104 lines
3.3 KiB
Nix
104 lines
3.3 KiB
Nix
import ../make-test-python.nix (
|
|
{ pkgs, ... }:
|
|
|
|
let
|
|
certs = import ../common/acme/server/snakeoil-certs.nix;
|
|
|
|
serverDomain = certs.domain;
|
|
|
|
admin = {
|
|
username = "admin";
|
|
password = "snakeoilpass";
|
|
};
|
|
# An API token that we manually insert into the db as a valid one.
|
|
apiToken = "OVJh65sXaAfQMZ4NTcIGbFZIyBZbEZqWTi7azdDf";
|
|
in
|
|
{
|
|
name = "weblate";
|
|
meta.maintainers = with pkgs.lib.maintainers; [ erictapen ];
|
|
|
|
nodes.server =
|
|
{ pkgs, lib, ... }:
|
|
{
|
|
virtualisation.memorySize = 2048;
|
|
|
|
services.weblate = {
|
|
enable = true;
|
|
localDomain = "${serverDomain}";
|
|
djangoSecretKeyFile = pkgs.writeText "weblate-django-secret" "thisissnakeoilsecretwithmorethan50characterscorrecthorsebatterystaple";
|
|
extraConfig = ''
|
|
# Weblate tries to fetch Avatars from the network
|
|
ENABLE_AVATARS = False
|
|
'';
|
|
};
|
|
|
|
services.nginx.virtualHosts."${serverDomain}" = {
|
|
enableACME = lib.mkForce false;
|
|
sslCertificate = certs."${serverDomain}".cert;
|
|
sslCertificateKey = certs."${serverDomain}".key;
|
|
};
|
|
|
|
security.pki.certificateFiles = [ certs.ca.cert ];
|
|
|
|
networking.hosts."::1" = [ "${serverDomain}" ];
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
users.users.weblate.shell = pkgs.bashInteractive;
|
|
};
|
|
|
|
nodes.client =
|
|
{ pkgs, nodes, ... }:
|
|
{
|
|
environment.systemPackages = [ pkgs.wlc ];
|
|
|
|
environment.etc."xdg/weblate".text = ''
|
|
[weblate]
|
|
url = https://${serverDomain}/api/
|
|
key = ${apiToken}
|
|
'';
|
|
|
|
networking.hosts."${nodes.server.networking.primaryIPAddress}" = [ "${serverDomain}" ];
|
|
|
|
security.pki.certificateFiles = [ certs.ca.cert ];
|
|
};
|
|
|
|
testScript = ''
|
|
import json
|
|
|
|
start_all()
|
|
server.wait_for_unit("weblate.socket")
|
|
server.wait_until_succeeds("curl -f https://${serverDomain}/")
|
|
server.succeed("sudo -iu weblate -- weblate createadmin --username ${admin.username} --password ${admin.password} --email weblate@example.org")
|
|
|
|
# It's easier to replace the generated API token with a predefined one than
|
|
# to extract it at runtime.
|
|
server.succeed("sudo -iu weblate -- psql -d weblate -c \"UPDATE authtoken_token SET key = '${apiToken}' WHERE user_id = (SELECT id FROM weblate_auth_user WHERE username = 'admin');\"")
|
|
|
|
client.wait_for_unit("multi-user.target")
|
|
|
|
# Test the official Weblate client wlc.
|
|
client.wait_until_succeeds("REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt wlc --debug list-projects")
|
|
|
|
def call_wl_api(arg):
|
|
(rv, result) = client.execute("curl -H \"Content-Type: application/json\" -H \"Authorization: Token ${apiToken}\" https://${serverDomain}/api/{}".format(arg))
|
|
assert rv == 0
|
|
print(result)
|
|
|
|
call_wl_api("users/ --data '{}'".format(
|
|
json.dumps(
|
|
{"username": "test1",
|
|
"full_name": "test1",
|
|
"email": "test1@example.org"
|
|
})))
|
|
|
|
# TODO: Check sending and receiving email.
|
|
# server.wait_for_unit("postfix.service")
|
|
|
|
# TODO: The goal is for this to succeed, but there are still some checks failing.
|
|
# server.succeed("sudo -iu weblate -- weblate check --deploy")
|
|
'';
|
|
}
|
|
)
|