pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / radicale.nix
at 25.11-pre 3.7 kB view raw
1import ./make-test-python.nix ( 2 { lib, pkgs, ... }: 3 4 let 5 user = "someuser"; 6 password = "some_password"; 7 port = "5232"; 8 filesystem_folder = "/data/radicale"; 9 10 cli = "${lib.getExe pkgs.calendar-cli} --caldav-user ${user} --caldav-pass ${password}"; 11 in 12 { 13 name = "radicale3"; 14 meta.maintainers = with lib.maintainers; [ dotlambda ]; 15 16 nodes.machine = 17 { pkgs, ... }: 18 { 19 services.radicale = { 20 enable = true; 21 settings = { 22 auth = { 23 type = "htpasswd"; 24 htpasswd_filename = "/etc/radicale/users"; 25 htpasswd_encryption = "bcrypt"; 26 }; 27 storage = { 28 inherit filesystem_folder; 29 hook = "git add -A && (git diff --cached --quiet || git commit -m 'Changes by '%(user)s)"; 30 }; 31 logging.level = "info"; 32 }; 33 rights = { 34 principal = { 35 user = ".+"; 36 collection = "{user}"; 37 permissions = "RW"; 38 }; 39 calendars = { 40 user = ".+"; 41 collection = "{user}/[^/]+"; 42 permissions = "rw"; 43 }; 44 }; 45 }; 46 systemd.services.radicale.path = [ pkgs.git ]; 47 environment.systemPackages = [ pkgs.git ]; 48 systemd.tmpfiles.rules = [ "d ${filesystem_folder} 0750 radicale radicale -" ]; 49 # WARNING: DON'T DO THIS IN PRODUCTION! 50 # This puts unhashed secrets directly into the Nix store for ease of testing. 51 environment.etc."radicale/users".source = pkgs.runCommand "htpasswd" { } '' 52 ${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password} 53 ''; 54 }; 55 testScript = '' 56 machine.wait_for_unit("radicale.service") 57 machine.wait_for_open_port(${port}) 58 59 machine.succeed("sudo -u radicale git -C ${filesystem_folder} init") 60 machine.succeed( 61 "sudo -u radicale git -C ${filesystem_folder} config --local user.email radicale@example.com" 62 ) 63 machine.succeed( 64 "sudo -u radicale git -C ${filesystem_folder} config --local user.name radicale" 65 ) 66 67 with subtest("Test calendar and event creation"): 68 machine.succeed( 69 "${cli} --caldav-url http://localhost:${port}/${user} calendar create cal" 70 ) 71 machine.succeed("test -d ${filesystem_folder}/collection-root/${user}/cal") 72 machine.succeed('test -z "$(ls ${filesystem_folder}/collection-root/${user}/cal)"') 73 machine.succeed( 74 "${cli} --caldav-url http://localhost:${port}/${user}/cal calendar add 2021-04-23 testevent" 75 ) 76 machine.succeed('test -n "$(ls ${filesystem_folder}/collection-root/${user}/cal)"') 77 (status, stdout) = machine.execute( 78 "sudo -u radicale git -C ${filesystem_folder} log --format=oneline | wc -l" 79 ) 80 assert status == 0, "git log failed" 81 assert stdout == "3\n", "there should be exactly 3 commits" 82 83 with subtest("Test rights file"): 84 machine.fail( 85 "${cli} --caldav-url http://localhost:${port}/${user} calendar create sub/cal" 86 ) 87 machine.fail( 88 "${cli} --caldav-url http://localhost:${port}/otheruser calendar create cal" 89 ) 90 91 with subtest("Test web interface"): 92 machine.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/") 93 94 with subtest("Test security"): 95 output = machine.succeed("systemd-analyze security radicale.service") 96 machine.log(output) 97 assert output[-9:-1] == "SAFE :-}" 98 ''; 99 } 100)