2021-05-21 21:15:23 +00:00
|
|
|
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
|
|
|
name = "plausible";
|
2021-06-01 15:59:59 +00:00
|
|
|
meta = with lib.maintainers; {
|
2023-10-18 17:58:47 +00:00
|
|
|
maintainers = [ ];
|
2021-05-21 21:15:23 +00:00
|
|
|
};
|
|
|
|
|
2022-03-20 23:15:30 +00:00
|
|
|
nodes.machine = { pkgs, ... }: {
|
2021-05-21 21:15:23 +00:00
|
|
|
virtualisation.memorySize = 4096;
|
|
|
|
services.plausible = {
|
|
|
|
enable = true;
|
|
|
|
adminUser = {
|
|
|
|
email = "admin@example.org";
|
|
|
|
passwordFile = "${pkgs.writeText "pwd" "foobar"}";
|
|
|
|
activate = true;
|
|
|
|
};
|
|
|
|
server = {
|
|
|
|
baseUrl = "http://localhost:8000";
|
|
|
|
secretKeybaseFile = "${pkgs.writeText "dont-try-this-at-home" "nannannannannannannannannannannannannannannannannannannan_batman!"}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
testScript = ''
|
|
|
|
start_all()
|
|
|
|
machine.wait_for_unit("plausible.service")
|
|
|
|
machine.wait_for_open_port(8000)
|
|
|
|
|
plausible, nixos/plausible: Add `listenAddress` option.
This changes
* the plausible HTTP web server
to be listening on localhost only, explicitly.
This makes Plausible have an explicit safe default configuration,
like all other networked services in NixOS.
For background discussion, see: https://github.com/NixOS/nixpkgs/issues/130244
As per my upstream Plausible contribution
(https://github.com/plausible/analytics/pull/1190)
Plausible >= 1.5 also defaults to listening to localhost only;
nevertheless, this default should be stated explicitly in nixpkgs
for easier review and independence from upstream changes, and
a NixOS user must be able to configure the
`listenAddress`, as there are valid use cases for that.
Also, disable
* the Erlang Beam VM inter-node RPC port
* the Erlang EPMD port
because Plausible does not use them (see added comment).
This is done by setting `RELEASE_DISTRIBUTION=none`.
Thus, this commit also removes the NixOS setting `releaseCookiePath`,
because it now has no effect.
2022-01-13 03:21:32 +00:00
|
|
|
# Ensure that the software does not make not make the machine
|
|
|
|
# listen on any public interfaces by default.
|
|
|
|
machine.fail("ss -tlpn 'src = 0.0.0.0 or src = [::]' | grep LISTEN")
|
|
|
|
|
2021-05-21 21:15:23 +00:00
|
|
|
machine.succeed("curl -f localhost:8000 >&2")
|
|
|
|
|
2023-09-20 01:42:16 +00:00
|
|
|
machine.succeed("curl -f localhost:8000/js/script.js >&2")
|
|
|
|
|
2021-05-21 21:15:23 +00:00
|
|
|
csrf_token = machine.succeed(
|
|
|
|
"curl -c /tmp/cookies localhost:8000/login | grep '_csrf_token' | sed -E 's,.*value=\"(.*)\".*,\\1,g'"
|
|
|
|
)
|
|
|
|
|
|
|
|
machine.succeed(
|
|
|
|
f"curl -b /tmp/cookies -f -X POST localhost:8000/login -F email=admin@example.org -F password=foobar -F _csrf_token={csrf_token.strip()} -D headers"
|
|
|
|
)
|
|
|
|
|
|
|
|
# By ensuring that the user is redirected to the dashboard after login, we
|
|
|
|
# also make sure that the automatic verification of the module works.
|
|
|
|
machine.succeed(
|
|
|
|
"[[ $(grep 'location: ' headers | cut -d: -f2- | xargs echo) == /sites* ]]"
|
|
|
|
)
|
|
|
|
|
|
|
|
machine.shutdown()
|
|
|
|
'';
|
|
|
|
})
|