mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-25 15:13:46 +00:00
4f0dadbf38
After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-builda08b3a4d19
.tar.gz \ --argstr baseRevb32a094368
result/bin/apply-formatting $NIXPKGS_PATH
105 lines
4.4 KiB
Nix
105 lines
4.4 KiB
Nix
import ./make-test-python.nix (
|
|
{ pkgs, lib, ... }:
|
|
let
|
|
uiPort = 1234;
|
|
backendPort = 5678;
|
|
lemmyNodeName = "server";
|
|
in
|
|
{
|
|
name = "lemmy";
|
|
meta = with lib.maintainers; {
|
|
maintainers = [ mightyiam ];
|
|
};
|
|
|
|
nodes = {
|
|
client = { };
|
|
|
|
"${lemmyNodeName}" = {
|
|
services.lemmy = {
|
|
enable = true;
|
|
ui.port = uiPort;
|
|
database.createLocally = true;
|
|
settings = {
|
|
hostname = "http://${lemmyNodeName}";
|
|
port = backendPort;
|
|
# Without setup, the /feeds/* and /nodeinfo/* API endpoints won't return 200
|
|
setup = {
|
|
admin_username = "mightyiam";
|
|
site_name = "Lemmy FTW";
|
|
admin_email = "mightyiam@example.com";
|
|
};
|
|
};
|
|
adminPasswordFile = /etc/lemmy-admin-password.txt;
|
|
caddy.enable = true;
|
|
};
|
|
|
|
environment.etc."lemmy-admin-password.txt".text = "ThisIsWhatIUseEverywhereTryIt";
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
# pict-rs seems to need more than 1025114112 bytes
|
|
virtualisation.memorySize = 2000;
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
server = ${lemmyNodeName}
|
|
|
|
with subtest("the merged config is secure"):
|
|
server.wait_for_unit("lemmy.service")
|
|
config_permissions = server.succeed("stat --format %A /run/lemmy/config.hjson").rstrip()
|
|
assert config_permissions == "-rw-------", f"merged config permissions {config_permissions} are insecure"
|
|
directory_permissions = server.succeed("stat --format %A /run/lemmy").rstrip()
|
|
assert directory_permissions[5] == directory_permissions[8] == "-", "merged config can be replaced"
|
|
|
|
with subtest("the backend starts and responds"):
|
|
server.wait_for_open_port(${toString backendPort})
|
|
# wait until succeeds, it just needs few seconds for migrations, but lets give it 50s max
|
|
server.wait_until_succeeds("curl --fail localhost:${toString backendPort}/api/v3/site", 50)
|
|
|
|
with subtest("the UI starts and responds"):
|
|
server.wait_for_unit("lemmy-ui.service")
|
|
server.wait_for_open_port(${toString uiPort})
|
|
server.succeed("curl --fail localhost:${toString uiPort}")
|
|
|
|
with subtest("Lemmy-UI responds through the caddy reverse proxy"):
|
|
server.systemctl("start network-online.target")
|
|
server.wait_for_unit("network-online.target")
|
|
server.wait_for_unit("caddy.service")
|
|
server.wait_for_open_port(80)
|
|
body = server.execute("curl --fail --location ${lemmyNodeName}")[1]
|
|
assert "Lemmy" in body, f"String Lemmy not found in response for ${lemmyNodeName}: \n{body}"
|
|
|
|
with subtest("the server is exposed externally"):
|
|
client.systemctl("start network-online.target")
|
|
client.wait_for_unit("network-online.target")
|
|
client.succeed("curl -v --fail ${lemmyNodeName}")
|
|
|
|
with subtest("caddy correctly routes backend requests"):
|
|
# Make sure we are not hitting frontend
|
|
server.execute("systemctl stop lemmy-ui.service")
|
|
|
|
def assert_http_code(url, expected_http_code, extra_curl_args=""):
|
|
_, http_code = server.execute(f'curl --location --silent -o /dev/null {extra_curl_args} --fail --write-out "%{{http_code}}" {url}')
|
|
assert http_code == str(expected_http_code), f"expected http code {expected_http_code}, got {http_code}"
|
|
|
|
# Caddy responds with HTTP code 502 if it cannot handle the requested path
|
|
assert_http_code("${lemmyNodeName}/obviously-wrong-path/", 502)
|
|
|
|
assert_http_code("${lemmyNodeName}/static/js/client.js", 200)
|
|
assert_http_code("${lemmyNodeName}/api/v3/site", 200)
|
|
|
|
# A 404 confirms that the request goes to the backend
|
|
# No path can return 200 until after we upload an image to pict-rs
|
|
assert_http_code("${lemmyNodeName}/pictrs/", 404)
|
|
|
|
assert_http_code("${lemmyNodeName}/feeds/all.xml", 200)
|
|
assert_http_code("${lemmyNodeName}/nodeinfo/2.0.json", 200)
|
|
|
|
assert_http_code("${lemmyNodeName}/some-other-made-up-path/", 404, "-X POST")
|
|
assert_http_code("${lemmyNodeName}/some-other-path", 404, "-H 'Accept: application/activity+json'")
|
|
assert_http_code("${lemmyNodeName}/some-other-path", 404, "-H 'Accept: application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"'")
|
|
'';
|
|
}
|
|
)
|