pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / web-apps / mastodon / remote-postgresql.nix
at 23.11-pre 4.3 kB view raw
1import ../../make-test-python.nix ({pkgs, ...}: 2let 3 cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' 4 openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=mastodon.local' -days 36500 5 mkdir -p $out 6 cp key.pem cert.pem $out 7 ''; 8 9 hosts = '' 10 192.168.2.103 mastodon.local 11 ''; 12 13in 14{ 15 name = "mastodon-remote-postgresql"; 16 meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin turion ]; 17 18 nodes = { 19 database = { 20 networking = { 21 interfaces.eth1 = { 22 ipv4.addresses = [ 23 { address = "192.168.2.102"; prefixLength = 24; } 24 ]; 25 }; 26 extraHosts = hosts; 27 firewall.allowedTCPPorts = [ 5432 ]; 28 }; 29 30 services.postgresql = { 31 enable = true; 32 enableTCPIP = true; 33 authentication = '' 34 hostnossl mastodon_local mastodon_test 192.168.2.201/32 md5 35 ''; 36 initialScript = pkgs.writeText "postgresql_init.sql" '' 37 CREATE ROLE mastodon_test LOGIN PASSWORD 'SoDTZcISc3f1M1LJsRLT'; 38 CREATE DATABASE mastodon_local TEMPLATE template0 ENCODING UTF8; 39 GRANT ALL PRIVILEGES ON DATABASE mastodon_local TO mastodon_test; 40 ''; 41 }; 42 }; 43 44 nginx = { 45 networking = { 46 interfaces.eth1 = { 47 ipv4.addresses = [ 48 { address = "192.168.2.103"; prefixLength = 24; } 49 ]; 50 }; 51 extraHosts = hosts; 52 firewall.allowedTCPPorts = [ 80 443 ]; 53 }; 54 55 security = { 56 pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; 57 }; 58 59 services.nginx = { 60 enable = true; 61 recommendedProxySettings = true; 62 virtualHosts."mastodon.local" = { 63 root = "/var/empty"; 64 forceSSL = true; 65 enableACME = pkgs.lib.mkForce false; 66 sslCertificate = "${cert pkgs}/cert.pem"; 67 sslCertificateKey = "${cert pkgs}/key.pem"; 68 locations."/" = { 69 tryFiles = "$uri @proxy"; 70 }; 71 locations."@proxy" = { 72 proxyPass = "http://192.168.2.201:55001"; 73 proxyWebsockets = true; 74 }; 75 locations."/api/v1/streaming/" = { 76 proxyPass = "http://192.168.2.201:55002"; 77 proxyWebsockets = true; 78 }; 79 }; 80 }; 81 }; 82 83 server = { pkgs, ... }: { 84 virtualisation.memorySize = 2048; 85 86 environment = { 87 etc = { 88 "mastodon/password-posgressql-db".text = '' 89 SoDTZcISc3f1M1LJsRLT 90 ''; 91 }; 92 }; 93 94 networking = { 95 interfaces.eth1 = { 96 ipv4.addresses = [ 97 { address = "192.168.2.201"; prefixLength = 24; } 98 ]; 99 }; 100 extraHosts = hosts; 101 firewall.allowedTCPPorts = [ 55001 55002 ]; 102 }; 103 104 services.mastodon = { 105 enable = true; 106 configureNginx = false; 107 localDomain = "mastodon.local"; 108 enableUnixSocket = false; 109 database = { 110 createLocally = false; 111 host = "192.168.2.102"; 112 port = 5432; 113 name = "mastodon_local"; 114 user = "mastodon_test"; 115 passwordFile = "/etc/mastodon/password-posgressql-db"; 116 }; 117 smtp = { 118 createLocally = false; 119 fromAddress = "mastodon@mastodon.local"; 120 }; 121 extraConfig = { 122 BIND = "0.0.0.0"; 123 EMAIL_DOMAIN_ALLOWLIST = "example.com"; 124 RAILS_SERVE_STATIC_FILES = "true"; 125 TRUSTED_PROXY_IP = "192.168.2.103"; 126 }; 127 }; 128 }; 129 130 client = { pkgs, ... }: { 131 environment.systemPackages = [ pkgs.jq ]; 132 networking = { 133 interfaces.eth1 = { 134 ipv4.addresses = [ 135 { address = "192.168.2.202"; prefixLength = 24; } 136 ]; 137 }; 138 extraHosts = hosts; 139 }; 140 141 security = { 142 pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; 143 }; 144 }; 145 }; 146 147 testScript = import ./script.nix { 148 inherit pkgs; 149 extraInit = '' 150 nginx.wait_for_unit("nginx.service") 151 nginx.wait_for_open_port(443) 152 database.wait_for_unit("postgresql.service") 153 database.wait_for_open_port(5432) 154 ''; 155 extraShutdown = '' 156 nginx.shutdown() 157 database.shutdown() 158 ''; 159 }; 160})