Merge remote-tracking branch 'origin/master' into staging-next

Conflicts: - pkgs/development/libraries/gdcm/default.nix
author: Martin Weinelt <hexa@darmstadt.ccc.de> 2023-11-14 13:16:25 +0100
committer: Martin Weinelt <hexa@darmstadt.ccc.de> 2023-11-14 13:16:34 +0100
commit: 3c336a1647ada0970b71284cceb601c3d79c2134 (patch)
tree: dea9a6a0eb8673bf86ce7d114b09688d11356a46 /nixos/tests/plausible.nix
parent: 2605fad79520679232edcf4de591013d7b34b0a5 (diff)
parent: bf744fe90419885eefced41b3e5ae442d732712d (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/nixos/tests/plausible.nix b/nixos/tests/plausible.nix
index 9afd3db75de8a..9c26c509a5ab5 100644
--- a/nixos/tests/plausible.nix
+++ b/nixos/tests/plausible.nix
@@ -8,9 +8,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
     virtualisation.memorySize = 4096;
     services.plausible = {
       enable = true;
-      releaseCookiePath = "${pkgs.runCommand "cookie" { } ''
-        ${pkgs.openssl}/bin/openssl rand -base64 64 >"$out"
-      ''}";
       adminUser = {
         email = "admin@example.org";
         passwordFile = "${pkgs.writeText "pwd" "foobar"}";
@@ -28,6 +25,10 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: {
     machine.wait_for_unit("plausible.service")
     machine.wait_for_open_port(8000)
 
+    # Ensure that the software does not make not make the machine
+    # listen on any public interfaces by default.
+    machine.fail("ss -tlpn 'src = 0.0.0.0 or src = [::]' | grep LISTEN")
+
     machine.succeed("curl -f localhost:8000 >&2")
 
     machine.succeed("curl -f localhost:8000/js/script.js >&2")
author	Martin Weinelt <hexa@darmstadt.ccc.de>	2023-11-14 13:16:25 +0100
committer	Martin Weinelt <hexa@darmstadt.ccc.de>	2023-11-14 13:16:34 +0100
commit	3c336a1647ada0970b71284cceb601c3d79c2134 (patch)
tree	dea9a6a0eb8673bf86ce7d114b09688d11356a46 /nixos/tests/plausible.nix
parent	2605fad79520679232edcf4de591013d7b34b0a5 (diff)
parent	bf744fe90419885eefced41b3e5ae442d732712d (diff)