From d0218043a9c1154144fb5af6d7566f26e6604c5f Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sun, 29 Jun 2025 00:01:13 +0200
Subject: [PATCH] nixos/tests/postfix-tlspol: assert empty policies for
 localhost

---
 nixos/tests/postfix-tlspol.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/nixos/tests/postfix-tlspol.nix b/nixos/tests/postfix-tlspol.nix
index 64da3703239a..0d03c1d82052 100644
--- a/nixos/tests/postfix-tlspol.nix
+++ b/nixos/tests/postfix-tlspol.nix
@@ -10,9 +10,12 @@
   nodes.machine = {
     services.postfix.enable = true;
     services.postfix-tlspol.enable = true;
-  };
 
-  enableOCR = true;
+    services.dnsmasq = {
+      enable = true;
+      settings.selfmx = true;
+    };
+  };
 
   testScript = ''
     import json
@@ -26,6 +29,8 @@
       response = json.loads((machine.succeed("postfix-tlspol -query localhost")))
       machine.log(json.dumps(response, indent=2))
 
+      assert response["dane"]["policy"] == "", f"Unexpected DANE policy for localhost: {response["dane"]["policy"]}"
+      assert response["mta-sts"]["policy"] == "", f"Unexpected MTA-STS policy for localhost: {response["mta-sts"]["policy"]}"
 
     machine.log(machine.execute("systemd-analyze security postfix-tlspol.service | grep -v ✓")[1])
   '';