depot/nixos/tests/pinnwand.nix
Luke Granger-Brown 57725ef3ec Squashed 'third_party/nixpkgs/' content from commit 76612b17c0ce
git-subtree-dir: third_party/nixpkgs
git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
2024-11-10 23:59:47 +00:00

93 lines
2.3 KiB
Nix

import ./make-test-python.nix ({ pkgs, ...}:
let
port = 8000;
baseUrl = "http://server:${toString port}";
in
{
name = "pinnwand";
meta = with pkgs.lib.maintainers; {
maintainers =[ hexa ];
};
nodes = {
server = { config, ... }:
{
networking.firewall.allowedTCPPorts = [
port
];
services.pinnwand = {
enable = true;
port = port;
};
};
client = { pkgs, ... }:
{
environment.systemPackages = [
pkgs.steck
(pkgs.writers.writePython3Bin "setup-steck.py" {
libraries = with pkgs.python3.pkgs; [ appdirs toml ];
flakeIgnore = [
"E501"
];
}
''
import appdirs
import toml
import os
CONFIG = {
"base": "${baseUrl}/",
"confirm": False,
"magic": True,
"ignore": True
}
os.makedirs(appdirs.user_config_dir('steck'))
with open(os.path.join(appdirs.user_config_dir('steck'), 'steck.toml'), "w") as fd:
toml.dump(CONFIG, fd)
'')
];
};
};
testScript = ''
start_all()
server.wait_for_unit("pinnwand.service")
client.wait_for_unit("network.target")
# create steck.toml config file
client.succeed("setup-steck.py")
# wait until the server running pinnwand is reachable
client.wait_until_succeeds("ping -c1 server")
# make sure pinnwand is listening
server.wait_for_open_port(${toString port})
# send the contents of /etc/machine-id
response = client.succeed("steck paste /etc/machine-id")
# parse the steck response
raw_url = None
removal_link = None
for line in response.split("\n"):
if line.startswith("View link:"):
raw_url = f"${baseUrl}/raw/{line.split('/')[-1]}"
if line.startswith("Removal link:"):
removal_link = line.split(":", 1)[1]
# check whether paste matches what we sent
client.succeed(f"curl {raw_url} > /tmp/machine-id")
client.succeed("diff /tmp/machine-id /etc/machine-id")
# remove paste and check that it's not available any more
client.succeed(f"curl {removal_link}")
client.fail(f"curl --fail {raw_url}")
server.log(server.execute("systemd-analyze security pinnwand | grep ''")[1])
'';
})