8e65f7f0cc
GitOrigin-RevId: 062a0c5437b68f950b081bbfc8a699d57a4ee026
88 lines
2.3 KiB
Nix
88 lines
2.3 KiB
Nix
import ../make-test-python.nix (
|
|
{ pkgs, ... }:
|
|
let
|
|
pantalaimonInstanceName = "testing";
|
|
|
|
# Set up SSL certs for Synapse to be happy.
|
|
runWithOpenSSL = file: cmd: pkgs.runCommand file
|
|
{
|
|
buildInputs = [ pkgs.openssl ];
|
|
}
|
|
cmd;
|
|
|
|
ca_key = runWithOpenSSL "ca-key.pem" "openssl genrsa -out $out 2048";
|
|
ca_pem = runWithOpenSSL "ca.pem" ''
|
|
openssl req \
|
|
-x509 -new -nodes -key ${ca_key} \
|
|
-days 10000 -out $out -subj "/CN=snakeoil-ca"
|
|
'';
|
|
key = runWithOpenSSL "matrix_key.pem" "openssl genrsa -out $out 2048";
|
|
csr = runWithOpenSSL "matrix.csr" ''
|
|
openssl req \
|
|
-new -key ${key} \
|
|
-out $out -subj "/CN=localhost" \
|
|
'';
|
|
cert = runWithOpenSSL "matrix_cert.pem" ''
|
|
openssl x509 \
|
|
-req -in ${csr} \
|
|
-CA ${ca_pem} -CAkey ${ca_key} \
|
|
-CAcreateserial -out $out \
|
|
-days 365
|
|
'';
|
|
in
|
|
{
|
|
name = "pantalaimon";
|
|
meta = with pkgs.lib; {
|
|
maintainers = teams.matrix.members;
|
|
};
|
|
|
|
machine = { pkgs, ... }: {
|
|
services.pantalaimon-headless.instances.${pantalaimonInstanceName} = {
|
|
homeserver = "https://localhost:8448";
|
|
listenAddress = "0.0.0.0";
|
|
listenPort = 8888;
|
|
logLevel = "debug";
|
|
ssl = false;
|
|
};
|
|
|
|
services.matrix-synapse = {
|
|
enable = true;
|
|
settings = {
|
|
listeners = [ {
|
|
port = 8448;
|
|
bind_addresses = [
|
|
"127.0.0.1"
|
|
"::1"
|
|
];
|
|
type = "http";
|
|
tls = true;
|
|
x_forwarded = false;
|
|
resources = [ {
|
|
names = [
|
|
"client"
|
|
];
|
|
compress = true;
|
|
} {
|
|
names = [
|
|
"federation"
|
|
];
|
|
compress = false;
|
|
} ];
|
|
} ];
|
|
database.name = "sqlite3";
|
|
tls_certificate_path = "${cert}";
|
|
tls_private_key_path = "${key}";
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
start_all()
|
|
machine.wait_for_unit("pantalaimon-${pantalaimonInstanceName}.service")
|
|
machine.wait_for_unit("matrix-synapse.service")
|
|
machine.wait_until_succeeds(
|
|
"curl --fail -L http://localhost:8888/"
|
|
)
|
|
'';
|
|
}
|
|
)
|