···
2
-
End-to-end test for Akkoma.
4
-
Based in part on nixos/tests/pleroma.
1
+
# end‐to‐end test for Akkoma
9
+
inherit ((pkgs.formats.elixirConf { }).lib) mkRaw;
6
-
TODO: Test federation.
8
-
import ./make-test-python.nix (
11
-
package ? pkgs.akkoma,
16
-
userPassword = "4LKOrGo8SgbPm1a6NclVU5Wb";
18
-
provisionUser = pkgs.writers.writeBashBin "provisionUser" ''
19
-
set -eu -o errtrace -o pipefail
21
-
pleroma_ctl user new jamy jamy@nixos.test --password '${userPassword}' --moderator --admin -y
25
-
pkgs.runCommand "selfSignedCerts"
27
-
nativeBuildInputs = with pkgs; [ openssl ];
32
-
-subj '/CN=akkoma.nixos.test/' -days 49710 \
33
-
-addext 'subjectAltName = DNS:akkoma.nixos.test' \
34
-
-keyout "$out/key.pem" -newkey ed25519 \
35
-
-out "$out/cert.pem" -noenc
11
+
package = pkgs.akkoma;
38
-
sendToot = pkgs.writers.writeBashBin "sendToot" ''
39
-
set -eu -o errtrace -o pipefail
15
+
pkgs.runCommand "certificates-${lib.head names}"
17
+
nativeBuildInputs = with pkgs; [ openssl ];
22
+
-subj '/CN=${lib.head names}/' -days 49710 \
23
+
-addext 'subjectAltName = ${lib.concatStringsSep ", " (map (name: "DNS:${name}") names)}' \
24
+
-keyout "$out/key.pem" -newkey ed25519 \
25
+
-out "$out/cert.pem" -noenc
41
-
export REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"
28
+
tlsCertA = tlsCert [
29
+
"akkoma-a.nixos.test"
30
+
"media.akkoma-a.nixos.test"
43
-
${pkgs.toot}/bin/toot login_cli -i "akkoma.nixos.test" -e "jamy@nixos.test" -p '${userPassword}'
44
-
${pkgs.toot}/bin/toot post "hello world Jamy here"
45
-
${pkgs.toot}/bin/toot timeline -1 | grep -F -q "hello world Jamy here"
33
+
tlsCertB = tlsCert [
34
+
"akkoma-b.nixos.test"
35
+
"media.akkoma-b.nixos.test"
48
-
echo "y" | ${pkgs.toot}/bin/toot upload <(dd if=/dev/zero bs=1024 count=1024 status=none) \
49
-
| grep -F -q "https://akkoma.nixos.test:443/media"
38
+
testMedia = pkgs.runCommand "blank.png" { nativeBuildInputs = with pkgs; [ imagemagick ]; } ''
39
+
magick -size 640x480 canvas:transparent "PNG8:$out"
52
-
checkFe = pkgs.writers.writeBashBin "checkFe" ''
53
-
set -eu -o errtrace -o pipefail
42
+
checkFe = pkgs.writeShellApplication {
44
+
runtimeInputs = with pkgs; [ curl ];
paths=( / /static/{config,styles}.json /pleroma/admin/ )
for path in "''${paths[@]}"; do
59
-
<(${pkgs.curl}/bin/curl -f -S -s -o /dev/null -w '%{response_code}' "https://akkoma.nixos.test$path") \
50
+
<(curl -f -S -s -o /dev/null -w '%{response_code}' "https://$1$path") \
65
-
${nodes.akkoma.networking.primaryIPAddress} akkoma.nixos.test
66
-
${nodes.client.networking.primaryIPAddress} client.nixos.test
80
-
security.pki.certificateFiles = [ "${tlsCert}/cert.pem" ];
81
-
networking.extraHosts = hosts nodes;
59
+
security.pki.certificateFiles = [
60
+
"${tlsCertA}/cert.pem"
61
+
"${tlsCertB}/cert.pem"
64
+
networking.extraHosts = ''
65
+
${nodes.akkoma-a.networking.primaryIPAddress} akkoma-a.nixos.test media.akkoma-a.nixos.test
66
+
${nodes.akkoma-b.networking.primaryIPAddress} akkoma-b.nixos.test media.akkoma-b.nixos.test
67
+
${nodes.client-a.networking.primaryIPAddress} client-a.nixos.test
68
+
${nodes.client-b.networking.primaryIPAddress} client-b.nixos.test
76
+
sessionVariables = {
77
+
REQUESTS_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt";
79
+
systemPackages = with pkgs; [ toot ];
92
-
networking.extraHosts = hosts nodes;
93
-
networking.firewall.allowedTCPPorts = [ 443 ];
94
-
environment.systemPackages = with pkgs; [ provisionUser ];
95
-
systemd.services.akkoma.confinement.enable = confined;
84
+
{ config, pkgs, ... }:
87
+
domain = "nixos.test";
88
+
firewall.allowedTCPPorts = [ 443 ];
103
-
name = "NixOS test Akkoma server";
104
-
description = "NixOS test Akkoma server";
105
-
email = "akkoma@nixos.test";
106
-
notify_email = "akkoma@nixos.test";
107
-
registration_open = true;
91
+
systemd.services.akkoma.confinement.enable = confined;
99
+
name = "NixOS test Akkoma server";
100
+
description = "NixOS test Akkoma server";
101
+
email = "akkoma@nixos.test";
102
+
notify_email = "akkoma@nixos.test";
103
+
registration_open = true;
114
-
"Pleroma.Web.Endpoint" = {
115
-
url.host = "akkoma.nixos.test";
117
-
"Pleroma.Upload" = {
118
-
base_url = "https://akkoma.nixos.test:443/media/";
110
+
"Pleroma.Web.Endpoint" = {
111
+
url.host = config.networking.fqdn;
125
-
sslCertificate = "${tlsCert}/cert.pem";
126
-
sslCertificateKey = "${tlsCert}/key.pem";
114
+
"Pleroma.Upload" = {
115
+
base_url = "https://media.${config.networking.fqdn}/media/";
118
+
# disable certificate verification until we figure out how to
119
+
# supply our own certificates
120
+
":http".adapter.pools = mkRaw "%{default: [conn_opts: [transport_opts: [verify: :verify_none]]]}";
130
-
services.nginx.enable = true;
131
-
services.postgresql.enable = true;
124
+
nginx.addSSL = true;
127
+
services.nginx.enable = true;
128
+
services.postgresql.enable = true;
160
+
services.akkoma.nginx = {
161
+
sslCertificate = "${tlsCertA}/cert.pem";
162
+
sslCertificateKey = "${tlsCertA}/key.pem";
174
+
services.akkoma.nginx = {
175
+
sslCertificate = "${tlsCertB}/cert.pem";
176
+
sslCertificateKey = "${tlsCertB}/key.pem";
185
+
from shlex import quote
187
+
def randomString(len):
188
+
return "".join(random.choice(string.ascii_letters + string.digits) for _ in range(len))
190
+
def registerUser(user, password):
191
+
return 'pleroma_ctl user new {0} {0}@nixos.test --password {1} -y'.format(
192
+
quote(user), quote(password))
194
+
def loginUser(instance, user, password):
195
+
return 'toot login_cli -i {}.nixos.test -e {}@nixos.test -p {}'.format(
196
+
quote(instance), quote(user), quote(password))
198
+
userAName = randomString(11)
199
+
userBName = randomString(11)
200
+
userAPassword = randomString(22)
201
+
userBPassword = randomString(22)
203
+
testMessage = randomString(22)
204
+
testMedia = '${testMedia}'
207
+
akkoma_a.wait_for_unit('akkoma-initdb.service')
208
+
akkoma_b.wait_for_unit('akkoma-initdb.service')
210
+
# test repeated initialisation
211
+
akkoma_a.systemctl('restart akkoma-initdb.service')
213
+
akkoma_a.wait_for_unit('akkoma.service')
214
+
akkoma_b.wait_for_unit('akkoma.service')
215
+
akkoma_a.wait_for_file('/run/akkoma/socket');
216
+
akkoma_b.wait_for_file('/run/akkoma/socket');
218
+
akkoma_a.succeed(registerUser(userAName, userAPassword))
219
+
akkoma_b.succeed(registerUser(userBName, userBPassword))
139
-
akkoma.wait_for_unit('akkoma-initdb.service')
140
-
akkoma.systemctl('restart akkoma-initdb.service') # test repeated initialisation
141
-
akkoma.wait_for_unit('akkoma.service')
142
-
akkoma.wait_for_file('/run/akkoma/socket');
143
-
akkoma.succeed('${provisionUser}/bin/provisionUser')
144
-
akkoma.wait_for_unit('nginx.service')
145
-
client.succeed('${sendToot}/bin/sendToot')
146
-
client.succeed('${checkFe}/bin/checkFe')
221
+
akkoma_a.wait_for_unit('nginx.service')
222
+
akkoma_b.wait_for_unit('nginx.service')
224
+
client_a.succeed(loginUser('akkoma-a', userAName, userAPassword))
225
+
client_b.succeed(loginUser('akkoma-b', userBName, userBPassword))
227
+
client_b.succeed('toot follow {}@akkoma-a.nixos.test'.format(userAName))
228
+
client_a.wait_until_succeeds('toot followers | grep -F -q {}'.format(quote(userBName)))
230
+
client_a.succeed('toot post {} --media {} --description "nothing to see here"'.format(
231
+
quote(testMessage), quote(testMedia)))
233
+
# verify test message
234
+
status = json.loads(client_b.wait_until_succeeds(
235
+
'toot status --json "$(toot timeline -1 | grep -E -o \'^ID [^ ]+\' | cut -d \' \' -f 2)"'))
236
+
assert status['content'] == testMessage
238
+
# compare attachment to original
239
+
client_b.succeed('cmp {} <(curl -f -S -s {})'.format(quote(testMedia),
240
+
quote(status['media_attachments'][0]['url'])))
242
+
client_a.succeed('${lib.getExe checkFe} akkoma-a.nixos.test')
243
+
client_b.succeed('${lib.getExe checkFe} akkoma-b.nixos.test')
pyrox.dev