import ../make-test-python.nix ( { pkgs, ... }: let certs = import ../common/acme/server/snakeoil-certs.nix; serverDomain = certs.domain; admin = { username = "admin"; password = "snakeoilpass"; }; # An API token that we manually insert into the db as a valid one. apiToken = "OVJh65sXaAfQMZ4NTcIGbFZIyBZbEZqWTi7azdDf"; in { name = "weblate"; meta.maintainers = with pkgs.lib.maintainers; [ erictapen ]; nodes.server = { pkgs, lib, ... }: { virtualisation.memorySize = 2048; services.weblate = { enable = true; localDomain = "${serverDomain}"; djangoSecretKeyFile = pkgs.writeText "weblate-django-secret" "thisissnakeoilsecretwithmorethan50characterscorrecthorsebatterystaple"; extraConfig = '' # Weblate tries to fetch Avatars from the network ENABLE_AVATARS = False ''; }; services.nginx.virtualHosts."${serverDomain}" = { enableACME = lib.mkForce false; sslCertificate = certs."${serverDomain}".cert; sslCertificateKey = certs."${serverDomain}".key; }; security.pki.certificateFiles = [ certs.ca.cert ]; networking.hosts."::1" = [ "${serverDomain}" ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; users.users.weblate.shell = pkgs.bashInteractive; }; nodes.client = { pkgs, nodes, ... }: { environment.systemPackages = [ pkgs.wlc ]; environment.etc."xdg/weblate".text = '' [weblate] url = https://${serverDomain}/api/ key = ${apiToken} ''; networking.hosts."${nodes.server.networking.primaryIPAddress}" = [ "${serverDomain}" ]; security.pki.certificateFiles = [ certs.ca.cert ]; }; testScript = '' import json start_all() server.wait_for_unit("weblate.socket") server.wait_until_succeeds("curl -f https://${serverDomain}/") server.succeed("sudo -iu weblate -- weblate createadmin --username ${admin.username} --password ${admin.password} --email weblate@example.org") # It's easier to replace the generated API token with a predefined one than # to extract it at runtime. server.succeed("sudo -iu weblate -- psql -d weblate -c \"UPDATE authtoken_token SET key = '${apiToken}' WHERE user_id = (SELECT id FROM weblate_auth_user WHERE username = 'admin');\"") client.wait_for_unit("multi-user.target") # Test the official Weblate client wlc. client.wait_until_succeeds("REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt wlc --debug list-projects") def call_wl_api(arg): (rv, result) = client.execute("curl -H \"Content-Type: application/json\" -H \"Authorization: Token ${apiToken}\" https://${serverDomain}/api/{}".format(arg)) assert rv == 0 print(result) call_wl_api("users/ --data '{}'".format( json.dumps( {"username": "test1", "full_name": "test1", "email": "test1@example.org" }))) # TODO: Check sending and receiving email. # server.wait_for_unit("postfix.service") # TODO: The goal is for this to succeed, but there are still some checks failing. # server.succeed("sudo -iu weblate -- weblate check --deploy") ''; } )