nixos/tests/radicale.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / radicale.nix
at master 3.5 kB view raw
 1{ lib, pkgs, ... }:
 2
 3let
 4  user = "someuser";
 5  password = "some_password";
 6  port = "5232";
 7  filesystem_folder = "/data/radicale";
 8
 9  cli = "${lib.getExe pkgs.calendar-cli} --caldav-user ${user} --caldav-pass ${password}";
10in
11{
12  name = "radicale3";
13  meta.maintainers = with lib.maintainers; [ dotlambda ];
14
15  nodes.machine =
16    { pkgs, ... }:
17    {
18      services.radicale = {
19        enable = true;
20        settings = {
21          auth = {
22            type = "htpasswd";
23            htpasswd_filename = "/etc/radicale/users";
24            htpasswd_encryption = "bcrypt";
25          };
26          storage = {
27            inherit filesystem_folder;
28            hook = "git add -A && (git diff --cached --quiet || git commit -m 'Changes by '%(user)s)";
29          };
30          logging.level = "info";
31        };
32        rights = {
33          principal = {
34            user = ".+";
35            collection = "{user}";
36            permissions = "RW";
37          };
38          calendars = {
39            user = ".+";
40            collection = "{user}/[^/]+";
41            permissions = "rw";
42          };
43        };
44      };
45      systemd.services.radicale.path = [ pkgs.git ];
46      environment.systemPackages = [ pkgs.git ];
47      systemd.tmpfiles.rules = [ "d ${filesystem_folder} 0750 radicale radicale -" ];
48      # WARNING: DON'T DO THIS IN PRODUCTION!
49      # This puts unhashed secrets directly into the Nix store for ease of testing.
50      environment.etc."radicale/users".source = pkgs.runCommand "htpasswd" { } ''
51        ${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password}
52      '';
53    };
54  testScript = ''
55    machine.wait_for_unit("radicale.service")
56    machine.wait_for_open_port(${port})
57
58    machine.succeed("sudo -u radicale git -C ${filesystem_folder} init")
59    machine.succeed(
60        "sudo -u radicale git -C ${filesystem_folder} config --local user.email radicale@example.com"
61    )
62    machine.succeed(
63        "sudo -u radicale git -C ${filesystem_folder} config --local user.name radicale"
64    )
65
66    with subtest("Test calendar and event creation"):
67        machine.succeed(
68            "${cli} --caldav-url http://localhost:${port}/${user} calendar create cal"
69        )
70        machine.succeed("test -d ${filesystem_folder}/collection-root/${user}/cal")
71        machine.succeed('test -z "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
72        machine.succeed(
73            "${cli} --caldav-url http://localhost:${port}/${user}/cal calendar add 2021-04-23 testevent"
74        )
75        machine.succeed('test -n "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
76        (status, stdout) = machine.execute(
77            "sudo -u radicale git -C ${filesystem_folder} log --format=oneline | wc -l"
78        )
79        assert status == 0, "git log failed"
80        assert stdout == "3\n", "there should be exactly 3 commits"
81
82    with subtest("Test rights file"):
83        machine.fail(
84            "${cli} --caldav-url http://localhost:${port}/${user} calendar create sub/cal"
85        )
86        machine.fail(
87            "${cli} --caldav-url http://localhost:${port}/otheruser calendar create cal"
88        )
89
90    with subtest("Test web interface"):
91        machine.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/")
92
93    with subtest("Test security"):
94        output = machine.succeed("systemd-analyze security radicale.service")
95        machine.log(output)
96        assert output[-9:-1] == "SAFE :-}"
97  '';
98}