selfhostblocks/test/services/forgejo.nix

344 lines
9.4 KiB
Nix

{ shb, ... }:
let
adminPassword = "AdminPassword";
commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.forgejo.ssl);
waitForServices =
{ ... }:
[
"forgejo.service"
"nginx.service"
];
waitForUnixSocket =
{ node, ... }:
[
node.config.services.forgejo.settings.server.HTTP_ADDR
];
extraScript =
{ node, ... }:
''
server.wait_for_unit("gitea-runner-local.service", timeout=10)
server.succeed("journalctl -o cat -u gitea-runner-local.service | grep -q 'Runner registered successfully'")
'';
};
basic =
{ config, ... }:
{
imports = [
shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix
../../modules/services/forgejo.nix
];
test = {
subdomain = "f";
};
shb.forgejo = {
enable = true;
inherit (config.test) subdomain domain;
users = {
"theadmin" = {
isAdmin = true;
email = "theadmin@example.com";
password.result = config.shb.hardcodedsecret.forgejoAdminPassword.result;
};
"theuser" = {
email = "theuser@example.com";
password.result = config.shb.hardcodedsecret.forgejoUserPassword.result;
};
};
databasePassword.result = config.shb.hardcodedsecret.forgejoDatabasePassword.result;
};
# Needed for gitea-runner-local to be able to ping forgejo.
networking.hosts = {
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
};
shb.hardcodedsecret.forgejoAdminPassword = {
request = config.shb.forgejo.users."theadmin".password.request;
settings.content = adminPassword;
};
shb.hardcodedsecret.forgejoUserPassword = {
request = config.shb.forgejo.users."theuser".password.request;
settings.content = "userPassword";
};
shb.hardcodedsecret.forgejoDatabasePassword = {
request = config.shb.forgejo.databasePassword.request;
settings.content = "databasePassword";
};
};
clientLogin =
{ config, ... }:
{
imports = [
shb.test.baseModule
shb.test.clientLoginModule
];
test = {
subdomain = "f";
};
test.login = {
startUrl = "http://${config.test.fqdn}/user/login";
usernameFieldLabelRegex = "Username or email address";
passwordFieldLabelRegex = "Password";
loginButtonNameRegex = "[sS]ign [iI]n";
testLoginWith = [
{
username = "theadmin";
password = adminPassword + "oops";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
];
}
{
username = "theadmin";
password = adminPassword;
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()"
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page).to_have_title(re.compile('Dashboard'))"
];
}
{
username = "theuser";
password = "userPasswordOops";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
];
}
{
username = "theuser";
password = "userPassword";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()"
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page).to_have_title(re.compile('Dashboard'))"
];
}
];
};
};
https =
{ config, ... }:
{
shb.forgejo = {
ssl = config.shb.certs.certs.selfsigned.n;
};
};
ldap =
{ config, ... }:
{
shb.forgejo = {
ldap = {
enable = true;
host = "127.0.0.1";
port = config.shb.lldap.ldapPort;
dcdomain = config.shb.lldap.dcdomain;
adminPassword.result = config.shb.hardcodedsecret.forgejoLdapUserPassword.result;
waitForSystemdServices = [ "lldap.service" ];
userGroup = "user_group";
adminGroup = "admin_group";
};
};
shb.hardcodedsecret.forgejoLdapUserPassword = {
request = config.shb.forgejo.ldap.adminPassword.request;
settings.content = "ldapUserPassword";
};
};
sso =
{ config, ... }:
{
shb.forgejo = {
sso = {
enable = true;
endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
sharedSecret.result = config.shb.hardcodedsecret.forgejoSSOPassword.result;
sharedSecretForAuthelia.result = config.shb.hardcodedsecret.forgejoSSOPasswordAuthelia.result;
};
};
shb.hardcodedsecret.forgejoSSOPassword = {
request = config.shb.forgejo.sso.sharedSecret.request;
settings.content = "ssoPassword";
};
shb.hardcodedsecret.forgejoSSOPasswordAuthelia = {
request = config.shb.forgejo.sso.sharedSecretForAuthelia.request;
settings.content = "ssoPassword";
};
};
in
{
basic = shb.test.runNixOSTest {
name = "forgejo_basic";
nodes.client = {
imports = [
clientLogin
];
};
nodes.server = {
imports = [
basic
];
};
testScript = commonTestScript.access;
};
backup = shb.test.runNixOSTest {
name = "forgejo_backup";
nodes.server =
{ config, ... }:
{
imports = [
basic
(shb.test.backup config.shb.forgejo.backup)
];
};
nodes.client = { };
testScript = commonTestScript.backup;
};
https = shb.test.runNixOSTest {
name = "forgejo_https";
nodes.server = {
imports = [
basic
shb.test.certs
https
];
};
nodes.client = { };
testScript = commonTestScript.access;
};
ldap = shb.test.runNixOSTest {
name = "forgejo_ldap";
nodes.server = {
imports = [
basic
shb.test.ldap
ldap
];
};
nodes.client = {
imports = [
(
{ config, ... }:
{
imports = [
shb.test.baseModule
shb.test.clientLoginModule
];
test = {
subdomain = "f";
};
test.login = {
startUrl = "http://${config.test.fqdn}/user/login";
usernameFieldLabelRegex = "Username or email address";
passwordFieldLabelRegex = "Password";
loginButtonNameRegex = "[sS]ign [iI]n";
testLoginWith = [
{
username = "alice";
password = "NotAlicePassword";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
];
}
{
username = "alice";
password = "AlicePassword";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()"
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page).to_have_title(re.compile('Dashboard'))"
];
}
{
username = "bob";
password = "NotBobPassword";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
];
}
{
username = "bob";
password = "BobPassword";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()"
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
"expect(page).to_have_title(re.compile('Dashboard'))"
];
}
{
username = "charlie";
password = "NotCharliePassword";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
];
}
{
username = "charlie";
password = "CharliePassword";
nextPageExpect = [
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
];
}
];
};
}
)
];
};
testScript = commonTestScript.access;
};
sso = shb.test.runNixOSTest {
name = "forgejo_sso";
nodes.server =
{ config, pkgs, ... }:
{
imports = [
basic
shb.test.certs
https
ldap
shb.test.ldap
(shb.test.sso config.shb.certs.certs.selfsigned.n)
sso
];
};
nodes.client = { };
testScript = commonTestScript.access;
};
}