refactor domain and subdomain vars in tests
This commit is contained in:
parent
441907b134
commit
072979fce2
12 changed files with 188 additions and 180 deletions
|
|
@ -1,5 +1,8 @@
|
|||
{ pkgs, lib }:
|
||||
let
|
||||
inherit (lib) mkOption;
|
||||
inherit (lib.types) str;
|
||||
|
||||
baseImports = {
|
||||
imports = [
|
||||
(pkgs.path + "/nixos/modules/profiles/headless.nix")
|
||||
|
|
@ -8,9 +11,7 @@ let
|
|||
};
|
||||
|
||||
accessScript = lib.makeOverridable ({
|
||||
subdomain
|
||||
, domain
|
||||
, hasSSL
|
||||
hasSSL
|
||||
, waitForServices ? s: []
|
||||
, waitForPorts ? p: []
|
||||
, waitForUnixSocket ? u: []
|
||||
|
|
@ -18,13 +19,15 @@ let
|
|||
, redirectSSO ? false
|
||||
}: { nodes, ... }:
|
||||
let
|
||||
fqdn = "${subdomain}.${domain}";
|
||||
cfg = nodes.server.test;
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
proto_fqdn = if hasSSL args then "https://${fqdn}" else "http://${fqdn}";
|
||||
|
||||
args = {
|
||||
node.name = "server";
|
||||
node.config = nodes.server;
|
||||
inherit proto_fqdn;
|
||||
inherit fqdn proto_fqdn;
|
||||
};
|
||||
in
|
||||
''
|
||||
|
|
@ -36,7 +39,7 @@ let
|
|||
''
|
||||
+ lib.strings.concatMapStrings (s: ''server.wait_for_unit("${s}")'' + "\n") (
|
||||
waitForServices args
|
||||
++ (lib.optionals redirectSSO [ "authelia-auth.${domain}.service" ])
|
||||
++ (lib.optionals redirectSSO [ "authelia-auth.${cfg.domain}.service" ])
|
||||
)
|
||||
+ lib.strings.concatMapStrings (p: ''server.wait_for_open_port(${toString p})'' + "\n") (
|
||||
waitForPorts args
|
||||
|
|
@ -57,7 +60,7 @@ let
|
|||
+ " --connect-to ${fqdn}:443:server:443"
|
||||
+ " --connect-to ${fqdn}:80:server:80"
|
||||
# Client must be able to resolve talking to auth server
|
||||
+ " --connect-to auth.${domain}:443:server:443"
|
||||
+ " --connect-to auth.${cfg.domain}:443:server:443"
|
||||
+ (f" --data '{data}'" if data != "" else "")
|
||||
+ (f" --silent --output /dev/null --write-out '{format}'" if format != "" else "")
|
||||
+ (f" {extra}" if extra != "" else "")
|
||||
|
|
@ -83,8 +86,8 @@ let
|
|||
|
||||
if response['code'] != 200:
|
||||
raise Exception(f"Code is {response['code']}")
|
||||
if response['auth_host'] != "auth.${domain}":
|
||||
raise Exception(f"auth host should be auth.${domain} but is {response['auth_host']}")
|
||||
if response['auth_host'] != "auth.${cfg.domain}":
|
||||
raise Exception(f"auth host should be auth.${cfg.domain} but is {response['auth_host']}")
|
||||
if response['auth_query'] != "rd=${proto_fqdn}/":
|
||||
raise Exception(f"auth query should be rd=${proto_fqdn}/ but is {response['auth_query']}")
|
||||
''
|
||||
|
|
@ -114,18 +117,32 @@ in
|
|||
backup = backupScript args;
|
||||
};
|
||||
|
||||
baseModule = {
|
||||
imports =
|
||||
[
|
||||
baseImports
|
||||
../modules/blocks/postgresql.nix
|
||||
../modules/blocks/authelia.nix
|
||||
../modules/blocks/nginx.nix
|
||||
../modules/blocks/hardcodedsecret.nix
|
||||
];
|
||||
|
||||
# HTTP(s) server port.
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
baseModule = { config, ... }: {
|
||||
options.test = {
|
||||
domain = mkOption {
|
||||
type = str;
|
||||
default = "example.com";
|
||||
};
|
||||
subdomain = mkOption {
|
||||
type = str;
|
||||
};
|
||||
fqdn = mkOption {
|
||||
type = str;
|
||||
readOnly = true;
|
||||
default = "${config.test.subdomain}.${config.test.domain}";
|
||||
};
|
||||
};
|
||||
imports = [
|
||||
baseImports
|
||||
../modules/blocks/postgresql.nix
|
||||
../modules/blocks/authelia.nix
|
||||
../modules/blocks/nginx.nix
|
||||
../modules/blocks/hardcodedsecret.nix
|
||||
];
|
||||
config = {
|
||||
# HTTP(s) server port.
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
};
|
||||
|
||||
backup = backupOption: { config, ... }: {
|
||||
|
|
@ -152,7 +169,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
certs = domain: { config, ... }: {
|
||||
certs = { config, ... }: {
|
||||
imports = [
|
||||
../modules/blocks/ssl.nix
|
||||
];
|
||||
|
|
@ -164,7 +181,7 @@ in
|
|||
certs.selfsigned = {
|
||||
n = {
|
||||
ca = config.shb.certs.cas.selfsigned.myca;
|
||||
domain = "*.${domain}";
|
||||
domain = "*.${config.test.domain}";
|
||||
group = "nginx";
|
||||
};
|
||||
};
|
||||
|
|
@ -174,13 +191,13 @@ in
|
|||
systemd.services.nginx.requires = [ config.shb.certs.certs.selfsigned.n.systemdService ];
|
||||
};
|
||||
|
||||
ldap = domain: pkgs: { config, ... }: {
|
||||
ldap = pkgs: { config, ... }: {
|
||||
imports = [
|
||||
../modules/blocks/ldap.nix
|
||||
];
|
||||
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "ldap.${domain}" ];
|
||||
"127.0.0.1" = [ "ldap.${config.test.domain}" ];
|
||||
};
|
||||
|
||||
shb.hardcodedsecret.ldapUserPassword = {
|
||||
|
|
@ -194,7 +211,7 @@ in
|
|||
|
||||
shb.ldap = {
|
||||
enable = true;
|
||||
inherit domain;
|
||||
inherit (config.test) domain;
|
||||
subdomain = "ldap";
|
||||
ldapPort = 3890;
|
||||
webUIListenPort = 17170;
|
||||
|
|
@ -204,18 +221,18 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
sso = domain: pkgs: ssl: { config, ... }: {
|
||||
sso = pkgs: ssl: { config, ... }: {
|
||||
imports = [
|
||||
../modules/blocks/authelia.nix
|
||||
];
|
||||
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "auth.${domain}" ];
|
||||
"127.0.0.1" = [ "auth.${config.test.domain}" ];
|
||||
};
|
||||
|
||||
shb.authelia = {
|
||||
enable = true;
|
||||
inherit domain;
|
||||
inherit (config.test) domain;
|
||||
subdomain = "auth";
|
||||
ssl = config.shb.certs.certs.selfsigned.n;
|
||||
|
||||
|
|
|
|||
|
|
@ -2,59 +2,56 @@
|
|||
let
|
||||
pkgs' = pkgs;
|
||||
|
||||
domain = "example.com";
|
||||
healthUrl = "/health";
|
||||
loginUrl = "/UI/Login";
|
||||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
# TODO: Test login
|
||||
commonTestScript = appname: cfgPathFn:
|
||||
let
|
||||
commonTestScript = appname: cfgPathFn: testLib.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.arr.${appname}.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"${appname}.service"
|
||||
"nginx.service"
|
||||
];
|
||||
waitForPorts = { node, ... }: [
|
||||
node.config.shb.arr.${appname}.settings.Port
|
||||
];
|
||||
extraScript = { node, fqdn, proto_fqdn, ... }: let
|
||||
shbapp = node.config.shb.arr.${appname};
|
||||
cfgPath = cfgPathFn shbapp;
|
||||
apiKey = if (shbapp.settings ? ApiKey) then "01234567890123456789" else null;
|
||||
in ''
|
||||
# These curl requests still return a 200 even with sso redirect.
|
||||
with subtest("health"):
|
||||
response = curl(client, """{"code":%{response_code}}""", "${fqdn}${healthUrl}")
|
||||
print("response =", response)
|
||||
|
||||
if response['code'] != 200:
|
||||
raise Exception(f"Code is {response['code']}")
|
||||
|
||||
with subtest("login"):
|
||||
response = curl(client, """{"code":%{response_code}}""", "${fqdn}${loginUrl}")
|
||||
|
||||
if response['code'] != 200:
|
||||
raise Exception(f"Code is {response['code']}")
|
||||
'' + lib.optionalString (apiKey != null) ''
|
||||
|
||||
with subtest("apikey"):
|
||||
config = server.succeed("cat ${cfgPath}")
|
||||
if "${apiKey}" not in config:
|
||||
raise Exception(f"Unexpected API Key. Want '${apiKey}', got '{config}'")
|
||||
'';
|
||||
};
|
||||
|
||||
basic = appname: { config, ... }: {
|
||||
test = {
|
||||
subdomain = appname;
|
||||
fqdn = "${subdomain}.${domain}";
|
||||
in testLib.mkScripts {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.arr.${appname}.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"${appname}.service"
|
||||
"nginx.service"
|
||||
];
|
||||
waitForPorts = { node, ... }: [
|
||||
node.config.shb.arr.${appname}.settings.Port
|
||||
];
|
||||
extraScript = { node, proto_fqdn, ... }: let
|
||||
shbapp = node.config.shb.arr.${appname};
|
||||
cfgPath = cfgPathFn shbapp;
|
||||
apiKey = if (shbapp.settings ? ApiKey) then "01234567890123456789" else null;
|
||||
in ''
|
||||
# These curl requests still return a 200 even with sso redirect.
|
||||
with subtest("health"):
|
||||
response = curl(client, """{"code":%{response_code}}""", "${fqdn}${healthUrl}")
|
||||
print("response =", response)
|
||||
|
||||
if response['code'] != 200:
|
||||
raise Exception(f"Code is {response['code']}")
|
||||
|
||||
with subtest("login"):
|
||||
response = curl(client, """{"code":%{response_code}}""", "${fqdn}${loginUrl}")
|
||||
|
||||
if response['code'] != 200:
|
||||
raise Exception(f"Code is {response['code']}")
|
||||
'' + lib.optionalString (apiKey != null) ''
|
||||
|
||||
with subtest("apikey"):
|
||||
config = server.succeed("cat ${cfgPath}")
|
||||
if "${apiKey}" not in config:
|
||||
raise Exception(f"Unexpected API Key. Want '${apiKey}', got '{config}'")
|
||||
'';
|
||||
};
|
||||
|
||||
basic = appname: { ... }: {
|
||||
shb.arr.${appname} = {
|
||||
enable = true;
|
||||
inherit domain;
|
||||
subdomain = appname;
|
||||
inherit (config.test) subdomain domain;
|
||||
|
||||
settings.ApiKey.source = pkgs.writeText "APIKey" "01234567890123456789"; # Needs to be >=20 characters.
|
||||
};
|
||||
|
|
@ -106,7 +103,7 @@ let
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/arr.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
(basic appname)
|
||||
(https appname)
|
||||
];
|
||||
|
|
@ -130,11 +127,11 @@ let
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/arr.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
(basic appname)
|
||||
(https appname)
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(testLib.ldap pkgs')
|
||||
(testLib.sso pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(sso appname)
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,15 +1,10 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
subdomain = "a";
|
||||
domain = "example.com";
|
||||
fqdn = "${subdomain}.${domain}";
|
||||
|
||||
commonTestScript = testLib.accessScript {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.audiobookshelf.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"audiobookshelf.service"
|
||||
|
|
@ -23,10 +18,13 @@ let
|
|||
# '';
|
||||
};
|
||||
|
||||
basic = {
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "a";
|
||||
};
|
||||
shb.audiobookshelf = {
|
||||
enable = true;
|
||||
inherit subdomain domain;
|
||||
inherit (config.test) subdomain domain;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -72,7 +70,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/audiobookshelf.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -90,11 +88,11 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/audiobookshelf.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(testLib.ldap pkgs')
|
||||
(testLib.sso pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,14 +1,10 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
|
||||
subdomain = "d";
|
||||
domain = "example.com";
|
||||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
commonTestScript = testLib.mkScripts {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.deluge.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"nginx.service"
|
||||
|
|
@ -74,9 +70,13 @@ let
|
|||
'';
|
||||
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "d";
|
||||
};
|
||||
|
||||
shb.deluge = {
|
||||
enable = true;
|
||||
inherit domain subdomain;
|
||||
inherit (config.test) domain subdomain;
|
||||
|
||||
settings = {
|
||||
downloadLocation = "/var/lib/deluge";
|
||||
|
|
@ -160,7 +160,7 @@ in
|
|||
testLib.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/deluge.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -179,11 +179,11 @@ in
|
|||
testLib.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/deluge.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(testLib.ldap pkgs')
|
||||
(testLib.sso pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
@ -203,7 +203,7 @@ in
|
|||
testLib.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/deluge.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
prometheus
|
||||
|
|
|
|||
|
|
@ -4,13 +4,9 @@ let
|
|||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
subdomain = "f";
|
||||
domain = "example.com";
|
||||
|
||||
adminPassword = "AdminPassword";
|
||||
|
||||
commonTestScript = testLib.mkScripts {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.forgejo.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"forgejo.service"
|
||||
|
|
@ -26,9 +22,13 @@ let
|
|||
};
|
||||
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "f";
|
||||
};
|
||||
|
||||
shb.forgejo = {
|
||||
enable = true;
|
||||
inherit domain subdomain;
|
||||
inherit (config.test) subdomain domain;
|
||||
|
||||
adminPassword.result = config.shb.hardcodedsecret.forgejoAdminPassword.result;
|
||||
databasePassword.result = config.shb.hardcodedsecret.forgejoDatabasePassword.result;
|
||||
|
|
@ -36,7 +36,7 @@ let
|
|||
|
||||
# Needed for gitea-runner-local to be able to ping forgejo.
|
||||
networking.hosts = {
|
||||
"127.0.0.1" = [ "${subdomain}.${domain}" ];
|
||||
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
|
||||
};
|
||||
|
||||
shb.hardcodedsecret.forgejoAdminPassword = {
|
||||
|
|
@ -135,7 +135,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/forgejo.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -154,7 +154,7 @@ in
|
|||
testLib.baseModule
|
||||
../../modules/services/forgejo.nix
|
||||
basic
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.ldap pkgs')
|
||||
ldap
|
||||
];
|
||||
};
|
||||
|
|
@ -171,11 +171,11 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/forgejo.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(testLib.ldap pkgs')
|
||||
(testLib.sso pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,15 +1,8 @@
|
|||
{ pkgs, lib, ... }:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
subdomain = "g";
|
||||
domain = "example.com";
|
||||
fqdn = "${subdomain}.${domain}";
|
||||
|
||||
commonTestScript = lib.makeOverridable testLib.accessScript {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.grocy.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"phpfpm-grocy.service"
|
||||
|
|
@ -24,9 +17,13 @@ let
|
|||
};
|
||||
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "g";
|
||||
};
|
||||
|
||||
shb.grocy = {
|
||||
enable = true;
|
||||
inherit domain subdomain;
|
||||
inherit (config.test) subdomain domain;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -60,7 +57,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/grocy.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
|
|||
|
|
@ -4,13 +4,9 @@ let
|
|||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
subdomain = "h";
|
||||
domain = "example.com";
|
||||
|
||||
adminPassword = "AdminPassword";
|
||||
|
||||
commonTestScript = testLib.mkScripts {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.hledger.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"hledger-web.service"
|
||||
|
|
@ -19,9 +15,13 @@ let
|
|||
};
|
||||
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "h";
|
||||
};
|
||||
|
||||
shb.hledger = {
|
||||
enable = true;
|
||||
inherit domain subdomain;
|
||||
inherit (config.test) subdomain domain;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -78,7 +78,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/hledger.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -96,11 +96,11 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/hledger.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(testLib.ldap pkgs')
|
||||
(testLib.sso pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,14 +1,10 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
subdomain = "ha";
|
||||
domain = "example.com";
|
||||
|
||||
commonTestScript = testLib.mkScripts {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.home-assistant.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"home-assistant.service"
|
||||
|
|
@ -20,9 +16,13 @@ let
|
|||
};
|
||||
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "ha";
|
||||
};
|
||||
|
||||
shb.home-assistant = {
|
||||
enable = true;
|
||||
inherit subdomain domain;
|
||||
inherit (config.test) subdomain domain;
|
||||
|
||||
config = {
|
||||
name = "Tiserbox";
|
||||
|
|
@ -146,7 +146,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/home-assistant.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -165,7 +165,7 @@ in
|
|||
testLib.baseModule
|
||||
../../modules/services/home-assistant.nix
|
||||
basic
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.ldap pkgs')
|
||||
ldap
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,11 +4,7 @@ let
|
|||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
subdomain = "j";
|
||||
domain = "example.com";
|
||||
|
||||
commonTestScript = testLib.mkScripts {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.jellyfin.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"jellyfin.service"
|
||||
|
|
@ -19,10 +15,14 @@ let
|
|||
];
|
||||
};
|
||||
|
||||
basic = {
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "v";
|
||||
};
|
||||
|
||||
shb.jellyfin = {
|
||||
enable = true;
|
||||
inherit domain subdomain;
|
||||
inherit (config.test) subdomain domain;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -111,7 +111,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/jellyfin.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -130,7 +130,7 @@ in
|
|||
testLib.baseModule
|
||||
../../modules/services/jellyfin.nix
|
||||
basic
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.ldap pkgs')
|
||||
ldap
|
||||
];
|
||||
};
|
||||
|
|
@ -147,11 +147,11 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/jellyfin.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(testLib.ldap pkgs')
|
||||
(testLib.sso pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,13 +4,9 @@ let
|
|||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
subdomain = "grafana";
|
||||
domain = "example.com";
|
||||
|
||||
password = "securepw";
|
||||
|
||||
commonTestScript = testLib.accessScript {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.monitoring.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"grafana.service"
|
||||
|
|
@ -21,9 +17,13 @@ let
|
|||
};
|
||||
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "g";
|
||||
};
|
||||
|
||||
shb.monitoring = {
|
||||
enable = true;
|
||||
inherit subdomain domain;
|
||||
inherit (config.test) subdomain domain;
|
||||
|
||||
grafanaPort = 3000;
|
||||
adminPassword.result = config.shb.hardcodedsecret."admin_password".result;
|
||||
|
|
@ -70,7 +70,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/blocks/monitoring.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
|
|||
|
|
@ -5,14 +5,9 @@ let
|
|||
adminPass = "rootpw";
|
||||
oidcSecret = "oidcSecret";
|
||||
|
||||
subdomain = "n";
|
||||
domain = "example.com";
|
||||
fqdn = "${subdomain}.${domain}";
|
||||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
commonTestScript = testLib.mkScripts {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.nextcloud.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"phpfpm-nextcloud.service"
|
||||
|
|
@ -21,7 +16,7 @@ let
|
|||
waitForUnixSocket = { node, ... }: [
|
||||
node.config.services.phpfpm.pools.nextcloud.socket
|
||||
];
|
||||
extraScript = { node, proto_fqdn, ... }: ''
|
||||
extraScript = { node, fqdn, proto_fqdn, ... }: ''
|
||||
import time
|
||||
|
||||
def find_in_logs(unit, text):
|
||||
|
|
@ -116,16 +111,20 @@ let
|
|||
};
|
||||
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "n";
|
||||
};
|
||||
|
||||
shb.nextcloud = {
|
||||
enable = true;
|
||||
inherit domain subdomain;
|
||||
inherit (config.test) subdomain domain;
|
||||
|
||||
dataDir = "/var/lib/nextcloud";
|
||||
tracing = null;
|
||||
defaultPhoneRegion = "US";
|
||||
|
||||
# This option is only needed because we do not access Nextcloud at the default port in the VM.
|
||||
externalFqdn = "${fqdn}:8080";
|
||||
externalFqdn = "${config.test.fqdn}:8080";
|
||||
|
||||
adminUser = adminUser;
|
||||
adminPass.result = config.shb.hardcodedsecret.adminPass.result;
|
||||
|
|
@ -273,7 +272,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/nextcloud-server.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -292,7 +291,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/nextcloud-server.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
previewgenerator
|
||||
|
|
@ -311,7 +310,7 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/nextcloud-server.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
externalstorage
|
||||
|
|
@ -330,10 +329,10 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/nextcloud-server.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.ldap pkgs')
|
||||
ldap
|
||||
];
|
||||
};
|
||||
|
|
@ -350,12 +349,12 @@ in
|
|||
imports = [
|
||||
testLib.baseModule
|
||||
../../modules/services/nextcloud-server.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.ldap pkgs')
|
||||
ldap
|
||||
(testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(testLib.sso pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,11 +4,7 @@ let
|
|||
|
||||
testLib = pkgs.callPackage ../common.nix {};
|
||||
|
||||
subdomain = "v";
|
||||
domain = "example.com";
|
||||
|
||||
commonTestScript = testLib.mkScripts {
|
||||
inherit subdomain domain;
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.vaultwarden.ssl);
|
||||
waitForServices = { ... }: [
|
||||
"vaultwarden.service"
|
||||
|
|
@ -51,10 +47,14 @@ let
|
|||
};
|
||||
|
||||
basic = { config, ... }: {
|
||||
test = {
|
||||
subdomain = "v";
|
||||
};
|
||||
|
||||
shb.nginx.accessLog = true;
|
||||
shb.vaultwarden = {
|
||||
enable = true;
|
||||
inherit subdomain domain;
|
||||
inherit (config.test) subdomain domain;
|
||||
|
||||
port = 8222;
|
||||
databasePassword.result = config.shb.hardcodedsecret.passphrase.result;
|
||||
|
|
@ -115,7 +115,7 @@ in
|
|||
testLib.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/vaultwarden.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -152,11 +152,11 @@ in
|
|||
testLib.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/vaultwarden.nix
|
||||
(testLib.certs domain)
|
||||
testLib.certs
|
||||
basic
|
||||
https
|
||||
(testLib.ldap domain pkgs')
|
||||
(testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
(testLib.ldap pkgs')
|
||||
(testLib.sso pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
@ -169,14 +169,14 @@ in
|
|||
5432
|
||||
9091
|
||||
];
|
||||
extraScript = { proto_fqdn, ... }: ''
|
||||
extraScript = { node, proto_fqdn, ... }: ''
|
||||
with subtest("unauthenticated access is not granted to /admin"):
|
||||
response = curl(client, """{"code":%{response_code},"auth_host":"%{urle.host}","auth_query":"%{urle.query}","all":%{json}}""", "${proto_fqdn}/admin")
|
||||
|
||||
if response['code'] != 200:
|
||||
raise Exception(f"Code is {response['code']}")
|
||||
if response['auth_host'] != "auth.${domain}":
|
||||
raise Exception(f"auth host should be auth.${domain} but is {response['auth_host']}")
|
||||
if response['auth_host'] != "auth.${node.config.test.domain}":
|
||||
raise Exception(f"auth host should be auth.${node.config.test.domain} but is {response['auth_host']}")
|
||||
if response['auth_query'] != "rd=${proto_fqdn}/admin":
|
||||
raise Exception(f"auth query should be rd=${proto_fqdn}/admin but is {response['auth_query']}")
|
||||
'';
|
||||
|
|
|
|||
Loading…
Reference in a new issue