pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / lemmy.nix
at 23.11-beta 4.1 kB view raw
1import ./make-test-python.nix ({ pkgs, lib, ... }: 2let 3 uiPort = 1234; 4 backendPort = 5678; 5 lemmyNodeName = "server"; 6in 7{ 8 name = "lemmy"; 9 meta = with lib.maintainers; { maintainers = [ mightyiam ]; }; 10 11 nodes = { 12 client = { }; 13 14 "${lemmyNodeName}" = { 15 services.lemmy = { 16 enable = true; 17 ui.port = uiPort; 18 database.createLocally = true; 19 settings = { 20 hostname = "http://${lemmyNodeName}"; 21 port = backendPort; 22 # Without setup, the /feeds/* and /nodeinfo/* API endpoints won't return 200 23 setup = { 24 admin_username = "mightyiam"; 25 site_name = "Lemmy FTW"; 26 admin_email = "mightyiam@example.com"; 27 }; 28 }; 29 adminPasswordFile = /etc/lemmy-admin-password.txt; 30 caddy.enable = true; 31 }; 32 33 environment.etc."lemmy-admin-password.txt".text = "ThisIsWhatIUseEverywhereTryIt"; 34 35 networking.firewall.allowedTCPPorts = [ 80 ]; 36 37 # pict-rs seems to need more than 1025114112 bytes 38 virtualisation.memorySize = 2000; 39 }; 40 }; 41 42 testScript = '' 43 server = ${lemmyNodeName} 44 45 with subtest("the merged config is secure"): 46 server.wait_for_unit("lemmy.service") 47 config_permissions = server.succeed("stat --format %A /run/lemmy/config.hjson").rstrip() 48 assert config_permissions == "-rw-------", f"merged config permissions {config_permissions} are insecure" 49 directory_permissions = server.succeed("stat --format %A /run/lemmy").rstrip() 50 assert directory_permissions[5] == directory_permissions[8] == "-", "merged config can be replaced" 51 52 with subtest("the backend starts and responds"): 53 server.wait_for_open_port(${toString backendPort}) 54 server.succeed("curl --fail localhost:${toString backendPort}/api/v3/site") 55 56 with subtest("the UI starts and responds"): 57 server.wait_for_unit("lemmy-ui.service") 58 server.wait_for_open_port(${toString uiPort}) 59 server.succeed("curl --fail localhost:${toString uiPort}") 60 61 with subtest("Lemmy-UI responds through the caddy reverse proxy"): 62 server.wait_for_unit("network-online.target") 63 server.wait_for_unit("caddy.service") 64 server.wait_for_open_port(80) 65 body = server.execute("curl --fail --location ${lemmyNodeName}")[1] 66 assert "Lemmy" in body, f"String Lemmy not found in response for ${lemmyNodeName}: \n{body}" 67 68 with subtest("the server is exposed externally"): 69 client.wait_for_unit("network-online.target") 70 client.succeed("curl -v --fail ${lemmyNodeName}") 71 72 with subtest("caddy correctly routes backend requests"): 73 # Make sure we are not hitting frontend 74 server.execute("systemctl stop lemmy-ui.service") 75 76 def assert_http_code(url, expected_http_code, extra_curl_args=""): 77 _, http_code = server.execute(f'curl --silent -o /dev/null {extra_curl_args} --fail --write-out "%{{http_code}}" {url}') 78 assert http_code == str(expected_http_code), f"expected http code {expected_http_code}, got {http_code}" 79 80 # Caddy responds with HTTP code 502 if it cannot handle the requested path 81 assert_http_code("${lemmyNodeName}/obviously-wrong-path/", 502) 82 83 assert_http_code("${lemmyNodeName}/static/js/client.js", 200) 84 assert_http_code("${lemmyNodeName}/api/v3/site", 200) 85 86 # A 404 confirms that the request goes to the backend 87 # No path can return 200 until after we upload an image to pict-rs 88 assert_http_code("${lemmyNodeName}/pictrs/", 404) 89 90 assert_http_code("${lemmyNodeName}/feeds/all.xml", 200) 91 assert_http_code("${lemmyNodeName}/nodeinfo/2.0.json", 200) 92 93 assert_http_code("${lemmyNodeName}/some-other-made-up-path/", 404, "-X POST") 94 assert_http_code("${lemmyNodeName}/some-other-path", 404, "-H 'Accept: application/activity+json'") 95 assert_http_code("${lemmyNodeName}/some-other-path", 404, "-H 'Accept: application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"'") 96 ''; 97})