Merge pull request #164398 from NinjaTrappeur/nin/pleroma-wrappers
This commit is contained in:
commit
05417a66e7
|
@ -1,6 +1,7 @@
|
||||||
{ config, options, lib, pkgs, stdenv, ... }:
|
{ config, options, lib, pkgs, stdenv, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.pleroma;
|
cfg = config.services.pleroma;
|
||||||
|
cookieFile = "/var/lib/pleroma/.cookie";
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
services.pleroma = with lib; {
|
services.pleroma = with lib; {
|
||||||
|
@ -8,7 +9,7 @@ in {
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.pleroma;
|
default = pkgs.pleroma.override { inherit cookieFile; };
|
||||||
defaultText = literalExpression "pkgs.pleroma";
|
defaultText = literalExpression "pkgs.pleroma";
|
||||||
description = "Pleroma package to use.";
|
description = "Pleroma package to use.";
|
||||||
};
|
};
|
||||||
|
@ -100,7 +101,6 @@ in {
|
||||||
after = [ "network-online.target" "postgresql.service" ];
|
after = [ "network-online.target" "postgresql.service" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
restartTriggers = [ config.environment.etc."/pleroma/config.exs".source ];
|
restartTriggers = [ config.environment.etc."/pleroma/config.exs".source ];
|
||||||
environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie";
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
|
@ -118,10 +118,10 @@ in {
|
||||||
# Better be safe than sorry migration-wise.
|
# Better be safe than sorry migration-wise.
|
||||||
ExecStartPre =
|
ExecStartPre =
|
||||||
let preScript = pkgs.writers.writeBashBin "pleromaStartPre" ''
|
let preScript = pkgs.writers.writeBashBin "pleromaStartPre" ''
|
||||||
if [ ! -f /var/lib/pleroma/.cookie ]
|
if [ ! -f "${cookieFile}" ] || [ ! -s "${cookieFile}" ]
|
||||||
then
|
then
|
||||||
echo "Creating cookie file"
|
echo "Creating cookie file"
|
||||||
dd if=/dev/urandom bs=1 count=16 | hexdump -e '16/1 "%02x"' > /var/lib/pleroma/.cookie
|
dd if=/dev/urandom bs=1 count=16 | ${pkgs.hexdump}/bin/hexdump -e '16/1 "%02x"' > "${cookieFile}"
|
||||||
fi
|
fi
|
||||||
${cfg.package}/bin/pleroma_ctl migrate
|
${cfg.package}/bin/pleroma_ctl migrate
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -32,8 +32,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
# system one. Overriding this pretty bad default behaviour.
|
# system one. Overriding this pretty bad default behaviour.
|
||||||
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
export TOOT_LOGIN_CLI_PASSWORD="jamy-password"
|
echo "jamy-password" | toot login_cli -i "pleroma.nixos.test" -e "jamy@nixos.test"
|
||||||
toot login_cli -i "pleroma.nixos.test" -e "jamy@nixos.test"
|
|
||||||
echo "Login OK"
|
echo "Login OK"
|
||||||
|
|
||||||
# Send a toot then verify it's part of the public timeline
|
# Send a toot then verify it's part of the public timeline
|
||||||
|
@ -168,21 +167,6 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
cp key.pem cert.pem $out
|
cp key.pem cert.pem $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
/* Toot is preventing users from feeding login_cli a password non
|
|
||||||
interactively. While it makes sense most of the times, it's
|
|
||||||
preventing us to login in this non-interactive test. This patch
|
|
||||||
introduce a TOOT_LOGIN_CLI_PASSWORD env variable allowing us to
|
|
||||||
provide a password to toot login_cli
|
|
||||||
|
|
||||||
If https://github.com/ihabunek/toot/pull/180 gets merged at some
|
|
||||||
point, feel free to remove this patch. */
|
|
||||||
custom-toot = pkgs.toot.overrideAttrs(old:{
|
|
||||||
patches = [ (pkgs.fetchpatch {
|
|
||||||
url = "https://github.com/NinjaTrappeur/toot/commit/b4a4c30f41c0cb7e336714c2c4af9bc9bfa0c9f2.patch";
|
|
||||||
sha256 = "sha256-0xxNwjR/fStLjjUUhwzCCfrghRVts+fc+fvVJqVcaFg=";
|
|
||||||
}) ];
|
|
||||||
});
|
|
||||||
|
|
||||||
hosts = nodes: ''
|
hosts = nodes: ''
|
||||||
${nodes.pleroma.config.networking.primaryIPAddress} pleroma.nixos.test
|
${nodes.pleroma.config.networking.primaryIPAddress} pleroma.nixos.test
|
||||||
${nodes.client.config.networking.primaryIPAddress} client.nixos.test
|
${nodes.client.config.networking.primaryIPAddress} client.nixos.test
|
||||||
|
@ -194,7 +178,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
|
||||||
security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ];
|
security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ];
|
||||||
networking.extraHosts = hosts nodes;
|
networking.extraHosts = hosts nodes;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
custom-toot
|
toot
|
||||||
send-toot
|
send-toot
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ lib, beamPackages
|
{ lib, beamPackages
|
||||||
, fetchFromGitHub, fetchFromGitLab
|
, fetchFromGitHub, fetchFromGitLab
|
||||||
, file, cmake
|
, file, cmake, bash
|
||||||
, nixosTests, writeText
|
, nixosTests, writeText
|
||||||
|
, cookieFile ? null
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -17,6 +18,34 @@ beamPackages.mixRelease rec {
|
||||||
sha256 = "sha256-RcqqNNNCR4cxETUCyjChkpq+cQ1QzNOHHzdqBLtOc6g=";
|
sha256 = "sha256-RcqqNNNCR4cxETUCyjChkpq+cQ1QzNOHHzdqBLtOc6g=";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
preFixup = if (cookieFile != null) then ''
|
||||||
|
# There's no way to use a subprocess to cat the content of the
|
||||||
|
# file cookie using wrapProgram: it gets escaped (by design) with
|
||||||
|
# a pair of backticks :(
|
||||||
|
# We have to come up with our own custom wrapper to do this.
|
||||||
|
function wrapWithCookie () {
|
||||||
|
local hidden
|
||||||
|
hidden="$(dirname "$1")/.$(basename "$1")"-wrapped
|
||||||
|
while [ -e "$hidden" ]; do
|
||||||
|
hidden="''${hidden}_"
|
||||||
|
done
|
||||||
|
mv "$1" "''${hidden}"
|
||||||
|
|
||||||
|
cat > "$1" << EOF
|
||||||
|
#!${bash}/bin/bash
|
||||||
|
export RELEASE_COOKIE="\$(cat "${cookieFile}")"
|
||||||
|
exec -a "\$0" "''${hidden}" "\$@"
|
||||||
|
EOF
|
||||||
|
chmod +x "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
for f in "$out"/bin/*; do
|
||||||
|
if [[ -x "$f" ]]; then
|
||||||
|
wrapWithCookie "$f"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
'' else "";
|
||||||
|
|
||||||
mixNixDeps = import ./mix.nix {
|
mixNixDeps = import ./mix.nix {
|
||||||
inherit beamPackages lib;
|
inherit beamPackages lib;
|
||||||
overrides = (final: prev: {
|
overrides = (final: prev: {
|
||||||
|
|
Loading…
Reference in a new issue