forked from mirrors/nixpkgs
96 lines
3.3 KiB
Nix
96 lines
3.3 KiB
Nix
import ./make-test-python.nix ({ lib, pkgs, ... }:
|
|
|
|
let
|
|
user = "someuser";
|
|
password = "some_password";
|
|
port = "5232";
|
|
filesystem_folder = "/data/radicale";
|
|
|
|
cli = "${pkgs.calendar-cli}/bin/calendar-cli --caldav-user ${user} --caldav-pass ${password}";
|
|
in {
|
|
name = "radicale3";
|
|
meta.maintainers = with lib.maintainers; [ dotlambda ];
|
|
|
|
nodes.machine = { pkgs, ... }: {
|
|
services.radicale = {
|
|
enable = true;
|
|
settings = {
|
|
auth = {
|
|
type = "htpasswd";
|
|
htpasswd_filename = "/etc/radicale/users";
|
|
htpasswd_encryption = "bcrypt";
|
|
};
|
|
storage = {
|
|
inherit filesystem_folder;
|
|
hook = "git add -A && (git diff --cached --quiet || git commit -m 'Changes by '%(user)s)";
|
|
};
|
|
logging.level = "info";
|
|
};
|
|
rights = {
|
|
principal = {
|
|
user = ".+";
|
|
collection = "{user}";
|
|
permissions = "RW";
|
|
};
|
|
calendars = {
|
|
user = ".+";
|
|
collection = "{user}/[^/]+";
|
|
permissions = "rw";
|
|
};
|
|
};
|
|
};
|
|
systemd.services.radicale.path = [ pkgs.git ];
|
|
environment.systemPackages = [ pkgs.git ];
|
|
systemd.tmpfiles.rules = [ "d ${filesystem_folder} 0750 radicale radicale -" ];
|
|
# WARNING: DON'T DO THIS IN PRODUCTION!
|
|
# This puts unhashed secrets directly into the Nix store for ease of testing.
|
|
environment.etc."radicale/users".source = pkgs.runCommand "htpasswd" {} ''
|
|
${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password}
|
|
'';
|
|
};
|
|
testScript = ''
|
|
machine.wait_for_unit("radicale.service")
|
|
machine.wait_for_open_port(${port})
|
|
|
|
machine.succeed("sudo -u radicale git -C ${filesystem_folder} init")
|
|
machine.succeed(
|
|
"sudo -u radicale git -C ${filesystem_folder} config --local user.email radicale@example.com"
|
|
)
|
|
machine.succeed(
|
|
"sudo -u radicale git -C ${filesystem_folder} config --local user.name radicale"
|
|
)
|
|
|
|
with subtest("Test calendar and event creation"):
|
|
machine.succeed(
|
|
"${cli} --caldav-url http://localhost:${port}/${user} calendar create cal"
|
|
)
|
|
machine.succeed("test -d ${filesystem_folder}/collection-root/${user}/cal")
|
|
machine.succeed('test -z "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
|
|
machine.succeed(
|
|
"${cli} --caldav-url http://localhost:${port}/${user}/cal calendar add 2021-04-23 testevent"
|
|
)
|
|
machine.succeed('test -n "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
|
|
(status, stdout) = machine.execute(
|
|
"sudo -u radicale git -C ${filesystem_folder} log --format=oneline | wc -l"
|
|
)
|
|
assert status == 0, "git log failed"
|
|
assert stdout == "3\n", "there should be exactly 3 commits"
|
|
|
|
with subtest("Test rights file"):
|
|
machine.fail(
|
|
"${cli} --caldav-url http://localhost:${port}/${user} calendar create sub/cal"
|
|
)
|
|
machine.fail(
|
|
"${cli} --caldav-url http://localhost:${port}/otheruser calendar create cal"
|
|
)
|
|
|
|
with subtest("Test web interface"):
|
|
machine.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/")
|
|
|
|
with subtest("Test security"):
|
|
output = machine.succeed("systemd-analyze security radicale.service")
|
|
machine.log(output)
|
|
assert output[-9:-1] == "SAFE :-}"
|
|
'';
|
|
})
|