diff options
Diffstat (limited to 'nixpkgs/nixos/tests/xmpp')
| -rw-r--r-- | nixpkgs/nixos/tests/xmpp/ejabberd.nix | 278 | ||||
| -rw-r--r-- | nixpkgs/nixos/tests/xmpp/prosody-mysql.nix | 124 | ||||
| -rw-r--r-- | nixpkgs/nixos/tests/xmpp/prosody.nix | 93 | ||||
| -rw-r--r-- | nixpkgs/nixos/tests/xmpp/xmpp-sendmessage.nix | 90 |
4 files changed, 585 insertions, 0 deletions
diff --git a/nixpkgs/nixos/tests/xmpp/ejabberd.nix b/nixpkgs/nixos/tests/xmpp/ejabberd.nix new file mode 100644 index 000000000000..1a807b27b6f6 --- /dev/null +++ b/nixpkgs/nixos/tests/xmpp/ejabberd.nix @@ -0,0 +1,278 @@ +import ../make-test-python.nix ({ pkgs, ... }: { + name = "ejabberd"; + meta = with pkgs.lib.maintainers; { + maintainers = [ ]; + }; + nodes = { + client = { nodes, pkgs, ... }: { + networking.extraHosts = '' + ${nodes.server.config.networking.primaryIPAddress} example.com + ''; + + environment.systemPackages = [ + (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; }) + ]; + }; + server = { config, pkgs, ... }: { + networking.extraHosts = '' + ${config.networking.primaryIPAddress} example.com + ''; + + services.ejabberd = { + enable = true; + configFile = "/etc/ejabberd.yml"; + }; + + environment.etc."ejabberd.yml" = { + user = "ejabberd"; + mode = "0600"; + text = '' + loglevel: 3 + + hosts: + - "example.com" + + listen: + - + port: 5222 + module: ejabberd_c2s + zlib: false + max_stanza_size: 65536 + shaper: c2s_shaper + access: c2s + - + port: 5269 + ip: "::" + module: ejabberd_s2s_in + - + port: 5347 + ip: "127.0.0.1" + module: ejabberd_service + access: local + shaper: fast + - + port: 5444 + module: ejabberd_http + request_handlers: + "/upload": mod_http_upload + + ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text + ## password storage (see auth_password_format option). + disable_sasl_mechanisms: "digest-md5" + + ## Outgoing S2S options + ## Preferred address families (which to try first) and connect timeout + ## in seconds. + outgoing_s2s_families: + - ipv4 + - ipv6 + + ## auth_method: Method used to authenticate the users. + ## The default method is the internal. + ## If you want to use a different method, + ## comment this line and enable the correct ones. + auth_method: internal + + ## Store the plain passwords or hashed for SCRAM: + ## auth_password_format: plain + auth_password_format: scram + + ###' TRAFFIC SHAPERS + shaper: + # in B/s + normal: 1000000 + fast: 50000000 + + ## This option specifies the maximum number of elements in the queue + ## of the FSM. Refer to the documentation for details. + max_fsm_queue: 1000 + + ###' ACCESS CONTROL LISTS + acl: + ## The 'admin' ACL grants administrative privileges to XMPP accounts. + ## You can put here as many accounts as you want. + admin: + user: + - "root": "example.com" + + ## Local users: don't modify this. + local: + user_regexp: "" + + ## Loopback network + loopback: + ip: + - "127.0.0.0/8" + - "::1/128" + - "::FFFF:127.0.0.1/128" + + ###' SHAPER RULES + shaper_rules: + ## Maximum number of simultaneous sessions allowed for a single user: + max_user_sessions: 10 + ## Maximum number of offline messages that users can have: + max_user_offline_messages: + - 5000: admin + - 1024 + ## For C2S connections, all users except admins use the "normal" shaper + c2s_shaper: + - none: admin + - normal + ## All S2S connections use the "fast" shaper + s2s_shaper: fast + + ###' ACCESS RULES + access_rules: + ## This rule allows access only for local users: + local: + - allow: local + ## Only non-blocked users can use c2s connections: + c2s: + - deny: blocked + - allow + ## Only admins can send announcement messages: + announce: + - allow: admin + ## Only admins can use the configuration interface: + configure: + - allow: admin + ## Only accounts of the local ejabberd server can create rooms: + muc_create: + - allow: local + ## Only accounts on the local ejabberd server can create Pubsub nodes: + pubsub_createnode: + - allow: local + ## In-band registration allows registration of any possible username. + ## To disable in-band registration, replace 'allow' with 'deny'. + register: + - allow + ## Only allow to register from localhost + trusted_network: + - allow: loopback + + ## =============== + ## API PERMISSIONS + ## =============== + ## + ## This section allows you to define who and using what method + ## can execute commands offered by ejabberd. + ## + ## By default "console commands" section allow executing all commands + ## issued using ejabberdctl command, and "admin access" section allows + ## users in admin acl that connect from 127.0.0.1 to execute all + ## commands except start and stop with any available access method + ## (ejabberdctl, http-api, xmlrpc depending what is enabled on server). + ## + ## If you remove "console commands" there will be one added by + ## default allowing executing all commands, but if you just change + ## permissions in it, version from config file will be used instead + ## of default one. + ## + api_permissions: + "console commands": + from: + - ejabberd_ctl + who: all + what: "*" + + language: "en" + + ###' MODULES + ## Modules enabled in all ejabberd virtual hosts. + modules: + mod_adhoc: {} + mod_announce: # recommends mod_adhoc + access: announce + mod_blocking: {} # requires mod_privacy + mod_caps: {} + mod_carboncopy: {} + mod_client_state: {} + mod_configure: {} # requires mod_adhoc + ## mod_delegation: {} # for xep0356 + mod_disco: {} + #mod_irc: + # host: "irc.@HOST@" + # default_encoding: "utf-8" + ## mod_bosh: {} + ## mod_http_fileserver: + ## docroot: "/var/www" + ## accesslog: "/var/log/ejabberd/access.log" + mod_http_upload: + thumbnail: false # otherwise needs the identify command from ImageMagick installed + put_url: "http://@HOST@:5444/upload" + ## # docroot: "@HOME@/upload" + #mod_http_upload_quota: + # max_days: 14 + mod_last: {} + ## XEP-0313: Message Archive Management + ## You might want to setup a SQL backend for MAM because the mnesia database is + ## limited to 2GB which might be exceeded on large servers + mod_mam: {} + mod_muc: + host: "muc.@HOST@" + access: + - allow + access_admin: + - allow: admin + access_create: muc_create + access_persistent: muc_create + mod_muc_admin: {} + mod_muc_log: {} + mod_offline: + access_max_user_messages: max_user_offline_messages + mod_ping: {} + ## mod_pres_counter: + ## count: 5 + ## interval: 60 + mod_privacy: {} + mod_private: {} + mod_roster: + versioning: true + mod_shared_roster: {} + mod_stats: {} + mod_time: {} + mod_vcard: + search: false + mod_vcard_xupdate: {} + ## Convert all avatars posted by Android clients from WebP to JPEG + mod_avatar: {} + # convert: + # webp: jpeg + mod_version: {} + mod_stream_mgmt: {} + ## The module for S2S dialback (XEP-0220). Please note that you cannot + ## rely solely on dialback if you want to federate with other servers, + ## because a lot of servers have dialback disabled and instead rely on + ## PKIX authentication. Make sure you have proper certificates installed + ## and check your accessibility at https://check.messaging.one/ + mod_s2s_dialback: {} + mod_pubsub: + plugins: + - "pep" + mod_push: {} + ''; + }; + + networking.firewall.enable = false; + }; + }; + + testScript = { nodes, ... }: '' + ejabberd_prefix = "su ejabberd -s $(which ejabberdctl) " + + server.wait_for_unit("ejabberd.service") + + assert "status: started" in server.succeed(ejabberd_prefix + "status") + + server.succeed( + ejabberd_prefix + "register azurediamond example.com hunter2", + ejabberd_prefix + "register cthon98 example.com nothunter2", + ) + server.fail(ejabberd_prefix + "register asdf wrong.domain") + client.succeed("send-message") + server.succeed( + ejabberd_prefix + "unregister cthon98 example.com", + ejabberd_prefix + "unregister azurediamond example.com", + ) + ''; +}) diff --git a/nixpkgs/nixos/tests/xmpp/prosody-mysql.nix b/nixpkgs/nixos/tests/xmpp/prosody-mysql.nix new file mode 100644 index 000000000000..40f3e308a04e --- /dev/null +++ b/nixpkgs/nixos/tests/xmpp/prosody-mysql.nix @@ -0,0 +1,124 @@ +let + cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com' -days 36500 + mkdir -p $out + cp key.pem cert.pem $out + ''; + createUsers = pkgs: pkgs.writeScriptBin "create-prosody-users" '' + #!${pkgs.bash}/bin/bash + set -e + + # Creates and set password for the 2 xmpp test users. + # + # Doing that in a bash script instead of doing that in the test + # script allow us to easily provision the users when running that + # test interactively. + + prosodyctl register cthon98 example.com nothunter2 + prosodyctl register azurediamond example.com hunter2 + ''; + delUsers = pkgs: pkgs.writeScriptBin "delete-prosody-users" '' + #!${pkgs.bash}/bin/bash + set -e + + # Deletes the test users. + # + # Doing that in a bash script instead of doing that in the test + # script allow us to easily provision the users when running that + # test interactively. + + prosodyctl deluser cthon98@example.com + prosodyctl deluser azurediamond@example.com + ''; +in import ../make-test-python.nix { + name = "prosody-mysql"; + nodes = { + client = { nodes, pkgs, config, ... }: { + security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; + console.keyMap = "fr-bepo"; + networking.extraHosts = '' + ${nodes.server.config.networking.primaryIPAddress} example.com + ${nodes.server.config.networking.primaryIPAddress} conference.example.com + ${nodes.server.config.networking.primaryIPAddress} uploads.example.com + ''; + environment.systemPackages = [ + (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; }) + ]; + }; + server = { config, pkgs, ... }: { + nixpkgs.overlays = [ + (self: super: { + prosody = super.prosody.override { + withExtraLuaPackages = p: [ p.luadbi-mysql ]; + }; + }) + ]; + security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; + console.keyMap = "fr-bepo"; + networking.extraHosts = '' + ${config.networking.primaryIPAddress} example.com + ${config.networking.primaryIPAddress} conference.example.com + ${config.networking.primaryIPAddress} uploads.example.com + ''; + networking.firewall.enable = false; + environment.systemPackages = [ + (createUsers pkgs) + (delUsers pkgs) + ]; + services.prosody = { + enable = true; + ssl.cert = "${cert pkgs}/cert.pem"; + ssl.key = "${cert pkgs}/key.pem"; + virtualHosts.example = { + domain = "example.com"; + enabled = true; + ssl.cert = "${cert pkgs}/cert.pem"; + ssl.key = "${cert pkgs}/key.pem"; + }; + muc = [ + { + domain = "conference.example.com"; + } + ]; + uploadHttp = { + domain = "uploads.example.com"; + }; + extraConfig = '' + storage = "sql" + sql = { + driver = "MySQL"; + database = "prosody"; + host = "mysql"; + port = 3306; + username = "prosody"; + password = "password123"; + }; + ''; + }; + }; + mysql = { config, pkgs, ... }: { + networking.firewall.enable = false; + services.mysql = { + enable = true; + initialScript = pkgs.writeText "mysql_init.sql" '' + CREATE DATABASE prosody; + CREATE USER 'prosody'@'server' IDENTIFIED BY 'password123'; + GRANT ALL PRIVILEGES ON prosody.* TO 'prosody'@'server'; + FLUSH PRIVILEGES; + ''; + package = pkgs.mariadb; + }; + }; + }; + + testScript = { nodes, ... }: '' + # Check with mysql storage + mysql.wait_for_unit("mysql.service") + server.wait_for_unit("prosody.service") + server.succeed('prosodyctl status | grep "Prosody is running"') + + server.succeed("create-prosody-users") + client.succeed("send-message") + server.succeed("delete-prosody-users") + ''; +} diff --git a/nixpkgs/nixos/tests/xmpp/prosody.nix b/nixpkgs/nixos/tests/xmpp/prosody.nix new file mode 100644 index 000000000000..045ae6430fd4 --- /dev/null +++ b/nixpkgs/nixos/tests/xmpp/prosody.nix @@ -0,0 +1,93 @@ +let + cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com' -days 36500 + mkdir -p $out + cp key.pem cert.pem $out + ''; + createUsers = pkgs: pkgs.writeScriptBin "create-prosody-users" '' + #!${pkgs.bash}/bin/bash + set -e + + # Creates and set password for the 2 xmpp test users. + # + # Doing that in a bash script instead of doing that in the test + # script allow us to easily provision the users when running that + # test interactively. + + prosodyctl register cthon98 example.com nothunter2 + prosodyctl register azurediamond example.com hunter2 + ''; + delUsers = pkgs: pkgs.writeScriptBin "delete-prosody-users" '' + #!${pkgs.bash}/bin/bash + set -e + + # Deletes the test users. + # + # Doing that in a bash script instead of doing that in the test + # script allow us to easily provision the users when running that + # test interactively. + + prosodyctl deluser cthon98@example.com + prosodyctl deluser azurediamond@example.com + ''; +in import ../make-test-python.nix { + name = "prosody"; + nodes = { + client = { nodes, pkgs, config, ... }: { + security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; + console.keyMap = "fr-bepo"; + networking.extraHosts = '' + ${nodes.server.config.networking.primaryIPAddress} example.com + ${nodes.server.config.networking.primaryIPAddress} conference.example.com + ${nodes.server.config.networking.primaryIPAddress} uploads.example.com + ''; + environment.systemPackages = [ + (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = "example.com"; }) + ]; + }; + server = { config, pkgs, ... }: { + security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ]; + console.keyMap = "fr-bepo"; + networking.extraHosts = '' + ${config.networking.primaryIPAddress} example.com + ${config.networking.primaryIPAddress} conference.example.com + ${config.networking.primaryIPAddress} uploads.example.com + ''; + networking.firewall.enable = false; + environment.systemPackages = [ + (createUsers pkgs) + (delUsers pkgs) + ]; + services.prosody = { + enable = true; + ssl.cert = "${cert pkgs}/cert.pem"; + ssl.key = "${cert pkgs}/key.pem"; + virtualHosts.example = { + domain = "example.com"; + enabled = true; + ssl.cert = "${cert pkgs}/cert.pem"; + ssl.key = "${cert pkgs}/key.pem"; + }; + muc = [ + { + domain = "conference.example.com"; + } + ]; + uploadHttp = { + domain = "uploads.example.com"; + }; + }; + }; + }; + + testScript = { nodes, ... }: '' + # Check with sqlite storage + start_all() + server.wait_for_unit("prosody.service") + server.succeed('prosodyctl status | grep "Prosody is running"') + + server.succeed("create-prosody-users") + client.succeed("send-message") + server.succeed("delete-prosody-users") + ''; +} diff --git a/nixpkgs/nixos/tests/xmpp/xmpp-sendmessage.nix b/nixpkgs/nixos/tests/xmpp/xmpp-sendmessage.nix new file mode 100644 index 000000000000..8ccac0612491 --- /dev/null +++ b/nixpkgs/nixos/tests/xmpp/xmpp-sendmessage.nix @@ -0,0 +1,90 @@ +{ writeScriptBin, writeText, python3, connectTo ? "localhost" }: +let + dummyFile = writeText "dummy-file" '' + Dear dog, + + Please find this *really* important attachment. + + Yours truly, + Bob + ''; +in writeScriptBin "send-message" '' +#!${(python3.withPackages (ps: [ ps.slixmpp ])).interpreter} +import logging +import sys +import signal +from types import MethodType + +from slixmpp import ClientXMPP +from slixmpp.exceptions import IqError, IqTimeout + + +class CthonTest(ClientXMPP): + + def __init__(self, jid, password): + ClientXMPP.__init__(self, jid, password) + self.add_event_handler("session_start", self.session_start) + self.test_succeeded = False + + async def session_start(self, event): + try: + # Exceptions in event handlers are printed to stderr but not + # propagated, they do not make the script terminate with a non-zero + # exit code. We use the `test_succeeded` flag as a workaround and + # check it later at the end of the script to exit with a proper + # exit code. + # Additionally, this flag ensures that this event handler has been + # actually run by ClientXMPP, which may well not be the case. + await self.test_xmpp_server() + self.test_succeeded = True + finally: + # Even if an exception happens in `test_xmpp_server()`, we still + # need to disconnect explicitly, otherwise the process will hang + # forever. + self.disconnect(wait=True) + + async def test_xmpp_server(self): + log = logging.getLogger(__name__) + self.send_presence() + self.get_roster() + # Sending a test message + self.send_message(mto="azurediamond@example.com", mbody="Hello, this is dog.", mtype="chat") + log.info('Message sent') + + # Test http upload (XEP_0363) + try: + url = await self['xep_0363'].upload_file("${dummyFile}",timeout=10) + except: + log.error("ERROR: Cannot run upload command. XEP_0363 seems broken") + sys.exit(1) + log.info('Upload success!') + + # Test MUC + # TODO: use join_muc_wait() after slixmpp 1.8.0 is released. + self.plugin['xep_0045'].join_muc('testMucRoom', 'cthon98') + log.info('MUC join success!') + log.info('XMPP SCRIPT TEST SUCCESS') + +def timeout_handler(signalnum, stackframe): + print('ERROR: xmpp-sendmessage timed out') + sys.exit(1) + +if __name__ == '__main__': + signal.signal(signal.SIGALRM, timeout_handler) + signal.alarm(120) + logging.basicConfig(level=logging.DEBUG, + format='%(levelname)-8s %(message)s') + + ct = CthonTest('cthon98@example.com', 'nothunter2') + ct.register_plugin('xep_0071') + ct.register_plugin('xep_0128') + # HTTP Upload + ct.register_plugin('xep_0363') + # MUC + ct.register_plugin('xep_0045') + ct.connect(("${connectTo}", 5222)) + ct.process(forever=False) + + if not ct.test_succeeded: + sys.exit(1) +'' |