nixos/tests/radicale.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / radicale.nix
at 23.11-pre 3.4 kB view raw
 1import ./make-test-python.nix ({ lib, pkgs, ... }:
 2
 3let
 4  user = "someuser";
 5  password = "some_password";
 6  port = "5232";
 7  filesystem_folder = "/data/radicale";
 8
 9  cli = "${pkgs.calendar-cli}/bin/calendar-cli --caldav-user ${user} --caldav-pass ${password}";
10in {
11  name = "radicale3";
12  meta.maintainers = with lib.maintainers; [ dotlambda ];
13
14  nodes.machine = { pkgs, ... }: {
15    services.radicale = {
16      enable = true;
17      settings = {
18        auth = {
19          type = "htpasswd";
20          htpasswd_filename = "/etc/radicale/users";
21          htpasswd_encryption = "bcrypt";
22        };
23        storage = {
24          inherit filesystem_folder;
25          hook = "git add -A && (git diff --cached --quiet || git commit -m 'Changes by '%(user)s)";
26        };
27        logging.level = "info";
28      };
29      rights = {
30        principal = {
31          user = ".+";
32          collection = "{user}";
33          permissions = "RW";
34        };
35        calendars = {
36          user = ".+";
37          collection = "{user}/[^/]+";
38          permissions = "rw";
39        };
40      };
41    };
42    systemd.services.radicale.path = [ pkgs.git ];
43    environment.systemPackages = [ pkgs.git ];
44    systemd.tmpfiles.rules = [ "d ${filesystem_folder} 0750 radicale radicale -" ];
45    # WARNING: DON'T DO THIS IN PRODUCTION!
46    # This puts unhashed secrets directly into the Nix store for ease of testing.
47    environment.etc."radicale/users".source = pkgs.runCommand "htpasswd" {} ''
48      ${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password}
49    '';
50  };
51  testScript = ''
52    machine.wait_for_unit("radicale.service")
53    machine.wait_for_open_port(${port})
54
55    machine.succeed("sudo -u radicale git -C ${filesystem_folder} init")
56    machine.succeed(
57        "sudo -u radicale git -C ${filesystem_folder} config --local user.email radicale@example.com"
58    )
59    machine.succeed(
60        "sudo -u radicale git -C ${filesystem_folder} config --local user.name radicale"
61    )
62
63    with subtest("Test calendar and event creation"):
64        machine.succeed(
65            "${cli} --caldav-url http://localhost:${port}/${user} calendar create cal"
66        )
67        machine.succeed("test -d ${filesystem_folder}/collection-root/${user}/cal")
68        machine.succeed('test -z "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
69        machine.succeed(
70            "${cli} --caldav-url http://localhost:${port}/${user}/cal calendar add 2021-04-23 testevent"
71        )
72        machine.succeed('test -n "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
73        (status, stdout) = machine.execute(
74            "sudo -u radicale git -C ${filesystem_folder} log --format=oneline | wc -l"
75        )
76        assert status == 0, "git log failed"
77        assert stdout == "3\n", "there should be exactly 3 commits"
78
79    with subtest("Test rights file"):
80        machine.fail(
81            "${cli} --caldav-url http://localhost:${port}/${user} calendar create sub/cal"
82        )
83        machine.fail(
84            "${cli} --caldav-url http://localhost:${port}/otheruser calendar create cal"
85        )
86
87    with subtest("Test web interface"):
88        machine.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/")
89
90    with subtest("Test security"):
91        output = machine.succeed("systemd-analyze security radicale.service")
92        machine.log(output)
93        assert output[-9:-1] == "SAFE :-}"
94  '';
95})