{ shb, ... }: let adminPassword = "AdminPassword"; commonTestScript = shb.test.mkScripts { hasSSL = { node, ... }: !(isNull node.config.shb.forgejo.ssl); waitForServices = { ... }: [ "forgejo.service" "nginx.service" ]; waitForUnixSocket = { node, ... }: [ node.config.services.forgejo.settings.server.HTTP_ADDR ]; extraScript = { node, ... }: '' server.wait_for_unit("gitea-runner-local.service", timeout=10) server.succeed("journalctl -o cat -u gitea-runner-local.service | grep -q 'Runner registered successfully'") ''; }; basic = { config, ... }: { imports = [ shb.test.baseModule ../../modules/blocks/hardcodedsecret.nix ../../modules/services/forgejo.nix ]; test = { subdomain = "f"; }; shb.forgejo = { enable = true; inherit (config.test) subdomain domain; users = { "theadmin" = { isAdmin = true; email = "theadmin@example.com"; password.result = config.shb.hardcodedsecret.forgejoAdminPassword.result; }; "theuser" = { email = "theuser@example.com"; password.result = config.shb.hardcodedsecret.forgejoUserPassword.result; }; }; databasePassword.result = config.shb.hardcodedsecret.forgejoDatabasePassword.result; }; # Needed for gitea-runner-local to be able to ping forgejo. networking.hosts = { "127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ]; }; shb.hardcodedsecret.forgejoAdminPassword = { request = config.shb.forgejo.users."theadmin".password.request; settings.content = adminPassword; }; shb.hardcodedsecret.forgejoUserPassword = { request = config.shb.forgejo.users."theuser".password.request; settings.content = "userPassword"; }; shb.hardcodedsecret.forgejoDatabasePassword = { request = config.shb.forgejo.databasePassword.request; settings.content = "databasePassword"; }; }; clientLogin = { config, ... }: { imports = [ shb.test.baseModule shb.test.clientLoginModule ]; test = { subdomain = "f"; }; test.login = { startUrl = "http://${config.test.fqdn}/user/login"; usernameFieldLabelRegex = "Username or email address"; passwordFieldLabelRegex = "Password"; loginButtonNameRegex = "[sS]ign [iI]n"; testLoginWith = [ { username = "theadmin"; password = adminPassword + "oops"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()" ]; } { username = "theadmin"; password = adminPassword; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()" "expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()" "expect(page).to_have_title(re.compile('Dashboard'))" ]; } { username = "theuser"; password = "userPasswordOops"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()" ]; } { username = "theuser"; password = "userPassword"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()" "expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()" "expect(page).to_have_title(re.compile('Dashboard'))" ]; } ]; }; }; https = { config, ... }: { shb.forgejo = { ssl = config.shb.certs.certs.selfsigned.n; }; }; ldap = { config, ... }: { shb.forgejo = { ldap = { enable = true; host = "127.0.0.1"; port = config.shb.lldap.ldapPort; dcdomain = config.shb.lldap.dcdomain; adminPassword.result = config.shb.hardcodedsecret.forgejoLdapUserPassword.result; waitForSystemdServices = [ "lldap.service" ]; userGroup = "user_group"; adminGroup = "admin_group"; }; }; shb.hardcodedsecret.forgejoLdapUserPassword = { request = config.shb.forgejo.ldap.adminPassword.request; settings.content = "ldapUserPassword"; }; }; sso = { config, ... }: { shb.forgejo = { sso = { enable = true; endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; sharedSecret.result = config.shb.hardcodedsecret.forgejoSSOPassword.result; sharedSecretForAuthelia.result = config.shb.hardcodedsecret.forgejoSSOPasswordAuthelia.result; }; }; shb.hardcodedsecret.forgejoSSOPassword = { request = config.shb.forgejo.sso.sharedSecret.request; settings.content = "ssoPassword"; }; shb.hardcodedsecret.forgejoSSOPasswordAuthelia = { request = config.shb.forgejo.sso.sharedSecretForAuthelia.request; settings.content = "ssoPassword"; }; }; in { basic = shb.test.runNixOSTest { name = "forgejo_basic"; nodes.client = { imports = [ clientLogin ]; }; nodes.server = { imports = [ basic ]; }; testScript = commonTestScript.access; }; backup = shb.test.runNixOSTest { name = "forgejo_backup"; nodes.server = { config, ... }: { imports = [ basic (shb.test.backup config.shb.forgejo.backup) ]; }; nodes.client = { }; testScript = commonTestScript.backup; }; https = shb.test.runNixOSTest { name = "forgejo_https"; nodes.server = { imports = [ basic shb.test.certs https ]; }; nodes.client = { }; testScript = commonTestScript.access; }; ldap = shb.test.runNixOSTest { name = "forgejo_ldap"; nodes.server = { imports = [ basic shb.test.ldap ldap ]; }; nodes.client = { imports = [ ( { config, ... }: { imports = [ shb.test.baseModule shb.test.clientLoginModule ]; test = { subdomain = "f"; }; test.login = { startUrl = "http://${config.test.fqdn}/user/login"; usernameFieldLabelRegex = "Username or email address"; passwordFieldLabelRegex = "Password"; loginButtonNameRegex = "[sS]ign [iI]n"; testLoginWith = [ { username = "alice"; password = "NotAlicePassword"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()" ]; } { username = "alice"; password = "AlicePassword"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()" "expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()" "expect(page).to_have_title(re.compile('Dashboard'))" ]; } { username = "bob"; password = "NotBobPassword"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()" ]; } { username = "bob"; password = "BobPassword"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()" "expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()" "expect(page).to_have_title(re.compile('Dashboard'))" ]; } { username = "charlie"; password = "NotCharliePassword"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()" ]; } { username = "charlie"; password = "CharliePassword"; nextPageExpect = [ "expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()" ]; } ]; }; } ) ]; }; testScript = commonTestScript.access; }; sso = shb.test.runNixOSTest { name = "forgejo_sso"; nodes.server = { config, pkgs, ... }: { imports = [ basic shb.test.certs https ldap shb.test.ldap (shb.test.sso config.shb.certs.certs.selfsigned.n) sso ]; }; nodes.client = { }; testScript = commonTestScript.access; }; }