344 lines
9.4 KiB
Nix
344 lines
9.4 KiB
Nix
{ shb, ... }:
|
|
let
|
|
adminPassword = "AdminPassword";
|
|
|
|
commonTestScript = shb.test.mkScripts {
|
|
hasSSL = { node, ... }: !(isNull node.config.shb.forgejo.ssl);
|
|
waitForServices =
|
|
{ ... }:
|
|
[
|
|
"forgejo.service"
|
|
"nginx.service"
|
|
];
|
|
waitForUnixSocket =
|
|
{ node, ... }:
|
|
[
|
|
node.config.services.forgejo.settings.server.HTTP_ADDR
|
|
];
|
|
extraScript =
|
|
{ node, ... }:
|
|
''
|
|
server.wait_for_unit("gitea-runner-local.service", timeout=10)
|
|
server.succeed("journalctl -o cat -u gitea-runner-local.service | grep -q 'Runner registered successfully'")
|
|
'';
|
|
};
|
|
|
|
basic =
|
|
{ config, ... }:
|
|
{
|
|
imports = [
|
|
shb.test.baseModule
|
|
../../modules/blocks/hardcodedsecret.nix
|
|
../../modules/services/forgejo.nix
|
|
];
|
|
|
|
test = {
|
|
subdomain = "f";
|
|
};
|
|
|
|
shb.forgejo = {
|
|
enable = true;
|
|
inherit (config.test) subdomain domain;
|
|
|
|
users = {
|
|
"theadmin" = {
|
|
isAdmin = true;
|
|
email = "theadmin@example.com";
|
|
password.result = config.shb.hardcodedsecret.forgejoAdminPassword.result;
|
|
};
|
|
"theuser" = {
|
|
email = "theuser@example.com";
|
|
password.result = config.shb.hardcodedsecret.forgejoUserPassword.result;
|
|
};
|
|
};
|
|
databasePassword.result = config.shb.hardcodedsecret.forgejoDatabasePassword.result;
|
|
};
|
|
|
|
# Needed for gitea-runner-local to be able to ping forgejo.
|
|
networking.hosts = {
|
|
"127.0.0.1" = [ "${config.test.subdomain}.${config.test.domain}" ];
|
|
};
|
|
|
|
shb.hardcodedsecret.forgejoAdminPassword = {
|
|
request = config.shb.forgejo.users."theadmin".password.request;
|
|
settings.content = adminPassword;
|
|
};
|
|
|
|
shb.hardcodedsecret.forgejoUserPassword = {
|
|
request = config.shb.forgejo.users."theuser".password.request;
|
|
settings.content = "userPassword";
|
|
};
|
|
|
|
shb.hardcodedsecret.forgejoDatabasePassword = {
|
|
request = config.shb.forgejo.databasePassword.request;
|
|
settings.content = "databasePassword";
|
|
};
|
|
};
|
|
|
|
clientLogin =
|
|
{ config, ... }:
|
|
{
|
|
imports = [
|
|
shb.test.baseModule
|
|
shb.test.clientLoginModule
|
|
];
|
|
test = {
|
|
subdomain = "f";
|
|
};
|
|
|
|
test.login = {
|
|
startUrl = "http://${config.test.fqdn}/user/login";
|
|
usernameFieldLabelRegex = "Username or email address";
|
|
passwordFieldLabelRegex = "Password";
|
|
loginButtonNameRegex = "[sS]ign [iI]n";
|
|
testLoginWith = [
|
|
{
|
|
username = "theadmin";
|
|
password = adminPassword + "oops";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
|
|
];
|
|
}
|
|
{
|
|
username = "theadmin";
|
|
password = adminPassword;
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()"
|
|
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
|
|
"expect(page).to_have_title(re.compile('Dashboard'))"
|
|
];
|
|
}
|
|
{
|
|
username = "theuser";
|
|
password = "userPasswordOops";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
|
|
];
|
|
}
|
|
{
|
|
username = "theuser";
|
|
password = "userPassword";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()"
|
|
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
|
|
"expect(page).to_have_title(re.compile('Dashboard'))"
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
https =
|
|
{ config, ... }:
|
|
{
|
|
shb.forgejo = {
|
|
ssl = config.shb.certs.certs.selfsigned.n;
|
|
};
|
|
};
|
|
|
|
ldap =
|
|
{ config, ... }:
|
|
{
|
|
shb.forgejo = {
|
|
ldap = {
|
|
enable = true;
|
|
host = "127.0.0.1";
|
|
port = config.shb.lldap.ldapPort;
|
|
dcdomain = config.shb.lldap.dcdomain;
|
|
adminPassword.result = config.shb.hardcodedsecret.forgejoLdapUserPassword.result;
|
|
waitForSystemdServices = [ "lldap.service" ];
|
|
|
|
userGroup = "user_group";
|
|
adminGroup = "admin_group";
|
|
};
|
|
};
|
|
|
|
shb.hardcodedsecret.forgejoLdapUserPassword = {
|
|
request = config.shb.forgejo.ldap.adminPassword.request;
|
|
settings.content = "ldapUserPassword";
|
|
};
|
|
};
|
|
|
|
sso =
|
|
{ config, ... }:
|
|
{
|
|
shb.forgejo = {
|
|
sso = {
|
|
enable = true;
|
|
endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";
|
|
sharedSecret.result = config.shb.hardcodedsecret.forgejoSSOPassword.result;
|
|
sharedSecretForAuthelia.result = config.shb.hardcodedsecret.forgejoSSOPasswordAuthelia.result;
|
|
};
|
|
};
|
|
|
|
shb.hardcodedsecret.forgejoSSOPassword = {
|
|
request = config.shb.forgejo.sso.sharedSecret.request;
|
|
settings.content = "ssoPassword";
|
|
};
|
|
|
|
shb.hardcodedsecret.forgejoSSOPasswordAuthelia = {
|
|
request = config.shb.forgejo.sso.sharedSecretForAuthelia.request;
|
|
settings.content = "ssoPassword";
|
|
};
|
|
};
|
|
in
|
|
{
|
|
basic = shb.test.runNixOSTest {
|
|
name = "forgejo_basic";
|
|
|
|
nodes.client = {
|
|
imports = [
|
|
clientLogin
|
|
];
|
|
};
|
|
nodes.server = {
|
|
imports = [
|
|
basic
|
|
];
|
|
};
|
|
|
|
testScript = commonTestScript.access;
|
|
};
|
|
|
|
backup = shb.test.runNixOSTest {
|
|
name = "forgejo_backup";
|
|
|
|
nodes.server =
|
|
{ config, ... }:
|
|
{
|
|
imports = [
|
|
basic
|
|
(shb.test.backup config.shb.forgejo.backup)
|
|
];
|
|
};
|
|
|
|
nodes.client = { };
|
|
|
|
testScript = commonTestScript.backup;
|
|
};
|
|
|
|
https = shb.test.runNixOSTest {
|
|
name = "forgejo_https";
|
|
|
|
nodes.server = {
|
|
imports = [
|
|
basic
|
|
shb.test.certs
|
|
https
|
|
];
|
|
};
|
|
|
|
nodes.client = { };
|
|
|
|
testScript = commonTestScript.access;
|
|
};
|
|
|
|
ldap = shb.test.runNixOSTest {
|
|
name = "forgejo_ldap";
|
|
|
|
nodes.server = {
|
|
imports = [
|
|
basic
|
|
shb.test.ldap
|
|
ldap
|
|
];
|
|
};
|
|
|
|
nodes.client = {
|
|
imports = [
|
|
(
|
|
{ config, ... }:
|
|
{
|
|
imports = [
|
|
shb.test.baseModule
|
|
shb.test.clientLoginModule
|
|
];
|
|
|
|
test = {
|
|
subdomain = "f";
|
|
};
|
|
|
|
test.login = {
|
|
startUrl = "http://${config.test.fqdn}/user/login";
|
|
usernameFieldLabelRegex = "Username or email address";
|
|
passwordFieldLabelRegex = "Password";
|
|
loginButtonNameRegex = "[sS]ign [iI]n";
|
|
testLoginWith = [
|
|
{
|
|
username = "alice";
|
|
password = "NotAlicePassword";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
|
|
];
|
|
}
|
|
{
|
|
username = "alice";
|
|
password = "AlicePassword";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()"
|
|
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
|
|
"expect(page).to_have_title(re.compile('Dashboard'))"
|
|
];
|
|
}
|
|
{
|
|
username = "bob";
|
|
password = "NotBobPassword";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
|
|
];
|
|
}
|
|
{
|
|
username = "bob";
|
|
password = "BobPassword";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).not_to_be_visible()"
|
|
"expect(page.get_by_role('button', name=re.compile('Sign In'))).not_to_be_visible()"
|
|
"expect(page).to_have_title(re.compile('Dashboard'))"
|
|
];
|
|
}
|
|
{
|
|
username = "charlie";
|
|
password = "NotCharliePassword";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
|
|
];
|
|
}
|
|
{
|
|
username = "charlie";
|
|
password = "CharliePassword";
|
|
nextPageExpect = [
|
|
"expect(page.get_by_text('Username or password is incorrect.')).to_be_visible()"
|
|
];
|
|
}
|
|
];
|
|
};
|
|
}
|
|
)
|
|
];
|
|
};
|
|
|
|
testScript = commonTestScript.access;
|
|
};
|
|
|
|
sso = shb.test.runNixOSTest {
|
|
name = "forgejo_sso";
|
|
|
|
nodes.server =
|
|
{ config, pkgs, ... }:
|
|
{
|
|
imports = [
|
|
basic
|
|
shb.test.certs
|
|
https
|
|
ldap
|
|
shb.test.ldap
|
|
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
|
sso
|
|
];
|
|
};
|
|
|
|
nodes.client = { };
|
|
|
|
testScript = commonTestScript.access;
|
|
};
|
|
}
|