diff options
author | Sophie Tauchert <sophie@999eagle.moe> | 2024-02-15 11:29:39 +0100 |
---|---|---|
committer | Sophie Tauchert <sophie@999eagle.moe> | 2024-03-04 09:07:21 +0100 |
commit | cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab (patch) | |
tree | 0ece37416e1e99867ea4595d36c4f6c0e0620a72 | |
parent | 1f8385d6d14c59fd927d606016e8c52f708864da (diff) | |
download | nixlib-cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab.tar nixlib-cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab.tar.gz nixlib-cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab.tar.bz2 nixlib-cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab.tar.lz nixlib-cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab.tar.xz nixlib-cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab.tar.zst nixlib-cb5f2a8e872ae88f33ea5baf028c9f06bd9d30ab.zip |
nixos/tests/miniflux: add test for external database
-rw-r--r-- | nixos/modules/services/web-apps/miniflux.nix | 1 | ||||
-rw-r--r-- | nixos/tests/miniflux.nix | 47 |
2 files changed, 47 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/miniflux.nix b/nixos/modules/services/web-apps/miniflux.nix index 6951aa34a94a..16b6fb0d655d 100644 --- a/nixos/modules/services/web-apps/miniflux.nix +++ b/nixos/modules/services/web-apps/miniflux.nix @@ -140,6 +140,7 @@ in include "${pkgs.apparmorRulesFromClosure { name = "miniflux"; } cfg.package}" r ${cfg.package}/bin/miniflux, r @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size, + rw /run/miniflux/**, } ''; }; diff --git a/nixos/tests/miniflux.nix b/nixos/tests/miniflux.nix index 1ee3c9ceed93..6d38224448ed 100644 --- a/nixos/tests/miniflux.nix +++ b/nixos/tests/miniflux.nix @@ -15,6 +15,10 @@ let ADMIN_USERNAME=${username} ADMIN_PASSWORD=${password} ''; + postgresPassword = "correcthorsebatterystaple"; + postgresPasswordFile = pkgs.writeText "pgpass" '' + *:*:*:*:${postgresPassword} + ''; in { @@ -56,6 +60,40 @@ in adminCredentialsFile = customAdminCredentialsFile; }; }; + + postgresTcp = { config, pkgs, lib, ... }: { + services.postgresql = { + enable = true; + initialScript = pkgs.writeText "init-postgres" '' + CREATE USER miniflux WITH PASSWORD '${postgresPassword}'; + CREATE DATABASE miniflux WITH OWNER miniflux; + ''; + enableTCPIP = true; + authentication = '' + host sameuser miniflux samenet scram-sha-256 + ''; + }; + systemd.services.postgresql.postStart = lib.mkAfter '' + $PSQL -tAd miniflux -c 'CREATE EXTENSION hstore;' + ''; + networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ]; + }; + externalDb = { ... }: { + security.apparmor.enable = true; + services.miniflux = { + enable = true; + createDatabaseLocally = false; + inherit adminCredentialsFile; + config = { + DATABASE_URL = "user=miniflux host=postgresTcp dbname=miniflux sslmode=disable"; + PGPASSFILE = "/run/miniflux/pgpass"; + }; + }; + systemd.services.miniflux.preStart = '' + cp ${postgresPasswordFile} /run/miniflux/pgpass + chmod 600 /run/miniflux/pgpass + ''; + }; }; testScript = '' def runTest(machine, port, user): @@ -67,10 +105,17 @@ in ) machine.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') - start_all() + default.start() + withoutSudo.start() + customized.start() + postgresTcp.start() runTest(default, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") runTest(withoutSudo, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") runTest(customized, ${toString port}, "${username}:${password}") + + postgresTcp.wait_for_unit("postgresql.service") + externalDb.start() + runTest(externalDb, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}") ''; }) |