nixos/tests/pinnwand.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / pinnwand.nix
at master 2.5 kB view raw
  1{
  2  pkgs,
  3  ...
  4}:
  5let
  6  port = 8000;
  7  baseUrl = "http://server:${toString port}";
  8in
  9{
 10  name = "pinnwand";
 11  meta = with pkgs.lib.maintainers; {
 12    maintainers = [ hexa ];
 13  };
 14
 15  nodes = {
 16    server =
 17      { config, ... }:
 18      {
 19        networking.firewall.allowedTCPPorts = [
 20          port
 21        ];
 22
 23        services.pinnwand = {
 24          enable = true;
 25          port = port;
 26        };
 27      };
 28
 29    client =
 30      { pkgs, ... }:
 31      {
 32        environment.systemPackages = [
 33          pkgs.steck
 34
 35          (pkgs.writers.writePython3Bin "setup-steck.py"
 36            {
 37              libraries = with pkgs.python3.pkgs; [
 38                appdirs
 39                toml
 40              ];
 41              flakeIgnore = [
 42                "E501"
 43              ];
 44            }
 45            ''
 46              import appdirs
 47              import toml
 48              import os
 49
 50              CONFIG = {
 51                  "base": "${baseUrl}/",
 52                  "confirm": False,
 53                  "magic": True,
 54                  "ignore": True
 55              }
 56
 57              os.makedirs(appdirs.user_config_dir('steck'))
 58              with open(os.path.join(appdirs.user_config_dir('steck'), 'steck.toml'), "w") as fd:
 59                  toml.dump(CONFIG, fd)
 60            ''
 61          )
 62        ];
 63      };
 64  };
 65
 66  testScript = ''
 67    start_all()
 68
 69    server.wait_for_unit("pinnwand.service")
 70    client.wait_for_unit("network.target")
 71
 72    # create steck.toml config file
 73    client.succeed("setup-steck.py")
 74
 75    # wait until the server running pinnwand is reachable
 76    client.wait_until_succeeds("ping -c1 server")
 77
 78    # make sure pinnwand is listening
 79    server.wait_for_open_port(${toString port})
 80
 81    # send the contents of /etc/machine-id
 82    response = client.succeed("steck paste /etc/machine-id")
 83
 84    # parse the steck response
 85    raw_url = None
 86    removal_link = None
 87    for line in response.split("\n"):
 88        if line.startswith("View link:"):
 89            raw_url = f"${baseUrl}/raw/{line.split('/')[-1]}"
 90        if line.startswith("Removal link:"):
 91            removal_link = line.split(":", 1)[1]
 92
 93    # check whether paste matches what we sent
 94    client.succeed(f"curl {raw_url} > /tmp/machine-id")
 95    client.succeed("diff /tmp/machine-id /etc/machine-id")
 96
 97    # remove paste and check that it's not available any more
 98    client.succeed(f"curl {removal_link}")
 99    client.fail(f"curl --fail {raw_url}")
100
101    server.log(server.execute("systemd-analyze security pinnwand | grep '✗'")[1])
102  '';
103}