From 4d5c077c831cb59abc7c2e5fe28aefbbfba6e4a1 Mon Sep 17 00:00:00 2001
From: b12f <git@benjaminbaedorf.eu>
Date: Thu, 23 Jan 2025 23:34:38 +0100
Subject: [PATCH] test: keycloak test goes through full registration
---
.gitignore | 1 +
hosts/blue-shell/wireguard.nix | 2 +-
hosts/default.nix | 14 ++--
hosts/delite/wireguard.nix | 2 +-
hosts/metronom/wireguard.nix | 2 +-
hosts/nachtigall/wireguard.nix | 2 +-
hosts/tankstelle/default.nix | 1 -
hosts/tankstelle/wireguard.nix | 4 +-
hosts/trinkgenossin/wireguard.nix | 2 +-
lib/default.nix | 2 +-
lib/wireguardDevicesForUsers.nix | 4 +
logins/default.nix | 9 ---
modules/core/default.nix | 2 +-
modules/core/terminal-tooling.nix | 4 +-
modules/core/users.nix | 48 ++++++++---
modules/unlock-luks-on-boot/default.nix | 8 +-
modules/unlock-zfs-on-boot/default.nix | 8 +-
tests/keycloak.nix | 80 ++++++++++---------
tests/support/auth-server.nix | 35 ++++++++
tests/support/client.nix | 11 ++-
tests/support/dns-server.nix | 5 +-
tests/support/global.nix | 2 +
tests/support/mail-server.nix | 2 +-
.../puppeteer-socket/puppeteer-run.nix | 2 +-
tests/support/puppeteer-socket/src/index.mjs | 23 +++---
25 files changed, 176 insertions(+), 99 deletions(-)
create mode 100644 lib/wireguardDevicesForUsers.nix
create mode 100644 tests/support/auth-server.nix
diff --git a/.gitignore b/.gitignore
index eba9541..64fd533 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
result
results
.nixos-test-history
+/*.png
diff --git a/hosts/blue-shell/wireguard.nix b/hosts/blue-shell/wireguard.nix
index 8da6c9d..a339de9 100644
--- a/hosts/blue-shell/wireguard.nix
+++ b/hosts/blue-shell/wireguard.nix
@@ -22,7 +22,7 @@ in
"${wireguardIPv6}/96"
];
privateKeyFile = config.age.secrets.wg-private-key.path;
- peers = flake.self.logins.wireguardDevices ++ [
+ peers = (flake.self.lib.wireguardDevicesForUsers config.pub-solar-os.authentication.users) ++ [
{
# trinkgenossin.pub.solar
publicKey = "QWgHovHxtqiQhnHLouSWiT6GIoQDmuvnThYL5c/rvU4=";
diff --git a/hosts/default.nix b/hosts/default.nix
index e7a8f2e..7e8fba2 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -32,10 +32,10 @@
modules = [
self.inputs.agenix.nixosModules.default
self.nixosModules.home-manager
+ self.nixosModules.core
./nachtigall
self.nixosModules.overlays
self.nixosModules.unlock-zfs-on-boot
- self.nixosModules.core
self.nixosModules.docker
self.nixosModules.backups
@@ -78,10 +78,10 @@
modules = [
self.inputs.agenix.nixosModules.default
self.nixosModules.home-manager
+ self.nixosModules.core
./metronom
self.nixosModules.overlays
self.nixosModules.unlock-zfs-on-boot
- self.nixosModules.core
self.nixosModules.backups
self.nixosModules.mail
self.nixosModules.prometheus-exporters
@@ -100,9 +100,9 @@
modules = [
self.inputs.agenix.nixosModules.default
self.nixosModules.home-manager
+ self.nixosModules.core
./tankstelle
self.nixosModules.overlays
- self.nixosModules.core
self.nixosModules.backups
self.nixosModules.prometheus-exporters
self.nixosModules.promtail
@@ -118,11 +118,11 @@
modules = [
self.inputs.agenix.nixosModules.default
self.nixosModules.home-manager
+ self.nixosModules.core
./trinkgenossin
self.nixosModules.backups
self.nixosModules.overlays
self.nixosModules.unlock-luks-on-boot
- self.nixosModules.core
self.nixosModules.garage
self.nixosModules.nginx
@@ -145,10 +145,10 @@
self.inputs.agenix.nixosModules.default
self.inputs.disko.nixosModules.disko
self.nixosModules.home-manager
+ self.nixosModules.core
./delite
self.nixosModules.overlays
self.nixosModules.unlock-luks-on-boot
- self.nixosModules.core
self.nixosModules.prometheus-exporters
self.nixosModules.promtail
@@ -167,10 +167,10 @@
self.inputs.agenix.nixosModules.default
self.inputs.disko.nixosModules.disko
self.nixosModules.home-manager
+ self.nixosModules.core
./blue-shell
self.nixosModules.overlays
self.nixosModules.unlock-luks-on-boot
- self.nixosModules.core
self.nixosModules.prometheus-exporters
self.nixosModules.promtail
@@ -188,10 +188,10 @@
modules = [
self.inputs.agenix.nixosModules.default
self.nixosModules.home-manager
+ self.nixosModules.core
./underground
self.nixosModules.overlays
self.nixosModules.unlock-luks-on-boot
- self.nixosModules.core
self.nixosModules.backups
self.nixosModules.keycloak
diff --git a/hosts/delite/wireguard.nix b/hosts/delite/wireguard.nix
index 2c5e1a3..598982b 100644
--- a/hosts/delite/wireguard.nix
+++ b/hosts/delite/wireguard.nix
@@ -22,7 +22,7 @@ in
"${wireguardIPv6}/96"
];
privateKeyFile = config.age.secrets.wg-private-key.path;
- peers = flake.self.logins.wireguardDevices ++ [
+ peers = (flake.self.lib.wireguardDevicesForUsers config.pub-solar-os.authentication.users) ++ [
{
# trinkgenossin.pub.solar
publicKey = "QWgHovHxtqiQhnHLouSWiT6GIoQDmuvnThYL5c/rvU4=";
diff --git a/hosts/metronom/wireguard.nix b/hosts/metronom/wireguard.nix
index 51362d2..499d1e7 100644
--- a/hosts/metronom/wireguard.nix
+++ b/hosts/metronom/wireguard.nix
@@ -18,7 +18,7 @@
"fd00:fae:fae:fae:fae:3::/96"
];
privateKeyFile = config.age.secrets.wg-private-key.path;
- peers = flake.self.logins.wireguardDevices ++ [
+ peers = (flake.self.lib.wireguardDevicesForUsers config.pub-solar-os.authentication.users) ++ [
{
# nachtigall.pub.solar
endpoint = "138.201.80.102:51820";
diff --git a/hosts/nachtigall/wireguard.nix b/hosts/nachtigall/wireguard.nix
index 7e9961e..6238bdf 100644
--- a/hosts/nachtigall/wireguard.nix
+++ b/hosts/nachtigall/wireguard.nix
@@ -18,7 +18,7 @@
"fd00:fae:fae:fae:fae:1::/96"
];
privateKeyFile = config.age.secrets.wg-private-key.path;
- peers = flake.self.logins.wireguardDevices ++ [
+ peers = (flake.self.lib.wireguardDevicesForUsers config.pub-solar-os.authentication.users) ++ [
{
# tankstelle.pub.solar
endpoint = "80.244.242.5:51820";
diff --git a/hosts/tankstelle/default.nix b/hosts/tankstelle/default.nix
index a379466..c55c31a 100644
--- a/hosts/tankstelle/default.nix
+++ b/hosts/tankstelle/default.nix
@@ -8,6 +8,5 @@
./networking.nix
./forgejo-actions-runner.nix
./wireguard.nix
- #./backups.nix
];
}
diff --git a/hosts/tankstelle/wireguard.nix b/hosts/tankstelle/wireguard.nix
index 0222a4b..8976730 100644
--- a/hosts/tankstelle/wireguard.nix
+++ b/hosts/tankstelle/wireguard.nix
@@ -1,6 +1,6 @@
{
+ lib,
config,
- pkgs,
flake,
...
}:
@@ -18,7 +18,7 @@
"fd00:fae:fae:fae:fae:4::/96"
];
privateKeyFile = config.age.secrets.wg-private-key.path;
- peers = flake.self.logins.wireguardDevices ++ [
+ peers = (flake.self.lib.wireguardDevicesForUsers config.pub-solar-os.authentication.users) ++ [
{
# nachtigall.pub.solar
endpoint = "138.201.80.102:51820";
diff --git a/hosts/trinkgenossin/wireguard.nix b/hosts/trinkgenossin/wireguard.nix
index e879c5b..7486e9f 100644
--- a/hosts/trinkgenossin/wireguard.nix
+++ b/hosts/trinkgenossin/wireguard.nix
@@ -22,7 +22,7 @@ in
"${wireguardIPv6}/96"
];
privateKeyFile = config.age.secrets.wg-private-key.path;
- peers = flake.self.logins.wireguardDevices ++ [
+ peers = (flake.self.lib.wireguardDevicesForUsers config.pub-solar-os.authentication.users) ++ [
{
# nachtigall.pub.solar
endpoint = "138.201.80.102:51820";
diff --git a/lib/default.nix b/lib/default.nix
index 3f14bf6..e3791a5 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,5 +1,4 @@
{
- self,
lib,
inputs,
...
@@ -19,6 +18,7 @@
## In configs, they can be used under "lib.our"
deploy = import ./deploy.nix { inherit inputs lib; };
+ wireguardDevicesForUsers = callLibs ./wireguardDevicesForUsers.nix;
};
};
}
diff --git a/lib/wireguardDevicesForUsers.nix b/lib/wireguardDevicesForUsers.nix
new file mode 100644
index 0000000..b8d5e95
--- /dev/null
+++ b/lib/wireguardDevicesForUsers.nix
@@ -0,0 +1,4 @@
+{ lib }: users: lib.lists.foldl (
+ wireguardDevices: userConfig:
+ wireguardDevices ++ (if userConfig ? "wireguardDevices" then userConfig.wireguardDevices else [ ])
+) [ ] (lib.attrsets.attrValues users)
diff --git a/logins/default.nix b/logins/default.nix
index 0493ca8..7b9f201 100644
--- a/logins/default.nix
+++ b/logins/default.nix
@@ -7,15 +7,6 @@ in
flake = {
logins = {
admins = admins;
- wireguardDevices = lib.lists.foldl (
- wireguardDevices: adminConfig:
- wireguardDevices ++ (if adminConfig ? "wireguardDevices" then adminConfig.wireguardDevices else [ ])
- ) [ ] (lib.attrsets.attrValues admins);
- sshPubKeys = lib.lists.foldl (
- sshPubKeys: adminConfig:
- sshPubKeys
- ++ (if adminConfig ? "sshPubKeys" then lib.attrsets.attrValues adminConfig.sshPubKeys else [ ])
- ) [ ] (lib.attrsets.attrValues admins);
robots.sshPubKeys = lib.attrsets.attrValues robots;
};
};
diff --git a/modules/core/default.nix b/modules/core/default.nix
index f0914fd..7537b9b 100644
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -7,10 +7,10 @@
}:
{
imports = [
+ ./users.nix
./nix.nix
./networking.nix
./terminal-tooling.nix
- ./users.nix
];
options.pub-solar-os =
diff --git a/modules/core/terminal-tooling.nix b/modules/core/terminal-tooling.nix
index 7dbb66c..aea4fc4 100644
--- a/modules/core/terminal-tooling.nix
+++ b/modules/core/terminal-tooling.nix
@@ -1,4 +1,4 @@
-{ flake, lib, ... }:
+{ flake, lib, config, ... }:
{
home-manager.users = (
lib.attrsets.foldlAttrs (
@@ -28,6 +28,6 @@
};
};
}
- ) { } flake.self.logins.admins
+ ) { } config.pub-solar-os.authentication.users
);
}
diff --git a/modules/core/users.nix b/modules/core/users.nix
index d3a1cfc..058c556 100644
--- a/modules/core/users.nix
+++ b/modules/core/users.nix
@@ -11,6 +11,40 @@
inherit (lib) mkOption types;
in
{
+ users = mkOption {
+ description = "Administrative users to add";
+
+ type = types.attrsOf (types.submodule {
+ options = {
+ sshPubKeys = mkOption {
+ type = types.attrsOf types.str;
+ default = {};
+ };
+ secretEncryptionKeys = mkOption {
+ type = types.attrsOf types.str;
+ default = {};
+ };
+ wireguardDevices = mkOption {
+ type = types.listOf (types.submodule {
+ options = {
+ publicKey = mkOption { type = types.str; };
+ allowedIPs = mkOption { type = types.listOf types.str; };
+ };
+ });
+ default = {};
+ };
+ };
+ });
+
+ default = flake.self.logins.admins;
+ };
+
+ robot.sshPubKeys = mkOption {
+ description = "SSH Keys to use for the robot user";
+ type = types.listOf types.str;
+ default = flake.self.logins.robots.sshPubKeys;
+ };
+
root.initialHashedPassword = mkOption {
description = "Hashed password of the root account";
type = types.str;
@@ -22,12 +56,6 @@
type = types.str;
default = "hakkonaut";
};
-
- robot.sshPubKeys = mkOption {
- description = "SSH Keys to use for the robot user";
- type = types.listOf types.str;
- default = flake.self.logins.robots.sshPubKeys;
- };
};
config = {
@@ -47,10 +75,8 @@
openssh.authorizedKeys.keys = lib.attrsets.attrValues value.sshPubKeys;
};
}
- ) { } flake.self.logins.admins)
+ ) { } config.pub-solar-os.authentication.users)
// {
- # TODO: Remove when we stop locking ourselves out.
- root.openssh.authorizedKeys.keys = flake.self.logins.sshPubKeys;
root.initialHashedPassword = config.pub-solar-os.authentication.root.initialHashedPassword;
${config.pub-solar-os.authentication.robot.username} = {
@@ -74,14 +100,14 @@
home.stateVersion = "23.05";
};
}
- ) { } flake.self.logins.admins
+ ) { } config.pub-solar-os.authentication.users
);
users.groups =
(lib.attrsets.foldlAttrs (
acc: name: value:
acc // { "${name}" = { }; }
- ) { } flake.self.logins.admins)
+ ) { } config.pub-solar-os.authentication.users)
// {
${config.pub-solar-os.authentication.robot.username} = { };
};
diff --git a/modules/unlock-luks-on-boot/default.nix b/modules/unlock-luks-on-boot/default.nix
index fd8c547..e7dcd83 100644
--- a/modules/unlock-luks-on-boot/default.nix
+++ b/modules/unlock-luks-on-boot/default.nix
@@ -1,4 +1,4 @@
-{ flake, config, ... }:
+{ lib, config, ... }:
{
boot.initrd.network = {
enable = true;
@@ -10,7 +10,11 @@
# Please create this manually the first time.
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
- authorizedKeys = flake.self.logins.sshPubKeys;
+ authorizedKeys = lib.lists.foldl (
+ sshPubKeys: userConfig:
+ sshPubKeys
+ ++ (if userConfig ? "sshPubKeys" then lib.attrsets.attrValues userConfig.sshPubKeys else [ ])
+ ) [ ] (lib.attrsets.attrValues config.pub-solar-os.authentication.users);
};
postCommands = ''
# Automatically ask for the password on SSH login
diff --git a/modules/unlock-zfs-on-boot/default.nix b/modules/unlock-zfs-on-boot/default.nix
index 586f944..827b877 100644
--- a/modules/unlock-zfs-on-boot/default.nix
+++ b/modules/unlock-zfs-on-boot/default.nix
@@ -1,4 +1,4 @@
-{ flake, config, ... }:
+{ lib, config, ... }:
{
# From https://nixos.wiki/wiki/ZFS#Unlock_encrypted_zfs_via_ssh_on_boot
boot.initrd.network = {
@@ -11,7 +11,11 @@
# Please create this manually the first time.
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
- authorizedKeys = flake.self.logins.sshPubKeys;
+ authorizedKeys = lib.lists.foldl (
+ sshPubKeys: userConfig:
+ sshPubKeys
+ ++ (if userConfig ? "sshPubKeys" then lib.attrsets.attrValues userConfig.sshPubKeys else [ ])
+ ) [ ] (lib.attrsets.attrValues config.pub-solar-os.authentication.users);
};
# this will automatically load the zfs password prompt on login
# and kill the other prompt so boot can continue
diff --git a/tests/keycloak.nix b/tests/keycloak.nix
index 5cce920..f97f661 100644
--- a/tests/keycloak.nix
+++ b/tests/keycloak.nix
@@ -24,37 +24,14 @@ in
dns-server.imports = [ ./support/dns-server.nix ];
acme-server.imports = [ ./support/acme-server.nix ];
mail-server.imports = [ ./support/mail-server.nix ];
+ auth-server.imports = [ ./support/auth-server.nix ];
client.imports = [ ./support/client.nix ];
-
- nachtigall = {
- imports = [
- self.inputs.agenix.nixosModules.default
- self.nixosModules.home-manager
- self.nixosModules.core
- self.nixosModules.backups
- self.nixosModules.nginx
- self.nixosModules.keycloak
- self.nixosModules.postgresql
- ./support/global.nix
- ];
-
- systemd.tmpfiles.rules = [ "f /tmp/dbf 1777 root root 10d password" ];
-
- virtualisation.memorySize = 4096;
-
- pub-solar-os.auth = {
- enable = true;
- database-password-file = "/tmp/dbf";
- };
- services.keycloak.database.createLocally = true;
- services.keycloak.initialAdminPassword = "password";
- };
};
testScript =
{ nodes, ... }:
let
- user = nodes.client.users.users.b12f;
+ user = nodes.client.users.users.test-user;
#uid = toString user.uid;
bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u ${user.name})/bus";
gdbus = "${bus} gdbus";
@@ -63,23 +40,31 @@ in
wmClass = su "${gdbus} ${gseval} global.display.focus_window.wm_class";
in
''
+ import time
+ import re
+ import sys
+
def puppeteer_run(cmd):
client.succeed(f'puppeteer-run \'{cmd}\' ')
+
start_all()
acme_server.wait_for_unit("system.slice")
mail_server.wait_for_unit("dovecot2.service")
mail_server.wait_for_unit("postfix.service")
- nachtigall.wait_for_unit("system.slice")
- nachtigall.succeed("ping 127.0.0.1 -c 2")
- nachtigall.wait_for_unit("nginx.service")
+ mail_server.wait_for_unit("nginx.service")
+ mail_server.wait_until_succeeds("curl http://mail.test.pub.solar/")
- nachtigall.wait_for_unit("keycloak.service")
- nachtigall.wait_for_open_port(8080)
- nachtigall.wait_for_open_port(443)
- nachtigall.wait_until_succeeds("curl http://127.0.0.1:8080/")
- nachtigall.wait_until_succeeds("curl https://auth.test.pub.solar/")
- nachtigall.succeed("${pkgs.keycloak}/bin/kcadm.sh create realms -f ${realm-export} --server http://localhost:8080 --realm master --user admin --password password --no-config")
+ auth_server.wait_for_unit("system.slice")
+ auth_server.succeed("ping 127.0.0.1 -c 2")
+ auth_server.wait_for_unit("nginx.service")
+
+ auth_server.wait_for_unit("keycloak.service")
+ auth_server.wait_for_open_port(8080)
+ auth_server.wait_for_open_port(443)
+ auth_server.wait_until_succeeds("curl http://127.0.0.1:8080/")
+ auth_server.wait_until_succeeds("curl https://auth.test.pub.solar/")
+ auth_server.succeed("${pkgs.keycloak}/bin/kcadm.sh create realms -f ${realm-export} --server http://localhost:8080 --realm master --user admin --password password --no-config")
client.wait_for_unit("system.slice")
client.wait_for_file("/tmp/puppeteer.sock")
@@ -98,10 +83,33 @@ in
puppeteer_run('page.locator("[name=password]").fill("Password1234")')
puppeteer_run('page.locator("[name=password-confirm]").fill("Password1234")')
client.screenshot("register-filled-in")
- puppeteer_run('page.locator("button::-p-text(Register)").click()')
+ puppeteer_run('page.locator("input[type=submit][value=Register]").click()')
puppeteer_run('page.waitForNetworkIdle()')
client.screenshot("after-register")
- client.succeed("offlineimap")
+ client.succeed("${su "offlineimap"}")
+ client.succeed("${su "[ $(messages -s ~/Maildir/test-user@test.pub.solar/INBOX) -eq 1 ]"}")
+
+ puppeteer_run('page.locator("a::-p-text(Click here)").click()')
+ puppeteer_run('page.waitForNetworkIdle()')
+
+ client.succeed("${su "offlineimap"}")
+ client.succeed("${su "[ $(messages -s ~/Maildir/test-user@test.pub.solar/INBOX) -eq 2 ]"}")
+ mail_text = client.execute("${su "echo p | mail -Nf ~/Maildir/test-user@test.pub.solar/INBOX"}")[1]
+ boundary_match = re.search('boundary="(.*)"', mail_text, flags=re.M)
+ if not boundary_match:
+ sys.exit(1)
+ splits = mail_text.split(f'--{boundary_match.group(1)}')
+ clean_plaintext = splits[1].replace("=\n", "").replace("=3D", "=")
+ url_match = re.search('(https://auth.test.pub.solar.*)', clean_plaintext, flags=re.M)
+ print(url_match)
+ if not url_match:
+ sys.exit(1)
+ puppeteer_run(f'page.goto("{url_match.group(1)}")')
+ puppeteer_run('page.waitForNetworkIdle()')
+ client.screenshot("email-confirmed")
+
+ sys.exit(0)
+ time.sleep(1)
'';
}
diff --git a/tests/support/auth-server.nix b/tests/support/auth-server.nix
new file mode 100644
index 0000000..e9e9b28
--- /dev/null
+++ b/tests/support/auth-server.nix
@@ -0,0 +1,35 @@
+{
+ pkgs,
+ flake,
+ ...
+}:let
+ ca-cert = pkgs.writeTextFile {
+ name = "ca-cert";
+ text = builtins.readFile ./step/certs/root_ca.crt;
+ };
+in {
+ imports = [
+ flake.self.inputs.agenix.nixosModules.default
+ flake.self.nixosModules.home-manager
+ flake.self.nixosModules.core
+ flake.self.nixosModules.backups
+ flake.self.nixosModules.nginx
+ flake.self.nixosModules.keycloak
+ flake.self.nixosModules.postgresql
+ ./global.nix
+ ];
+
+ systemd.tmpfiles.rules = [
+ "f /tmp/dbf 1777 root root 10d password"
+ ];
+
+ virtualisation.memorySize = 4096;
+
+ pub-solar-os.auth = {
+ enable = true;
+ database-password-file = "/tmp/dbf";
+ };
+ services.keycloak.database.createLocally = true;
+ services.keycloak.initialAdminPassword = "password";
+ services.keycloak.settings.truststore-paths = "${ca-cert}";
+}
diff --git a/tests/support/client.nix b/tests/support/client.nix
index 2a50b5c..a86f5d9 100644
--- a/tests/support/client.nix
+++ b/tests/support/client.nix
@@ -21,18 +21,20 @@ in
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.displayManager.autoLogin.enable = true;
- services.xserver.displayManager.autoLogin.user = "b12f";
+ services.xserver.displayManager.autoLogin.user = "test-user";
environment.systemPackages = [
puppeteer-run
pkgs.alacritty
+ pkgs.mailutils
];
- services.getty.autologinUser = "b12f";
+ services.getty.autologinUser = "test-user";
+ virtualisation.memorySize = 4096;
virtualisation.qemu.options = [ "-vga std" ];
- home-manager.users.b12f = {
+ home-manager.users.test-user = {
programs.bash.profileExtra = ''
[ "$(tty)" = "/dev/tty1" ] && exec systemd-cat --identifier=sway ${pkgs.sway}/bin/sway
'';
@@ -51,6 +53,8 @@ in
};
};
+ programs.offlineimap.enable = true;
+
accounts.email.accounts."test-user@${config.pub-solar-os.networking.domain}" = {
primary = true;
address = "test-user@${config.pub-solar-os.networking.domain}";
@@ -69,6 +73,7 @@ in
getmail.enable = true;
getmail.mailboxes = [ "ALL" ];
msmtp.enable = true;
+ offlineimap.enable = true;
};
};
}
diff --git a/tests/support/dns-server.nix b/tests/support/dns-server.nix
index c4a4abc..064f849 100644
--- a/tests/support/dns-server.nix
+++ b/tests/support/dns-server.nix
@@ -45,9 +45,8 @@
local-data = [
"\"mail.${config.pub-solar-os.networking.domain}. 10800 IN CNAME mail-server\""
"\"ca.${config.pub-solar-os.networking.domain}. 10800 IN CNAME acme-server\""
- "\"${config.pub-solar-os.networking.domain}. 10800 IN CNAME nachtigall\""
- "\"www.${config.pub-solar-os.networking.domain}. 10800 IN CNAME nachtigall\""
- "\"auth.${config.pub-solar-os.networking.domain}. 10800 IN CNAME nachtigall\""
+ "\"www.${config.pub-solar-os.networking.domain}. 10800 IN CNAME auth-server\""
+ "\"auth.${config.pub-solar-os.networking.domain}. 10800 IN CNAME auth-server\""
];
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
diff --git a/tests/support/global.nix b/tests/support/global.nix
index 8736b4e..a4a57e7 100644
--- a/tests/support/global.nix
+++ b/tests/support/global.nix
@@ -5,6 +5,8 @@
...
}:
{
+ pub-solar-os.authentication.users.test-user = {};
+
pub-solar-os.networking.domain = "test.pub.solar";
security.acme.defaults.server = "https://ca.${config.pub-solar-os.networking.domain}/acme/acme/directory";
diff --git a/tests/support/mail-server.nix b/tests/support/mail-server.nix
index 98afdd5..8857514 100644
--- a/tests/support/mail-server.nix
+++ b/tests/support/mail-server.nix
@@ -4,11 +4,11 @@
...
}: {
imports = [
+ flake.inputs.simple-nixos-mailserver.nixosModule
flake.self.nixosModules.home-manager
flake.self.nixosModules.core
flake.self.nixosModules.backups
flake.self.nixosModules.mail
- flake.inputs.simple-nixos-mailserver.nixosModule
./global.nix
];
diff --git a/tests/support/puppeteer-socket/puppeteer-run.nix b/tests/support/puppeteer-socket/puppeteer-run.nix
index f93d9e0..d2a3a1a 100644
--- a/tests/support/puppeteer-socket/puppeteer-run.nix
+++ b/tests/support/puppeteer-socket/puppeteer-run.nix
@@ -2,5 +2,5 @@
writeShellScriptBin "puppeteer-run" ''
set -e
- exec ${curl}/bin/curl --fail-with-body -X POST -d "$@" --unix-socket "/tmp/puppeteer.sock" http://puppeteer-socket
+ exec ${curl}/bin/curl --fail-with-body -X POST -d "$@" -s --unix-socket "/tmp/puppeteer.sock" http://puppeteer-socket
''
diff --git a/tests/support/puppeteer-socket/src/index.mjs b/tests/support/puppeteer-socket/src/index.mjs
index c96b2cf..b3371d3 100644
--- a/tests/support/puppeteer-socket/src/index.mjs
+++ b/tests/support/puppeteer-socket/src/index.mjs
@@ -23,12 +23,12 @@ const EXECUTABLE = process.env.EXECUTABLE || 'firefox';
page.on('response', response => {
console.log(response.url());
});
- const actions = [];
- const server = http.createServer({}, (req, res) => {
+ const server = http.createServer({});
+
+ server.on('request', (req, res) => {
const chunks = [];
req.on('data', (chunk) => {
- console.log(`got data ${chunk}`);
chunks.push(chunk);
});
@@ -37,18 +37,17 @@ const EXECUTABLE = process.env.EXECUTABLE || 'firefox';
const content = chunks.join('');
console.log(`Executing ${content}`);
- eval(`actions.push(${content})`);
+ const val = await eval(content);
- const val = await actions[actions.length - 1];
+ const responseText = (() => {
+ try {
+ return JSON.stringify({ data: val });
+ } catch (err) {
+ return JSON.stringify({ data: val.toString() });
+ }
+ })();
res.writeHead(200, { 'Content-Type': 'application/json' });
- let responseText;
- try {
- responseText = JSON.stringify({ data: val });
- } catch (err) {
- responseText = val.toString();
- }
-
res.end(responseText);
} catch (err) {
console.error(err);