diff --git a/test/common.nix b/test/common.nix index 7b1154b..61071bc 100644 --- a/test/common.nix +++ b/test/common.nix @@ -1,5 +1,8 @@ { pkgs, lib }: let + inherit (lib) mkOption; + inherit (lib.types) str; + baseImports = { imports = [ (pkgs.path + "/nixos/modules/profiles/headless.nix") @@ -8,9 +11,7 @@ let }; accessScript = lib.makeOverridable ({ - subdomain - , domain - , hasSSL + hasSSL , waitForServices ? s: [] , waitForPorts ? p: [] , waitForUnixSocket ? u: [] @@ -18,13 +19,15 @@ let , redirectSSO ? false }: { nodes, ... }: let - fqdn = "${subdomain}.${domain}"; + cfg = nodes.server.test; + + fqdn = "${cfg.subdomain}.${cfg.domain}"; proto_fqdn = if hasSSL args then "https://${fqdn}" else "http://${fqdn}"; args = { node.name = "server"; node.config = nodes.server; - inherit proto_fqdn; + inherit fqdn proto_fqdn; }; in '' @@ -36,7 +39,7 @@ let '' + lib.strings.concatMapStrings (s: ''server.wait_for_unit("${s}")'' + "\n") ( waitForServices args - ++ (lib.optionals redirectSSO [ "authelia-auth.${domain}.service" ]) + ++ (lib.optionals redirectSSO [ "authelia-auth.${cfg.domain}.service" ]) ) + lib.strings.concatMapStrings (p: ''server.wait_for_open_port(${toString p})'' + "\n") ( waitForPorts args @@ -57,7 +60,7 @@ let + " --connect-to ${fqdn}:443:server:443" + " --connect-to ${fqdn}:80:server:80" # Client must be able to resolve talking to auth server - + " --connect-to auth.${domain}:443:server:443" + + " --connect-to auth.${cfg.domain}:443:server:443" + (f" --data '{data}'" if data != "" else "") + (f" --silent --output /dev/null --write-out '{format}'" if format != "" else "") + (f" {extra}" if extra != "" else "") @@ -83,8 +86,8 @@ let if response['code'] != 200: raise Exception(f"Code is {response['code']}") - if response['auth_host'] != "auth.${domain}": - raise Exception(f"auth host should be auth.${domain} but is {response['auth_host']}") + if response['auth_host'] != "auth.${cfg.domain}": + raise Exception(f"auth host should be auth.${cfg.domain} but is {response['auth_host']}") if response['auth_query'] != "rd=${proto_fqdn}/": raise Exception(f"auth query should be rd=${proto_fqdn}/ but is {response['auth_query']}") '' @@ -114,18 +117,32 @@ in backup = backupScript args; }; - baseModule = { - imports = - [ - baseImports - ../modules/blocks/postgresql.nix - ../modules/blocks/authelia.nix - ../modules/blocks/nginx.nix - ../modules/blocks/hardcodedsecret.nix - ]; - - # HTTP(s) server port. - networking.firewall.allowedTCPPorts = [ 80 443 ]; + baseModule = { config, ... }: { + options.test = { + domain = mkOption { + type = str; + default = "example.com"; + }; + subdomain = mkOption { + type = str; + }; + fqdn = mkOption { + type = str; + readOnly = true; + default = "${config.test.subdomain}.${config.test.domain}"; + }; + }; + imports = [ + baseImports + ../modules/blocks/postgresql.nix + ../modules/blocks/authelia.nix + ../modules/blocks/nginx.nix + ../modules/blocks/hardcodedsecret.nix + ]; + config = { + # HTTP(s) server port. + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; }; backup = backupOption: { config, ... }: { @@ -152,7 +169,7 @@ in }; }; - certs = domain: { config, ... }: { + certs = { config, ... }: { imports = [ ../modules/blocks/ssl.nix ]; @@ -164,7 +181,7 @@ in certs.selfsigned = { n = { ca = config.shb.certs.cas.selfsigned.myca; - domain = "*.${domain}"; + domain = "*.${config.test.domain}"; group = "nginx"; }; }; @@ -174,13 +191,13 @@ in systemd.services.nginx.requires = [ config.shb.certs.certs.selfsigned.n.systemdService ]; }; - ldap = domain: pkgs: { config, ... }: { + ldap = pkgs: { config, ... }: { imports = [ ../modules/blocks/ldap.nix ]; networking.hosts = { - "127.0.0.1" = [ "ldap.${domain}" ]; + "127.0.0.1" = [ "ldap.${config.test.domain}" ]; }; shb.hardcodedsecret.ldapUserPassword = { @@ -194,7 +211,7 @@ in shb.ldap = { enable = true; - inherit domain; + inherit (config.test) domain; subdomain = "ldap"; ldapPort = 3890; webUIListenPort = 17170; @@ -204,18 +221,18 @@ in }; }; - sso = domain: pkgs: ssl: { config, ... }: { + sso = pkgs: ssl: { config, ... }: { imports = [ ../modules/blocks/authelia.nix ]; networking.hosts = { - "127.0.0.1" = [ "auth.${domain}" ]; + "127.0.0.1" = [ "auth.${config.test.domain}" ]; }; shb.authelia = { enable = true; - inherit domain; + inherit (config.test) domain; subdomain = "auth"; ssl = config.shb.certs.certs.selfsigned.n; diff --git a/test/services/arr.nix b/test/services/arr.nix index 071546e..0d96cad 100644 --- a/test/services/arr.nix +++ b/test/services/arr.nix @@ -2,59 +2,56 @@ let pkgs' = pkgs; - domain = "example.com"; healthUrl = "/health"; loginUrl = "/UI/Login"; testLib = pkgs.callPackage ../common.nix {}; # TODO: Test login - commonTestScript = appname: cfgPathFn: - let + commonTestScript = appname: cfgPathFn: testLib.mkScripts { + hasSSL = { node, ... }: !(isNull node.config.shb.arr.${appname}.ssl); + waitForServices = { ... }: [ + "${appname}.service" + "nginx.service" + ]; + waitForPorts = { node, ... }: [ + node.config.shb.arr.${appname}.settings.Port + ]; + extraScript = { node, fqdn, proto_fqdn, ... }: let + shbapp = node.config.shb.arr.${appname}; + cfgPath = cfgPathFn shbapp; + apiKey = if (shbapp.settings ? ApiKey) then "01234567890123456789" else null; + in '' + # These curl requests still return a 200 even with sso redirect. + with subtest("health"): + response = curl(client, """{"code":%{response_code}}""", "${fqdn}${healthUrl}") + print("response =", response) + + if response['code'] != 200: + raise Exception(f"Code is {response['code']}") + + with subtest("login"): + response = curl(client, """{"code":%{response_code}}""", "${fqdn}${loginUrl}") + + if response['code'] != 200: + raise Exception(f"Code is {response['code']}") + '' + lib.optionalString (apiKey != null) '' + + with subtest("apikey"): + config = server.succeed("cat ${cfgPath}") + if "${apiKey}" not in config: + raise Exception(f"Unexpected API Key. Want '${apiKey}', got '{config}'") + ''; + }; + + basic = appname: { config, ... }: { + test = { subdomain = appname; - fqdn = "${subdomain}.${domain}"; - in testLib.mkScripts { - inherit subdomain domain; - hasSSL = { node, ... }: !(isNull node.config.shb.arr.${appname}.ssl); - waitForServices = { ... }: [ - "${appname}.service" - "nginx.service" - ]; - waitForPorts = { node, ... }: [ - node.config.shb.arr.${appname}.settings.Port - ]; - extraScript = { node, proto_fqdn, ... }: let - shbapp = node.config.shb.arr.${appname}; - cfgPath = cfgPathFn shbapp; - apiKey = if (shbapp.settings ? ApiKey) then "01234567890123456789" else null; - in '' - # These curl requests still return a 200 even with sso redirect. - with subtest("health"): - response = curl(client, """{"code":%{response_code}}""", "${fqdn}${healthUrl}") - print("response =", response) - - if response['code'] != 200: - raise Exception(f"Code is {response['code']}") - - with subtest("login"): - response = curl(client, """{"code":%{response_code}}""", "${fqdn}${loginUrl}") - - if response['code'] != 200: - raise Exception(f"Code is {response['code']}") - '' + lib.optionalString (apiKey != null) '' - - with subtest("apikey"): - config = server.succeed("cat ${cfgPath}") - if "${apiKey}" not in config: - raise Exception(f"Unexpected API Key. Want '${apiKey}', got '{config}'") - ''; }; - basic = appname: { ... }: { shb.arr.${appname} = { enable = true; - inherit domain; - subdomain = appname; + inherit (config.test) subdomain domain; settings.ApiKey.source = pkgs.writeText "APIKey" "01234567890123456789"; # Needs to be >=20 characters. }; @@ -106,7 +103,7 @@ let imports = [ testLib.baseModule ../../modules/services/arr.nix - (testLib.certs domain) + testLib.certs (basic appname) (https appname) ]; @@ -130,11 +127,11 @@ let imports = [ testLib.baseModule ../../modules/services/arr.nix - (testLib.certs domain) + testLib.certs (basic appname) (https appname) - (testLib.ldap domain pkgs') - (testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n) + (testLib.ldap pkgs') + (testLib.sso pkgs' config.shb.certs.certs.selfsigned.n) (sso appname) ]; }; diff --git a/test/services/audiobookshelf.nix b/test/services/audiobookshelf.nix index 62bc16e..be0467b 100644 --- a/test/services/audiobookshelf.nix +++ b/test/services/audiobookshelf.nix @@ -1,15 +1,10 @@ -{ pkgs, lib, ... }: +{ pkgs, ... }: let pkgs' = pkgs; testLib = pkgs.callPackage ../common.nix {}; - subdomain = "a"; - domain = "example.com"; - fqdn = "${subdomain}.${domain}"; - commonTestScript = testLib.accessScript { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.audiobookshelf.ssl); waitForServices = { ... }: [ "audiobookshelf.service" @@ -23,10 +18,13 @@ let # ''; }; - basic = { + basic = { config, ... }: { + test = { + subdomain = "a"; + }; shb.audiobookshelf = { enable = true; - inherit subdomain domain; + inherit (config.test) subdomain domain; }; }; @@ -72,7 +70,7 @@ in imports = [ testLib.baseModule ../../modules/services/audiobookshelf.nix - (testLib.certs domain) + testLib.certs basic https ]; @@ -90,11 +88,11 @@ in imports = [ testLib.baseModule ../../modules/services/audiobookshelf.nix - (testLib.certs domain) + testLib.certs basic https - (testLib.ldap domain pkgs') - (testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n) + (testLib.ldap pkgs') + (testLib.sso pkgs' config.shb.certs.certs.selfsigned.n) sso ]; }; diff --git a/test/services/deluge.nix b/test/services/deluge.nix index c5f0cf3..40a085e 100644 --- a/test/services/deluge.nix +++ b/test/services/deluge.nix @@ -1,14 +1,10 @@ -{ pkgs, lib, ... }: +{ pkgs, ... }: let pkgs' = pkgs; - subdomain = "d"; - domain = "example.com"; - testLib = pkgs.callPackage ../common.nix {}; commonTestScript = testLib.mkScripts { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.deluge.ssl); waitForServices = { ... }: [ "nginx.service" @@ -74,9 +70,13 @@ let ''; basic = { config, ... }: { + test = { + subdomain = "d"; + }; + shb.deluge = { enable = true; - inherit domain subdomain; + inherit (config.test) domain subdomain; settings = { downloadLocation = "/var/lib/deluge"; @@ -160,7 +160,7 @@ in testLib.baseModule ../../modules/blocks/hardcodedsecret.nix ../../modules/services/deluge.nix - (testLib.certs domain) + testLib.certs basic https ]; @@ -179,11 +179,11 @@ in testLib.baseModule ../../modules/blocks/hardcodedsecret.nix ../../modules/services/deluge.nix - (testLib.certs domain) + testLib.certs basic https - (testLib.ldap domain pkgs') - (testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n) + (testLib.ldap pkgs') + (testLib.sso pkgs' config.shb.certs.certs.selfsigned.n) sso ]; }; @@ -203,7 +203,7 @@ in testLib.baseModule ../../modules/blocks/hardcodedsecret.nix ../../modules/services/deluge.nix - (testLib.certs domain) + testLib.certs basic https prometheus diff --git a/test/services/forgejo.nix b/test/services/forgejo.nix index 7b3d21e..24c20c9 100644 --- a/test/services/forgejo.nix +++ b/test/services/forgejo.nix @@ -4,13 +4,9 @@ let testLib = pkgs.callPackage ../common.nix {}; - subdomain = "f"; - domain = "example.com"; - adminPassword = "AdminPassword"; commonTestScript = testLib.mkScripts { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.forgejo.ssl); waitForServices = { ... }: [ "forgejo.service" @@ -26,9 +22,13 @@ let }; basic = { config, ... }: { + test = { + subdomain = "f"; + }; + shb.forgejo = { enable = true; - inherit domain subdomain; + inherit (config.test) subdomain domain; adminPassword.result = config.shb.hardcodedsecret.forgejoAdminPassword.result; databasePassword.result = config.shb.hardcodedsecret.forgejoDatabasePassword.result; @@ -36,7 +36,7 @@ let # Needed for gitea-runner-local to be able to ping forgejo. networking.hosts = { - "127.0.0.1" = [ "${subdomain}.${domain}" ]; + "127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ]; }; shb.hardcodedsecret.forgejoAdminPassword = { @@ -135,7 +135,7 @@ in imports = [ testLib.baseModule ../../modules/services/forgejo.nix - (testLib.certs domain) + testLib.certs basic https ]; @@ -154,7 +154,7 @@ in testLib.baseModule ../../modules/services/forgejo.nix basic - (testLib.ldap domain pkgs') + (testLib.ldap pkgs') ldap ]; }; @@ -171,11 +171,11 @@ in imports = [ testLib.baseModule ../../modules/services/forgejo.nix - (testLib.certs domain) + testLib.certs basic https - (testLib.ldap domain pkgs') - (testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n) + (testLib.ldap pkgs') + (testLib.sso pkgs' config.shb.certs.certs.selfsigned.n) sso ]; }; diff --git a/test/services/grocy.nix b/test/services/grocy.nix index 9c39502..7acc17f 100644 --- a/test/services/grocy.nix +++ b/test/services/grocy.nix @@ -1,15 +1,8 @@ { pkgs, lib, ... }: let - pkgs' = pkgs; - testLib = pkgs.callPackage ../common.nix {}; - subdomain = "g"; - domain = "example.com"; - fqdn = "${subdomain}.${domain}"; - commonTestScript = lib.makeOverridable testLib.accessScript { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.grocy.ssl); waitForServices = { ... }: [ "phpfpm-grocy.service" @@ -24,9 +17,13 @@ let }; basic = { config, ... }: { + test = { + subdomain = "g"; + }; + shb.grocy = { enable = true; - inherit domain subdomain; + inherit (config.test) subdomain domain; }; }; @@ -60,7 +57,7 @@ in imports = [ testLib.baseModule ../../modules/services/grocy.nix - (testLib.certs domain) + testLib.certs basic https ]; diff --git a/test/services/hledger.nix b/test/services/hledger.nix index f8cbf09..0081f68 100644 --- a/test/services/hledger.nix +++ b/test/services/hledger.nix @@ -4,13 +4,9 @@ let testLib = pkgs.callPackage ../common.nix {}; - subdomain = "h"; - domain = "example.com"; - adminPassword = "AdminPassword"; commonTestScript = testLib.mkScripts { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.hledger.ssl); waitForServices = { ... }: [ "hledger-web.service" @@ -19,9 +15,13 @@ let }; basic = { config, ... }: { + test = { + subdomain = "h"; + }; + shb.hledger = { enable = true; - inherit domain subdomain; + inherit (config.test) subdomain domain; }; }; @@ -78,7 +78,7 @@ in imports = [ testLib.baseModule ../../modules/services/hledger.nix - (testLib.certs domain) + testLib.certs basic https ]; @@ -96,11 +96,11 @@ in imports = [ testLib.baseModule ../../modules/services/hledger.nix - (testLib.certs domain) + testLib.certs basic https - (testLib.ldap domain pkgs') - (testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n) + (testLib.ldap pkgs') + (testLib.sso pkgs' config.shb.certs.certs.selfsigned.n) sso ]; }; diff --git a/test/services/home-assistant.nix b/test/services/home-assistant.nix index a1810a8..34b5d05 100644 --- a/test/services/home-assistant.nix +++ b/test/services/home-assistant.nix @@ -1,14 +1,10 @@ -{ pkgs, lib, ... }: +{ pkgs, ... }: let pkgs' = pkgs; testLib = pkgs.callPackage ../common.nix {}; - subdomain = "ha"; - domain = "example.com"; - commonTestScript = testLib.mkScripts { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.home-assistant.ssl); waitForServices = { ... }: [ "home-assistant.service" @@ -20,9 +16,13 @@ let }; basic = { config, ... }: { + test = { + subdomain = "ha"; + }; + shb.home-assistant = { enable = true; - inherit subdomain domain; + inherit (config.test) subdomain domain; config = { name = "Tiserbox"; @@ -146,7 +146,7 @@ in imports = [ testLib.baseModule ../../modules/services/home-assistant.nix - (testLib.certs domain) + testLib.certs basic https ]; @@ -165,7 +165,7 @@ in testLib.baseModule ../../modules/services/home-assistant.nix basic - (testLib.ldap domain pkgs') + (testLib.ldap pkgs') ldap ]; }; diff --git a/test/services/jellyfin.nix b/test/services/jellyfin.nix index ac48bc1..e875816 100644 --- a/test/services/jellyfin.nix +++ b/test/services/jellyfin.nix @@ -4,11 +4,7 @@ let testLib = pkgs.callPackage ../common.nix {}; - subdomain = "j"; - domain = "example.com"; - commonTestScript = testLib.mkScripts { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.jellyfin.ssl); waitForServices = { ... }: [ "jellyfin.service" @@ -19,10 +15,14 @@ let ]; }; - basic = { + basic = { config, ... }: { + test = { + subdomain = "v"; + }; + shb.jellyfin = { enable = true; - inherit domain subdomain; + inherit (config.test) subdomain domain; }; }; @@ -111,7 +111,7 @@ in imports = [ testLib.baseModule ../../modules/services/jellyfin.nix - (testLib.certs domain) + testLib.certs basic https ]; @@ -130,7 +130,7 @@ in testLib.baseModule ../../modules/services/jellyfin.nix basic - (testLib.ldap domain pkgs') + (testLib.ldap pkgs') ldap ]; }; @@ -147,11 +147,11 @@ in imports = [ testLib.baseModule ../../modules/services/jellyfin.nix - (testLib.certs domain) + testLib.certs basic https - (testLib.ldap domain pkgs') - (testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n) + (testLib.ldap pkgs') + (testLib.sso pkgs' config.shb.certs.certs.selfsigned.n) sso ]; }; diff --git a/test/services/monitoring.nix b/test/services/monitoring.nix index b872fe3..60a7cd3 100644 --- a/test/services/monitoring.nix +++ b/test/services/monitoring.nix @@ -4,13 +4,9 @@ let testLib = pkgs.callPackage ../common.nix {}; - subdomain = "grafana"; - domain = "example.com"; - password = "securepw"; commonTestScript = testLib.accessScript { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.monitoring.ssl); waitForServices = { ... }: [ "grafana.service" @@ -21,9 +17,13 @@ let }; basic = { config, ... }: { + test = { + subdomain = "g"; + }; + shb.monitoring = { enable = true; - inherit subdomain domain; + inherit (config.test) subdomain domain; grafanaPort = 3000; adminPassword.result = config.shb.hardcodedsecret."admin_password".result; @@ -70,7 +70,7 @@ in imports = [ testLib.baseModule ../../modules/blocks/monitoring.nix - (testLib.certs domain) + testLib.certs basic https ]; diff --git a/test/services/nextcloud.nix b/test/services/nextcloud.nix index d8950ae..2960f3a 100644 --- a/test/services/nextcloud.nix +++ b/test/services/nextcloud.nix @@ -5,14 +5,9 @@ let adminPass = "rootpw"; oidcSecret = "oidcSecret"; - subdomain = "n"; - domain = "example.com"; - fqdn = "${subdomain}.${domain}"; - testLib = pkgs.callPackage ../common.nix {}; commonTestScript = testLib.mkScripts { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.nextcloud.ssl); waitForServices = { ... }: [ "phpfpm-nextcloud.service" @@ -21,7 +16,7 @@ let waitForUnixSocket = { node, ... }: [ node.config.services.phpfpm.pools.nextcloud.socket ]; - extraScript = { node, proto_fqdn, ... }: '' + extraScript = { node, fqdn, proto_fqdn, ... }: '' import time def find_in_logs(unit, text): @@ -116,16 +111,20 @@ let }; basic = { config, ... }: { + test = { + subdomain = "n"; + }; + shb.nextcloud = { enable = true; - inherit domain subdomain; + inherit (config.test) subdomain domain; dataDir = "/var/lib/nextcloud"; tracing = null; defaultPhoneRegion = "US"; # This option is only needed because we do not access Nextcloud at the default port in the VM. - externalFqdn = "${fqdn}:8080"; + externalFqdn = "${config.test.fqdn}:8080"; adminUser = adminUser; adminPass.result = config.shb.hardcodedsecret.adminPass.result; @@ -273,7 +272,7 @@ in imports = [ testLib.baseModule ../../modules/services/nextcloud-server.nix - (testLib.certs domain) + testLib.certs basic https ]; @@ -292,7 +291,7 @@ in imports = [ testLib.baseModule ../../modules/services/nextcloud-server.nix - (testLib.certs domain) + testLib.certs basic https previewgenerator @@ -311,7 +310,7 @@ in imports = [ testLib.baseModule ../../modules/services/nextcloud-server.nix - (testLib.certs domain) + testLib.certs basic https externalstorage @@ -330,10 +329,10 @@ in imports = [ testLib.baseModule ../../modules/services/nextcloud-server.nix - (testLib.certs domain) + testLib.certs basic https - (testLib.ldap domain pkgs') + (testLib.ldap pkgs') ldap ]; }; @@ -350,12 +349,12 @@ in imports = [ testLib.baseModule ../../modules/services/nextcloud-server.nix - (testLib.certs domain) + testLib.certs basic https - (testLib.ldap domain pkgs') + (testLib.ldap pkgs') ldap - (testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n) + (testLib.sso pkgs' config.shb.certs.certs.selfsigned.n) sso ]; }; diff --git a/test/services/vaultwarden.nix b/test/services/vaultwarden.nix index 5c4ef27..c938e62 100644 --- a/test/services/vaultwarden.nix +++ b/test/services/vaultwarden.nix @@ -4,11 +4,7 @@ let testLib = pkgs.callPackage ../common.nix {}; - subdomain = "v"; - domain = "example.com"; - commonTestScript = testLib.mkScripts { - inherit subdomain domain; hasSSL = { node, ... }: !(isNull node.config.shb.vaultwarden.ssl); waitForServices = { ... }: [ "vaultwarden.service" @@ -51,10 +47,14 @@ let }; basic = { config, ... }: { + test = { + subdomain = "v"; + }; + shb.nginx.accessLog = true; shb.vaultwarden = { enable = true; - inherit subdomain domain; + inherit (config.test) subdomain domain; port = 8222; databasePassword.result = config.shb.hardcodedsecret.passphrase.result; @@ -115,7 +115,7 @@ in testLib.baseModule ../../modules/blocks/hardcodedsecret.nix ../../modules/services/vaultwarden.nix - (testLib.certs domain) + testLib.certs basic https ]; @@ -152,11 +152,11 @@ in testLib.baseModule ../../modules/blocks/hardcodedsecret.nix ../../modules/services/vaultwarden.nix - (testLib.certs domain) + testLib.certs basic https - (testLib.ldap domain pkgs') - (testLib.sso domain pkgs' config.shb.certs.certs.selfsigned.n) + (testLib.ldap pkgs') + (testLib.sso pkgs' config.shb.certs.certs.selfsigned.n) sso ]; }; @@ -169,14 +169,14 @@ in 5432 9091 ]; - extraScript = { proto_fqdn, ... }: '' + extraScript = { node, proto_fqdn, ... }: '' with subtest("unauthenticated access is not granted to /admin"): response = curl(client, """{"code":%{response_code},"auth_host":"%{urle.host}","auth_query":"%{urle.query}","all":%{json}}""", "${proto_fqdn}/admin") if response['code'] != 200: raise Exception(f"Code is {response['code']}") - if response['auth_host'] != "auth.${domain}": - raise Exception(f"auth host should be auth.${domain} but is {response['auth_host']}") + if response['auth_host'] != "auth.${node.config.test.domain}": + raise Exception(f"auth host should be auth.${node.config.test.domain} but is {response['auth_host']}") if response['auth_query'] != "rd=${proto_fqdn}/admin": raise Exception(f"auth query should be rd=${proto_fqdn}/admin but is {response['auth_query']}") '';