nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / nextcloud / with-declarative-redis-and-secrets.nix
at master 3.4 kB view raw
  1{
  2  name,
  3  pkgs,
  4  testBase,
  5  system,
  6  ...
  7}:
  8
  9with import ../../lib/testing-python.nix { inherit system pkgs; };
 10runTest (
 11  { config, lib, ... }:
 12  let
 13    inherit (config) adminuser;
 14  in
 15  {
 16    inherit name;
 17    meta.maintainers = lib.teams.nextcloud.members;
 18
 19    imports = [ testBase ];
 20
 21    nodes = {
 22      nextcloud =
 23        { config, pkgs, ... }:
 24        {
 25          environment.systemPackages = [ pkgs.jq ];
 26          services.nextcloud = {
 27            caching = {
 28              apcu = false;
 29              redis = true;
 30              memcached = false;
 31            };
 32            notify_push = {
 33              enable = true;
 34              bendDomainToLocalhost = true;
 35              logLevel = "debug";
 36            };
 37            extraAppsEnable = true;
 38            extraApps.notify_push = config.services.nextcloud.package.packages.apps.notify_push;
 39            # This test also validates that we can use an "external" database
 40            database.createLocally = false;
 41            config = {
 42              dbtype = "pgsql";
 43              dbname = "nextcloud";
 44              dbuser = adminuser;
 45              dbpassFile = config.services.nextcloud.config.adminpassFile;
 46            };
 47
 48            secretFile = "/etc/nextcloud-secrets.json";
 49
 50            settings = {
 51              allow_local_remote_servers = true;
 52              redis = {
 53                dbindex = 0;
 54                timeout = 1.5;
 55                # password handled via secretfile below
 56              };
 57            };
 58            configureRedis = true;
 59          };
 60
 61          services.redis.servers."nextcloud" = {
 62            enable = true;
 63            port = 6379;
 64            requirePass = "secret";
 65          };
 66
 67          systemd.services.nextcloud-setup = {
 68            requires = [ "postgresql.target" ];
 69            after = [ "postgresql.target" ];
 70          };
 71
 72          services.postgresql = {
 73            enable = true;
 74          };
 75          systemd.services.postgresql-setup.postStart = ''
 76            password=$(cat ${config.services.nextcloud.config.dbpassFile})
 77            ${config.services.postgresql.package}/bin/psql <<EOF
 78              CREATE ROLE ${adminuser} WITH LOGIN PASSWORD '$password' CREATEDB;
 79              CREATE DATABASE nextcloud;
 80              ALTER DATABASE nextcloud OWNER to ${adminuser};
 81            EOF
 82          '';
 83
 84          # This file is meant to contain secret options which should
 85          # not go into the nix store. Here it is just used to set the
 86          # redis password.
 87          environment.etc."nextcloud-secrets.json" = {
 88            mode = "0600";
 89            text = builtins.toJSON {
 90              redis.password = "secret";
 91            };
 92          };
 93        };
 94    };
 95
 96    test-helpers.extraTests = ''
 97      with subtest("non-empty redis cache"):
 98          # redis cache should not be empty
 99          assert nextcloud.succeed('redis-cli --pass secret --json KEYS "*" | jq length').strip() != "0", """
100            redis-cli for keys * returned 0 entries
101          """
102
103      with subtest("notify-push"):
104          client.execute("${lib.getExe pkgs.nextcloud-notify_push.passthru.test_client} http://nextcloud ${config.adminuser} ${config.adminpass} >&2 &")
105          nextcloud.wait_until_succeeds("journalctl -u nextcloud-notify_push | grep -q \"Sending ping to ${config.adminuser}\"")
106    '';
107  }
108)