diff options
author | digital <132694082+digtail@users.noreply.github.com> | 2024-01-09 22:03:21 +0100 |
---|---|---|
committer | digital <132694082+digtail@users.noreply.github.com> | 2024-01-10 00:15:50 +0100 |
commit | 39fd0c3fe330f69d7b0f1a00e8d091e5f4dbdcc7 (patch) | |
tree | 549945aafa607e524fa3aa77d84e21b438967431 /nixos/tests/ntfy-sh-migration.nix | |
parent | 5a8e9243812ba528000995b294292d3b5e120947 (diff) |
nixos/ntfy-sh: clean up DynamicUser workarounds
this commit removes the static assignments for the ntfy-sh user and group. furthermore, it removes some tmpfiles.d rules which where initially put in place by https://github.com/NixOS/nixpkgs/pull/234811. these are however not required, as ntfy-sh will automatically create the required files and systemd automatically handles the migration process. A nixosTest is added to demonstrate that the migration is working reliably. This also fixes an issue with where systemd would sometimes not start ntfy-sh. The tmpfiles rules in combination with impermanence caused `/ var/lib/ntfy-sh` to be a directory when it should have been a symlink.
Diffstat (limited to 'nixos/tests/ntfy-sh-migration.nix')
-rw-r--r-- | nixos/tests/ntfy-sh-migration.nix | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/nixos/tests/ntfy-sh-migration.nix b/nixos/tests/ntfy-sh-migration.nix new file mode 100644 index 0000000000000..de6660052d679 --- /dev/null +++ b/nixos/tests/ntfy-sh-migration.nix @@ -0,0 +1,77 @@ +# the ntfy-sh module was switching to DynamicUser=true. this test assures that +# the migration does not break existing setups. +# +# this test works doing a migration and asserting ntfy-sh runs properly. first, +# ntfy-sh is configured to use a static user and group. then ntfy-sh is +# started and tested. after that, ntfy-sh is shut down and a systemd drop +# in configuration file is used to upate the service configuration to use +# DynamicUser=true. then the ntfy-sh is started again and tested. + +import ./make-test-python.nix { + name = "ntfy-sh"; + + nodes.machine = { + lib, + pkgs, + ... + }: { + environment.etc."ntfy-sh-dynamic-user.conf".text = '' + [Service] + Group=new-ntfy-sh + User=new-ntfy-sh + DynamicUser=true + ''; + + services.ntfy-sh.enable = true; + services.ntfy-sh.settings.base-url = "http://localhost:2586"; + + systemd.services.ntfy-sh.serviceConfig = { + DynamicUser = lib.mkForce false; + ExecStartPre = [ + "${pkgs.coreutils}/bin/id" + "${pkgs.coreutils}/bin/ls -lahd /var/lib/ntfy-sh/" + "${pkgs.coreutils}/bin/ls -lah /var/lib/ntfy-sh/" + ]; + Group = lib.mkForce "old-ntfy-sh"; + User = lib.mkForce "old-ntfy-sh"; + }; + + users.users.old-ntfy-sh = { + isSystemUser = true; + group = "old-ntfy-sh"; + }; + + users.groups.old-ntfy-sh = {}; + }; + + testScript = '' + import json + + msg = "Test notification" + + def test_ntfysh(): + machine.wait_for_unit("ntfy-sh.service") + machine.wait_for_open_port(2586) + + machine.succeed(f"curl -d '{msg}' localhost:2586/test") + + text = machine.succeed("curl -s localhost:2586/test/json?poll=1") + for line in text.splitlines(): + notif = json.loads(line) + assert msg == notif["message"], "Wrong message" + + machine.succeed("ntfy user list") + + machine.wait_for_unit("multi-user.target") + + test_ntfysh() + + machine.succeed("systemctl stop ntfy-sh.service") + machine.succeed("mkdir -p /run/systemd/system/ntfy-sh.service.d") + machine.succeed("cp /etc/ntfy-sh-dynamic-user.conf /run/systemd/system/ntfy-sh.service.d/dynamic-user.conf") + machine.succeed("systemctl daemon-reload") + machine.succeed("systemctl start ntfy-sh.service") + + test_ntfysh() + ''; +} |