63 lines
1.7 KiB
Nix
63 lines
1.7 KiB
Nix
import ./make-test-python.nix (
|
|||
{ pkgs, ... }:
|
|||
let
|
|||
certs = import ./common/acme/server/snakeoil-certs.nix;
|
|||
inherit (certs) domain;
|
|||
in
|
|||
{
|
|||
name = "canaille";
|
|||
meta.maintainers = with pkgs.lib.maintainers; [ erictapen ];
|
|||
|
|||
nodes.server =
|
|||
{ pkgs, lib, ... }:
|
|||
{
|
|||
services.canaille = {
|
|||
enable = true;
|
|||
secretKeyFile = pkgs.writeText "canaille-secret-key" ''
|
|||
this is not a secret key
|
|||
'';
|
|||
settings = {
|
|||
SERVER_NAME = domain;
|
|||
};
|
|||
};
|
|||
|
|||
services.nginx.virtualHosts."${domain}" = {
|
|||
enableACME = lib.mkForce false;
|
|||
sslCertificate = certs."${domain}".cert;
|
|||
sslCertificateKey = certs."${domain}".key;
|
|||
};
|
|||
|
|||
networking.hosts."::1" = [ "${domain}" ];
|
|||
networking.firewall.allowedTCPPorts = [
|
|||
80
|
|||
443
|
|||
];
|
|||
|
|||
users.users.canaille.shell = pkgs.bashInteractive;
|
|||
|
|||
security.pki.certificateFiles = [ certs.ca.cert ];
|
|||
};
|
|||
|
|||
nodes.client =
|
|||
{ nodes, ... }:
|
|||
{
|
|||
networking.hosts."${nodes.server.networking.primaryIPAddress}" = [ "${domain}" ];
|
|||
security.pki.certificateFiles = [ certs.ca.cert ];
|
|||
};
|
|||
|
|||
testScript =
|
|||
{ ... }:
|
|||
''
|
|||
import json
|
|||
|
|||
start_all()
|
|||
server.wait_for_unit("canaille.socket")
|
|||
server.wait_until_succeeds("curl -f https://${domain}")
|
|||
server.succeed("sudo -iu canaille -- canaille create user --user-name admin --password adminpass --emails admin@${domain}")
|
|||
json_str = server.succeed("sudo -iu canaille -- canaille get user")
|
|||
assert json.loads(json_str)[0]["user_name"] == "admin"
|
|||
server.succeed("sudo -iu canaille -- canaille check")
|
|||
'';
|
|||
}
|
|||
)
|
