nixpkgs/nixos/tests/radicale.nix
Linus Heckemann e4b32222a3 nixos/tests: correct comment in radicale.nix (#32574)
The secrets are in fact also stored unhashed, as part of the .drv file
which produces the htpasswd.
2017-12-11 22:09:23 +00:00

106 lines
4 KiB
Nix

let
user = "someuser";
password = "some_password";
port = builtins.toString 5232;
common = { pkgs, ... }: {
services.radicale = {
enable = true;
config = ''
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/htpasswd
htpasswd_encryption = bcrypt
[storage]
filesystem_folder = /tmp/collections
[logging]
debug = True
'';
};
# WARNING: DON'T DO THIS IN PRODUCTION!
# This puts unhashed secrets directly into the Nix store for ease of testing.
environment.etc."radicale/htpasswd".source = pkgs.runCommand "htpasswd" {} ''
${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password}
'';
};
in
import ./make-test.nix ({ pkgs, lib, ... }@args: {
name = "radicale";
meta.maintainers = with lib.maintainers; [ aneeshusa infinisil ];
nodes = rec {
radicale = radicale1; # Make the test script read more nicely
radicale1 = lib.recursiveUpdate (common args) {
nixpkgs.overlays = [
(self: super: {
radicale1 = super.radicale1.overrideAttrs (oldAttrs: {
propagatedBuildInputs = with self.pythonPackages;
(oldAttrs.propagatedBuildInputs or []) ++ [ passlib ];
});
})
];
system.stateVersion = "17.03";
};
radicale1_export = lib.recursiveUpdate radicale1 {
services.radicale.extraArgs = [
"--export-storage" "/tmp/collections-new"
];
};
radicale2_verify = lib.recursiveUpdate radicale2 {
services.radicale.extraArgs = [ "--verify-storage" ];
};
radicale2 = lib.recursiveUpdate (common args) {
system.stateVersion = "17.09";
};
};
# This tests whether the web interface is accessible to an authenticated user
testScript = { nodes }: let
switchToConfig = nodeName: let
newSystem = nodes.${nodeName}.config.system.build.toplevel;
in "${newSystem}/bin/switch-to-configuration test";
in ''
# Check Radicale 1 functionality
$radicale->succeed('${switchToConfig "radicale1"} >&2');
$radicale->waitForUnit('radicale.service');
$radicale->waitForOpenPort(${port});
$radicale->succeed('curl --fail http://${user}:${password}@localhost:${port}/someuser/calendar.ics/');
# Export data in Radicale 2 format
$radicale->succeed('systemctl stop radicale');
$radicale->succeed('ls -al /tmp/collections');
$radicale->fail('ls -al /tmp/collections-new');
# Radicale exits immediately after exporting storage
$radicale->succeed('${switchToConfig "radicale1_export"} >&2');
$radicale->waitUntilFails('systemctl status radicale');
$radicale->succeed('ls -al /tmp/collections');
$radicale->succeed('ls -al /tmp/collections-new');
# Verify data in Radicale 2 format
$radicale->succeed('rm -r /tmp/collections/${user}');
$radicale->succeed('mv /tmp/collections-new/collection-root /tmp/collections');
$radicale->succeed('${switchToConfig "radicale2_verify"} >&2');
$radicale->waitUntilFails('systemctl status radicale');
my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 5');
if ($retcode != 0 || index($logs, 'Verifying storage') == -1) {
die "Radicale 2 didn't verify storage"
}
if (index($logs, 'failed') != -1 || index($logs, 'exception') != -1) {
die "storage verification failed"
}
# Check Radicale 2 functionality
$radicale->succeed('${switchToConfig "radicale2"} >&2');
$radicale->waitForUnit('radicale.service');
$radicale->waitForOpenPort(${port});
my ($retcode, $output) = $radicale->execute('curl --fail http://${user}:${password}@localhost:${port}/someuser/calendar.ics/');
if ($retcode != 0 || index($output, 'VCALENDAR') == -1) {
die "Could not read calendar from Radicale 2"
}
$radicale->succeed('curl --fail http://${user}:${password}@localhost:${port}/.web/');
'';
})