nixpkgs/nixos/tests/tlsrpt.nix

{
  pkgs,
  ...
}:

{
  name = "tlsrpt";

  meta = {
    inherit (pkgs.tlsrpt-reporter.meta) maintainers;
  };

  nodes.machine = {
    services.tlsrpt = {
      enable = true;
      reportd.settings = {
        organization_name = "NixOS Testers United";
        contact_info = "smtp-tls-report@localhost";
        sender_address = "noreply@localhost";
      };
    };

    # To test the postfix integration
    services.postfix.enable = true;
  };

  testScript = ''
    machine.wait_for_unit("tlsrpt-collectd.service")
    machine.wait_for_unit("tlsrpt-reportd.service")

    machine.wait_for_file("/run/tlsrpt/collectd.sock")
    machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-collectd | grep -Pq 'Database .* setup finished'")
    machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd | grep -Pq 'Database .* setup finished'")
    machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd | grep -Pq 'Fetcher .* finished'")

    # Enabling postfix should put sendmail as the sendmail setting
    machine.succeed("grep -q sendmail_script=sendmail /etc/tlsrpt/reportd.cfg")
    machine.succeed("systemctl show --property SupplementaryGroups postfix.service | grep tlsrpt")

    machine.log(machine.succeed("systemd-analyze security tlsrpt-collectd.service tlsrpt-reportd.service | grep -v ✓"))
  '';
}
nixos/tests/tlsrpt: init (cherry picked from commit 2487dcbf51d8f11e1ff0795eb76faf2659f7fe36) 2025-06-14 17:05:35 +02:00			`{`
			`pkgs,`
			`...`
			`}:`

			`{`
			`name = "tlsrpt";`

			`meta = {`
			`inherit (pkgs.tlsrpt-reporter.meta) maintainers;`
			`};`

			`nodes.machine = {`
			`services.tlsrpt = {`
			`enable = true;`
			`reportd.settings = {`
			`organization_name = "NixOS Testers United";`
			`contact_info = "smtp-tls-report@localhost";`
			`sender_address = "noreply@localhost";`
			`};`
			`};`

			`# To test the postfix integration`
			`services.postfix.enable = true;`
			`};`

			`testScript = ''`
			`machine.wait_for_unit("tlsrpt-collectd.service")`
			`machine.wait_for_unit("tlsrpt-reportd.service")`

			`machine.wait_for_file("/run/tlsrpt/collectd.sock")`
			`machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-collectd \| grep -Pq 'Database .* setup finished'")`
			`machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd \| grep -Pq 'Database .* setup finished'")`
tlsrpt-reporter: apply patch for fetcher issue when no db exists The fetcher would then error out and not return the proper protocol version to the reportd instance, causing an error message. This is annoying, because I want to match success in the test. (cherry picked from commit 35e471ad45b7fdf1c1f5a7e624a15671994888ae) 2025-06-20 14:55:12 +02:00			`machine.wait_until_succeeds("journalctl -o cat -u tlsrpt-reportd \| grep -Pq 'Fetcher .* finished'")`
nixos/tests/tlsrpt: init (cherry picked from commit 2487dcbf51d8f11e1ff0795eb76faf2659f7fe36) 2025-06-14 17:05:35 +02:00
			`# Enabling postfix should put sendmail as the sendmail setting`
			`machine.succeed("grep -q sendmail_script=sendmail /etc/tlsrpt/reportd.cfg")`
			`machine.succeed("systemctl show --property SupplementaryGroups postfix.service \| grep tlsrpt")`

			`machine.log(machine.succeed("systemd-analyze security tlsrpt-collectd.service tlsrpt-reportd.service \| grep -v ✓"))`
			`'';`
			`}`