diff options
| author | Izorkin <izorkin@elven.pw> | 2022-03-22 10:52:13 +0300 |
|---|---|---|
| committer | Izorkin <izorkin@elven.pw> | 2022-12-16 16:19:41 +0300 |
| commit | 883a56c0cc44a25407bbacab66027e8f4ab54fcc (patch) | |
| tree | d5f1d6ff6703a975c111655e41c75a1c3fbd7b00 /nixos/tests/web-apps | |
| parent | 8e14bf10c2a60f57b1bb10c74111fb8ecf811ba2 (diff) | |
nixos/tests/mastodon: add test with external services
Diffstat (limited to 'nixos/tests/web-apps')
| -rw-r--r-- | nixos/tests/web-apps/mastodon/default.nix | 9 | ||||
| -rw-r--r-- | nixos/tests/web-apps/mastodon/remote-postgresql.nix | 197 | ||||
| -rw-r--r-- | nixos/tests/web-apps/mastodon/standard.nix (renamed from nixos/tests/web-apps/mastodon.nix) | 4 |
3 files changed, 208 insertions, 2 deletions
diff --git a/nixos/tests/web-apps/mastodon/default.nix b/nixos/tests/web-apps/mastodon/default.nix new file mode 100644 index 0000000000000..411ebfcd731b2 --- /dev/null +++ b/nixos/tests/web-apps/mastodon/default.nix @@ -0,0 +1,9 @@ +{ system ? builtins.currentSystem, handleTestOn }: +let + supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ]; + +in +{ + standard = handleTestOn supportedSystems ./standard.nix { inherit system; }; + remote-postgresql = handleTestOn supportedSystems ./remote-postgresql.nix { inherit system; }; +} diff --git a/nixos/tests/web-apps/mastodon/remote-postgresql.nix b/nixos/tests/web-apps/mastodon/remote-postgresql.nix new file mode 100644 index 0000000000000..551b456ad4358 --- /dev/null +++ b/nixos/tests/web-apps/mastodon/remote-postgresql.nix @@ -0,0 +1,197 @@ +import ../../make-test-python.nix ({pkgs, ...}: +let + cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=mastodon.local' -days 36500 + mkdir -p $out + cp key.pem cert.pem $out + ''; + + hosts = '' + 192.168.2.103 mastodon.local + ''; + +in +{ + name = "mastodon-remote-postgresql"; + meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin turion ]; + + nodes = { + database = { + networking = { + interfaces.eth1 = { + ipv4.addresses = [ + { address = "192.168.2.102"; prefixLength = 24; } + ]; + }; + extraHosts = hosts; + firewall.allowedTCPPorts = [ 5432 ]; + }; + + services.postgresql = { + enable = true; + enableTCPIP = true; + authentication = '' + hostnossl mastodon_local mastodon_test 192.168.2.201/32 md5 + ''; + initialScript = pkgs.writeText "postgresql_init.sql" '' + CREATE ROLE mastodon_test LOGIN PASSWORD 'SoDTZcISc3f1M1LJsRLT'; + CREATE DATABASE mastodon_local TEMPLATE template0 ENCODING UTF8; + GRANT ALL PRIVILEGES ON DATABASE mastodon_local TO mastodon_test; + ''; + }; + }; + + nginx = { + networking = { + interfaces.eth1 = { + ipv4.addresses = [ + { address = "192.168.2.103"; prefixLength = 24; } + ]; + }; + extraHosts = hosts; + firewall.allowedTCPPorts = [ 80 443 ]; + }; + + security = { + pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts."mastodon.local" = { + root = "/var/empty"; + forceSSL = true; + enableACME = pkgs.lib.mkForce false; + sslCertificate = "${cert pkgs}/cert.pem"; + sslCertificateKey = "${cert pkgs}/key.pem"; + locations."/" = { + tryFiles = "$uri @proxy"; + }; + locations."@proxy" = { + proxyPass = "http://192.168.2.201:55001"; + proxyWebsockets = true; + }; + locations."/api/v1/streaming/" = { + proxyPass = "http://192.168.2.201:55002"; + proxyWebsockets = true; + }; + }; + }; + }; + + server = { pkgs, ... }: { + virtualisation.memorySize = 2048; + + environment = { + etc = { + "mastodon/password-posgressql-db".text = '' + SoDTZcISc3f1M1LJsRLT + ''; + }; + }; + + networking = { + interfaces.eth1 = { + ipv4.addresses = [ + { address = "192.168.2.201"; prefixLength = 24; } + ]; + }; + extraHosts = hosts; + firewall.allowedTCPPorts = [ 55001 55002 ]; + }; + + services.mastodon = { + enable = true; + configureNginx = false; + localDomain = "mastodon.local"; + enableUnixSocket = false; + database = { + createLocally = false; + host = "192.168.2.102"; + port = 5432; + name = "mastodon_local"; + user = "mastodon_test"; + passwordFile = "/etc/mastodon/password-posgressql-db"; + }; + smtp = { + createLocally = false; + fromAddress = "mastodon@mastodon.local"; + }; + extraConfig = { + BIND = "0.0.0.0"; + EMAIL_DOMAIN_ALLOWLIST = "example.com"; + RAILS_SERVE_STATIC_FILES = "true"; + TRUSTED_PROXY_IP = "192.168.2.103"; + }; + }; + }; + + client = { pkgs, ... }: { + environment.systemPackages = [ pkgs.jq ]; + networking = { + interfaces.eth1 = { + ipv4.addresses = [ + { address = "192.168.2.202"; prefixLength = 24; } + ]; + }; + extraHosts = hosts; + }; + + security = { + pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; + }; + }; + }; + + testScript = '' + start_all() + + database.wait_for_unit("postgresql.service") + database.wait_for_open_port(5432) + + server.wait_for_unit("redis-mastodon.service") + server.wait_for_unit("mastodon-sidekiq.service") + server.wait_for_unit("mastodon-streaming.service") + server.wait_for_unit("mastodon-web.service") + server.wait_for_open_port(55000) + server.wait_for_open_port(55001) + + # Check that mastodon-media-auto-remove is scheduled + server.succeed("systemctl status mastodon-media-auto-remove.timer") + + # Check Mastodon version from remote client + client.succeed("curl --fail https://mastodon.local/api/v1/instance | jq -r '.version' | grep '${pkgs.mastodon.version}'") + + # Check access from remote client + client.succeed("curl --fail https://mastodon.local/about | grep 'Mastodon hosted on mastodon.local'") + client.succeed("curl --fail $(curl https://mastodon.local/api/v1/instance 2> /dev/null | jq -r .thumbnail) --output /dev/null") + + # Simple check tootctl commands + # Check Mastodon version + server.succeed("mastodon-tootctl version | grep '${pkgs.mastodon.version}") + + # Manage accounts + server.succeed("mastodon-tootctl email_domain_blocks add example.com") + server.succeed("mastodon-tootctl email_domain_blocks list | grep example.com") + server.fail("mastodon-tootctl email_domain_blocks list | grep mastodon.local") + server.fail("mastodon-tootctl accounts create alice --email=alice@example.com") + server.succeed("mastodon-tootctl email_domain_blocks remove example.com") + server.succeed("mastodon-tootctl accounts create bob --email=bob@example.com") + server.succeed("mastodon-tootctl accounts approve bob") + server.succeed("mastodon-tootctl accounts delete bob") + + # Manage IP access + server.succeed("mastodon-tootctl ip_blocks add 192.168.0.0/16 --severity=no_access") + server.succeed("mastodon-tootctl ip_blocks export | grep 192.168.0.0/16") + server.fail("mastodon-tootctl ip_blocks export | grep 172.16.0.0/16") + client.fail("curl --fail https://mastodon.local/about") + server.succeed("mastodon-tootctl ip_blocks remove 192.168.0.0/16") + client.succeed("curl --fail https://mastodon.local/about") + + server.shutdown() + client.shutdown() + database.shutdown() + nginx.shutdown() + ''; +}) diff --git a/nixos/tests/web-apps/mastodon.nix b/nixos/tests/web-apps/mastodon/standard.nix index f10cb8cdc6771..50ed5e5dc6dde 100644 --- a/nixos/tests/web-apps/mastodon.nix +++ b/nixos/tests/web-apps/mastodon/standard.nix @@ -1,4 +1,4 @@ -import ../make-test-python.nix ({pkgs, ...}: +import ../../make-test-python.nix ({pkgs, ...}: let cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=mastodon.local' -days 36500 @@ -12,7 +12,7 @@ let in { - name = "mastodon"; + name = "mastodon-standard"; meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin turion ]; nodes = { |