeed('curl -L https://mail.example.org/ | grep -qF "${rcSearchFor}"');
+    $mail1->succeed('curl -L http://mail.example.org/ | grep -qF "<title>Roundcube"');
     # Check spam learning
     $mail2->waitUntilSucceeds("journalctl -u dovecot2 | grep learn-spam.sh >&2");
     $mail2->succeed('journalctl -u rspamd | grep "csession; rspamd_controller_learn_fin_task: </run/rspamd/worker-controller.sock> learned message as spam" >&2');