pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / canaille.nix
at master 1.6 kB view raw
1{ pkgs, ... }: 2let 3 certs = import ./common/acme/server/snakeoil-certs.nix; 4 inherit (certs) domain; 5in 6{ 7 name = "canaille"; 8 meta.maintainers = with pkgs.lib.maintainers; [ erictapen ]; 9 10 nodes.server = 11 { pkgs, lib, ... }: 12 { 13 services.canaille = { 14 enable = true; 15 secretKeyFile = pkgs.writeText "canaille-secret-key" '' 16 this is not a secret key 17 ''; 18 settings = { 19 SERVER_NAME = domain; 20 }; 21 }; 22 23 services.nginx.virtualHosts."${domain}" = { 24 enableACME = lib.mkForce false; 25 sslCertificate = certs."${domain}".cert; 26 sslCertificateKey = certs."${domain}".key; 27 }; 28 29 networking.hosts."::1" = [ "${domain}" ]; 30 networking.firewall.allowedTCPPorts = [ 31 80 32 443 33 ]; 34 35 users.users.canaille.shell = pkgs.bashInteractive; 36 37 security.pki.certificateFiles = [ certs.ca.cert ]; 38 }; 39 40 nodes.client = 41 { nodes, ... }: 42 { 43 networking.hosts."${nodes.server.networking.primaryIPAddress}" = [ "${domain}" ]; 44 security.pki.certificateFiles = [ certs.ca.cert ]; 45 }; 46 47 testScript = 48 { ... }: 49 '' 50 import json 51 52 start_all() 53 server.wait_for_unit("canaille.socket") 54 server.wait_until_succeeds("curl -f https://${domain}") 55 server.succeed("sudo -iu canaille -- canaille create user --user-name admin --password adminpass --emails admin@${domain}") 56 json_str = server.succeed("sudo -iu canaille -- canaille get user") 57 assert json.loads(json_str)[0]["user_name"] == "admin" 58 server.succeed("sudo -iu canaille -- canaille config check") 59 ''; 60}