commit fd522b612dd1c56daa06f44a3c216ae7a2c2d9fb · pyrox.dev/nixpkgs

+13 -29
nixos/tests/matrix/synapse.nix
···

       1
       1
        
       import ../make-test-python.nix ({ pkgs, ... } : let

     

       2
       2
        
       

     

       3
       3
       -
       

     

       4
       4
       -
         runWithOpenSSL = file: cmd: pkgs.runCommand file {

     

       5
       5
       -
           buildInputs = [ pkgs.openssl ];

     

       6
       6
       -
         } cmd;

     

       7
       7
       -
       

     

       3
       3
       +
         ca_key = mailerCerts.ca.key;

     

       4
       4
       +
         ca_pem = mailerCerts.ca.cert;

     

       8
       5
        
       

     

       9
       9
       -
         ca_key = runWithOpenSSL "ca-key.pem" "openssl genrsa -out $out 2048";

     

       10
       10
       -
         ca_pem = runWithOpenSSL "ca.pem" ''

     

       11
       11
       -
           openssl req \

     

       12
       12
       -
             -x509 -new -nodes -key ${ca_key} \

     

       13
       13
       -
             -days 10000 -out $out -subj "/CN=snakeoil-ca"

     

       14
       14
       -
         '';

     

       15
       15
       -
         key = runWithOpenSSL "matrix_key.pem" "openssl genrsa -out $out 2048";

     

       16
       16
       -
         csr = runWithOpenSSL "matrix.csr" ''

     

       17
       17
       -
           openssl req \

     

       18
       18
       -
              -new -key ${key} \

     

       19
       19
       -
              -out $out -subj "/CN=localhost" \

     

       20
       20
       -
         '';

     

       21
       21
       -
         cert = runWithOpenSSL "matrix_cert.pem" ''

     

       22
       22
       -
           openssl x509 \

     

       23
       23
       -
             -req -in ${csr} \

     

       24
       24
       -
             -CA ${ca_pem} -CAkey ${ca_key} \

     

       25
       25
       -
             -CAcreateserial -out $out \

     

       26
       26
       -
             -days 365

     

       6
       6
       +
         bundle = pkgs.runCommand "bundle" {

     

       7
       7
       +
           nativeBuildInputs = [ pkgs.minica ];

     

       8
       8
       +
         } ''

     

       9
       9
       +
           minica -ca-cert ${ca_pem} -ca-key ${ca_key} \

     

       10
       10
       +
             -domains localhost

     

       11
       11
       +
           install -Dm444 -t $out localhost/{key,cert}.pem

     

       27
       12
        
         '';

     

       28
       28
       -
       

     

       29
       13
        
       

     

       30
       14
        
         mailerCerts = import ../common/acme/server/snakeoil-certs.nix;

     

       31
       15
        
         mailerDomain = mailerCerts.domain;

     
···

       82
       66
        
                   host = "localhost";

     

       83
       67
        
                   port = config.services.redis.servers.matrix-synapse.port;

     

       84
       68
        
                 };

     

       85
       85
       -
                 tls_certificate_path = "${cert}";

     

       86
       86
       -
                 tls_private_key_path = "${key}";

     

       69
       69
       +
                 tls_certificate_path = "${bundle}/cert.pem";

     

       70
       70
       +
                 tls_private_key_path = "${bundle}/key.pem";

     

       87
       71
        
                 registration_shared_secret = registrationSharedSecret;

     

       88
       72
        
                 public_baseurl = "https://example.com";

     

       89
       73
        
                 email = {

     
···

       203
       187
        
               settings = {

     

       204
       188
        
                 inherit listeners;

     

       205
       189
        
                 database.name = "sqlite3";

     

       206
       206
       -
                 tls_certificate_path = "${cert}";

     

       207
       207
       -
                 tls_private_key_path = "${key}";

     

       190
       190
       +
                 tls_certificate_path = "${bundle}/cert.pem";

     

       191
       191
       +
                 tls_private_key_path = "${bundle}/key.pem";

     

       208
       192
        
               };

     

       209
       193
        
             };

     

       210
       194
        
           };

     
···

       222
       206
        
               "journalctl -u matrix-synapse.service | grep -q 'Connected to redis'"

     

       223
       207
        
           )

     

       224
       208
        
           serverpostgres.require_unit_state("postgresql.service")

     

       225
       225
       -
           serverpostgres.succeed("register_new_matrix_user -u ${testUser} -p ${testPassword} -a -k ${registrationSharedSecret} https://localhost:8448/")

     

       209
       209
       +
           serverpostgres.succeed("REQUESTS_CA_BUNDLE=${ca_pem} register_new_matrix_user -u ${testUser} -p ${testPassword} -a -k ${registrationSharedSecret} https://localhost:8448/")

     

       226
       210
        
           serverpostgres.succeed("obtain-token-and-register-email")

     

       227
       211
        
           serversqlite.wait_for_unit("matrix-synapse.service")

     

       228
       212
        
           serversqlite.wait_until_succeeds(