diff options
author | Sophie Tauchert <sophie@999eagle.moe> | 2024-02-15 11:29:39 +0100 |
---|---|---|
committer | Sophie Tauchert <sophie@999eagle.moe> | 2024-03-04 09:07:21 +0100 |
commit | cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab (patch) | |
tree | 0ece37416e1e99867ea4595d36c4f6c0e0620a72 /nixos/tests/miniflux.nix | |
parent | 1f8385d6d14c59fd927d606016e8c52f708864da (diff) |
nixos/tests/miniflux: add test for external database
Diffstat (limited to 'nixos/tests/miniflux.nix')
-rw-r--r-- | nixos/tests/miniflux.nix | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/nixos/tests/miniflux.nix b/nixos/tests/miniflux.nix index 1ee3c9ceed933..6d38224448ed6 100644 --- a/nixos/tests/miniflux.nix +++ b/nixos/tests/miniflux.nix @@ -15,6 +15,10 @@ let ADMIN_USERNAME=${username} ADMIN_PASSWORD=${password} ''; + postgresPassword = "correcthorsebatterystaple"; + postgresPasswordFile = pkgs.writeText "pgpass" '' + *:*:*:*:${postgresPassword} + ''; in { @@ -56,6 +60,40 @@ in adminCredentialsFile = customAdminCredentialsFile; }; }; + + postgresTcp = { config, pkgs, lib, ... }: { + services.postgresql = { + enable = true; + initialScript = pkgs.writeText "init-postgres" '' + CREATE USER miniflux WITH PASSWORD '${postgresPassword}'; + CREATE DATABASE miniflux WITH OWNER miniflux; + ''; + enableTCPIP = true; + authentication = '' + host sameuser miniflux samenet scram-sha-256 + ''; + }; + systemd.services.postgresql.postStart = lib.mkAfter '' + $PSQL -tAd miniflux -c 'CREATE EXTENSION hstore;' + ''; + networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ]; + }; + externalDb = { ... }: { + security.apparmor.enable = true; + services.miniflux = { + enable = true; + createDatabaseLocally = false; + inherit adminCredentialsFile; + config = { + DATABASE_URL = "user=miniflux host=postgresTcp dbname=miniflux sslmode=disable"; + PGPASSFILE = "/run/miniflux/pgpass"; + }; + }; + systemd.services.miniflux.preStart = '' + cp ${postgresPasswordFile} /run/miniflux/pgpass + chmod 600 /run/miniflux/pgpass + ''; + }; }; testScript = '' def runTest(machine, port, user): @@ -67,10 +105,17 @@ in ) machine.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') - start_all() + default.start() + withoutSudo.start() + customized.start() + postgresTcp.start() runTest(default, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") runTest(withoutSudo, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") runTest(customized, ${toString port}, "${username}:${password}") + + postgresTcp.wait_for_unit("postgresql.service") + externalDb.start() + runTest(externalDb, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") ''; }) |