pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / miniflux.nix
at master 3.8 kB view raw
1{ pkgs, lib, ... }: 2 3let 4 port = 3142; 5 username = "alice"; 6 password = "correcthorsebatterystaple"; 7 defaultPort = 8080; 8 defaultUsername = "admin"; 9 defaultPassword = "password"; 10 adminCredentialsFile = pkgs.writeText "admin-credentials" '' 11 ADMIN_USERNAME=${defaultUsername} 12 ADMIN_PASSWORD=${defaultPassword} 13 ''; 14 customAdminCredentialsFile = pkgs.writeText "admin-credentials" '' 15 ADMIN_USERNAME=${username} 16 ADMIN_PASSWORD=${password} 17 ''; 18 postgresPassword = "correcthorsebatterystaple"; 19 postgresPasswordFile = pkgs.writeText "pgpass" '' 20 *:*:*:*:${postgresPassword} 21 ''; 22 23in 24{ 25 name = "miniflux"; 26 meta.maintainers = [ ]; 27 28 nodes = { 29 default = 30 { ... }: 31 { 32 security.apparmor.enable = true; 33 services.miniflux = { 34 enable = true; 35 inherit adminCredentialsFile; 36 }; 37 }; 38 39 withoutSudo = 40 { ... }: 41 { 42 security.apparmor.enable = true; 43 services.miniflux = { 44 enable = true; 45 inherit adminCredentialsFile; 46 }; 47 security.sudo.enable = false; 48 }; 49 50 customized = 51 { ... }: 52 { 53 security.apparmor.enable = true; 54 services.miniflux = { 55 enable = true; 56 config = { 57 CLEANUP_FREQUENCY = "48"; 58 LISTEN_ADDR = "localhost:${toString port}"; 59 }; 60 adminCredentialsFile = customAdminCredentialsFile; 61 }; 62 }; 63 64 postgresTcp = 65 { 66 config, 67 pkgs, 68 lib, 69 ... 70 }: 71 { 72 services.postgresql = { 73 enable = true; 74 initialScript = pkgs.writeText "init-postgres" '' 75 CREATE USER miniflux WITH PASSWORD '${postgresPassword}'; 76 CREATE DATABASE miniflux WITH OWNER miniflux; 77 ''; 78 enableTCPIP = true; 79 authentication = '' 80 host sameuser miniflux samenet scram-sha-256 81 ''; 82 }; 83 systemd.services.postgresql-setup.postStart = lib.mkAfter '' 84 psql -tAd miniflux -c 'CREATE EXTENSION hstore;' 85 ''; 86 networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ]; 87 }; 88 externalDb = 89 { ... }: 90 { 91 security.apparmor.enable = true; 92 services.miniflux = { 93 enable = true; 94 createDatabaseLocally = false; 95 inherit adminCredentialsFile; 96 config = { 97 DATABASE_URL = "user=miniflux host=postgresTcp dbname=miniflux sslmode=disable"; 98 PGPASSFILE = "/run/miniflux/pgpass"; 99 }; 100 }; 101 systemd.services.miniflux.preStart = '' 102 cp ${postgresPasswordFile} /run/miniflux/pgpass 103 chmod 600 /run/miniflux/pgpass 104 ''; 105 }; 106 }; 107 testScript = '' 108 def runTest(machine, port, user): 109 machine.wait_for_unit("miniflux.service") 110 machine.wait_for_open_port(port) 111 machine.succeed(f"curl --fail 'http://localhost:{port}/healthcheck' | grep OK") 112 machine.succeed( 113 f"curl 'http://localhost:{port}/v1/me' -u '{user}' -H Content-Type:application/json | grep '\"is_admin\":true'" 114 ) 115 machine.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') 116 117 default.start() 118 withoutSudo.start() 119 customized.start() 120 postgresTcp.start() 121 122 runTest(default, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 123 runTest(withoutSudo, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 124 runTest(customized, ${toString port}, "${username}:${password}") 125 126 postgresTcp.wait_for_unit("postgresql.target") 127 externalDb.start() 128 runTest(externalDb, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") 129 ''; 130}