vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / invidious.nix
blob05b43c5556060240593422ad23aae34cd5ac557d
1 import ./make-test-python.nix ({ pkgs, ... }: {
2   name = "invidious";
4   meta = with pkgs.lib.maintainers; {
5     maintainers = [ sbruder ];
6   };
8   nodes = {
9     postgres-tcp = { config, pkgs, ... }: {
10       services.postgresql = {
11         enable = true;
12         initialScript = pkgs.writeText "init-postgres-with-password" ''
13           CREATE USER invidious WITH PASSWORD 'correct horse battery staple';
14           CREATE DATABASE invidious WITH OWNER invidious;
15         '';
16         enableTCPIP = true;
17         authentication = ''
18           host invidious invidious samenet scram-sha-256
19         '';
20       };
21       networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ];
22     };
23     machine = { lib, pkgs, ... }: {
24       services.invidious = {
25         enable = true;
26       };
28       specialisation = {
29         nginx.configuration = {
30           services.invidious = {
31             nginx.enable = true;
32             domain = "invidious.example.com";
33           };
34           services.nginx.virtualHosts."invidious.example.com" = {
35             forceSSL = false;
36             enableACME = false;
37           };
38           networking.hosts."127.0.0.1" = [ "invidious.example.com" ];
39         };
40         nginx-sig-helper.configuration = {
41           services.invidious = {
42             nginx.enable = true;
43             domain = "invidious.example.com";
44             sig-helper.enable = true;
45             settings.log_level = "Trace";
46           };
47           services.nginx.virtualHosts."invidious.example.com" = {
48             forceSSL = false;
49             enableACME = false;
50           };
51           networking.hosts."127.0.0.1" = [ "invidious.example.com" ];
52         };
53         nginx-scale.configuration = {
54           services.invidious = {
55             nginx.enable = true;
56             domain = "invidious.example.com";
57             serviceScale = 3;
58           };
59           services.nginx.virtualHosts."invidious.example.com" = {
60             forceSSL = false;
61             enableACME = false;
62           };
63           networking.hosts."127.0.0.1" = [ "invidious.example.com" ];
64         };
65         nginx-scale-ytproxy.configuration = {
66           services.invidious = {
67             nginx.enable = true;
68             http3-ytproxy.enable = true;
69             domain = "invidious.example.com";
70             serviceScale = 3;
71           };
72           services.nginx.virtualHosts."invidious.example.com" = {
73             forceSSL = false;
74             enableACME = false;
75           };
76           networking.hosts."127.0.0.1" = [ "invidious.example.com" ];
77         };
78         postgres-tcp.configuration = {
79           services.invidious = {
80             database = {
81               createLocally = false;
82               host = "postgres-tcp";
83               passwordFile = toString (pkgs.writeText "database-password" "correct horse battery staple");
84             };
85           };
86         };
87       };
88     };
89   };
91   testScript = { nodes, ... }: ''
92     def curl_assert_status_code(url, code, form=None):
93         assert int(machine.succeed(f"curl -s -o /dev/null -w %{{http_code}} {'-F ' + form + ' ' if form else '''}{url}")) == code
96     def activate_specialisation(name: str):
97         machine.succeed(f"${nodes.machine.system.build.toplevel}/specialisation/{name}/bin/switch-to-configuration test >&2")
100     url = "http://localhost:${toString nodes.machine.services.invidious.port}"
101     port = ${toString nodes.machine.services.invidious.port}
103     # start postgres vm now
104     postgres_tcp.start()
106     machine.wait_for_open_port(port)
107     curl_assert_status_code(f"{url}/search", 200)
109     activate_specialisation("nginx")
110     machine.wait_for_open_port(80)
111     curl_assert_status_code("http://invidious.example.com/search", 200)
113     activate_specialisation("nginx-scale")
114     machine.wait_for_open_port(80)
115     # this depends on nginx round-robin behaviour for the upstream servers
116     curl_assert_status_code("http://invidious.example.com/search", 200)
117     curl_assert_status_code("http://invidious.example.com/search", 200)
118     curl_assert_status_code("http://invidious.example.com/search", 200)
119     machine.succeed("journalctl -eu invidious.service | grep -o '200 GET /search'")
120     machine.succeed("journalctl -eu invidious-1.service | grep -o '200 GET /search'")
121     machine.succeed("journalctl -eu invidious-2.service | grep -o '200 GET /search'")
123     activate_specialisation("nginx-scale-ytproxy")
124     machine.wait_for_unit("http3-ytproxy.service")
125     machine.wait_for_open_port(80)
126     machine.wait_until_succeeds("ls /run/http3-ytproxy/socket/http-proxy.sock")
127     curl_assert_status_code("http://invidious.example.com/search", 200)
128     # this should error out as no internet connectivity is available in the test
129     curl_assert_status_code("http://invidious.example.com/vi/dQw4w9WgXcQ/mqdefault.jpg", 502)
130     machine.succeed("journalctl -eu http3-ytproxy.service | grep -o 'dQw4w9WgXcQ'")
132     activate_specialisation("nginx-sig-helper")
133     machine.wait_for_unit("invidious-sig-helper.service")
134     # we can't really test the sig helper that well without internet connection...
135     # invidious does connect to the sig helper though and crashes when the sig helper is not available
136     machine.wait_for_open_port(80)
137     curl_assert_status_code("http://invidious.example.com/search", 200)
138     machine.succeed("journalctl -eu invidious.service | grep -o \"SigHelper: Using helper at 'tcp://127.0.0.1:2999'\"")
140     postgres_tcp.wait_for_unit("postgresql.service")
141     activate_specialisation("postgres-tcp")
142     machine.wait_for_open_port(port)
143     curl_assert_status_code(f"{url}/search", 200)
144   '';