1 import ../make-test-python.nix ({pkgs, ...}:
3 test-certificates = pkgs.runCommandLocal "test-certificates" { } ''
5 echo insecure-root-password > $out/root-password-file
6 echo insecure-intermediate-password > $out/intermediate-password-file
7 ${pkgs.step-cli}/bin/step certificate create "Example Root CA" $out/root_ca.crt $out/root_ca.key --password-file=$out/root-password-file --profile root-ca
8 ${pkgs.step-cli}/bin/step certificate create "Example Intermediate CA 1" $out/intermediate_ca.crt $out/intermediate_ca.key --password-file=$out/intermediate-password-file --ca-password-file=$out/root-password-file --profile intermediate-ca --ca $out/root_ca.crt --ca-key $out/root_ca.key
13 192.168.2.11 mastodon.local
19 meta.maintainers = with pkgs.lib.maintainers; [ erictapen izorkin ];
26 { address = "192.168.2.10"; prefixLength = 24; }
36 intermediatePasswordFile = "${test-certificates}/intermediate-password-file";
38 dnsNames = [ "ca.local" ];
39 root = "${test-certificates}/root_ca.crt";
40 crt = "${test-certificates}/intermediate_ca.crt";
41 key = "${test-certificates}/intermediate_ca.key";
44 dataSource = "/var/lib/step-ca/db";
58 server = { pkgs, ... }: {
62 { address = "192.168.2.11"; prefixLength = 24; }
66 firewall.allowedTCPPorts = [ 80 443 ];
72 defaults.server = "https://ca.local:8443/acme/acme/directory";
73 defaults.email = "mastodon@mastodon.local";
75 pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ];
78 services.redis.servers.mastodon = {
86 configureNginx = true;
87 localDomain = "mastodon.local";
88 enableUnixSocket = false;
96 host = "/run/postgresql";
100 createLocally = false;
101 fromAddress = "mastodon@mastodon.local";
104 EMAIL_DOMAIN_ALLOWLIST = "example.com";
109 client = { pkgs, ... }: {
110 environment.systemPackages = [ pkgs.jq ];
114 { address = "192.168.2.12"; prefixLength = 24; }
121 pki.certificateFiles = [ "${test-certificates}/root_ca.crt" ];
129 ca.wait_for_unit("step-ca.service")
130 ca.wait_for_open_port(8443)
132 server.wait_for_unit("nginx.service")
133 server.wait_for_unit("redis-mastodon.service")
134 server.wait_for_unit("postgresql.service")
135 server.wait_for_unit("mastodon-sidekiq.service")
136 server.wait_for_unit("mastodon-streaming.service")
137 server.wait_for_unit("mastodon-web.service")
138 server.wait_for_open_port(55000)
139 server.wait_for_open_port(55001)
141 # Check Mastodon version from remote client
142 client.succeed("curl --fail https://mastodon.local/api/v1/instance | jq -r '.version' | grep '${pkgs.mastodon.version}'")
144 # Check using admin CLI
145 # Check Mastodon version
146 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl version' | grep '${pkgs.mastodon.version}'")
149 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks add example.com'")
150 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'example.com'")
151 server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'mastodon.local'")
152 server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create alice --email=alice@example.com'")
153 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks remove example.com'")
154 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create bob --email=bob@example.com'")
155 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts approve bob'")
156 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts delete bob'")
159 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks add 192.168.0.0/16 --severity=no_access'")
160 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '192.168.0.0/16'")
161 server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl p_blocks export' | grep '172.16.0.0/16'")
162 client.fail("curl --fail https://mastodon.local/about")
163 server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'")
164 client.succeed("curl --fail https://mastodon.local/about")