nixos/tests/matrix/mjolnir.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / matrix / mjolnir.nix
at 23.11-beta 5.4 kB view raw
  1import ../make-test-python.nix (
  2  { pkgs, ... }:
  3  let
  4    # Set up SSL certs for Synapse to be happy.
  5    runWithOpenSSL = file: cmd: pkgs.runCommand file
  6      {
  7        buildInputs = [ pkgs.openssl ];
  8      }
  9      cmd;
 10
 11    ca_key = runWithOpenSSL "ca-key.pem" "openssl genrsa -out $out 2048";
 12    ca_pem = runWithOpenSSL "ca.pem" ''
 13      openssl req \
 14        -x509 -new -nodes -key ${ca_key} \
 15        -days 10000 -out $out -subj "/CN=snakeoil-ca"
 16    '';
 17    key = runWithOpenSSL "matrix_key.pem" "openssl genrsa -out $out 2048";
 18    csr = runWithOpenSSL "matrix.csr" ''
 19      openssl req \
 20         -new -key ${key} \
 21         -out $out -subj "/CN=localhost" \
 22    '';
 23    cert = runWithOpenSSL "matrix_cert.pem" ''
 24      openssl x509 \
 25        -req -in ${csr} \
 26        -CA ${ca_pem} -CAkey ${ca_key} \
 27        -CAcreateserial -out $out \
 28        -days 365
 29    '';
 30  in
 31  {
 32    name = "mjolnir";
 33    meta = with pkgs.lib; {
 34      maintainers = teams.matrix.members;
 35    };
 36
 37    nodes = {
 38      homeserver = { pkgs, ... }: {
 39        services.matrix-synapse = {
 40          enable = true;
 41          settings = {
 42            database.name = "sqlite3";
 43            tls_certificate_path = "${cert}";
 44            tls_private_key_path = "${key}";
 45            enable_registration = true;
 46            enable_registration_without_verification = true;
 47            registration_shared_secret = "supersecret-registration";
 48
 49            listeners = [ {
 50              # The default but tls=false
 51              bind_addresses = [
 52                "0.0.0.0"
 53              ];
 54              port = 8448;
 55              resources = [ {
 56                compress = true;
 57                names = [ "client" ];
 58              } {
 59                compress = false;
 60                names = [ "federation" ];
 61              } ];
 62              tls = false;
 63              type = "http";
 64              x_forwarded = false;
 65            } ];
 66          };
 67        };
 68
 69        networking.firewall.allowedTCPPorts = [ 8448 ];
 70
 71        environment.systemPackages = [
 72          (pkgs.writeShellScriptBin "register_mjolnir_user" ''
 73            exec ${pkgs.matrix-synapse}/bin/register_new_matrix_user \
 74              -u mjolnir \
 75              -p mjolnir-password \
 76              --admin \
 77              --shared-secret supersecret-registration \
 78              http://localhost:8448
 79          ''
 80          )
 81          (pkgs.writeShellScriptBin "register_moderator_user" ''
 82            exec ${pkgs.matrix-synapse}/bin/register_new_matrix_user \
 83              -u moderator \
 84              -p moderator-password \
 85              --no-admin \
 86              --shared-secret supersecret-registration \
 87              http://localhost:8448
 88          ''
 89          )
 90        ];
 91      };
 92
 93      mjolnir = { pkgs, ... }: {
 94        services.mjolnir = {
 95          enable = true;
 96          homeserverUrl = "http://homeserver:8448";
 97          pantalaimon = {
 98            enable = true;
 99            username = "mjolnir";
100            passwordFile = pkgs.writeText "password.txt" "mjolnir-password";
101            # otherwise mjolnir tries to connect to ::1, which is not listened by pantalaimon
102            options.listenAddress = "127.0.0.1";
103          };
104          managementRoom = "#moderators:homeserver";
105        };
106      };
107
108      client = { pkgs, ... }: {
109        environment.systemPackages = [
110          (pkgs.writers.writePython3Bin "create_management_room_and_invite_mjolnir"
111            { libraries = with pkgs.python3Packages; [
112                matrix-nio
113              ] ++ matrix-nio.optional-dependencies.e2e;
114            } ''
115            import asyncio
116
117            from nio import (
118                AsyncClient,
119                EnableEncryptionBuilder
120            )
121
122
123            async def main() -> None:
124                client = AsyncClient("http://homeserver:8448", "moderator")
125
126                await client.login("moderator-password")
127
128                room = await client.room_create(
129                    name="Moderators",
130                    alias="moderators",
131                    initial_state=[EnableEncryptionBuilder().as_dict()],
132                )
133
134                await client.join(room.room_id)
135                await client.room_invite(room.room_id, "@mjolnir:homeserver")
136
137            asyncio.run(main())
138          ''
139          )
140        ];
141      };
142    };
143
144    testScript = ''
145      with subtest("start homeserver"):
146        homeserver.start()
147
148        homeserver.wait_for_unit("matrix-synapse.service")
149        homeserver.wait_until_succeeds("curl --fail -L http://localhost:8448/")
150
151      with subtest("register users"):
152        # register mjolnir user
153        homeserver.succeed("register_mjolnir_user")
154        # register moderator user
155        homeserver.succeed("register_moderator_user")
156
157      with subtest("start mjolnir"):
158        mjolnir.start()
159
160        # wait for pantalaimon to be ready
161        mjolnir.wait_for_unit("pantalaimon-mjolnir.service")
162        mjolnir.wait_for_unit("mjolnir.service")
163
164        mjolnir.wait_until_succeeds("curl --fail -L http://localhost:8009/")
165
166      with subtest("ensure mjolnir can be invited to the management room"):
167        client.start()
168
169        client.wait_until_succeeds("curl --fail -L http://homeserver:8448/")
170
171        client.succeed("create_management_room_and_invite_mjolnir")
172
173        mjolnir.wait_for_console_text("Startup complete. Now monitoring rooms")
174    '';
175  }
176)