nixos/tests/radicale.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

let
  port = 5232;
  radicaleOverlay = self: super: {
    radicale = super.radicale.overrideAttrs (oldAttrs: {
      propagatedBuildInputs = with self.pythonPackages;
        (oldAttrs.propagatedBuildInputs or []) ++ [
          passlib
        ];
    });
  };
  common = { config, pkgs, ...}: {
    services.radicale = {
      enable = true;
      config = let home = config.users.extraUsers.radicale.home; in ''
        [server]
        hosts = 127.0.0.1:${builtins.toString port}
        daemon = False
        [encoding]
        [well-known]
        [auth]
        type = htpasswd
        htpasswd_filename = /etc/radicale/htpasswd
        htpasswd_encryption = bcrypt
        [git]
        [rights]
        [storage]
        type = filesystem
        filesystem_folder = ${home}/collections
        [logging]
        [headers]
      '';
    };
    # WARNING: DON'T DO THIS IN PRODUCTION!
    # This puts secrets (albeit hashed) directly into the Nix store for ease of testing.
    environment.etc."radicale/htpasswd".source = with pkgs; let
      py = python.withPackages(ps: with ps; [ passlib ]);
    in runCommand "htpasswd" {} ''
        ${py}/bin/python -c "
from passlib.apache import HtpasswdFile
ht = HtpasswdFile(
    '$out',
    new=True,
    default_scheme='bcrypt'
)
ht.set_password('someuser', 'really_secret_password')
ht.save()
"
    '';
  };

in import ./make-test.nix ({ lib, ... }: {
  name = "radicale";
  meta.maintainers = with lib.maintainers; [ aneeshusa ];

  # Test radicale with bcrypt-based htpasswd authentication
  nodes = {
    py2 = { config, pkgs, ... }@args: (common args) // {
      nixpkgs.overlays = [
        radicaleOverlay
      ];
    };
    py3 = { config, pkgs, ... }@args: (common args) // {
      nixpkgs.overlays = [
        (self: super: {
          python = self.python3;
          pythonPackages = self.python3.pkgs;
        })
        radicaleOverlay
      ];
    };
  };

  testScript = ''
    for my $machine ($py2, $py3) {
      $machine->waitForUnit('radicale.service');
      $machine->waitForOpenPort(${builtins.toString port});
      $machine->succeed('curl -s http://someuser:really_secret_password@127.0.0.1:${builtins.toString port}/someuser/calendar.ics/');
    }
  '';
})