nixpkgs/nixos/tests/web-apps/mastodon.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

171 lines
5.8 KiB
Nix
Raw Normal View History

2022-03-18 17:39:32 +03:00
import ../make-test-python.nix ({pkgs, ...}:
let
test-certificates = pkgs.runCommandLocal "test-certificates" { } ''
mkdir -p $out
echo insecure-root-password > $out/root-password-file
echo insecure-intermediate-password > $out/intermediate-password-file
${pkgs.step-cli}/bin/step certificate create "Example Root CA" $out/root_ca.crt $out/root_ca.key --password-file=$out/root-password-file --profile root-ca
${pkgs.step-cli}/bin/step certificate create "Example Intermediate CA 1" $out/intermediate_ca.crt $out/intermediate_ca.key --password-file=$out/intermediate-password-file --ca-password-file=$out/root-password-file --profile intermediate-ca --ca $out/root_ca.crt --ca-key $out/root_ca.key
'';
hosts = ''
192.168.2.10 ca.local
192.168.2.11 mastodon.local
'';
in
{
name = "mastodon";
meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin ];
nodes = {
ca = { pkgs, ... }: {
networking = {
interfaces.eth1 = {
ipv4.addresses = [
{ address = "192.168.2.10"; prefixLength = 24; }
];
};
extraHosts = hosts;
};
services.step-ca = {
enable = true;
address = "0.0.0.0";
port = 8443;
openFirewall = true;
intermediatePasswordFile = "${test-certificates}/intermediate-password-file";
settings = {
dnsNames = [ "ca.local" ];
root = "${test-certificates}/root_ca.crt";
crt = "${test-certificates}/intermediate_ca.crt";
key = "${test-certificates}/intermediate_ca.key";
db = {
type = "badger";
dataSource = "/var/lib/step-ca/db";
};
authority = {
provisioners = [
{
type = "ACME";
name = "acme";
}
];
};
};
};
};
server = { pkgs, ... }: {
networking = {
interfaces.eth1 = {
ipv4.addresses = [
{ address = "192.168.2.11"; prefixLength = 24; }
];
};
extraHosts = hosts;
firewall.allowedTCPPorts = [ 80 443 ];
};
security = {
acme = {
acceptTerms = true;
defaults.server = "https://ca.local:8443/acme/acme/directory";
defaults.email = "mastodon@mastodon.local";
};
pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ];
};
services.redis.servers.mastodon = {
enable = true;
bind = "127.0.0.1";
port = 31637;
};
services.mastodon = {
enable = true;
configureNginx = true;
localDomain = "mastodon.local";
enableUnixSocket = false;
redis = {
createLocally = true;
host = "127.0.0.1";
port = 31637;
};
database = {
createLocally = true;
host = "/run/postgresql";
port = 5432;
};
smtp = {
createLocally = false;
fromAddress = "mastodon@mastodon.local";
};
extraConfig = {
EMAIL_DOMAIN_ALLOWLIST = "example.com";
};
};
};
client = { pkgs, ... }: {
environment.systemPackages = [ pkgs.jq ];
networking = {
interfaces.eth1 = {
ipv4.addresses = [
{ address = "192.168.2.12"; prefixLength = 24; }
];
};
extraHosts = hosts;
};
security = {
pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ];
};
};
};
testScript = ''
start_all()
ca.wait_for_unit("step-ca.service")
ca.wait_for_open_port(8443)
server.wait_for_unit("nginx.service")
server.wait_for_unit("redis-mastodon.service")
server.wait_for_unit("postgresql.service")
server.wait_for_unit("mastodon-sidekiq.service")
server.wait_for_unit("mastodon-streaming.service")
server.wait_for_unit("mastodon-web.service")
server.wait_for_open_port(55000)
server.wait_for_open_port(55001)
# Check Mastodon version from remote client
client.succeed("curl --fail https://mastodon.local/api/v1/instance | jq -r '.version' | grep '${pkgs.mastodon.version}'")
# Check using admin CLI
# Check Mastodon version
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl version' | grep '${pkgs.mastodon.version}'")
# Manage accounts
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks add example.com'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'example.com'")
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'mastodon.local'")
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create alice --email=alice@example.com'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks remove example.com'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create bob --email=bob@example.com'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts approve bob'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts delete bob'")
# Manage IP access
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks add 192.168.0.0/16 --severity=no_access'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '192.168.0.0/16'")
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl p_blocks export' | grep '172.16.0.0/16'")
client.fail("curl --fail https://mastodon.local/about")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'")
client.succeed("curl --fail https://mastodon.local/about")
ca.shutdown()
server.shutdown()
client.shutdown()
'';
})