From ab1ad2b066ad1d2a0edf1ded067fb451843418fa Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Sun, 26 Nov 2023 12:53:02 +0100 Subject: [PATCH 01/13] nixosTests.sourcehut: remove unused VM image specifications At the time of this commit, sourcehut.builds is broken and its test infrastructure is partial at best. The specified image only inflated the closure size without any added benefit. --- nixos/tests/sourcehut.nix | 107 +------------------------------------- 1 file changed, 1 insertion(+), 106 deletions(-) diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut.nix index 0b258acc2af1..2717d5b27b8c 100644 --- a/nixos/tests/sourcehut.nix +++ b/nixos/tests/sourcehut.nix @@ -10,111 +10,6 @@ let -addext 'subjectAltName = DNS:*.${domain}' install -D -t $out key.pem cert.pem ''; - - images = { - nixos.unstable.x86_64 = - let - systemConfig = { pkgs, ... }: { - # passwordless ssh server - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "yes"; - PermitEmptyPasswords = true; - }; - }; - - users = { - mutableUsers = false; - # build user - extraUsers."build" = { - isNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" ]; - password = ""; - }; - users.root.password = ""; - }; - - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "root" "build" ]; - documentation.nixos.enable = false; - - # builds.sr.ht-image-specific network settings - networking = { - hostName = "build"; - dhcpcd.enable = false; - defaultGateway.address = "10.0.2.2"; - usePredictableInterfaceNames = false; - interfaces."eth0".ipv4.addresses = [{ - address = "10.0.2.15"; - prefixLength = 25; - }]; - enableIPv6 = false; - nameservers = [ - # OpenNIC anycast - "185.121.177.177" - "169.239.202.202" - # Google - "8.8.8.8" - ]; - firewall.allowedTCPPorts = [ 22 ]; - }; - - environment.systemPackages = [ - pkgs.gitMinimal - #pkgs.mercurial - pkgs.curl - pkgs.gnupg - ]; - }; - qemuConfig = { pkgs, ... }: { - imports = [ systemConfig ]; - fileSystems."/".device = "/dev/disk/by-label/nixos"; - boot.initrd.availableKernelModules = [ - "ahci" - "ehci_pci" - "sd_mod" - "usb_storage" - "usbhid" - "virtio_balloon" - "virtio_blk" - "virtio_pci" - "virtio_ring" - "xhci_pci" - ]; - boot.loader = { - grub = { - version = 2; - device = "/dev/vda"; - }; - timeout = 0; - }; - }; - config = (import (pkgs.path + "/nixos/lib/eval-config.nix") { - inherit pkgs; modules = [ qemuConfig ]; - system = "x86_64-linux"; - }).config; - in - import (pkgs.path + "/nixos/lib/make-disk-image.nix") { - inherit pkgs lib config; - diskSize = 16000; - format = "qcow2-compressed"; - contents = [ - { source = pkgs.writeText "gitconfig" '' - [user] - name = builds.sr.ht - email = build@sr.ht - ''; - target = "/home/build/.gitconfig"; - user = "build"; - group = "users"; - mode = "644"; - } - ]; - }; - }; - in { name = "sourcehut"; @@ -149,7 +44,7 @@ in enable = true; # FIXME: see why it does not seem to activate fully. #enableWorker = true; - inherit images; + images = { }; }; git.enable = true; From 3943aa57c0a1c346a15fae7b911a358c5da3364d Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Thu, 30 Nov 2023 16:03:01 +0100 Subject: [PATCH 02/13] nixosTests.sourcehut: test user creation and OAuth token generation --- nixos/tests/all-tests.nix | 2 +- nixos/tests/{ => sourcehut}/sourcehut.nix | 61 +++++++++++++------- nixos/tests/sourcehut/srht-gen-oauth-tok.nix | 31 ++++++++++ 3 files changed, 71 insertions(+), 23 deletions(-) rename nixos/tests/{ => sourcehut}/sourcehut.nix (75%) create mode 100644 nixos/tests/sourcehut/srht-gen-oauth-tok.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9caffa97ec8c..62588d1f738b 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -768,7 +768,7 @@ in { solanum = handleTest ./solanum.nix {}; sonarr = handleTest ./sonarr.nix {}; sonic-server = handleTest ./sonic-server.nix {}; - sourcehut = handleTest ./sourcehut.nix {}; + sourcehut = handleTest ./sourcehut/sourcehut.nix {}; spacecookie = handleTest ./spacecookie.nix {}; spark = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./spark {}; sqlite3-to-mysql = handleTest ./sqlite3-to-mysql.nix {}; diff --git a/nixos/tests/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix similarity index 75% rename from nixos/tests/sourcehut.nix rename to nixos/tests/sourcehut/sourcehut.nix index 2717d5b27b8c..b81767470e41 100644 --- a/nixos/tests/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ pkgs, lib, ... }: +import ../make-test-python.nix ({ pkgs, lib, ... }: let domain = "sourcehut.localdomain"; @@ -118,30 +118,47 @@ in enableTCPIP = false; settings.unix_socket_permissions = "0770"; }; + + environment.systemPackages = with pkgs; [ + (callPackage ./srht-gen-oauth-tok.nix { }) # To automatically generate OAuth tokens + ]; }; - testScript = '' - start_all() - machine.wait_for_unit("multi-user.target") + testScript = + let + userName = "nixos-test"; + userPass = "AutoNixosTestPwd"; + in + '' + start_all() + machine.wait_for_unit("multi-user.target") - # Testing metasrht - machine.wait_for_unit("metasrht-api.service") - machine.wait_for_unit("metasrht.service") - machine.wait_for_unit("metasrht-webhooks.service") - machine.wait_for_open_port(5000) - machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") - machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") + # Testing metasrht + machine.wait_for_unit("metasrht-api.service") + machine.wait_for_unit("metasrht.service") + machine.wait_for_unit("metasrht-webhooks.service") + machine.wait_for_open_port(5000) + machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") + machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") - # Testing buildsrht - machine.wait_for_unit("buildsrht.service") - machine.wait_for_open_port(5002) - machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") - #machine.wait_for_unit("buildsrht-worker.service") + ## Create a test user for subsequent tests + machine.succeed("echo ${userPass} | metasrht-manageuser -ps -e ${userName}@${domain}\ + -t active_free ${userName}"); - # Testing gitsrht - machine.wait_for_unit("gitsrht-api.service") - machine.wait_for_unit("gitsrht.service") - machine.wait_for_unit("gitsrht-webhooks.service") - machine.succeed("curl -sL http://git.${domain} | grep git.${domain}") - ''; + ## Obtain a OAuth token to be used for querying APIs directly + (_, token) = machine.execute("srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}") + print(token) + + # Testing buildsrht + machine.wait_for_unit("buildsrht.service") + machine.wait_for_open_port(5002) + machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") + #machine.wait_for_unit("buildsrht-worker.service") + + # Testing gitsrht + machine.wait_for_unit("gitsrht-api.service") + machine.wait_for_unit("gitsrht.service") + machine.wait_for_unit("gitsrht-webhooks.service") + machine.succeed("curl -sL http://git.${domain} | grep git.${domain}") + ''; }) diff --git a/nixos/tests/sourcehut/srht-gen-oauth-tok.nix b/nixos/tests/sourcehut/srht-gen-oauth-tok.nix new file mode 100644 index 000000000000..0a6527c9ecbb --- /dev/null +++ b/nixos/tests/sourcehut/srht-gen-oauth-tok.nix @@ -0,0 +1,31 @@ +{ stdenv, pkgs, lib, fetchFromSourcehut }: + +let + perl = pkgs.perl.withPackages (pps: [ + pps.CryptSSLeay + pps.WWWMechanize + pps.XMLLibXML + ]); +in +stdenv.mkDerivation rec { + pname = "srht-gen-oauth-tok"; + version = "0.1"; + + src = fetchFromSourcehut { + domain = "entropic.network"; + owner = "~nessdoor"; + repo = pname; + rev = version; + hash = "sha256-GcqP3XbVw2sR5n4+aLUmA4fthNkuVAGnhV1h7suJYdI="; + }; + + buildInputs = [ perl ]; + nativeBuildInputs = [ perl ]; + + installPhase = "install -Dm755 srht-gen-oauth-tok $out/bin/srht-gen-oauth-tok"; + + meta = { + description = "A script to register a new Sourcehut OAuth token for the given user"; + license = lib.licenses.gpl3; + }; +} From 33c13e9e4d1a6b5ff50fe33edbd0835ef254b236 Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Thu, 30 Nov 2023 16:05:00 +0100 Subject: [PATCH 03/13] nixosTests.sourcehut: listen on port 80, as well --- nixos/tests/sourcehut/sourcehut.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix index b81767470e41..1b73fb763e81 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -103,7 +103,7 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 443 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ]; services.nginx = { enable = true; From 89278c9846a88d51ec00b0b1f044070deb93a79f Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Thu, 30 Nov 2023 16:11:21 +0100 Subject: [PATCH 04/13] nixosTests.sourcehut: run tests within a production environment --- nixos/tests/sourcehut/sourcehut.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix index 1b73fb763e81..20885efdfed0 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -49,6 +49,7 @@ in git.enable = true; settings."sr.ht" = { + environment = "production"; global-domain = config.networking.domain; service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01"; network-key = pkgs.writeText "network-key" "cEEmc30BRBGkgQZcHFksiG7hjc6_dK1XR2Oo5Jb9_nQ="; From effb6bd756dfff8c88d635f346415cea6f4ddf96 Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Sun, 3 Dec 2023 00:34:14 +0100 Subject: [PATCH 05/13] nixosTests.sourcehut: configure Hut for direct API interaction --- nixos/tests/sourcehut/sourcehut.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix index 20885efdfed0..58a9c3262a73 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -121,6 +121,7 @@ in }; environment.systemPackages = with pkgs; [ + hut # For interacting with the Sourcehut APIs via CLI (callPackage ./srht-gen-oauth-tok.nix { }) # To automatically generate OAuth tokens ]; }; @@ -129,6 +130,12 @@ in let userName = "nixos-test"; userPass = "AutoNixosTestPwd"; + hutConfig = pkgs.writeText "hut-config" '' + instance "${domain}" { + # Will be replaced at runtime with the generated token + access-token "OAUTH-TOKEN" + } + ''; in '' start_all() @@ -148,7 +155,9 @@ in ## Obtain a OAuth token to be used for querying APIs directly (_, token) = machine.execute("srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}") - print(token) + token = token.strip().replace("/", r"\\/") # Escape slashes in token before passing it to sed + machine.execute("mkdir -p ~/.config/hut/") + machine.execute("sed s/OAUTH-TOKEN/" + token + "/ ${hutConfig} > ~/.config/hut/config") # Testing buildsrht machine.wait_for_unit("buildsrht.service") From 7d7cc717ebc36758c1e733b44a218d8426bf410b Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Tue, 19 Dec 2023 01:54:46 +0100 Subject: [PATCH 06/13] nixosTests.sourcehut: test pushing Git repositories --- nixos/tests/sourcehut/sourcehut.nix | 41 ++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix index 58a9c3262a73..567aad172c70 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -120,7 +120,14 @@ in settings.unix_socket_permissions = "0770"; }; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.PermitRootLogin = "no"; + }; + environment.systemPackages = with pkgs; [ + git hut # For interacting with the Sourcehut APIs via CLI (callPackage ./srht-gen-oauth-tok.nix { }) # To automatically generate OAuth tokens ]; @@ -136,10 +143,17 @@ in access-token "OAUTH-TOKEN" } ''; + sshConfig = pkgs.writeText "ssh-config" '' + Host git.${domain} + IdentityFile = ~/.ssh/id_rsa + ''; in '' start_all() machine.wait_for_unit("multi-user.target") + # For some reason, OpenSSH fails to start on boot with code 226/NAMESPACE + machine.systemctl("start sshd.service") + machine.wait_for_unit("sshd.service") # Testing metasrht machine.wait_for_unit("metasrht-api.service") @@ -151,7 +165,7 @@ in ## Create a test user for subsequent tests machine.succeed("echo ${userPass} | metasrht-manageuser -ps -e ${userName}@${domain}\ - -t active_free ${userName}"); + -t active_paying ${userName}"); ## Obtain a OAuth token to be used for querying APIs directly (_, token) = machine.execute("srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}") @@ -159,16 +173,31 @@ in machine.execute("mkdir -p ~/.config/hut/") machine.execute("sed s/OAUTH-TOKEN/" + token + "/ ${hutConfig} > ~/.config/hut/config") - # Testing buildsrht - machine.wait_for_unit("buildsrht.service") - machine.wait_for_open_port(5002) - machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") - #machine.wait_for_unit("buildsrht-worker.service") + ## Set up the SSH key for Git + machine.execute("ssh-keygen -q -N \"\" -t rsa -f ~/.ssh/id_rsa") + machine.execute("cat ${sshConfig} > ~/.ssh/config") + machine.succeed("hut meta ssh-key create ~/.ssh/id_rsa.pub") # Testing gitsrht machine.wait_for_unit("gitsrht-api.service") machine.wait_for_unit("gitsrht.service") machine.wait_for_unit("gitsrht-webhooks.service") machine.succeed("curl -sL http://git.${domain} | grep git.${domain}") + + ## Create a repo and push its contents to the instance + machine.execute("git init test && cd test") + machine.execute("echo \"Hello world!\" > test/hello.txt") + machine.execute("cd test && git add .") + machine.execute("cd test && git commit -m \"Initial commit\"") + machine.succeed("cd test && git remote add origin gitsrht@git.${domain}:~${userName}/test") + machine.execute("( echo -n 'git.${domain} '; cat /etc/ssh/ssh_host_ed25519_key.pub ) > ~/.ssh/known_hosts") + machine.succeed("hut git create test") + machine.succeed("cd test && git push --set-upstream origin master") + + # Testing buildsrht + machine.wait_for_unit("buildsrht.service") + machine.wait_for_open_port(5002) + machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") + #machine.wait_for_unit("buildsrht-worker.service") ''; }) From 8f6a342064eaa4ea1444058e186dcb661c0eecce Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Wed, 20 Dec 2023 02:32:06 +0100 Subject: [PATCH 07/13] nixosTests.sourcehut: test repository download --- nixos/tests/sourcehut/sourcehut.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix index 567aad172c70..0bf2b7bdac7e 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -189,10 +189,15 @@ in machine.execute("echo \"Hello world!\" > test/hello.txt") machine.execute("cd test && git add .") machine.execute("cd test && git commit -m \"Initial commit\"") + machine.execute("cd test && git tag v0.1") machine.succeed("cd test && git remote add origin gitsrht@git.${domain}:~${userName}/test") machine.execute("( echo -n 'git.${domain} '; cat /etc/ssh/ssh_host_ed25519_key.pub ) > ~/.ssh/known_hosts") machine.succeed("hut git create test") - machine.succeed("cd test && git push --set-upstream origin master") + machine.succeed("cd test && git push --tags --set-upstream origin master") + + ## Verify that the repo can be downloaded as a compressed tar archive + machine.succeed("curl https://git.${domain}/~${userName}/test/archive/v0.1.tar.gz | tar -xz") + machine.succeed("diff test-v0.1/hello.txt test/hello.txt") # Testing buildsrht machine.wait_for_unit("buildsrht.service") From 262cb39d4fc51471d4eeff339c9d107417fc09f8 Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Wed, 20 Dec 2023 02:39:32 +0100 Subject: [PATCH 08/13] nixosTests.sourcehut: add myself as maintainer --- nixos/tests/sourcehut/sourcehut.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix index 0bf2b7bdac7e..9cce4a0d335d 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -14,7 +14,7 @@ in { name = "sourcehut"; - meta.maintainers = [ pkgs.lib.maintainers.tomberek ]; + meta.maintainers = with pkgs.lib.maintainers; [ tomberek nessdoor ]; nodes.machine = { config, pkgs, nodes, ... }: { # buildsrht needs space From 6eb86e3c19312c4b585141848923d5594ab26e5e Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Wed, 20 Dec 2023 02:57:38 +0100 Subject: [PATCH 09/13] nixosTests.sourcehut: refactor script to use subtests --- nixos/tests/sourcehut/sourcehut.nix | 84 ++++++++++++++--------------- 1 file changed, 41 insertions(+), 43 deletions(-) diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix index 9cce4a0d335d..1259f72c247d 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -155,54 +155,52 @@ in machine.systemctl("start sshd.service") machine.wait_for_unit("sshd.service") - # Testing metasrht - machine.wait_for_unit("metasrht-api.service") - machine.wait_for_unit("metasrht.service") - machine.wait_for_unit("metasrht-webhooks.service") - machine.wait_for_open_port(5000) - machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") - machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") + with subtest("Check whether meta comes up"): + machine.wait_for_unit("metasrht-api.service") + machine.wait_for_unit("metasrht.service") + machine.wait_for_unit("metasrht-webhooks.service") + machine.wait_for_open_port(5000) + machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") + machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") - ## Create a test user for subsequent tests - machine.succeed("echo ${userPass} | metasrht-manageuser -ps -e ${userName}@${domain}\ - -t active_paying ${userName}"); + with subtest("Create a new user account and OAuth access key"): + machine.succeed("echo ${userPass} | metasrht-manageuser -ps -e ${userName}@${domain}\ + -t active_paying ${userName}"); + (_, token) = machine.execute("srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}") + token = token.strip().replace("/", r"\\/") # Escape slashes in token before passing it to sed + machine.execute("mkdir -p ~/.config/hut/") + machine.execute("sed s/OAUTH-TOKEN/" + token + "/ ${hutConfig} > ~/.config/hut/config") - ## Obtain a OAuth token to be used for querying APIs directly - (_, token) = machine.execute("srht-gen-oauth-tok -i ${domain} -q ${userName} ${userPass}") - token = token.strip().replace("/", r"\\/") # Escape slashes in token before passing it to sed - machine.execute("mkdir -p ~/.config/hut/") - machine.execute("sed s/OAUTH-TOKEN/" + token + "/ ${hutConfig} > ~/.config/hut/config") + with subtest("Check whether git comes up"): + machine.wait_for_unit("gitsrht-api.service") + machine.wait_for_unit("gitsrht.service") + machine.wait_for_unit("gitsrht-webhooks.service") + machine.succeed("curl -sL http://git.${domain} | grep git.${domain}") - ## Set up the SSH key for Git - machine.execute("ssh-keygen -q -N \"\" -t rsa -f ~/.ssh/id_rsa") - machine.execute("cat ${sshConfig} > ~/.ssh/config") - machine.succeed("hut meta ssh-key create ~/.ssh/id_rsa.pub") + with subtest("Add an SSH key for Git access"): + machine.execute("ssh-keygen -q -N \"\" -t rsa -f ~/.ssh/id_rsa") + machine.execute("cat ${sshConfig} > ~/.ssh/config") + machine.succeed("hut meta ssh-key create ~/.ssh/id_rsa.pub") - # Testing gitsrht - machine.wait_for_unit("gitsrht-api.service") - machine.wait_for_unit("gitsrht.service") - machine.wait_for_unit("gitsrht-webhooks.service") - machine.succeed("curl -sL http://git.${domain} | grep git.${domain}") + with subtest("Create a new repo and push contents to it"): + machine.execute("git init test") + machine.execute("echo \"Hello world!\" > test/hello.txt") + machine.execute("cd test && git add .") + machine.execute("cd test && git commit -m \"Initial commit\"") + machine.execute("cd test && git tag v0.1") + machine.succeed("cd test && git remote add origin gitsrht@git.${domain}:~${userName}/test") + machine.execute("( echo -n 'git.${domain} '; cat /etc/ssh/ssh_host_ed25519_key.pub ) > ~/.ssh/known_hosts") + machine.succeed("hut git create test") + machine.succeed("cd test && git push --tags --set-upstream origin master") - ## Create a repo and push its contents to the instance - machine.execute("git init test && cd test") - machine.execute("echo \"Hello world!\" > test/hello.txt") - machine.execute("cd test && git add .") - machine.execute("cd test && git commit -m \"Initial commit\"") - machine.execute("cd test && git tag v0.1") - machine.succeed("cd test && git remote add origin gitsrht@git.${domain}:~${userName}/test") - machine.execute("( echo -n 'git.${domain} '; cat /etc/ssh/ssh_host_ed25519_key.pub ) > ~/.ssh/known_hosts") - machine.succeed("hut git create test") - machine.succeed("cd test && git push --tags --set-upstream origin master") + with subtest("Verify that the repo is downloadable and its contents match the original"): + machine.succeed("curl https://git.${domain}/~${userName}/test/archive/v0.1.tar.gz | tar -xz") + machine.succeed("diff test-v0.1/hello.txt test/hello.txt") - ## Verify that the repo can be downloaded as a compressed tar archive - machine.succeed("curl https://git.${domain}/~${userName}/test/archive/v0.1.tar.gz | tar -xz") - machine.succeed("diff test-v0.1/hello.txt test/hello.txt") - - # Testing buildsrht - machine.wait_for_unit("buildsrht.service") - machine.wait_for_open_port(5002) - machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") - #machine.wait_for_unit("buildsrht-worker.service") + with subtest("Check whether builds comes up"): + machine.wait_for_unit("buildsrht.service") + machine.wait_for_open_port(5002) + machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") + #machine.wait_for_unit("buildsrht-worker.service") ''; }) From 2382d423f427a2dc30ea6cee8b0b4c615c6f5cb3 Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Mon, 25 Dec 2023 03:22:11 +0100 Subject: [PATCH 10/13] nixosTests.sourcehut: factor-out node configuration --- nixos/tests/sourcehut/nodes/common.nix | 107 +++++++++++++++++++++++++ nixos/tests/sourcehut/sourcehut.nix | 98 +--------------------- 2 files changed, 111 insertions(+), 94 deletions(-) create mode 100644 nixos/tests/sourcehut/nodes/common.nix diff --git a/nixos/tests/sourcehut/nodes/common.nix b/nixos/tests/sourcehut/nodes/common.nix new file mode 100644 index 000000000000..79626eb582ef --- /dev/null +++ b/nixos/tests/sourcehut/nodes/common.nix @@ -0,0 +1,107 @@ +{ config, pkgs, nodes, ... }: +let + domain = config.networking.domain; + + # Note that wildcard certificates just under the TLD (eg. *.com) + # would be rejected by clients like curl. + tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 36500 \ + -subj '/CN=${domain}' -extensions v3_req \ + -addext 'subjectAltName = DNS:*.${domain}' + install -D -t $out key.pem cert.pem + ''; +in +{ + # buildsrht needs space + virtualisation.diskSize = 4 * 1024; + virtualisation.memorySize = 2 * 1024; + networking.enableIPv6 = false; + + services.sourcehut = { + enable = true; + nginx.enable = true; + nginx.virtualHost = { + forceSSL = true; + sslCertificate = "${tls-cert}/cert.pem"; + sslCertificateKey = "${tls-cert}/key.pem"; + }; + postgresql.enable = true; + redis.enable = true; + + meta.enable = true; + + settings."sr.ht" = { + environment = "production"; + global-domain = config.networking.domain; + service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01"; + network-key = pkgs.writeText "network-key" "cEEmc30BRBGkgQZcHFksiG7hjc6_dK1XR2Oo5Jb9_nQ="; + }; + settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA="; + settings.mail = { + smtp-from = "root+hut@${domain}"; + # WARNING: take care to keep pgp-privkey outside the Nix store in production, + # or use LoadCredentialEncrypted= + pgp-privkey = toString (pkgs.writeText "sourcehut.pgp-privkey" '' + -----BEGIN PGP PRIVATE KEY BLOCK----- + + lFgEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd + Gk7hYQoAAP9X4oPmxxrHN8LewBpWITdBomNqlHoiP7mI0nz/BOPJHxEktDZuaXhv + cy90ZXN0cy9zb3VyY2VodXQgPHJvb3QraHV0QHNvdXJjZWh1dC5sb2NhbGRvbWFp + bj6IlwQTFgoAPxYhBPqjgjnL8RHN4JnADNicgXaYm0jJBQJioNE5AhsDBQkDwmcA + BgsJCAcDCgUVCgkICwUWAwIBAAIeBQIXgAAKCRDYnIF2mJtIySVCAP9e2nHsVHSi + 2B1YGZpVG7Xf36vxljmMkbroQy+0gBPwRwEAq+jaiQqlbGhQ7R/HMFcAxBIVsq8h + Aw1rngsUd0o3dAicXQRioNE5EgorBgEEAZdVAQUBAQdAXZV2Sd5ZNBVTBbTGavMv + D6ORrUh8z7TI/3CsxCE7+yADAQgHAAD/c1RU9xH+V/uI1fE7HIn/zL0LUPpsuce2 + cH++g4u3kBgTOYh+BBgWCgAmFiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg0TkC + GwwFCQPCZwAACgkQ2JyBdpibSMlKagD/cTre6p1m8QuJ7kwmCFRSz5tBzIuYMMgN + xtT7dmS91csA/35fWsOykSiFRojQ7ccCSUTHL7ApF2EbL968tP/D2hIG + =Hjoc + -----END PGP PRIVATE KEY BLOCK----- + ''); + pgp-pubkey = pkgs.writeText "sourcehut.pgp-pubkey" '' + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mDMEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd + Gk7hYQq0Nm5peG9zL3Rlc3RzL3NvdXJjZWh1dCA8cm9vdCtodXRAc291cmNlaHV0 + LmxvY2FsZG9tYWluPoiXBBMWCgA/FiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg + 0TkCGwMFCQPCZwAGCwkIBwMKBRUKCQgLBRYDAgEAAh4FAheAAAoJENicgXaYm0jJ + JUIA/17acexUdKLYHVgZmlUbtd/fq/GWOYyRuuhDL7SAE/BHAQCr6NqJCqVsaFDt + H8cwVwDEEhWyryEDDWueCxR3Sjd0CLg4BGKg0TkSCisGAQQBl1UBBQEBB0BdlXZJ + 3lk0FVMFtMZq8y8Po5GtSHzPtMj/cKzEITv7IAMBCAeIfgQYFgoAJhYhBPqjgjnL + 8RHN4JnADNicgXaYm0jJBQJioNE5AhsMBQkDwmcAAAoJENicgXaYm0jJSmoA/3E6 + 3uqdZvELie5MJghUUs+bQcyLmDDIDcbU+3ZkvdXLAP9+X1rDspEohUaI0O3HAklE + xy+wKRdhGy/evLT/w9oSBg== + =pJD7 + -----END PGP PUBLIC KEY BLOCK----- + ''; + pgp-key-id = "0xFAA38239CBF111CDE099C00CD89C8176989B48C9"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ]; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + }; + + services.postgresql = { + enable = true; + enableTCPIP = false; + settings.unix_socket_permissions = "0770"; + }; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.PermitRootLogin = "no"; + }; + + environment.systemPackages = with pkgs; [ + hut # For interacting with the Sourcehut APIs via CLI + (callPackage ../srht-gen-oauth-tok.nix { }) # To automatically generate OAuth tokens + ]; +} diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/sourcehut.nix index 1259f72c247d..e704f2a4e9e0 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/sourcehut.nix @@ -1,15 +1,6 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: let domain = "sourcehut.localdomain"; - - # Note that wildcard certificates just under the TLD (eg. *.com) - # would be rejected by clients like curl. - tls-cert = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' - openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 36500 \ - -subj '/CN=${domain}' -extensions v3_req \ - -addext 'subjectAltName = DNS:*.${domain}' - install -D -t $out key.pem cert.pem - ''; in { name = "sourcehut"; @@ -17,11 +8,11 @@ in meta.maintainers = with pkgs.lib.maintainers; [ tomberek nessdoor ]; nodes.machine = { config, pkgs, nodes, ... }: { - # buildsrht needs space - virtualisation.diskSize = 4 * 1024; - virtualisation.memorySize = 2 * 1024; + imports = [ + ./nodes/common.nix + ]; + networking.domain = domain; - networking.enableIPv6 = false; networking.extraHosts = '' ${config.networking.primaryIPAddress} builds.${domain} ${config.networking.primaryIPAddress} git.${domain} @@ -29,17 +20,6 @@ in ''; services.sourcehut = { - enable = true; - nginx.enable = true; - nginx.virtualHost = { - forceSSL = true; - sslCertificate = "${tls-cert}/cert.pem"; - sslCertificateKey = "${tls-cert}/key.pem"; - }; - postgresql.enable = true; - redis.enable = true; - - meta.enable = true; builds = { enable = true; # FIXME: see why it does not seem to activate fully. @@ -48,12 +28,6 @@ in }; git.enable = true; - settings."sr.ht" = { - environment = "production"; - global-domain = config.networking.domain; - service-key = pkgs.writeText "service-key" "8b327279b77e32a3620e2fc9aabce491cc46e7d821fd6713b2a2e650ce114d01"; - network-key = pkgs.writeText "network-key" "cEEmc30BRBGkgQZcHFksiG7hjc6_dK1XR2Oo5Jb9_nQ="; - }; settings."builds.sr.ht" = { oauth-client-secret = pkgs.writeText "buildsrht-oauth-client-secret" "2260e9c4d9b8dcedcef642860e0504bc"; oauth-client-id = "299db9f9c2013170"; @@ -62,74 +36,10 @@ in oauth-client-secret = pkgs.writeText "gitsrht-oauth-client-secret" "3597288dc2c716e567db5384f493b09d"; oauth-client-id = "d07cb713d920702e"; }; - settings.webhooks.private-key = pkgs.writeText "webhook-key" "Ra3IjxgFiwG9jxgp4WALQIZw/BMYt30xWiOsqD0J7EA="; - settings.mail = { - smtp-from = "root+hut@${domain}"; - # WARNING: take care to keep pgp-privkey outside the Nix store in production, - # or use LoadCredentialEncrypted= - pgp-privkey = toString (pkgs.writeText "sourcehut.pgp-privkey" '' - -----BEGIN PGP PRIVATE KEY BLOCK----- - - lFgEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd - Gk7hYQoAAP9X4oPmxxrHN8LewBpWITdBomNqlHoiP7mI0nz/BOPJHxEktDZuaXhv - cy90ZXN0cy9zb3VyY2VodXQgPHJvb3QraHV0QHNvdXJjZWh1dC5sb2NhbGRvbWFp - bj6IlwQTFgoAPxYhBPqjgjnL8RHN4JnADNicgXaYm0jJBQJioNE5AhsDBQkDwmcA - BgsJCAcDCgUVCgkICwUWAwIBAAIeBQIXgAAKCRDYnIF2mJtIySVCAP9e2nHsVHSi - 2B1YGZpVG7Xf36vxljmMkbroQy+0gBPwRwEAq+jaiQqlbGhQ7R/HMFcAxBIVsq8h - Aw1rngsUd0o3dAicXQRioNE5EgorBgEEAZdVAQUBAQdAXZV2Sd5ZNBVTBbTGavMv - D6ORrUh8z7TI/3CsxCE7+yADAQgHAAD/c1RU9xH+V/uI1fE7HIn/zL0LUPpsuce2 - cH++g4u3kBgTOYh+BBgWCgAmFiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg0TkC - GwwFCQPCZwAACgkQ2JyBdpibSMlKagD/cTre6p1m8QuJ7kwmCFRSz5tBzIuYMMgN - xtT7dmS91csA/35fWsOykSiFRojQ7ccCSUTHL7ApF2EbL968tP/D2hIG - =Hjoc - -----END PGP PRIVATE KEY BLOCK----- - ''); - pgp-pubkey = pkgs.writeText "sourcehut.pgp-pubkey" '' - -----BEGIN PGP PUBLIC KEY BLOCK----- - - mDMEYqDRORYJKwYBBAHaRw8BAQdAehGoy36FUx2OesYm07be2rtLyvR5Pb/ltstd - Gk7hYQq0Nm5peG9zL3Rlc3RzL3NvdXJjZWh1dCA8cm9vdCtodXRAc291cmNlaHV0 - LmxvY2FsZG9tYWluPoiXBBMWCgA/FiEE+qOCOcvxEc3gmcAM2JyBdpibSMkFAmKg - 0TkCGwMFCQPCZwAGCwkIBwMKBRUKCQgLBRYDAgEAAh4FAheAAAoJENicgXaYm0jJ - JUIA/17acexUdKLYHVgZmlUbtd/fq/GWOYyRuuhDL7SAE/BHAQCr6NqJCqVsaFDt - H8cwVwDEEhWyryEDDWueCxR3Sjd0CLg4BGKg0TkSCisGAQQBl1UBBQEBB0BdlXZJ - 3lk0FVMFtMZq8y8Po5GtSHzPtMj/cKzEITv7IAMBCAeIfgQYFgoAJhYhBPqjgjnL - 8RHN4JnADNicgXaYm0jJBQJioNE5AhsMBQkDwmcAAAoJENicgXaYm0jJSmoA/3E6 - 3uqdZvELie5MJghUUs+bQcyLmDDIDcbU+3ZkvdXLAP9+X1rDspEohUaI0O3HAklE - xy+wKRdhGy/evLT/w9oSBg== - =pJD7 - -----END PGP PUBLIC KEY BLOCK----- - ''; - pgp-key-id = "0xFAA38239CBF111CDE099C00CD89C8176989B48C9"; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.pki.certificateFiles = [ "${tls-cert}/cert.pem" ]; - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - }; - - services.postgresql = { - enable = true; - enableTCPIP = false; - settings.unix_socket_permissions = "0770"; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - settings.PermitRootLogin = "no"; }; environment.systemPackages = with pkgs; [ git - hut # For interacting with the Sourcehut APIs via CLI - (callPackage ./srht-gen-oauth-tok.nix { }) # To automatically generate OAuth tokens ]; }; From 195cbfc0124ea3d5e4b6469cdd3efb42840d32eb Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Mon, 25 Dec 2023 03:49:11 +0100 Subject: [PATCH 11/13] nixosTests.sourcehut: split tests belonging to different services --- nixos/tests/all-tests.nix | 2 +- nixos/tests/sourcehut/builds.nix | 54 +++++++++++++++++++ nixos/tests/sourcehut/default.nix | 6 +++ .../sourcehut/{sourcehut.nix => git.nix} | 18 ------- 4 files changed, 61 insertions(+), 19 deletions(-) create mode 100644 nixos/tests/sourcehut/builds.nix create mode 100644 nixos/tests/sourcehut/default.nix rename nixos/tests/sourcehut/{sourcehut.nix => git.nix} (84%) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 62588d1f738b..14d3a45326ef 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -768,7 +768,7 @@ in { solanum = handleTest ./solanum.nix {}; sonarr = handleTest ./sonarr.nix {}; sonic-server = handleTest ./sonic-server.nix {}; - sourcehut = handleTest ./sourcehut/sourcehut.nix {}; + sourcehut = handleTest ./sourcehut {}; spacecookie = handleTest ./spacecookie.nix {}; spark = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./spark {}; sqlite3-to-mysql = handleTest ./sqlite3-to-mysql.nix {}; diff --git a/nixos/tests/sourcehut/builds.nix b/nixos/tests/sourcehut/builds.nix new file mode 100644 index 000000000000..f1f928ecc3d0 --- /dev/null +++ b/nixos/tests/sourcehut/builds.nix @@ -0,0 +1,54 @@ +import ../make-test-python.nix ({ pkgs, lib, ... }: +let + domain = "sourcehut.localdomain"; +in +{ + name = "sourcehut"; + + meta.maintainers = with pkgs.lib.maintainers; [ tomberek nessdoor ]; + + nodes.machine = { config, pkgs, nodes, ... }: { + imports = [ + ./nodes/common.nix + ]; + + networking.domain = domain; + networking.extraHosts = '' + ${config.networking.primaryIPAddress} builds.${domain} + ${config.networking.primaryIPAddress} meta.${domain} + ''; + + services.sourcehut = { + builds = { + enable = true; + # FIXME: see why it does not seem to activate fully. + #enableWorker = true; + images = { }; + }; + + settings."builds.sr.ht" = { + oauth-client-secret = pkgs.writeText "buildsrht-oauth-client-secret" "2260e9c4d9b8dcedcef642860e0504bc"; + oauth-client-id = "299db9f9c2013170"; + }; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("multi-user.target") + + with subtest("Check whether meta comes up"): + machine.wait_for_unit("metasrht-api.service") + machine.wait_for_unit("metasrht.service") + machine.wait_for_unit("metasrht-webhooks.service") + machine.wait_for_open_port(5000) + machine.succeed("curl -sL http://localhost:5000 | grep meta.${domain}") + machine.succeed("curl -sL http://meta.${domain} | grep meta.${domain}") + + with subtest("Check whether builds comes up"): + machine.wait_for_unit("buildsrht.service") + machine.wait_for_open_port(5002) + machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") + #machine.wait_for_unit("buildsrht-worker.service") + ''; +}) diff --git a/nixos/tests/sourcehut/default.nix b/nixos/tests/sourcehut/default.nix new file mode 100644 index 000000000000..04f1551d70d9 --- /dev/null +++ b/nixos/tests/sourcehut/default.nix @@ -0,0 +1,6 @@ +{ system, pkgs, ... }: + +{ + git = import ./git.nix { inherit system pkgs; }; + builds = import ./builds.nix { inherit system pkgs; }; +} diff --git a/nixos/tests/sourcehut/sourcehut.nix b/nixos/tests/sourcehut/git.nix similarity index 84% rename from nixos/tests/sourcehut/sourcehut.nix rename to nixos/tests/sourcehut/git.nix index e704f2a4e9e0..cb3ca57ddf62 100644 --- a/nixos/tests/sourcehut/sourcehut.nix +++ b/nixos/tests/sourcehut/git.nix @@ -14,24 +14,12 @@ in networking.domain = domain; networking.extraHosts = '' - ${config.networking.primaryIPAddress} builds.${domain} ${config.networking.primaryIPAddress} git.${domain} ${config.networking.primaryIPAddress} meta.${domain} ''; services.sourcehut = { - builds = { - enable = true; - # FIXME: see why it does not seem to activate fully. - #enableWorker = true; - images = { }; - }; git.enable = true; - - settings."builds.sr.ht" = { - oauth-client-secret = pkgs.writeText "buildsrht-oauth-client-secret" "2260e9c4d9b8dcedcef642860e0504bc"; - oauth-client-id = "299db9f9c2013170"; - }; settings."git.sr.ht" = { oauth-client-secret = pkgs.writeText "gitsrht-oauth-client-secret" "3597288dc2c716e567db5384f493b09d"; oauth-client-id = "d07cb713d920702e"; @@ -106,11 +94,5 @@ in with subtest("Verify that the repo is downloadable and its contents match the original"): machine.succeed("curl https://git.${domain}/~${userName}/test/archive/v0.1.tar.gz | tar -xz") machine.succeed("diff test-v0.1/hello.txt test/hello.txt") - - with subtest("Check whether builds comes up"): - machine.wait_for_unit("buildsrht.service") - machine.wait_for_open_port(5002) - machine.succeed("curl -sL http://localhost:5002 | grep builds.${domain}") - #machine.wait_for_unit("buildsrht-worker.service") ''; }) From 147cc4061eed12dc418ec753def00a1f9544fc23 Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Thu, 4 Jan 2024 00:00:32 +0100 Subject: [PATCH 12/13] nixos/sourcehut: ensure that the repos directory exists Fixes a bug where, if the OpenSSH server starts before the first initialization of the git service, the SSH service fails to find the corresponding bind mount and terminates with a 226/NAMESPACE error. --- .../services/misc/sourcehut/default.nix | 22 +++++++++++++------ nixos/tests/sourcehut/git.nix | 2 -- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index aa803d3bb693..f002635d0bb3 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -790,13 +790,21 @@ in ''; }; systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable ( - builtins.listToAttrs (map (name: { - name = "/var/log/sourcehut/gitsrht-${name}"; - value.f = { - inherit (cfg.git) user group; - mode = "0644"; - }; - }) [ "keys" "shell" "update-hook" ]) + mkMerge [ + (builtins.listToAttrs (map (name: { + name = "/var/log/sourcehut/gitsrht-${name}"; + value.f = { + inherit (cfg.git) user group; + mode = "0644"; + }; + }) [ "keys" "shell" "update-hook" ])) + { + ${cfg.settings."git.sr.ht".repos}.d = { + inherit (cfg.git) user group; + mode = "0644"; + }; + } + ] ); systemd.services.sshd = { preStart = mkIf cfg.hg.enable '' diff --git a/nixos/tests/sourcehut/git.nix b/nixos/tests/sourcehut/git.nix index cb3ca57ddf62..ed184d5d5518 100644 --- a/nixos/tests/sourcehut/git.nix +++ b/nixos/tests/sourcehut/git.nix @@ -49,8 +49,6 @@ in '' start_all() machine.wait_for_unit("multi-user.target") - # For some reason, OpenSSH fails to start on boot with code 226/NAMESPACE - machine.systemctl("start sshd.service") machine.wait_for_unit("sshd.service") with subtest("Check whether meta comes up"): From 1c2a4b971eb0e683a85d1adcc97acd6f9b51e65b Mon Sep 17 00:00:00 2001 From: Tomas Antonio Lopez Date: Wed, 7 Feb 2024 03:05:04 +0100 Subject: [PATCH 13/13] srht-gen-oauth-tok: init at 0.1 Promote the srht-gen-oauth-tok package to a Nixpkgs package. --- nixos/tests/sourcehut/nodes/common.nix | 2 +- .../by-name/sr/srht-gen-oauth-tok/package.nix | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) rename nixos/tests/sourcehut/srht-gen-oauth-tok.nix => pkgs/by-name/sr/srht-gen-oauth-tok/package.nix (53%) diff --git a/nixos/tests/sourcehut/nodes/common.nix b/nixos/tests/sourcehut/nodes/common.nix index 79626eb582ef..f0a81358f972 100644 --- a/nixos/tests/sourcehut/nodes/common.nix +++ b/nixos/tests/sourcehut/nodes/common.nix @@ -102,6 +102,6 @@ in environment.systemPackages = with pkgs; [ hut # For interacting with the Sourcehut APIs via CLI - (callPackage ../srht-gen-oauth-tok.nix { }) # To automatically generate OAuth tokens + srht-gen-oauth-tok # To automatically generate user OAuth tokens ]; } diff --git a/nixos/tests/sourcehut/srht-gen-oauth-tok.nix b/pkgs/by-name/sr/srht-gen-oauth-tok/package.nix similarity index 53% rename from nixos/tests/sourcehut/srht-gen-oauth-tok.nix rename to pkgs/by-name/sr/srht-gen-oauth-tok/package.nix index 0a6527c9ecbb..16a0b2c2cfd7 100644 --- a/nixos/tests/sourcehut/srht-gen-oauth-tok.nix +++ b/pkgs/by-name/sr/srht-gen-oauth-tok/package.nix @@ -1,4 +1,4 @@ -{ stdenv, pkgs, lib, fetchFromSourcehut }: +{ stdenv, pkgs, lib, fetchFromSourcehut, nixosTests }: let perl = pkgs.perl.withPackages (pps: [ @@ -24,8 +24,19 @@ stdenv.mkDerivation rec { installPhase = "install -Dm755 srht-gen-oauth-tok $out/bin/srht-gen-oauth-tok"; + passthru.tests.sourcehut = nixosTests.sourcehut; + meta = { - description = "A script to register a new Sourcehut OAuth token for the given user"; + description = "A script to register a new Sourcehut OAuth token for a given user"; + longDescription = '' + srht-gen-oauth-tok is a Perl script for automating the generation of user + OAuth tokens for Sourcehut-based code forges. This is done by emulating a + browser and interacting with the Web interface. + ''; + maintainers = with lib.maintainers; [ nessdoor ]; + mainProgram = "srht-gen-oauth-tok"; license = lib.licenses.gpl3; + platforms = lib.platforms.all; + sourceProvenance = [ lib.sourceTypes.fromSource ]; }; }