nixos/tests/miniflux.nix

   1 import ./make-test-python.nix ({ pkgs, lib, ... }:
   2
   3 let
   4   port = 3142;
   5   username = "alice";
   6   password = "correcthorsebatterystaple";
   7   defaultPort = 8080;
   8   defaultUsername = "admin";
   9   defaultPassword = "password";
  10   adminCredentialsFile = pkgs.writeText "admin-credentials" ''
  11             ADMIN_USERNAME=${defaultUsername}
  12             ADMIN_PASSWORD=${defaultPassword}
  13           '';
  14   customAdminCredentialsFile = pkgs.writeText "admin-credentials" ''
  15             ADMIN_USERNAME=${username}
  16             ADMIN_PASSWORD=${password}
  17           '';
  18
  19 in
  20 {
  21   name = "miniflux";
  22   meta.maintainers = [ ];
  23
  24   nodes = {
  25     default =
  26       { ... }:
  27       {
  28         security.apparmor.enable = true;
  29         services.miniflux = {
  30           enable = true;
  31           inherit adminCredentialsFile;
  32         };
  33       };
  34
  35     withoutSudo =
  36       { ... }:
  37       {
  38         security.apparmor.enable = true;
  39         services.miniflux = {
  40           enable = true;
  41           inherit adminCredentialsFile;
  42         };
  43         security.sudo.enable = false;
  44       };
  45
  46     customized =
  47       { ... }:
  48       {
  49         security.apparmor.enable = true;
  50         services.miniflux = {
  51           enable = true;
  52           config = {
  53             CLEANUP_FREQUENCY = "48";
  54             LISTEN_ADDR = "localhost:${toString port}";
  55           };
  56           adminCredentialsFile = customAdminCredentialsFile;
  57         };
  58       };
  59   };
  60   testScript = ''
  61     start_all()
  62
  63     default.wait_for_unit("miniflux.service")
  64     default.wait_for_open_port(${toString defaultPort})
  65     default.succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep OK")
  66     default.succeed(
  67         "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'"
  68     )
  69     default.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
  70
  71     withoutSudo.wait_for_unit("miniflux.service")
  72     withoutSudo.wait_for_open_port(${toString defaultPort})
  73     withoutSudo.succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep OK")
  74     withoutSudo.succeed(
  75         "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'"
  76     )
  77     withoutSudo.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
  78
  79     customized.wait_for_unit("miniflux.service")
  80     customized.wait_for_open_port(${toString port})
  81     customized.succeed("curl --fail 'http://localhost:${toString port}/healthcheck' | grep OK")
  82     customized.succeed(
  83         "curl 'http://localhost:${toString port}/v1/me' -u '${username}:${password}' -H Content-Type:application/json | grep '\"is_admin\":true'"
  84     )
  85     customized.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
  86   '';
  87 })