From ec01fe5eea5d2996cd1f4d8a82a5ddb204dc2bd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20Yule=20B=C3=A4dorf?= Date: Sun, 28 Apr 2024 16:04:15 +0200 Subject: [PATCH] test: add initial e2e test for nachtigall --- flake.nix | 25 +------- hosts/default.nix | 11 ++++ hosts/nachtigall/apps/keycloak.nix | 98 ++++++++++++++++++++++++++++++ hosts/nachtigall/test-vm.nix | 54 ++++++++++++++++ lib/default.nix | 3 +- modules/test-vm.nix | 5 ++ tests/default.nix | 19 ++++++ tests/website.nix | 22 +++++++ 8 files changed, 213 insertions(+), 24 deletions(-) create mode 100644 hosts/nachtigall/apps/keycloak.nix create mode 100644 hosts/nachtigall/test-vm.nix create mode 100644 modules/test-vm.nix create mode 100644 tests/default.nix diff --git a/flake.nix b/flake.nix index 4ac9e41..4fd8be2 100644 --- a/flake.nix +++ b/flake.nix @@ -64,7 +64,7 @@ ]; perSystem = - { + args@{ system, pkgs, config, @@ -82,25 +82,7 @@ master = import inputs.master { inherit system; }; }; - packages = - let - nixos-lib = import (inputs.nixpkgs + "/nixos/lib") { }; - testDir = builtins.attrNames (builtins.readDir ./tests); - testFiles = builtins.filter (n: builtins.match "^.*.nix$" n != null) testDir; - in - builtins.listToAttrs ( - map (x: { - name = "test-${lib.strings.removeSuffix ".nix" x}"; - value = nixos-lib.runTest ( - import (./tests + "/${x}") { - inherit self; - inherit pkgs; - inherit lib; - inherit config; - } - ); - }) testFiles - ); + packages = import ./tests ({ inherit inputs self; } // args); devShells.default = pkgs.mkShell { buildInputs = with pkgs; [ @@ -124,8 +106,7 @@ devShells.ci = pkgs.mkShell { buildInputs = with pkgs; [ nodejs ]; }; }; - flake = - let + flake = let username = "barkeeper"; in { diff --git a/hosts/default.nix b/hosts/default.nix index c8aaf1c..764662d 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -43,6 +43,17 @@ ]; }; + nachtigall-test = { + imports = [ + self.inputs.agenix.nixosModules.default + self.nixosModules.home-manager + ./nachtigall/test-vm.nix + self.nixosModules.overlays + self.nixosModules.core + self.nixosModules.docker + ]; + }; + flora-6 = self.nixos-flake.lib.mkLinuxSystem { imports = [ self.inputs.agenix.nixosModules.default diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix new file mode 100644 index 0000000..7f1452d --- /dev/null +++ b/hosts/nachtigall/apps/keycloak.nix @@ -0,0 +1,98 @@ +{ flake +, config +, lib +, pkgs +, ... +}: { + age.secrets.keycloak-database-password = { + file = "${flake.self}/secrets/keycloak-database-password.age"; + mode = "600"; + #owner = "keycloak"; + }; + + services.nginx.virtualHosts."auth.pub.solar" = { + enableACME = true; + forceSSL = true; + + locations = { + "= /" = { + extraConfig = '' + return 302 /realms/pub.solar/account; + ''; + }; + + "/" = { + extraConfig = '' + proxy_pass http://127.0.0.1:8080; + proxy_buffer_size 8k; + ''; + }; + }; + }; + + services.keycloak = { + enable = true; + database.passwordFile = config.age.secrets.keycloak-database-password.path; + settings = { + hostname = "auth.pub.solar"; + http-host = "127.0.0.1"; + http-port = 8080; + proxy = "edge"; + features = "declarative-user-profile"; + }; + themes = { + "pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar; + }; + plugins = [ + flake.inputs.keycloak-event-listener.packages.${pkgs.system}.keycloak-event-listener + ]; + }; + + services.restic.backups.keycloak-droppie = { + paths = [ + "/tmp/keycloak-backup.sql" + ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "sftp:yule@droppie.b12f.io:/media/internal/pub.solar"; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/keycloak-backup.sql + ''; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + ]; + }; + + services.restic.backups.keycloak-storagebox = { + paths = [ + "/tmp/keycloak-backup.sql" + ]; + timerConfig = { + OnCalendar = "*-*-* 04:10:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-storagebox".path; + repository = "sftp:u377325@u377325.your-storagebox.de:/backups"; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/keycloak-backup.sql + ''; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + ]; + }; +} diff --git a/hosts/nachtigall/test-vm.nix b/hosts/nachtigall/test-vm.nix new file mode 100644 index 0000000..038df61 --- /dev/null +++ b/hosts/nachtigall/test-vm.nix @@ -0,0 +1,54 @@ +{ flake, lib, ... }: + +{ + imports = + [ + ./backups.nix + ./apps/nginx.nix + + ./apps/collabora.nix + ./apps/coturn.nix + ./apps/forgejo.nix + ./apps/keycloak.nix + ./apps/mailman.nix + ./apps/mastodon.nix + ./apps/mediawiki.nix + ./apps/nextcloud.nix + ./apps/nginx-mastodon.nix + ./apps/nginx-mastodon-files.nix + ./apps/nginx-prometheus-exporters.nix + ./apps/nginx-website.nix + ./apps/nginx-website-miom.nix + ./apps/opensearch.nix + ./apps/owncast.nix + ./apps/postgresql.nix + ./apps/prometheus-exporters.nix + ./apps/promtail.nix + ./apps/searx.nix + ./apps/tmate.nix + + ./apps/matrix/irc.nix + ./apps/matrix/mautrix-telegram.nix + ./apps/matrix/synapse.nix + ./apps/nginx-matrix.nix + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + security.acme.preliminarySelfsigned = true; + + networking.useDHCP = true; + networking.interfaces."enp35s0".ipv4.addresses = [ + { + address = "10.0.0.1"; + prefixLength = 26; + } + ]; + networking.interfaces."enp35s0".ipv6.addresses = [ + { + address = "2a01:4f8:172:1c25::1"; + prefixLength = 64; + } + ]; +} diff --git a/lib/default.nix b/lib/default.nix index 3f14bf6..e839748 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -7,8 +7,7 @@ { # Configuration common to all Linux systems flake = { - lib = - let + lib = let callLibs = file: import file { inherit lib; }; in rec { diff --git a/modules/test-vm.nix b/modules/test-vm.nix new file mode 100644 index 0000000..b6e9a13 --- /dev/null +++ b/modules/test-vm.nix @@ -0,0 +1,5 @@ +{ ... }: +{ + security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + security.acme.preliminarySelfsigned = true; +} diff --git a/tests/default.nix b/tests/default.nix new file mode 100644 index 0000000..9de3431 --- /dev/null +++ b/tests/default.nix @@ -0,0 +1,19 @@ +args@{ + self, + lib, + system, + pkgs, + inputs, + ... +}: let + nixos-lib = import (inputs.nixpkgs + "/nixos/lib") { }; + + loadTestFiles = with lib; dir: mapAttrs' (name: _: let + test = ((import (dir + "/${name}")) args); + in { + name = "test-" + (lib.strings.removeSuffix ".nix" name); + value = nixos-lib.runTest test; + }) + (filterAttrs (name: _: (hasSuffix ".nix" name) && name != "default.nix") + (builtins.readDir dir)); +in loadTestFiles ./. diff --git a/tests/website.nix b/tests/website.nix index 452262b..15459d0 100644 --- a/tests/website.nix +++ b/tests/website.nix @@ -1,4 +1,5 @@ { +<<<<<<< HEAD self, pkgs, lib, @@ -55,5 +56,26 @@ nachtigall.succeed("ping ca.test.pub.solar -c 2") nachtigall.wait_for_unit("nginx.service") nachtigall.wait_until_succeeds("curl https://test.pub.solar/") +======= + self, + pkgs, + lib, + config, + ... +}: { + name = "website"; + + nodes.nachtigall-test = self.nixosConfigurations.nachtigall-test; + + node.specialArgs = self.outputs.nixosConfigurations.nachtigall._module.specialArgs; + hostPkgs = pkgs; + + enableOCR = true; + + testScript = '' + machine.wait_for_unit("system.slice") + machine.succeed("ping 127.0.0.1 -c 2") + machine.succeed("ping iregendeinscheiss.de -c 2") +>>>>>>> af599c9 (test: add initial e2e test for nachtigall) ''; }