nixpkgs/nixos/tests/miniflux.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

122 lines
3.6 KiB
Nix
Raw Normal View History

2019-11-09 20:35:50 +01:00
import ./make-test-python.nix ({ pkgs, lib, ... }:
2018-12-21 19:36:58 +01:00
let
port = 3142;
username = "alice";
password = "correcthorsebatterystaple";
defaultPort = 8080;
defaultUsername = "admin";
defaultPassword = "password";
adminCredentialsFile = pkgs.writeText "admin-credentials" ''
ADMIN_USERNAME=${defaultUsername}
ADMIN_PASSWORD=${defaultPassword}
'';
customAdminCredentialsFile = pkgs.writeText "admin-credentials" ''
ADMIN_USERNAME=${username}
ADMIN_PASSWORD=${password}
'';
postgresPassword = "correcthorsebatterystaple";
postgresPasswordFile = pkgs.writeText "pgpass" ''
*:*:*:*:${postgresPassword}
'';
2018-12-21 19:36:58 +01:00
in
{
name = "miniflux";
meta.maintainers = [ ];
2018-12-21 19:36:58 +01:00
nodes = {
default =
{ ... }:
{
security.apparmor.enable = true;
services.miniflux = {
enable = true;
inherit adminCredentialsFile;
};
2018-12-21 19:36:58 +01:00
};
withoutSudo =
{ ... }:
{
security.apparmor.enable = true;
services.miniflux = {
enable = true;
inherit adminCredentialsFile;
};
security.sudo.enable = false;
};
2018-12-21 19:36:58 +01:00
customized =
{ ... }:
{
security.apparmor.enable = true;
2018-12-21 19:36:58 +01:00
services.miniflux = {
enable = true;
config = {
CLEANUP_FREQUENCY = "48";
LISTEN_ADDR = "localhost:${toString port}";
};
adminCredentialsFile = customAdminCredentialsFile;
2018-12-21 19:36:58 +01:00
};
};
postgresTcp = { config, pkgs, lib, ... }: {
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "init-postgres" ''
CREATE USER miniflux WITH PASSWORD '${postgresPassword}';
CREATE DATABASE miniflux WITH OWNER miniflux;
'';
enableTCPIP = true;
authentication = ''
host sameuser miniflux samenet scram-sha-256
'';
};
systemd.services.postgresql.postStart = lib.mkAfter ''
$PSQL -tAd miniflux -c 'CREATE EXTENSION hstore;'
'';
networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ];
};
externalDb = { ... }: {
security.apparmor.enable = true;
services.miniflux = {
enable = true;
createDatabaseLocally = false;
inherit adminCredentialsFile;
config = {
DATABASE_URL = "user=miniflux host=postgresTcp dbname=miniflux sslmode=disable";
PGPASSFILE = "/run/miniflux/pgpass";
};
};
systemd.services.miniflux.preStart = ''
cp ${postgresPasswordFile} /run/miniflux/pgpass
chmod 600 /run/miniflux/pgpass
'';
};
2018-12-21 19:36:58 +01:00
};
testScript = ''
def runTest(machine, port, user):
machine.wait_for_unit("miniflux.service")
machine.wait_for_open_port(port)
machine.succeed(f"curl --fail 'http://localhost:{port}/healthcheck' | grep OK")
machine.succeed(
f"curl 'http://localhost:{port}/v1/me' -u '{user}' -H Content-Type:application/json | grep '\"is_admin\":true'"
)
machine.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
2018-12-21 19:36:58 +01:00
default.start()
withoutSudo.start()
customized.start()
postgresTcp.start()
runTest(default, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}")
runTest(withoutSudo, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}")
runTest(customized, ${toString port}, "${username}:${password}")
postgresTcp.wait_for_unit("postgresql.service")
externalDb.start()
runTest(externalDb, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}")
2018-12-21 19:36:58 +01:00
'';
})