nixos/tests/nextcloud/basic.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / nextcloud / basic.nix
at 23.11-pre 4.5 kB view raw
  1args@{ pkgs, nextcloudVersion ? 22, ... }:
  2
  3(import ../make-test-python.nix ({ pkgs, ...}: let
  4  adminpass = "notproduction";
  5  adminuser = "root";
  6in {
  7  name = "nextcloud-basic";
  8  meta = with pkgs.lib.maintainers; {
  9    maintainers = [ globin eqyiel ];
 10  };
 11
 12  nodes = rec {
 13    # The only thing the client needs to do is download a file.
 14    client = { ... }: {
 15      services.davfs2.enable = true;
 16      system.activationScripts.davfs2-secrets = ''
 17        echo "http://nextcloud/remote.php/webdav/ ${adminuser} ${adminpass}" > /tmp/davfs2-secrets
 18        chmod 600 /tmp/davfs2-secrets
 19      '';
 20      virtualisation.fileSystems = {
 21        "/mnt/dav" = {
 22          device = "http://nextcloud/remote.php/webdav/";
 23          fsType = "davfs";
 24          options = let
 25            davfs2Conf = (pkgs.writeText "davfs2.conf" "secrets /tmp/davfs2-secrets");
 26          in [ "conf=${davfs2Conf}" "x-systemd.automount" "noauto"];
 27        };
 28      };
 29    };
 30
 31    nextcloud = { config, pkgs, ... }: let
 32      cfg = config;
 33    in {
 34      networking.firewall.allowedTCPPorts = [ 80 ];
 35
 36      systemd.tmpfiles.rules = [
 37        "d /var/lib/nextcloud-data 0750 nextcloud nginx - -"
 38      ];
 39
 40      system.stateVersion = "22.11"; # stateVersion >=21.11 to make sure that we use OpenSSL3
 41
 42      services.nextcloud = {
 43        enable = true;
 44        datadir = "/var/lib/nextcloud-data";
 45        hostName = "nextcloud";
 46        database.createLocally = true;
 47        config = {
 48          # Don't inherit adminuser since "root" is supposed to be the default
 49          adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home!
 50          dbtableprefix = "nixos_";
 51        };
 52        package = pkgs.${"nextcloud" + (toString nextcloudVersion)};
 53        autoUpdateApps = {
 54          enable = true;
 55          startAt = "20:00";
 56        };
 57        phpExtraExtensions = all: [ all.bz2 ];
 58      };
 59
 60      environment.systemPackages = [ cfg.services.nextcloud.occ ];
 61    };
 62
 63    nextcloudWithoutMagick = args@{ config, pkgs, lib, ... }:
 64      lib.mkMerge
 65      [ (nextcloud args)
 66        { services.nextcloud.enableImagemagick = false; } ];
 67  };
 68
 69  testScript = { nodes, ... }: let
 70    withRcloneEnv = pkgs.writeScript "with-rclone-env" ''
 71      #!${pkgs.runtimeShell}
 72      export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav
 73      export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/"
 74      export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud"
 75      export RCLONE_CONFIG_NEXTCLOUD_USER="${adminuser}"
 76      export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})"
 77      "''${@}"
 78    '';
 79    copySharedFile = pkgs.writeScript "copy-shared-file" ''
 80      #!${pkgs.runtimeShell}
 81      echo 'hi' | ${withRcloneEnv} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file
 82    '';
 83
 84    diffSharedFile = pkgs.writeScript "diff-shared-file" ''
 85      #!${pkgs.runtimeShell}
 86      diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file)
 87    '';
 88
 89    findInClosure = what: drv: pkgs.runCommand "find-in-closure" { exportReferencesGraph = [ "graph" drv ]; inherit what; } ''
 90      test -e graph
 91      grep "$what" graph >$out || true
 92    '';
 93    nextcloudUsesImagick = findInClosure "imagick" nodes.nextcloud.config.system.build.vm;
 94    nextcloudWithoutDoesntUseIt = findInClosure "imagick" nodes.nextcloudWithoutMagick.config.system.build.vm;
 95  in ''
 96    assert open("${nextcloudUsesImagick}").read() != ""
 97    assert open("${nextcloudWithoutDoesntUseIt}").read() == ""
 98
 99    nextcloud.start()
100    client.start()
101    nextcloud.wait_for_unit("multi-user.target")
102    # This is just to ensure the nextcloud-occ program is working
103    nextcloud.succeed("nextcloud-occ status")
104    nextcloud.succeed("curl -sSf http://nextcloud/login")
105    # Ensure that no OpenSSL 1.1 is used.
106    nextcloud.succeed(
107        "${nodes.nextcloud.services.phpfpm.pools.nextcloud.phpPackage}/bin/php -i | grep 'OpenSSL Library Version' | awk -F'=>' '{ print $2 }' | awk '{ print $2 }' | grep -v 1.1"
108    )
109    nextcloud.succeed(
110        "${withRcloneEnv} ${copySharedFile}"
111    )
112    client.wait_for_unit("multi-user.target")
113    nextcloud.succeed("test -f /var/lib/nextcloud-data/data/root/files/test-shared-file")
114    client.succeed(
115        "${withRcloneEnv} ${diffSharedFile}"
116    )
117    assert "hi" in client.succeed("cat /mnt/dav/test-shared-file")
118    nextcloud.succeed("grep -vE '^HBEGIN:oc_encryption_module' /var/lib/nextcloud-data/data/root/files/test-shared-file")
119  '';
120})) args