pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / miniflux.nix
at 25.11-pre 4.0 kB view raw
1import ./make-test-python.nix ( 2 { pkgs, lib, ... }: 3 4 let 5 port = 3142; 6 username = "alice"; 7 password = "correcthorsebatterystaple"; 8 defaultPort = 8080; 9 defaultUsername = "admin"; 10 defaultPassword = "password"; 11 adminCredentialsFile = pkgs.writeText "admin-credentials" '' 12 ADMIN_USERNAME=${defaultUsername} 13 ADMIN_PASSWORD=${defaultPassword} 14 ''; 15 customAdminCredentialsFile = pkgs.writeText "admin-credentials" '' 16 ADMIN_USERNAME=${username} 17 ADMIN_PASSWORD=${password} 18 ''; 19 postgresPassword = "correcthorsebatterystaple"; 20 postgresPasswordFile = pkgs.writeText "pgpass" '' 21 *:*:*:*:${postgresPassword} 22 ''; 23 24 in 25 { 26 name = "miniflux"; 27 meta.maintainers = [ ]; 28 29 nodes = { 30 default = 31 { ... }: 32 { 33 security.apparmor.enable = true; 34 services.miniflux = { 35 enable = true; 36 inherit adminCredentialsFile; 37 }; 38 }; 39 40 withoutSudo = 41 { ... }: 42 { 43 security.apparmor.enable = true; 44 services.miniflux = { 45 enable = true; 46 inherit adminCredentialsFile; 47 }; 48 security.sudo.enable = false; 49 }; 50 51 customized = 52 { ... }: 53 { 54 security.apparmor.enable = true; 55 services.miniflux = { 56 enable = true; 57 config = { 58 CLEANUP_FREQUENCY = "48"; 59 LISTEN_ADDR = "localhost:${toString port}"; 60 }; 61 adminCredentialsFile = customAdminCredentialsFile; 62 }; 63 }; 64 65 postgresTcp = 66 { 67 config, 68 pkgs, 69 lib, 70 ... 71 }: 72 { 73 services.postgresql = { 74 enable = true; 75 initialScript = pkgs.writeText "init-postgres" '' 76 CREATE USER miniflux WITH PASSWORD '${postgresPassword}'; 77 CREATE DATABASE miniflux WITH OWNER miniflux; 78 ''; 79 enableTCPIP = true; 80 authentication = '' 81 host sameuser miniflux samenet scram-sha-256 82 ''; 83 }; 84 systemd.services.postgresql.postStart = lib.mkAfter '' 85 $PSQL -tAd miniflux -c 'CREATE EXTENSION hstore;' 86 ''; 87 networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ]; 88 }; 89 externalDb = 90 { ... }: 91 { 92 security.apparmor.enable = true; 93 services.miniflux = { 94 enable = true; 95 createDatabaseLocally = false; 96 inherit adminCredentialsFile; 97 config = { 98 DATABASE_URL = "user=miniflux host=postgresTcp dbname=miniflux sslmode=disable"; 99 PGPASSFILE = "/run/miniflux/pgpass"; 100 }; 101 }; 102 systemd.services.miniflux.preStart = '' 103 cp ${postgresPasswordFile} /run/miniflux/pgpass 104 chmod 600 /run/miniflux/pgpass 105 ''; 106 }; 107 }; 108 testScript = '' 109 def runTest(machine, port, user): 110 machine.wait_for_unit("miniflux.service") 111 machine.wait_for_open_port(port) 112 machine.succeed(f"curl --fail 'http://localhost:{port}/healthcheck' | grep OK") 113 machine.succeed( 114 f"curl 'http://localhost:{port}/v1/me' -u '{user}' -H Content-Type:application/json | grep '\"is_admin\":true'" 115 ) 116 machine.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') 117 118 default.start() 119 withoutSudo.start() 120 customized.start() 121 postgresTcp.start() 122 123 runTest(default, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 124 runTest(withoutSudo, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 125 runTest(customized, ${toString port}, "${username}:${password}") 126 127 postgresTcp.wait_for_unit("postgresql.service") 128 externalDb.start() 129 runTest(externalDb, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 130 ''; 131 } 132)