movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 14:10:33 +03:00
Code Activity
nixpkgs/nixos/tests/miniflux.nix
Wolfgang Walther 41c5662cbe
nixos/postgresql: move postStart into separate unit 
This avoids restarting the postgresql server, when only ensureDatabases
or ensureUsers have been changed. It will also allow to properly wait
for recovery to finish later.

To wait for "postgresql is ready" in other services, we now provide a
postgresql.target.

Resolves #400018

Co-authored-by: Marcel <me@m4rc3l.de>
2025-06-24 15:26:47 +02:00

130 lines
3.7 KiB
Nix
Raw Blame History

{ pkgs, lib, ... }:
let
port = 3142;
username = "alice";
password = "correcthorsebatterystaple";
defaultPort = 8080;
defaultUsername = "admin";
defaultPassword = "password";
adminCredentialsFile = pkgs.writeText "admin-credentials" ''
ADMIN_USERNAME=${defaultUsername}
ADMIN_PASSWORD=${defaultPassword}
'';
customAdminCredentialsFile = pkgs.writeText "admin-credentials" ''
ADMIN_USERNAME=${username}
ADMIN_PASSWORD=${password}
'';
postgresPassword = "correcthorsebatterystaple";
postgresPasswordFile = pkgs.writeText "pgpass" ''
*:*:*:*:${postgresPassword}
'';
in
{
name = "miniflux";
meta.maintainers = [ ];
nodes = {
default =
{ ... }:
{
security.apparmor.enable = true;
services.miniflux = {
enable = true;
inherit adminCredentialsFile;
};
};
withoutSudo =
{ ... }:
{
security.apparmor.enable = true;
services.miniflux = {
enable = true;
inherit adminCredentialsFile;
};
security.sudo.enable = false;
};
customized =
{ ... }:
{
security.apparmor.enable = true;
services.miniflux = {
enable = true;
config = {
CLEANUP_FREQUENCY = "48";
LISTEN_ADDR = "localhost:${toString port}";
};
adminCredentialsFile = customAdminCredentialsFile;
};
};
postgresTcp =
{
config,
pkgs,
lib,
...
}:
{
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "init-postgres" ''
CREATE USER miniflux WITH PASSWORD '${postgresPassword}';
CREATE DATABASE miniflux WITH OWNER miniflux;
'';
enableTCPIP = true;
authentication = ''
host sameuser miniflux samenet scram-sha-256
'';
};
systemd.services.postgresql-setup.postStart = lib.mkAfter ''
$PSQL -tAd miniflux -c 'CREATE EXTENSION hstore;'
'';
networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ];
};
externalDb =
{ ... }:
{
security.apparmor.enable = true;
services.miniflux = {
enable = true;
createDatabaseLocally = false;
inherit adminCredentialsFile;
config = {
DATABASE_URL = "user=miniflux host=postgresTcp dbname=miniflux sslmode=disable";
PGPASSFILE = "/run/miniflux/pgpass";
};
};
systemd.services.miniflux.preStart = ''
cp ${postgresPasswordFile} /run/miniflux/pgpass
chmod 600 /run/miniflux/pgpass
'';
};
};
testScript = ''
def runTest(machine, port, user):
machine.wait_for_unit("miniflux.service")
machine.wait_for_open_port(port)
machine.succeed(f"curl --fail 'http://localhost:{port}/healthcheck' | grep OK")
machine.succeed(
f"curl 'http://localhost:{port}/v1/me' -u '{user}' -H Content-Type:application/json | grep '\"is_admin\":true'"
)
machine.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""')
default.start()
withoutSudo.start()
customized.start()
postgresTcp.start()
runTest(default, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}")
runTest(withoutSudo, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}")
runTest(customized, ${toString port}, "${username}:${password}")
postgresTcp.wait_for_unit("postgresql.target")
externalDb.start()
runTest(externalDb, ${toString defaultPort}, "${defaultUsername}:${defaultPassword}")
'';
}
View git blame Copy permalink