about summary refs log tree commit diff
path: root/nixos/tests/akkoma.nix
blob: 287e2d485999e25e1bbb52708a1ab32c9520843d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/*
  End-to-end test for Akkoma.

  Based in part on nixos/tests/pleroma.

  TODO: Test federation.
*/
import ./make-test-python.nix ({ pkgs, package ? pkgs.akkoma, confined ? false, ... }:
let
  userPassword = "4LKOrGo8SgbPm1a6NclVU5Wb";

  provisionUser = pkgs.writers.writeBashBin "provisionUser" ''
    set -eu -o errtrace -o pipefail

    pleroma_ctl user new jamy jamy@nixos.test --password '${userPassword}' --moderator --admin -y
  '';

  tlsCert = pkgs.runCommand "selfSignedCerts" {
    nativeBuildInputs = with pkgs; [ openssl ];
  } ''
    mkdir -p $out
    openssl req -x509 \
      -subj '/CN=akkoma.nixos.test/' -days 49710 \
      -addext 'subjectAltName = DNS:akkoma.nixos.test' \
      -keyout "$out/key.pem" -newkey ed25519 \
      -out "$out/cert.pem" -noenc
  '';

  sendToot = pkgs.writers.writeBashBin "sendToot" ''
    set -eu -o errtrace -o pipefail

    export REQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"

    echo '${userPassword}' | ${pkgs.toot}/bin/toot login_cli -i "akkoma.nixos.test" -e "jamy@nixos.test"
    echo "y" | ${pkgs.toot}/bin/toot post "hello world Jamy here"

    # Retrieving timeline with toot currently broken due to incompatible timestamp format
    # cf. <https://akkoma.dev/AkkomaGang/akkoma/issues/637> and <https://github.com/ihabunek/toot/issues/399>
    #echo "y" | ${pkgs.toot}/bin/toot timeline | grep -F -q "hello world Jamy here"

    # Test file upload
    echo "y" | ${pkgs.toot}/bin/toot upload <(dd if=/dev/zero bs=1024 count=1024 status=none) \
      | grep -F -q "https://akkoma.nixos.test/media"
  '';

  checkFe = pkgs.writers.writeBashBin "checkFe" ''
    set -eu -o errtrace -o pipefail

    paths=( / /static/{config,styles}.json /pleroma/admin/ )

    for path in "''${paths[@]}"; do
      diff \
        <(${pkgs.curl}/bin/curl -f -S -s -o /dev/null -w '%{response_code}' "https://akkoma.nixos.test$path") \
        <(echo -n 200)
    done
  '';

  hosts = nodes: ''
    ${nodes.akkoma.networking.primaryIPAddress} akkoma.nixos.test
    ${nodes.client.networking.primaryIPAddress} client.nixos.test
  '';
in
{
  name = "akkoma";
  nodes = {
    client = { nodes, pkgs, config, ... }: {
      security.pki.certificateFiles = [ "${tlsCert}/cert.pem" ];
      networking.extraHosts = hosts nodes;
    };

    akkoma = { nodes, pkgs, config, ... }: {
      networking.extraHosts = hosts nodes;
      networking.firewall.allowedTCPPorts = [ 443 ];
      environment.systemPackages = with pkgs; [ provisionUser ];
      systemd.services.akkoma.confinement.enable = confined;

      services.akkoma = {
        enable = true;
        package = package;
        config = {
          ":pleroma" = {
            ":instance" = {
              name = "NixOS test Akkoma server";
              description = "NixOS test Akkoma server";
              email = "akkoma@nixos.test";
              notify_email = "akkoma@nixos.test";
              registration_open = true;
            };

            ":media_proxy" = {
              enabled = false;
            };

            "Pleroma.Web.Endpoint" = {
              url.host = "akkoma.nixos.test";
            };
          };
        };

        nginx = {
          addSSL = true;
          sslCertificate = "${tlsCert}/cert.pem";
          sslCertificateKey = "${tlsCert}/key.pem";
        };
      };

      services.nginx.enable = true;
      services.postgresql.enable = true;
    };
  };

  testScript = { nodes, ... }: ''
    start_all()
    akkoma.wait_for_unit('akkoma-initdb.service')
    akkoma.systemctl('restart akkoma-initdb.service')  # test repeated initialisation
    akkoma.wait_for_unit('akkoma.service')
    akkoma.wait_for_file('/run/akkoma/socket');
    akkoma.succeed('${provisionUser}/bin/provisionUser')
    akkoma.wait_for_unit('nginx.service')
    client.succeed('${sendToot}/bin/sendToot')
    client.succeed('${checkFe}/bin/checkFe')
  '';
})