mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-15 22:36:23 +01:00
e4b32222a3
The secrets are in fact also stored unhashed, as part of the .drv file which produces the htpasswd.
106 lines
4 KiB
Nix
106 lines
4 KiB
Nix
let
|
|
user = "someuser";
|
|
password = "some_password";
|
|
port = builtins.toString 5232;
|
|
|
|
common = { pkgs, ... }: {
|
|
services.radicale = {
|
|
enable = true;
|
|
config = ''
|
|
[auth]
|
|
type = htpasswd
|
|
htpasswd_filename = /etc/radicale/htpasswd
|
|
htpasswd_encryption = bcrypt
|
|
|
|
[storage]
|
|
filesystem_folder = /tmp/collections
|
|
|
|
[logging]
|
|
debug = True
|
|
'';
|
|
};
|
|
# WARNING: DON'T DO THIS IN PRODUCTION!
|
|
# This puts unhashed secrets directly into the Nix store for ease of testing.
|
|
environment.etc."radicale/htpasswd".source = pkgs.runCommand "htpasswd" {} ''
|
|
${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password}
|
|
'';
|
|
};
|
|
|
|
in
|
|
|
|
import ./make-test.nix ({ pkgs, lib, ... }@args: {
|
|
name = "radicale";
|
|
meta.maintainers = with lib.maintainers; [ aneeshusa infinisil ];
|
|
|
|
nodes = rec {
|
|
radicale = radicale1; # Make the test script read more nicely
|
|
radicale1 = lib.recursiveUpdate (common args) {
|
|
nixpkgs.overlays = [
|
|
(self: super: {
|
|
radicale1 = super.radicale1.overrideAttrs (oldAttrs: {
|
|
propagatedBuildInputs = with self.pythonPackages;
|
|
(oldAttrs.propagatedBuildInputs or []) ++ [ passlib ];
|
|
});
|
|
})
|
|
];
|
|
system.stateVersion = "17.03";
|
|
};
|
|
radicale1_export = lib.recursiveUpdate radicale1 {
|
|
services.radicale.extraArgs = [
|
|
"--export-storage" "/tmp/collections-new"
|
|
];
|
|
};
|
|
radicale2_verify = lib.recursiveUpdate radicale2 {
|
|
services.radicale.extraArgs = [ "--verify-storage" ];
|
|
};
|
|
radicale2 = lib.recursiveUpdate (common args) {
|
|
system.stateVersion = "17.09";
|
|
};
|
|
};
|
|
|
|
# This tests whether the web interface is accessible to an authenticated user
|
|
testScript = { nodes }: let
|
|
switchToConfig = nodeName: let
|
|
newSystem = nodes.${nodeName}.config.system.build.toplevel;
|
|
in "${newSystem}/bin/switch-to-configuration test";
|
|
in ''
|
|
# Check Radicale 1 functionality
|
|
$radicale->succeed('${switchToConfig "radicale1"} >&2');
|
|
$radicale->waitForUnit('radicale.service');
|
|
$radicale->waitForOpenPort(${port});
|
|
$radicale->succeed('curl --fail http://${user}:${password}@localhost:${port}/someuser/calendar.ics/');
|
|
|
|
# Export data in Radicale 2 format
|
|
$radicale->succeed('systemctl stop radicale');
|
|
$radicale->succeed('ls -al /tmp/collections');
|
|
$radicale->fail('ls -al /tmp/collections-new');
|
|
# Radicale exits immediately after exporting storage
|
|
$radicale->succeed('${switchToConfig "radicale1_export"} >&2');
|
|
$radicale->waitUntilFails('systemctl status radicale');
|
|
$radicale->succeed('ls -al /tmp/collections');
|
|
$radicale->succeed('ls -al /tmp/collections-new');
|
|
|
|
# Verify data in Radicale 2 format
|
|
$radicale->succeed('rm -r /tmp/collections/${user}');
|
|
$radicale->succeed('mv /tmp/collections-new/collection-root /tmp/collections');
|
|
$radicale->succeed('${switchToConfig "radicale2_verify"} >&2');
|
|
$radicale->waitUntilFails('systemctl status radicale');
|
|
my ($retcode, $logs) = $radicale->execute('journalctl -u radicale -n 5');
|
|
if ($retcode != 0 || index($logs, 'Verifying storage') == -1) {
|
|
die "Radicale 2 didn't verify storage"
|
|
}
|
|
if (index($logs, 'failed') != -1 || index($logs, 'exception') != -1) {
|
|
die "storage verification failed"
|
|
}
|
|
|
|
# Check Radicale 2 functionality
|
|
$radicale->succeed('${switchToConfig "radicale2"} >&2');
|
|
$radicale->waitForUnit('radicale.service');
|
|
$radicale->waitForOpenPort(${port});
|
|
my ($retcode, $output) = $radicale->execute('curl --fail http://${user}:${password}@localhost:${port}/someuser/calendar.ics/');
|
|
if ($retcode != 0 || index($output, 'VCALENDAR') == -1) {
|
|
die "Could not read calendar from Radicale 2"
|
|
}
|
|
$radicale->succeed('curl --fail http://${user}:${password}@localhost:${port}/.web/');
|
|
'';
|
|
})
|