commit 6779ff00b36af6f6f2f11cce427780c6ecf74f1e · pyrox.dev/nixpkgs

+10 -1

nixos/modules/services/web-apps/glitchtip.nix

···

       58
       58
        
               default = 8000;

     

       59
       59
        
             };

     

       60
       60
        
       

     

       61
       61
       +
             stateDir = lib.mkOption {

     

       62
       62
       +
               type = lib.types.path;

     

       63
       63
       +
               description = "State directory of glitchtip.";

     

       64
       64
       +
               default = "/var/lib/glitchtip";

     

       65
       65
       +
             };

     

       66
       66
       +
       

     

       61
       67
        
             settings = lib.mkOption {

     

       62
       68
        
               description = ''

     

       63
       69
        
                 Configuration of GlitchTip. See <https://glitchtip.com/documentation/install#configuration> for more information.

     
···

       189
       195
        
                 StateDirectory = "glitchtip";

     

       190
       196
        
                 EnvironmentFile = cfg.environmentFiles;

     

       191
       197
        
                 WorkingDirectory = "${pkg}/lib/glitchtip";

     

       198
       198
       +
                 BindPaths = [ "${cfg.stateDir}/uploads:${pkg}/lib/glitchtip/uploads" ];

     

       192
       199
        
       

     

       193
       200
        
                 # hardening

     

       194
       201
        
                 AmbientCapabilities = "";

     
···

       220
       227
        
                   "@system-service"

     

       221
       228
        
                   "~@privileged"

     

       222
       229
        
                   "~@resources"

     

       230
       230
       +
                   "@chown"

     

       223
       231
        
                 ];

     

       224
       232
        
                 UMask = "0077";

     

       225
       233
        
               };

     
···

       271
       279
        
       

     

       272
       280
        
           users.users = lib.mkIf (cfg.user == "glitchtip") {

     

       273
       281
        
             glitchtip = {

     

       274
       274
       -
               home = "/var/lib/glitchtip";

     

       275
       282
        
               group = cfg.group;

     

       276
       283
        
               extraGroups = lib.optionals cfg.redis.createLocally [ "redis-glitchtip" ];

     

       277
       284
        
               isSystemUser = true;

     
···

       279
       286
        
           };

     

       280
       287
        
       

     

       281
       288
        
           users.groups = lib.mkIf (cfg.group == "glitchtip") { glitchtip = { }; };

     

       289
       289
       +
       

     

       290
       290
       +
           systemd.tmpfiles.settings.glitchtip."${cfg.stateDir}/uploads".d = { inherit (cfg) user group; };

     

       282
       291
        
       

     

       283
       292
        
           environment.systemPackages =

     

       284
       293
        
             let

+57 -46

nixos/tests/glitchtip.nix

···

       42
       42
        
           ];

     

       43
       43
        
         };

     

       44
       44
        
       

     

       45
       45
       -
         testScript = ''

     

       46
       46
       -
           import json

     

       47
       47
       -
           import re

     

       48
       48
       -
           import time

     

       45
       45
       +
         testScript =

     

       46
       46
       +
           { nodes, ... }: # python

     

       47
       47
       +
           ''

     

       48
       48
       +
             import json

     

       49
       49
       +
             import re

     

       50
       50
       +
             import time

     

       49
       51
        
       

     

       50
       50
       -
           machine.wait_for_unit("glitchtip.service")

     

       51
       51
       -
           machine.wait_for_unit("glitchtip-worker.service")

     

       52
       52
       -
           machine.wait_for_open_port(8000)

     

       52
       52
       +
             machine.wait_for_unit("glitchtip.service")

     

       53
       53
       +
             machine.wait_for_unit("glitchtip-worker.service")

     

       54
       54
       +
             machine.wait_for_open_port(8000)

     

       53
       55
        
       

     

       54
       54
       -
           origin_url = "${domain}"

     

       55
       55
       -
           cookie_jar_path = "/tmp/cookies.txt"

     

       56
       56
       -
           curl = f"curl -b {cookie_jar_path} -c {cookie_jar_path} -fS -H 'Origin: {origin_url}'"

     

       56
       56
       +
             origin_url = "${domain}"

     

       57
       57
       +
             cookie_jar_path = "/tmp/cookies.txt"

     

       58
       58
       +
             curl = f"curl -b {cookie_jar_path} -c {cookie_jar_path} -fS -H 'Origin: {origin_url}'"

     

       57
       59
        
       

     

       58
       58
       -
           # create superuser account

     

       59
       59
       -
           machine.succeed("DJANGO_SUPERUSER_PASSWORD=password glitchtip-manage createsuperuser --no-input --email=admin@example.com")

     

       60
       60
       +
             # create superuser account

     

       61
       61
       +
             machine.succeed("DJANGO_SUPERUSER_PASSWORD=password glitchtip-manage createsuperuser --no-input --email=admin@example.com")

     

       60
       62
        
       

     

       61
       61
       -
           # login

     

       62
       62
       -
           machine.fail(f"{curl} -s {origin_url}/_allauth/browser/v1/auth/session")  # get the csrf token, returns a 401

     

       63
       63
       -
           csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       64
       64
       -
           machine.succeed(f"{curl} {origin_url}/_allauth/browser/v1/auth/login -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"email\": \"admin@example.com\", \"password\": \"password\"}}'")

     

       63
       63
       +
             # login

     

       64
       64
       +
             machine.fail(f"{curl} -s {origin_url}/_allauth/browser/v1/auth/session")  # get the csrf token, returns a 401

     

       65
       65
       +
             csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       66
       66
       +
             machine.succeed(f"{curl} {origin_url}/_allauth/browser/v1/auth/login -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"email\": \"admin@example.com\", \"password\": \"password\"}}'")

     

       65
       67
        
       

     

       66
       66
       -
           resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/users/me/"))

     

       67
       67
       -
           assert resp["email"] == "admin@example.com"

     

       68
       68
       -
           assert resp["isSuperuser"] is True

     

       68
       68
       +
             resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/users/me/"))

     

       69
       69
       +
             assert resp["email"] == "admin@example.com"

     

       70
       70
       +
             assert resp["isSuperuser"] is True

     

       69
       71
        
       

     

       70
       70
       -
           # create organization

     

       71
       71
       -
           csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       72
       72
       -
           machine.succeed(f"{curl} {origin_url}/api/0/organizations/ -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"name\": \"main\"}}'")

     

       72
       72
       +
             # create organization

     

       73
       73
       +
             csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       74
       74
       +
             machine.succeed(f"{curl} {origin_url}/api/0/organizations/ -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"name\": \"main\"}}'")

     

       75
       75
       +
       

     

       76
       76
       +
             resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/organizations/"))

     

       77
       77
       +
             assert len(resp) == 1

     

       78
       78
       +
             assert resp[0]["name"] == "main"

     

       79
       79
       +
             assert resp[0]["slug"] == "main"

     

       80
       80
       +
       

     

       81
       81
       +
             # create team

     

       82
       82
       +
             csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       83
       83
       +
             machine.succeed(f"{curl} {origin_url}/api/0/organizations/main/teams/ -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"slug\": \"test\"}}'")

     

       73
       84
        
       

     

       74
       74
       -
           resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/organizations/"))

     

       75
       75
       -
           assert len(resp) == 1

     

       76
       76
       -
           assert resp[0]["name"] == "main"

     

       77
       77
       -
           assert resp[0]["slug"] == "main"

     

       85
       85
       +
             # create project

     

       86
       86
       +
             csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       87
       87
       +
             machine.succeed(f"{curl} {origin_url}/api/0/teams/main/test/projects/ -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"name\": \"test\"}}'")

     

       78
       88
        
       

     

       79
       79
       -
           # create team

     

       80
       80
       -
           csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       81
       81
       -
           machine.succeed(f"{curl} {origin_url}/api/0/organizations/main/teams/ -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"slug\": \"test\"}}'")

     

       89
       89
       +
             # fetch dsn

     

       90
       90
       +
             resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/projects/main/test/keys/"))

     

       91
       91
       +
             assert len(resp) == 1

     

       92
       92
       +
             assert re.match(r"^http://[\da-f]+@glitchtip\.local:8000/\d+$", dsn := resp[0]["dsn"]["public"])

     

       82
       93
        
       

     

       83
       83
       -
           # create project

     

       84
       84
       -
           csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       85
       85
       -
           machine.succeed(f"{curl} {origin_url}/api/0/teams/main/test/projects/ -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"name\": \"test\"}}'")

     

       94
       94
       +
             # send event

     

       95
       95
       +
             machine.succeed(f"SENTRY_DSN={dsn} sentry-cli send-event -m 'hello world'")

     

       86
       96
        
       

     

       87
       87
       -
           # fetch dsn

     

       88
       88
       -
           resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/projects/main/test/keys/"))

     

       89
       89
       -
           assert len(resp) == 1

     

       90
       90
       -
           assert re.match(r"^http://[\da-f]+@glitchtip\.local:8000/\d+$", dsn := resp[0]["dsn"]["public"])

     

       97
       97
       +
             for _ in range(20):

     

       98
       98
       +
               resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/organizations/main/issues/?query=is:unresolved"))

     

       99
       99
       +
               if len(resp) != 0: break

     

       100
       100
       +
               time.sleep(1)

     

       101
       101
       +
             assert len(resp) == 1

     

       102
       102
       +
             assert resp[0]["title"] == "hello world"

     

       103
       103
       +
             assert int(resp[0]["count"]) == 1

     

       91
       104
        
       

     

       92
       92
       -
           # send event

     

       93
       93
       -
           machine.succeed(f"SENTRY_DSN={dsn} sentry-cli send-event -m 'hello world'")

     

       105
       105
       +
             # create api token

     

       106
       106
       +
             csrf_token = machine.succeed(f"grep csrftoken {cookie_jar_path} | cut -f7").rstrip()

     

       107
       107
       +
             resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/api-tokens/ -s -H 'X-Csrftoken: {csrf_token}' -H 'Content-Type: application/json' -d '{{\"label\":\"token\",\"scopes\":[\"project:write\"]}}'"))

     

       108
       108
       +
             token = resp["token"]

     

       94
       109
        
       

     

       95
       95
       -
           for _ in range(20):

     

       96
       96
       -
             resp = json.loads(machine.succeed(f"{curl} {origin_url}/api/0/organizations/main/issues/?query=is:unresolved"))

     

       97
       97
       -
             if len(resp) != 0: break

     

       98
       98
       -
             time.sleep(1)

     

       99
       99
       -
           assert len(resp) == 1

     

       100
       100
       -
           assert resp[0]["title"] == "hello world"

     

       101
       101
       -
           assert int(resp[0]["count"]) == 1

     

       102
       102
       -
         '';

     

       110
       110
       +
             # upload sourcemaps

     

       111
       111
       +
             machine.succeed(f"sentry-cli --url {origin_url} --auth-token {token} sourcemaps upload --org main --project test ${nodes.machine.services.glitchtip.package.frontend}/*.map")

     

       112
       112
       +
             assert machine.succeed("ls /var/lib/glitchtip/uploads/file_blobs/").strip()

     

       113
       113
       +
           '';

     

       103
       114
        
       }