mirror of
https://gitlab.computer.surgery/matrix/grapevine.git
synced 2025-12-16 23:31:24 +01:00
add nixos module test
This is very basic for now, just ensures that the grapevine systemd unit is able to start. Config validation plus the federation self-test should hopefully still be able to catch some issues this way.
This commit is contained in:
Olivia Lee
parent
6cb7896e17
commit
1b06a1842c
2 changed files with 70 additions and 0 deletions
|
|
@ -128,6 +128,10 @@
|
||||||
devShells.all-features = ((mkScope pkgs).overrideDefaultPackage {
|
devShells.all-features = ((mkScope pkgs).overrideDefaultPackage {
|
||||||
all-features = true;
|
all-features = true;
|
||||||
}).shell;
|
}).shell;
|
||||||
|
|
||||||
|
checks.nixosModule = pkgs.testers.runNixOSTest {
|
||||||
|
imports = [ (import ./nix/tests/default.nix inputs) ];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
//
|
//
|
||||||
|
|
|
||||||
66
nix/tests/default.nix
Normal file
66
nix/tests/default.nix
Normal file
|
|
@ -0,0 +1,66 @@
|
||||||
|
inputs:
|
||||||
|
|
||||||
|
{
|
||||||
|
name = "grapevine";
|
||||||
|
|
||||||
|
nodes.machine = { pkgs, lib, ... }: let
|
||||||
|
certs =
|
||||||
|
import "${pkgs.path}/nixos/tests/common/acme/server/snakeoil-certs.nix";
|
||||||
|
domain = certs.domain;
|
||||||
|
in {
|
||||||
|
imports = [ inputs.self.nixosModules.default ];
|
||||||
|
|
||||||
|
security.pki.certificateFiles = [ certs.ca.cert ];
|
||||||
|
|
||||||
|
services.grapevine = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
server_name = domain;
|
||||||
|
server_discovery = {
|
||||||
|
server.authority = "${domain}:443";
|
||||||
|
client.base_url = "https://${domain}:443";
|
||||||
|
};
|
||||||
|
|
||||||
|
federation.self_test = false;
|
||||||
|
|
||||||
|
# Enable debug logs, for easier debugging test issues
|
||||||
|
observability.logs.filter = "debug,ruma_state_res=warn";
|
||||||
|
|
||||||
|
tls = {
|
||||||
|
certs = certs.${domain}.cert;
|
||||||
|
key = certs.${domain}.key;
|
||||||
|
};
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
type = "tcp";
|
||||||
|
address = "127.0.0.1";
|
||||||
|
port = 443;
|
||||||
|
tls = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.grapevine.serviceConfig = {
|
||||||
|
# To allow binding port 443, which is needed to serve .well-known without
|
||||||
|
# a reverse proxy.
|
||||||
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
|
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
|
|
||||||
|
# TODO: we probably don't want to do this, but capabilities don't work
|
||||||
|
# otherwise
|
||||||
|
PrivateUsers = lib.mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.extraHosts = ''
|
||||||
|
127.0.0.1 ${certs.domain}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
start_all()
|
||||||
|
machine.wait_for_unit("grapevine.service")
|
||||||
|
'';
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue