diff options
Diffstat (limited to 'nixos/tests/web-apps/mastodon.nix')
| -rw-r--r-- | nixos/tests/web-apps/mastodon.nix | 96 |
1 files changed, 25 insertions, 71 deletions
diff --git a/nixos/tests/web-apps/mastodon.nix b/nixos/tests/web-apps/mastodon.nix index bc1122e7268f9..d3d53dc319469 100644 --- a/nixos/tests/web-apps/mastodon.nix +++ b/nixos/tests/web-apps/mastodon.nix @@ -1,16 +1,13 @@ import ../make-test-python.nix ({pkgs, ...}: let - test-certificates = pkgs.runCommandLocal "test-certificates" { } '' + cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=mastodon.local' -days 36500 mkdir -p $out - echo insecure-root-password > $out/root-password-file - echo insecure-intermediate-password > $out/intermediate-password-file - ${pkgs.step-cli}/bin/step certificate create "Example Root CA" $out/root_ca.crt $out/root_ca.key --password-file=$out/root-password-file --profile root-ca - ${pkgs.step-cli}/bin/step certificate create "Example Intermediate CA 1" $out/intermediate_ca.crt $out/intermediate_ca.key --password-file=$out/intermediate-password-file --ca-password-file=$out/root-password-file --profile intermediate-ca --ca $out/root_ca.crt --ca-key $out/root_ca.key + cp key.pem cert.pem $out ''; hosts = '' - 192.168.2.10 ca.local - 192.168.2.11 mastodon.local + 192.168.2.101 mastodon.local ''; in @@ -19,42 +16,6 @@ in meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin turion ]; nodes = { - ca = { pkgs, ... }: { - networking = { - interfaces.eth1 = { - ipv4.addresses = [ - { address = "192.168.2.10"; prefixLength = 24; } - ]; - }; - extraHosts = hosts; - }; - services.step-ca = { - enable = true; - address = "0.0.0.0"; - port = 8443; - openFirewall = true; - intermediatePasswordFile = "${test-certificates}/intermediate-password-file"; - settings = { - dnsNames = [ "ca.local" ]; - root = "${test-certificates}/root_ca.crt"; - crt = "${test-certificates}/intermediate_ca.crt"; - key = "${test-certificates}/intermediate_ca.key"; - db = { - type = "badger"; - dataSource = "/var/lib/step-ca/db"; - }; - authority = { - provisioners = [ - { - type = "ACME"; - name = "acme"; - } - ]; - }; - }; - }; - }; - server = { pkgs, ... }: { virtualisation.memorySize = 2048; @@ -62,7 +23,7 @@ in networking = { interfaces.eth1 = { ipv4.addresses = [ - { address = "192.168.2.11"; prefixLength = 24; } + { address = "192.168.2.101"; prefixLength = 24; } ]; }; extraHosts = hosts; @@ -70,12 +31,7 @@ in }; security = { - acme = { - acceptTerms = true; - defaults.server = "https://ca.local:8443/acme/acme/directory"; - defaults.email = "mastodon@mastodon.local"; - }; - pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; + pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; }; services.redis.servers.mastodon = { @@ -89,16 +45,6 @@ in configureNginx = true; localDomain = "mastodon.local"; enableUnixSocket = false; - redis = { - createLocally = true; - host = "127.0.0.1"; - port = 31637; - }; - database = { - createLocally = true; - host = "/run/postgresql"; - port = 5432; - }; smtp = { createLocally = false; fromAddress = "mastodon@mastodon.local"; @@ -107,6 +53,14 @@ in EMAIL_DOMAIN_ALLOWLIST = "example.com"; }; }; + + services.nginx = { + virtualHosts."mastodon.local" = { + enableACME = pkgs.lib.mkForce false; + sslCertificate = "${cert pkgs}/cert.pem"; + sslCertificateKey = "${cert pkgs}/key.pem"; + }; + }; }; client = { pkgs, ... }: { @@ -114,14 +68,14 @@ in networking = { interfaces.eth1 = { ipv4.addresses = [ - { address = "192.168.2.12"; prefixLength = 24; } + { address = "192.168.2.102"; prefixLength = 24; } ]; }; extraHosts = hosts; }; security = { - pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ]; + pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; }; }; }; @@ -129,12 +83,6 @@ in testScript = '' start_all() - ca.wait_for_unit("step-ca.service") - ca.wait_for_open_port(8443) - - # Check that mastodon-media-auto-remove is scheduled - server.succeed("systemctl status mastodon-media-auto-remove.timer") - server.wait_for_unit("nginx.service") server.wait_for_unit("redis-mastodon.service") server.wait_for_unit("postgresql.service") @@ -144,10 +92,17 @@ in server.wait_for_open_port(55000) server.wait_for_open_port(55001) + # Check that mastodon-media-auto-remove is scheduled + server.succeed("systemctl status mastodon-media-auto-remove.timer") + # Check Mastodon version from remote client client.succeed("curl --fail https://mastodon.local/api/v1/instance | jq -r '.version' | grep '${pkgs.mastodon.version}'") - # Check using admin CLI + # Check access from remote client + client.succeed("curl --fail https://mastodon.local/about | grep 'Mastodon hosted on mastodon.local'") + client.succeed("curl --fail $(curl https://mastodon.local/api/v1/instance 2> /dev/null | jq -r .thumbnail) --output /dev/null") + + # Simple check tootctl commands # Check Mastodon version server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl version' | grep '${pkgs.mastodon.version}'") @@ -164,12 +119,11 @@ in # Manage IP access server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks add 192.168.0.0/16 --severity=no_access'") server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '192.168.0.0/16'") - server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl p_blocks export' | grep '172.16.0.0/16'") + server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '172.16.0.0/16'") client.fail("curl --fail https://mastodon.local/about") server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'") client.succeed("curl --fail https://mastodon.local/about") - ca.shutdown() server.shutdown() client.shutdown() ''; |