nixos/tests/discourse.nix at 2bccbf892e4e8c342f2dac4d893fbba0a0a1319f · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / discourse.nix
at 2bccbf892e4e8c342f2dac4d893fbba0a0a1319f 7.2 kB view raw
  1# This tests Discourse by:
  2#  1. logging in as the admin user
  3#  2. sending a private message to the admin user through the API
  4#  3. replying to that message via email.
  5
  6{
  7  lib,
  8  package,
  9  pkgs,
 10  ...
 11}:
 12let
 13  certs = import ./common/acme/server/snakeoil-certs.nix;
 14  clientDomain = "client.fake.domain";
 15  discourseDomain = certs.domain;
 16  adminPassword = "eYAX85qmMJ5GZIHLaXGDAoszD7HSZp5d";
 17  secretKeyBase = "381f4ac6d8f5e49d804dae72aa9c046431d2f34c656a705c41cd52fed9b4f6f76f51549f0b55db3b8b0dded7a00d6a381ebe9a4367d2d44f5e743af6628b4d42";
 18  admin = {
 19    email = "alice@${clientDomain}";
 20    username = "alice";
 21    fullName = "Alice Admin";
 22    passwordFile = "${pkgs.writeText "admin-pass" adminPassword}";
 23  };
 24in
 25{
 26  name = "discourse";
 27  meta.maintainers = with lib.maintainers; [ talyz ];
 28
 29  nodes.discourse =
 30    { nodes, ... }:
 31    {
 32      virtualisation.memorySize = 2048;
 33      virtualisation.cores = 4;
 34      virtualisation.useNixStoreImage = true;
 35      virtualisation.writableStore = false;
 36
 37      imports = [ common/user-account.nix ];
 38
 39      security.pki.certificateFiles = [
 40        certs.ca.cert
 41      ];
 42
 43      networking.extraHosts = ''
 44        127.0.0.1 ${discourseDomain}
 45        ${nodes.client.networking.primaryIPAddress} ${clientDomain}
 46      '';
 47
 48      services.postfix = {
 49        enableSubmission = true;
 50        enableSubmissions = true;
 51        submissionsOptions = {
 52          smtpd_sasl_auth_enable = "yes";
 53          smtpd_client_restrictions = "permit";
 54        };
 55      };
 56
 57      environment.systemPackages = [ pkgs.jq ];
 58
 59      services.postgresql.package = pkgs.postgresql_15;
 60
 61      services.discourse = {
 62        enable = true;
 63        inherit admin package;
 64        hostname = discourseDomain;
 65        sslCertificate = "${certs.${discourseDomain}.cert}";
 66        sslCertificateKey = "${certs.${discourseDomain}.key}";
 67        secretKeyBaseFile = "${pkgs.writeText "secret-key-base" secretKeyBase}";
 68        enableACME = false;
 69        mail.outgoing.serverAddress = clientDomain;
 70        mail.incoming.enable = true;
 71        siteSettings = {
 72          posting = {
 73            min_post_length = 5;
 74            min_first_post_length = 5;
 75            min_personal_message_post_length = 5;
 76          };
 77        };
 78        unicornTimeout = 900;
 79      };
 80
 81      networking.firewall.allowedTCPPorts = [
 82        25
 83        465
 84      ];
 85    };
 86
 87  nodes.client =
 88    { nodes, ... }:
 89    {
 90      imports = [ common/user-account.nix ];
 91
 92      security.pki.certificateFiles = [
 93        certs.ca.cert
 94      ];
 95
 96      networking.extraHosts = ''
 97        127.0.0.1 ${clientDomain}
 98        ${nodes.discourse.networking.primaryIPAddress} ${discourseDomain}
 99      '';
100
101      services.dovecot2 = {
102        enable = true;
103        protocols = [ "imap" ];
104      };
105
106      services.postfix = {
107        enable = true;
108        settings.main = {
109          compatibility_level = "2";
110          mydestination = [ clientDomain ];
111          myhostname = clientDomain;
112          origin = clientDomain;
113          relay_domains = [ clientDomain ];
114          smtpd_banner = "ESMTP server";
115        };
116      };
117
118      environment.systemPackages =
119        let
120          replyToEmail = pkgs.writeScriptBin "reply-to-email" ''
121            #!${pkgs.python3.interpreter}
122            import imaplib
123            import smtplib
124            import ssl
125            import email.header
126            from email import message_from_bytes
127            from email.message import EmailMessage
128
129            with imaplib.IMAP4('localhost') as imap:
130                imap.login('alice', 'foobar')
131                imap.select()
132                status, data = imap.search(None, 'ALL')
133                assert status == 'OK'
134
135                nums = data[0].split()
136                assert len(nums) == 1
137
138                status, msg_data = imap.fetch(nums[0], '(RFC822)')
139                assert status == 'OK'
140
141            msg = email.message_from_bytes(msg_data[0][1])
142            subject = str(email.header.make_header(email.header.decode_header(msg['Subject'])))
143            reply_to = email.header.decode_header(msg['Reply-To'])[0][0]
144            message_id = email.header.decode_header(msg['Message-ID'])[0][0]
145            date = email.header.decode_header(msg['Date'])[0][0]
146
147            ctx = ssl.create_default_context()
148            with smtplib.SMTP_SSL(host='${discourseDomain}', context=ctx) as smtp:
149                reply = EmailMessage()
150                reply['Subject'] = 'Re: ' + subject
151                reply['To'] = reply_to
152                reply['From'] = 'alice@${clientDomain}'
153                reply['In-Reply-To'] = message_id
154                reply['References'] = message_id
155                reply['Date'] = date
156                reply.set_content("Test reply.")
157
158                smtp.send_message(reply)
159                smtp.quit()
160          '';
161        in
162        [ replyToEmail ];
163
164      networking.firewall.allowedTCPPorts = [ 25 ];
165    };
166
167  testScript =
168    { nodes }:
169    let
170      request = builtins.toJSON {
171        title = "Private message";
172        raw = "This is a test message.";
173        target_recipients = admin.username;
174        archetype = "private_message";
175      };
176    in
177    ''
178      discourse.start()
179      client.start()
180
181      discourse.wait_for_unit("discourse.service")
182      discourse.wait_for_file("/run/discourse/sockets/unicorn.sock")
183      discourse.wait_until_succeeds("curl -sS -f https://${discourseDomain}")
184      discourse.succeed(
185          "curl -sS -f https://${discourseDomain}/session/csrf -c cookie -b cookie -H 'Accept: application/json' | jq -r '\"X-CSRF-Token: \" + .csrf' > csrf_token",
186          "curl -sS -f https://${discourseDomain}/session -c cookie -b cookie -H @csrf_token -H 'Accept: application/json' -d 'login=${nodes.discourse.services.discourse.admin.username}' -d \"password=${adminPassword}\" | jq -e '.user.username == \"${nodes.discourse.services.discourse.admin.username}\"'",
187          "curl -sS -f https://${discourseDomain}/login -v -H 'Accept: application/json' -c cookie -b cookie 2>&1 | grep ${nodes.discourse.services.discourse.admin.username}",
188      )
189
190      client.wait_for_unit("postfix.service")
191      client.wait_for_unit("dovecot2.service")
192
193      discourse.succeed(
194          "sudo -u discourse discourse-rake api_key:create_master[master] >api_key",
195          'curl -sS -f https://${discourseDomain}/posts -X POST -H "Content-Type: application/json" -H "Api-Key: $(<api_key)" -H "Api-Username: system" -d \'${request}\' ',
196      )
197
198      client.wait_until_succeeds("reply-to-email")
199
200      discourse.wait_until_succeeds(
201          'curl -sS -f https://${discourseDomain}/topics/private-messages/system -H "Accept: application/json" -H "Api-Key: $(<api_key)" -H "Api-Username: system" | jq -e \'if .topic_list.topics[0].id != null then .topic_list.topics[0].id else null end\' >topic_id'
202      )
203      discourse.succeed(
204          'curl -sS -f https://${discourseDomain}/t/$(<topic_id) -H "Accept: application/json" -H "Api-Key: $(<api_key)" -H "Api-Username: system" | jq -e \'if .post_stream.posts[1].cooked == "<p>Test reply.</p>" then true else null end\' '
205      )
206    '';
207}