pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / miniflux.nix
at 24.11-pre 3.7 kB view raw
1import ./make-test-python.nix ({ pkgs, lib, ... }: 2 3let 4 port = 3142; 5 username = "alice"; 6 password = "correcthorsebatterystaple"; 7 defaultPort = 8080; 8 defaultUsername = "admin"; 9 defaultPassword = "password"; 10 adminCredentialsFile = pkgs.writeText "admin-credentials" '' 11 ADMIN_USERNAME=${defaultUsername} 12 ADMIN_PASSWORD=${defaultPassword} 13 ''; 14 customAdminCredentialsFile = pkgs.writeText "admin-credentials" '' 15 ADMIN_USERNAME=${username} 16 ADMIN_PASSWORD=${password} 17 ''; 18 postgresPassword = "correcthorsebatterystaple"; 19 postgresPasswordFile = pkgs.writeText "pgpass" '' 20 *:*:*:*:${postgresPassword} 21 ''; 22 23in 24{ 25 name = "miniflux"; 26 meta.maintainers = [ ]; 27 28 nodes = { 29 default = 30 { ... }: 31 { 32 security.apparmor.enable = true; 33 services.miniflux = { 34 enable = true; 35 inherit adminCredentialsFile; 36 }; 37 }; 38 39 withoutSudo = 40 { ... }: 41 { 42 security.apparmor.enable = true; 43 services.miniflux = { 44 enable = true; 45 inherit adminCredentialsFile; 46 }; 47 security.sudo.enable = false; 48 }; 49 50 customized = 51 { ... }: 52 { 53 security.apparmor.enable = true; 54 services.miniflux = { 55 enable = true; 56 config = { 57 CLEANUP_FREQUENCY = "48"; 58 LISTEN_ADDR = "localhost:${toString port}"; 59 }; 60 adminCredentialsFile = customAdminCredentialsFile; 61 }; 62 }; 63 64 postgresTcp = { config, pkgs, lib, ... }: { 65 services.postgresql = { 66 enable = true; 67 initialScript = pkgs.writeText "init-postgres" '' 68 CREATE USER miniflux WITH PASSWORD '${postgresPassword}'; 69 CREATE DATABASE miniflux WITH OWNER miniflux; 70 ''; 71 enableTCPIP = true; 72 authentication = '' 73 host sameuser miniflux samenet scram-sha-256 74 ''; 75 }; 76 systemd.services.postgresql.postStart = lib.mkAfter '' 77 $PSQL -tAd miniflux -c 'CREATE EXTENSION hstore;' 78 ''; 79 networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ]; 80 }; 81 externalDb = { ... }: { 82 security.apparmor.enable = true; 83 services.miniflux = { 84 enable = true; 85 createDatabaseLocally = false; 86 inherit adminCredentialsFile; 87 config = { 88 DATABASE_URL = "user=miniflux host=postgresTcp dbname=miniflux sslmode=disable"; 89 PGPASSFILE = "/run/miniflux/pgpass"; 90 }; 91 }; 92 systemd.services.miniflux.preStart = '' 93 cp ${postgresPasswordFile} /run/miniflux/pgpass 94 chmod 600 /run/miniflux/pgpass 95 ''; 96 }; 97 }; 98 testScript = '' 99 def runTest(machine, port, user): 100 machine.wait_for_unit("miniflux.service") 101 machine.wait_for_open_port(port) 102 machine.succeed(f"curl --fail 'http://localhost:{port}/healthcheck' | grep OK") 103 machine.succeed( 104 f"curl 'http://localhost:{port}/v1/me' -u '{user}' -H Content-Type:application/json | grep '\"is_admin\":true'" 105 ) 106 machine.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') 107 108 default.start() 109 withoutSudo.start() 110 customized.start() 111 postgresTcp.start() 112 113 runTest(default, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 114 runTest(withoutSudo, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 115 runTest(customized, ${toString port}, "${username}:${password}") 116 117 postgresTcp.wait_for_unit("postgresql.service") 118 externalDb.start() 119 runTest(externalDb, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 120 ''; 121})