blob: bfc036e81ba040477fec04c4a0ebe910f0e8bbc3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
import ./make-test-python.nix ({ pkgs, ... }:
let testString = "NixOS Gemini test successful";
in {
name = "molly-brown";
meta = with pkgs.lib.maintainers; { maintainers = [ ehmry ]; };
nodes = {
geminiServer = { config, pkgs, ... }:
let
inherit (config.networking) hostName;
cfg = config.services.molly-brown;
in {
environment.systemPackages = [
(pkgs.writeScriptBin "test-gemini" ''
#!${pkgs.python3}/bin/python
import socket
import ssl
import tempfile
import textwrap
import urllib.parse
url = "gemini://geminiServer/init.gmi"
parsed_url = urllib.parse.urlparse(url)
s = socket.create_connection((parsed_url.netloc, 1965))
context = ssl.SSLContext()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
s = context.wrap_socket(s, server_hostname=parsed_url.netloc)
s.sendall((url + "\r\n").encode("UTF-8"))
fp = s.makefile("rb")
print(fp.readline().strip())
print(fp.readline().strip())
print(fp.readline().strip())
'')
];
networking.firewall.allowedTCPPorts = [ cfg.settings.Port ];
services.molly-brown = {
enable = true;
docBase = "/tmp/docs";
certPath = "/tmp/cert.pem";
keyPath = "/tmp/key.pem";
};
systemd.services.molly-brown.preStart = ''
${pkgs.openssl}/bin/openssl genrsa -out "/tmp/key.pem"
${pkgs.openssl}/bin/openssl req -new \
-subj "/CN=${config.networking.hostName}" \
-key "/tmp/key.pem" -out /tmp/request.pem
${pkgs.openssl}/bin/openssl x509 -req -days 3650 \
-in /tmp/request.pem -signkey "/tmp/key.pem" -out "/tmp/cert.pem"
mkdir -p "${cfg.settings.DocBase}"
echo "${testString}" > "${cfg.settings.DocBase}/test.gmi"
'';
};
};
testScript = ''
geminiServer.wait_for_unit("molly-brown")
geminiServer.wait_for_open_port(1965)
geminiServer.succeed("test-gemini")
'';
})
|