pyrox.dev
1import ../../make-test-python.nix ({pkgs, ...}:
2let
3 cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
4 openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=mastodon.local' -days 36500
5 mkdir -p $out
6 cp key.pem cert.pem $out
7 '';
8
9 hosts = ''
10 192.168.2.103 mastodon.local
11 '';
12
13in
14{
15 name = "mastodon-remote-postgresql";
16 meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin ];
17
18 nodes = {
19 database = { config, ... }: {
20 networking = {
21 interfaces.eth1 = {
22 ipv4.addresses = [
23 { address = "192.168.2.102"; prefixLength = 24; }
24 ];
25 };
26 extraHosts = hosts;
27 firewall.allowedTCPPorts = [ config.services.postgresql.port ];
28 };
29
30 services.postgresql = {
31 enable = true;
32 # TODO remove once https://github.com/NixOS/nixpkgs/pull/266270 is resolved.
33 package = pkgs.postgresql_14;
34 enableTCPIP = true;
35 authentication = ''
36 hostnossl mastodon_local mastodon_test 192.168.2.201/32 md5
37 '';
38 initialScript = pkgs.writeText "postgresql_init.sql" ''
39 CREATE ROLE mastodon_test LOGIN PASSWORD 'SoDTZcISc3f1M1LJsRLT';
40 CREATE DATABASE mastodon_local TEMPLATE template0 ENCODING UTF8;
41 GRANT ALL PRIVILEGES ON DATABASE mastodon_local TO mastodon_test;
42 '';
43 };
44 };
45
46 nginx = { nodes, ... }: {
47 networking = {
48 interfaces.eth1 = {
49 ipv4.addresses = [
50 { address = "192.168.2.103"; prefixLength = 24; }
51 ];
52 };
53 extraHosts = hosts;
54 firewall.allowedTCPPorts = [ 80 443 ];
55 };
56
57 security = {
58 pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
59 };
60
61 services.nginx = {
62 enable = true;
63 recommendedProxySettings = true;
64 virtualHosts."mastodon.local" = {
65 root = "/var/empty";
66 forceSSL = true;
67 enableACME = pkgs.lib.mkForce false;
68 sslCertificate = "${cert pkgs}/cert.pem";
69 sslCertificateKey = "${cert pkgs}/key.pem";
70 locations."/" = {
71 tryFiles = "$uri @proxy";
72 };
73 locations."@proxy" = {
74 proxyPass = "http://192.168.2.201:${toString nodes.server.services.mastodon.webPort}";
75 proxyWebsockets = true;
76 };
77 };
78 };
79 };
80
81 server = { config, pkgs, ... }: {
82 virtualisation.memorySize = 2048;
83
84 environment = {
85 etc = {
86 "mastodon/password-posgressql-db".text = ''
87 SoDTZcISc3f1M1LJsRLT
88 '';
89 };
90 };
91
92 networking = {
93 interfaces.eth1 = {
94 ipv4.addresses = [
95 { address = "192.168.2.201"; prefixLength = 24; }
96 ];
97 };
98 extraHosts = hosts;
99 firewall.allowedTCPPorts = [
100 config.services.mastodon.webPort
101 config.services.mastodon.sidekiqPort
102 ];
103 };
104
105 services.mastodon = {
106 enable = true;
107 configureNginx = false;
108 localDomain = "mastodon.local";
109 enableUnixSocket = false;
110 streamingProcesses = 2;
111 database = {
112 createLocally = false;
113 host = "192.168.2.102";
114 port = 5432;
115 name = "mastodon_local";
116 user = "mastodon_test";
117 passwordFile = "/etc/mastodon/password-posgressql-db";
118 };
119 smtp = {
120 createLocally = false;
121 fromAddress = "mastodon@mastodon.local";
122 };
123 extraConfig = {
124 BIND = "0.0.0.0";
125 EMAIL_DOMAIN_ALLOWLIST = "example.com";
126 RAILS_SERVE_STATIC_FILES = "true";
127 TRUSTED_PROXY_IP = "192.168.2.103";
128 };
129 };
130 };
131
132 client = { pkgs, ... }: {
133 environment.systemPackages = [ pkgs.jq ];
134 networking = {
135 interfaces.eth1 = {
136 ipv4.addresses = [
137 { address = "192.168.2.202"; prefixLength = 24; }
138 ];
139 };
140 extraHosts = hosts;
141 };
142
143 security = {
144 pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
145 };
146 };
147 };
148
149 testScript = import ./script.nix {
150 inherit pkgs;
151 extraInit = ''
152 nginx.wait_for_unit("nginx.service")
153 nginx.wait_for_open_port(443)
154 database.wait_for_unit("postgresql.service")
155 database.wait_for_open_port(5432)
156 '';
157 extraShutdown = ''
158 nginx.shutdown()
159 database.shutdown()
160 '';
161 };
162})