search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / web-apps / mastodon / remote-databases.nix
blob8dc754fe9eb09f0190d7d4b7afb4829a77364176
1 import ../../make-test-python.nix ({pkgs, ...}:
2 let
3   cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
4     openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=mastodon.local' -days 36500
5     mkdir -p $out
6     cp key.pem cert.pem $out
7   '';
8
9   hosts = ''
10     192.168.2.103 mastodon.local
11   '';
12
13   postgresqlPassword = "thisisnotasecret";
14   redisPassword = "thisisnotasecrettoo";
15
16 in
17 {
18   name = "mastodon-remote-postgresql";
19   meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin ];
20
21   nodes = {
22     databases = { config, ... }: {
23       environment = {
24         etc = {
25           "redis/password-redis-db".text = redisPassword;
26         };
27       };
28       networking = {
29         interfaces.eth1 = {
30           ipv4.addresses = [
31             { address = "192.168.2.102"; prefixLength = 24; }
32           ];
33         };
34         extraHosts = hosts;
35         firewall.allowedTCPPorts = [
36           config.services.redis.servers.mastodon.port
37           config.services.postgresql.settings.port
38         ];
39       };
40
41       services.redis.servers.mastodon = {
42         enable = true;
43         bind = "0.0.0.0";
44         port = 31637;
45         requirePassFile = "/etc/redis/password-redis-db";
46       };
47
48       services.postgresql = {
49         enable = true;
50         enableTCPIP = true;
51         authentication = ''
52           hostnossl mastodon mastodon 192.168.2.201/32 md5
53         '';
54         ensureDatabases = [ "mastodon" ];
55         ensureUsers = [
56           {
57             name = "mastodon";
58             ensureDBOwnership = true;
59           }
60         ];
61         initialScript = pkgs.writeText "postgresql_init.sql" ''
62           CREATE ROLE mastodon LOGIN PASSWORD '${postgresqlPassword}';
63         '';
64       };
65     };
66
67     nginx = { nodes, ... }: {
68       networking = {
69         interfaces.eth1 = {
70           ipv4.addresses = [
71             { address = "192.168.2.103"; prefixLength = 24; }
72           ];
73         };
74         extraHosts = hosts;
75         firewall.allowedTCPPorts = [ 80 443 ];
76       };
77
78       security = {
79         pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
80       };
81
82       services.nginx = {
83         enable = true;
84         recommendedProxySettings = true;
85         virtualHosts."mastodon.local" = {
86           root = "/var/empty";
87           forceSSL = true;
88           enableACME = pkgs.lib.mkForce false;
89           sslCertificate = "${cert pkgs}/cert.pem";
90           sslCertificateKey = "${cert pkgs}/key.pem";
91           locations."/" = {
92             tryFiles = "$uri @proxy";
93           };
94           locations."@proxy" = {
95             proxyPass = "http://192.168.2.201:${toString nodes.server.services.mastodon.webPort}";
96             proxyWebsockets = true;
97           };
98         };
99       };
100     };
101
102     server = { config, pkgs, ... }: {
103       virtualisation.memorySize = 2048;
104
105       environment = {
106         etc = {
107           "mastodon/password-redis-db".text = redisPassword;
108           "mastodon/password-posgressql-db".text = postgresqlPassword;
109         };
110       };
111
112       networking = {
113         interfaces.eth1 = {
114           ipv4.addresses = [
115             { address = "192.168.2.201"; prefixLength = 24; }
116           ];
117         };
118         extraHosts = hosts;
119         firewall.allowedTCPPorts = [
120           config.services.mastodon.webPort
121           config.services.mastodon.sidekiqPort
122         ];
123       };
124
125       services.mastodon = {
126         enable = true;
127         configureNginx = false;
128         localDomain = "mastodon.local";
129         enableUnixSocket = false;
130         streamingProcesses = 2;
131         redis = {
132           createLocally = false;
133           host = "192.168.2.102";
134           port = 31637;
135           passwordFile = "/etc/mastodon/password-redis-db";
136         };
137         database = {
138           createLocally = false;
139           host = "192.168.2.102";
140           port = 5432;
141           name = "mastodon";
142           user = "mastodon";
143           passwordFile = "/etc/mastodon/password-posgressql-db";
144         };
145         smtp = {
146           createLocally = false;
147           fromAddress = "mastodon@mastodon.local";
148         };
149         extraConfig = {
150           BIND = "0.0.0.0";
151           EMAIL_DOMAIN_ALLOWLIST = "example.com";
152           RAILS_SERVE_STATIC_FILES = "true";
153           TRUSTED_PROXY_IP = "192.168.2.103";
154         };
155       };
156     };
157
158     client = { pkgs, ... }: {
159       environment.systemPackages = [ pkgs.jq ];
160       networking = {
161         interfaces.eth1 = {
162           ipv4.addresses = [
163             { address = "192.168.2.202"; prefixLength = 24; }
164           ];
165         };
166         extraHosts = hosts;
167       };
168
169       security = {
170         pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
171       };
172     };
173   };
174
175   testScript = import ./script.nix {
176     inherit pkgs;
177     extraInit = ''
178       nginx.wait_for_unit("nginx.service")
179       nginx.wait_for_open_port(443)
180       databases.wait_for_unit("redis-mastodon.service")
181       databases.wait_for_unit("postgresql.service")
182       databases.wait_for_open_port(31637)
183       databases.wait_for_open_port(5432)
184     '';
185     extraShutdown = ''
186       nginx.shutdown()
187       databases.shutdown()
188     '';
189   };
190 })
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs