nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / nextcloud / with-declarative-redis-and-secrets.nix
at 23.05-pre 3.4 kB view raw
  1import ../make-test-python.nix ({ pkgs, ...}: let
  2  adminpass = "hunter2";
  3  adminuser = "custom-admin-username";
  4in {
  5  name = "nextcloud-with-declarative-redis";
  6  meta = with pkgs.lib.maintainers; {
  7    maintainers = [ eqyiel ];
  8  };
  9
 10  nodes = {
 11    # The only thing the client needs to do is download a file.
 12    client = { ... }: {};
 13
 14    nextcloud = { config, pkgs, ... }: {
 15      networking.firewall.allowedTCPPorts = [ 80 ];
 16
 17      services.nextcloud = {
 18        enable = true;
 19        hostName = "nextcloud";
 20        caching = {
 21          apcu = false;
 22          redis = true;
 23          memcached = false;
 24        };
 25        config = {
 26          dbtype = "pgsql";
 27          dbname = "nextcloud";
 28          dbuser = "nextcloud";
 29          dbhost = "/run/postgresql";
 30          inherit adminuser;
 31          adminpassFile = toString (pkgs.writeText "admin-pass-file" ''
 32            ${adminpass}
 33          '');
 34        };
 35        secretFile = "/etc/nextcloud-secrets.json";
 36
 37        extraOptions.redis = {
 38          host = "/run/redis/redis.sock";
 39          port = 0;
 40          dbindex = 0;
 41          timeout = 1.5;
 42          # password handled via secretfile below
 43        };
 44        extraOptions.memcache = {
 45          local = "\OC\Memcache\Redis";
 46          locking = "\OC\Memcache\Redis";
 47        };
 48      };
 49
 50      services.redis.servers."nextcloud".enable = true;
 51      services.redis.servers."nextcloud".port = 6379;
 52
 53      systemd.services.nextcloud-setup= {
 54        requires = ["postgresql.service"];
 55        after = [
 56          "postgresql.service"
 57        ];
 58      };
 59
 60      services.postgresql = {
 61        enable = true;
 62        ensureDatabases = [ "nextcloud" ];
 63        ensureUsers = [
 64          { name = "nextcloud";
 65            ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
 66          }
 67        ];
 68      };
 69
 70      # This file is meant to contain secret options which should
 71      # not go into the nix store. Here it is just used to set the
 72      # databyse type to postgres.
 73      environment.etc."nextcloud-secrets.json".text = ''
 74        {
 75          "redis": {
 76            "password": "secret"
 77          }
 78        }
 79      '';
 80    };
 81  };
 82
 83  testScript = let
 84    withRcloneEnv = pkgs.writeScript "with-rclone-env" ''
 85      #!${pkgs.runtimeShell}
 86      export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav
 87      export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/"
 88      export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud"
 89      export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}"
 90      export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})"
 91      "''${@}"
 92    '';
 93    copySharedFile = pkgs.writeScript "copy-shared-file" ''
 94      #!${pkgs.runtimeShell}
 95      echo 'hi' | ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file
 96    '';
 97
 98    diffSharedFile = pkgs.writeScript "diff-shared-file" ''
 99      #!${pkgs.runtimeShell}
100      diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file)
101    '';
102  in ''
103    start_all()
104    nextcloud.wait_for_unit("multi-user.target")
105    nextcloud.succeed("curl -sSf http://nextcloud/login")
106    nextcloud.succeed(
107        "${withRcloneEnv} ${copySharedFile}"
108    )
109    client.wait_for_unit("multi-user.target")
110    client.succeed(
111        "${withRcloneEnv} ${diffSharedFile}"
112    )
113
114    # redis cache should not be empty
115    nextcloud.fail("redis-cli KEYS * | grep -q 'empty array'")
116  '';
117})