WIP: feat/automated-account-deletion #174
25
flake.nix
25
flake.nix
|
@ -64,7 +64,7 @@
|
|||
];
|
||||
|
||||
perSystem =
|
||||
{
|
||||
args@{
|
||||
system,
|
||||
pkgs,
|
||||
config,
|
||||
|
@ -82,25 +82,7 @@
|
|||
master = import inputs.master { inherit system; };
|
||||
};
|
||||
|
||||
packages =
|
||||
let
|
||||
nixos-lib = import (inputs.nixpkgs + "/nixos/lib") { };
|
||||
testDir = builtins.attrNames (builtins.readDir ./tests);
|
||||
testFiles = builtins.filter (n: builtins.match "^.*.nix$" n != null) testDir;
|
||||
in
|
||||
builtins.listToAttrs (
|
||||
map (x: {
|
||||
name = "test-${lib.strings.removeSuffix ".nix" x}";
|
||||
value = nixos-lib.runTest (
|
||||
import (./tests + "/${x}") {
|
||||
inherit self;
|
||||
inherit pkgs;
|
||||
inherit lib;
|
||||
inherit config;
|
||||
}
|
||||
);
|
||||
}) testFiles
|
||||
);
|
||||
packages = import ./tests ({ inherit inputs self; } // args);
|
||||
|
||||
devShells.default = pkgs.mkShell {
|
||||
buildInputs = with pkgs; [
|
||||
|
@ -124,8 +106,7 @@
|
|||
devShells.ci = pkgs.mkShell { buildInputs = with pkgs; [ nodejs ]; };
|
||||
};
|
||||
|
||||
flake =
|
||||
let
|
||||
flake = let
|
||||
username = "barkeeper";
|
||||
in
|
||||
{
|
||||
|
|
|
@ -43,6 +43,17 @@
|
|||
];
|
||||
};
|
||||
|
||||
nachtigall-test = {
|
||||
imports = [
|
||||
self.inputs.agenix.nixosModules.default
|
||||
self.nixosModules.home-manager
|
||||
./nachtigall/test-vm.nix
|
||||
self.nixosModules.overlays
|
||||
self.nixosModules.core
|
||||
self.nixosModules.docker
|
||||
];
|
||||
};
|
||||
|
||||
flora-6 = self.nixos-flake.lib.mkLinuxSystem {
|
||||
imports = [
|
||||
self.inputs.agenix.nixosModules.default
|
||||
|
|
98
hosts/nachtigall/apps/keycloak.nix
Normal file
98
hosts/nachtigall/apps/keycloak.nix
Normal file
|
@ -0,0 +1,98 @@
|
|||
{ flake
|
||||
, config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
}: {
|
||||
age.secrets.keycloak-database-password = {
|
||||
file = "${flake.self}/secrets/keycloak-database-password.age";
|
||||
mode = "600";
|
||||
#owner = "keycloak";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."auth.pub.solar" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations = {
|
||||
"= /" = {
|
||||
extraConfig = ''
|
||||
return 302 /realms/pub.solar/account;
|
||||
'';
|
||||
};
|
||||
|
||||
"/" = {
|
||||
extraConfig = ''
|
||||
proxy_pass http://127.0.0.1:8080;
|
||||
proxy_buffer_size 8k;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
database.passwordFile = config.age.secrets.keycloak-database-password.path;
|
||||
settings = {
|
||||
hostname = "auth.pub.solar";
|
||||
http-host = "127.0.0.1";
|
||||
http-port = 8080;
|
||||
proxy = "edge";
|
||||
features = "declarative-user-profile";
|
||||
};
|
||||
themes = {
|
||||
"pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
|
||||
};
|
||||
plugins = [
|
||||
flake.inputs.keycloak-event-listener.packages.${pkgs.system}.keycloak-event-listener
|
||||
];
|
||||
};
|
||||
|
||||
services.restic.backups.keycloak-droppie = {
|
||||
paths = [
|
||||
"/tmp/keycloak-backup.sql"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
|
||||
# droppie will be offline if nachtigall misses the timer
|
||||
Persistent = false;
|
||||
};
|
||||
initialize = true;
|
||||
passwordFile = config.age.secrets."restic-repo-droppie".path;
|
||||
repository = "sftp:yule@droppie.b12f.io:/media/internal/pub.solar";
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql
|
||||
'';
|
||||
backupCleanupCommand = ''
|
||||
rm /tmp/keycloak-backup.sql
|
||||
'';
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 4"
|
||||
"--keep-monthly 3"
|
||||
];
|
||||
};
|
||||
|
||||
services.restic.backups.keycloak-storagebox = {
|
||||
paths = [
|
||||
"/tmp/keycloak-backup.sql"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 04:10:00 Etc/UTC";
|
||||
};
|
||||
initialize = true;
|
||||
passwordFile = config.age.secrets."restic-repo-storagebox".path;
|
||||
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql
|
||||
'';
|
||||
backupCleanupCommand = ''
|
||||
rm /tmp/keycloak-backup.sql
|
||||
'';
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 4"
|
||||
"--keep-monthly 3"
|
||||
];
|
||||
};
|
||||
}
|
54
hosts/nachtigall/test-vm.nix
Normal file
54
hosts/nachtigall/test-vm.nix
Normal file
|
@ -0,0 +1,54 @@
|
|||
{ flake, lib, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./backups.nix
|
||||
./apps/nginx.nix
|
||||
|
||||
./apps/collabora.nix
|
||||
./apps/coturn.nix
|
||||
./apps/forgejo.nix
|
||||
./apps/keycloak.nix
|
||||
./apps/mailman.nix
|
||||
./apps/mastodon.nix
|
||||
./apps/mediawiki.nix
|
||||
./apps/nextcloud.nix
|
||||
./apps/nginx-mastodon.nix
|
||||
./apps/nginx-mastodon-files.nix
|
||||
./apps/nginx-prometheus-exporters.nix
|
||||
./apps/nginx-website.nix
|
||||
./apps/nginx-website-miom.nix
|
||||
./apps/opensearch.nix
|
||||
./apps/owncast.nix
|
||||
./apps/postgresql.nix
|
||||
./apps/prometheus-exporters.nix
|
||||
./apps/promtail.nix
|
||||
./apps/searx.nix
|
||||
./apps/tmate.nix
|
||||
|
||||
./apps/matrix/irc.nix
|
||||
./apps/matrix/mautrix-telegram.nix
|
||||
./apps/matrix/synapse.nix
|
||||
./apps/nginx-matrix.nix
|
||||
];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
security.acme.preliminarySelfsigned = true;
|
||||
|
||||
networking.useDHCP = true;
|
||||
networking.interfaces."enp35s0".ipv4.addresses = [
|
||||
{
|
||||
address = "10.0.0.1";
|
||||
prefixLength = 26;
|
||||
}
|
||||
];
|
||||
networking.interfaces."enp35s0".ipv6.addresses = [
|
||||
{
|
||||
address = "2a01:4f8:172:1c25::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
}
|
|
@ -7,8 +7,7 @@
|
|||
{
|
||||
# Configuration common to all Linux systems
|
||||
flake = {
|
||||
lib =
|
||||
let
|
||||
lib = let
|
||||
callLibs = file: import file { inherit lib; };
|
||||
in
|
||||
rec {
|
||||
|
|
5
modules/test-vm.nix
Normal file
5
modules/test-vm.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ ... }:
|
||||
{
|
||||
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
security.acme.preliminarySelfsigned = true;
|
||||
}
|
19
tests/default.nix
Normal file
19
tests/default.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
args@{
|
||||
self,
|
||||
lib,
|
||||
system,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
nixos-lib = import (inputs.nixpkgs + "/nixos/lib") { };
|
||||
|
||||
loadTestFiles = with lib; dir: mapAttrs' (name: _: let
|
||||
test = ((import (dir + "/${name}")) args);
|
||||
in {
|
||||
name = "test-" + (lib.strings.removeSuffix ".nix" name);
|
||||
value = nixos-lib.runTest test;
|
||||
})
|
||||
(filterAttrs (name: _: (hasSuffix ".nix" name) && name != "default.nix")
|
||||
(builtins.readDir dir));
|
||||
in loadTestFiles ./.
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
<<<<<<< HEAD
|
||||
self,
|
||||
pkgs,
|
||||
lib,
|
||||
|
@ -55,5 +56,26 @@
|
|||
nachtigall.succeed("ping ca.test.pub.solar -c 2")
|
||||
nachtigall.wait_for_unit("nginx.service")
|
||||
nachtigall.wait_until_succeeds("curl https://test.pub.solar/")
|
||||
=======
|
||||
self,
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
name = "website";
|
||||
|
||||
nodes.nachtigall-test = self.nixosConfigurations.nachtigall-test;
|
||||
|
||||
node.specialArgs = self.outputs.nixosConfigurations.nachtigall._module.specialArgs;
|
||||
hostPkgs = pkgs;
|
||||
|
||||
enableOCR = true;
|
||||
|
||||
testScript = ''
|
||||
machine.wait_for_unit("system.slice")
|
||||
machine.succeed("ping 127.0.0.1 -c 2")
|
||||
machine.succeed("ping iregendeinscheiss.de -c 2")
|
||||
>>>>>>> af599c9 (test: add initial e2e test for nachtigall)
|
||||
'';
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue