6325d15e90
The test certificate expiration date was set to the default 30 days. This certificate is generated through its own derivation. As with every derivation, it gets cached by cache.nixos.org once we build it. In practice, we rebuild this derivation only if one of its input changes. The only inputs here being openssl and stdenv. While it's not an issue on the unstable branches, it can be problematic on a stable release: the test will fail after 30 days. Extending the certificate lifespan from 1 month to 100 years to prevent it from getting expired while being cached. See https://github.com/NixOS/nixpkgs/pull/132898#issuecomment-894495057 for more context.
91 lines
3.1 KiB
Nix
91 lines
3.1 KiB
Nix
let
|
|
cert = pkgs: pkgs.runCommandNoCC "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
|
|
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com' -days 36500
|
|
mkdir -p $out
|
|
cp key.pem cert.pem $out
|
|
'';
|
|
createUsers = pkgs: pkgs.writeScriptBin "create-prosody-users" ''
|
|
#!${pkgs.bash}/bin/bash
|
|
set -e
|
|
|
|
# Creates and set password for the 2 xmpp test users.
|
|
#
|
|
# Doing that in a bash script instead of doing that in the test
|
|
# script allow us to easily provision the users when running that
|
|
# test interactively.
|
|
|
|
prosodyctl register cthon98 example.com nothunter2
|
|
prosodyctl register azurediamond example.com hunter2
|
|
'';
|
|
delUsers = pkgs: pkgs.writeScriptBin "delete-prosody-users" ''
|
|
#!${pkgs.bash}/bin/bash
|
|
set -e
|
|
|
|
# Deletes the test users.
|
|
#
|
|
# Doing that in a bash script instead of doing that in the test
|
|
# script allow us to easily provision the users when running that
|
|
# test interactively.
|
|
|
|
prosodyctl deluser cthon98@example.com
|
|
prosodyctl deluser azurediamond@example.com
|
|
'';
|
|
in import ../make-test-python.nix {
|
|
name = "prosody";
|
|
nodes = {
|
|
client = { nodes, pkgs, config, ... }: {
|
|
security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
|
|
console.keyMap = "fr-bepo";
|
|
networking.extraHosts = ''
|
|
${nodes.server.config.networking.primaryIPAddress} example.com
|
|
${nodes.server.config.networking.primaryIPAddress} conference.example.com
|
|
${nodes.server.config.networking.primaryIPAddress} uploads.example.com
|
|
'';
|
|
environment.systemPackages = [
|
|
(pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; })
|
|
];
|
|
};
|
|
server = { config, pkgs, ... }: {
|
|
security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
|
|
console.keyMap = "fr-bepo";
|
|
networking.extraHosts = ''
|
|
${config.networking.primaryIPAddress} example.com
|
|
${config.networking.primaryIPAddress} conference.example.com
|
|
${config.networking.primaryIPAddress} uploads.example.com
|
|
'';
|
|
networking.firewall.enable = false;
|
|
environment.systemPackages = [
|
|
(createUsers pkgs)
|
|
(delUsers pkgs)
|
|
];
|
|
services.prosody = {
|
|
enable = true;
|
|
ssl.cert = "${cert pkgs}/cert.pem";
|
|
ssl.key = "${cert pkgs}/key.pem";
|
|
virtualHosts.example = {
|
|
domain = "example.com";
|
|
enabled = true;
|
|
ssl.cert = "${cert pkgs}/cert.pem";
|
|
ssl.key = "${cert pkgs}/key.pem";
|
|
};
|
|
muc = [
|
|
{
|
|
domain = "conference.example.com";
|
|
}
|
|
];
|
|
uploadHttp = {
|
|
domain = "uploads.example.com";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = { nodes, ... }: ''
|
|
server.wait_for_unit("prosody.service")
|
|
server.succeed('prosodyctl status | grep "Prosody is running"')
|
|
|
|
server.succeed("create-prosody-users")
|
|
client.succeed("send-message")
|
|
server.succeed("delete-prosody-users")
|
|
'';
|
|
}
|