clan-core/checks/matrix-synapse/default.nix

(import ../lib/container-test.nix) (
  { pkgs, ... }:
  {
    name = "matrix-synapse";

    nodes.machine =
      {
        config,
        self,
        lib,
        ...
      }:
      {
        imports = [
          self.clanModules.matrix-synapse
          self.nixosModules.clanCore
          {
            clan.core.machineName = "machine";
            clan.core.clanDir = ./.;

            services.nginx.virtualHosts."matrix.clan.test" = {
              enableACME = lib.mkForce false;
              forceSSL = lib.mkForce false;
            };
            clan.matrix-synapse.domain = "clan.test";
            clan.matrix-synapse.users.admin.admin = true;
            clan.matrix-synapse.users.someuser = { };

            clan.core.facts.secretStore = "vm";

            # because we use systemd-tmpfiles to copy the secrets, we need to a seperate systemd-tmpfiles call to provison them.
            boot.postBootCommands = "${config.systemd.package}/bin/systemd-tmpfiles --create /etc/tmpfiles.d/00-vmsecrets.conf";

            systemd.tmpfiles.settings."00-vmsecrets" = {
              # run before 00-nixos.conf
              "/etc/secrets" = {
                d.mode = "0700";
                z.mode = "0700";
              };
              "/etc/secrets/synapse-registration_shared_secret" = {
                f.argument = "supersecret";
                z = {
                  mode = "0400";
                  user = "root";
                };
              };
              "/etc/secrets/matrix-password-admin" = {
                f.argument = "matrix-password1";
                z = {
                  mode = "0400";
                  user = "root";
                };
              };
              "/etc/secrets/matrix-password-someuser" = {
                f.argument = "matrix-password2";
                z = {
                  mode = "0400";
                  user = "root";
                };
              };
            };
          }
        ];
      };
    testScript = ''
      start_all()
      machine.wait_for_unit("matrix-synapse")
      machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 8008")
      machine.succeed("${pkgs.curl}/bin/curl -Ssf -L http://localhost/_matrix/static/ -H 'Host: matrix.clan.test'")

      machine.systemctl("restart matrix-synapse >&2") # check if user creation is idempotent
      machine.execute("journalctl -u matrix-synapse --no-pager >&2")
      machine.wait_for_unit("matrix-synapse")
      machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 8008")
      machine.succeed("${pkgs.curl}/bin/curl -Ssf -L http://localhost/_matrix/static/ -H 'Host: matrix.clan.test'")
    '';
  }
)
checks/matrix-synapse: init 2024-03-22 11:14:36 +00:00			`(import ../lib/container-test.nix) (`
			`{ pkgs, ... }:`
			`{`
			`name = "matrix-synapse";`

			`nodes.machine =`
matrix-synapse: add automatic user creation 2024-06-11 11:15:30 +00:00			`{`
			`config,`
			`self,`
			`lib,`
			`...`
			`}:`
checks/matrix-synapse: init 2024-03-22 11:14:36 +00:00			`{`
			`imports = [`
			`self.clanModules.matrix-synapse`
			`self.nixosModules.clanCore`
			`{`
refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`clan.core.machineName = "machine";`
			`clan.core.clanDir = ./.;`
matrix-synapse: add automatic user creation 2024-06-11 11:15:30 +00:00
checks/matrix-synapse: init 2024-03-22 11:14:36 +00:00			`services.nginx.virtualHosts."matrix.clan.test" = {`
			`enableACME = lib.mkForce false;`
			`forceSSL = lib.mkForce false;`
			`};`
matrix-synapse: add automatic user creation 2024-06-11 11:15:30 +00:00			`clan.matrix-synapse.domain = "clan.test";`
			`clan.matrix-synapse.users.admin.admin = true;`
			`clan.matrix-synapse.users.someuser = { };`

refactor: rename clanCore -> clan.core 2024-06-17 10:42:28 +00:00			`clan.core.facts.secretStore = "vm";`
matrix-synapse: add automatic user creation 2024-06-11 11:15:30 +00:00
			`# because we use systemd-tmpfiles to copy the secrets, we need to a seperate systemd-tmpfiles call to provison them.`
			`boot.postBootCommands = "${config.systemd.package}/bin/systemd-tmpfiles --create /etc/tmpfiles.d/00-vmsecrets.conf";`

			`systemd.tmpfiles.settings."00-vmsecrets" = {`
			`# run before 00-nixos.conf`
			`"/etc/secrets" = {`
			`d.mode = "0700";`
			`z.mode = "0700";`
			`};`
			`"/etc/secrets/synapse-registration_shared_secret" = {`
matrix-synapse: use registration_shared_secret_path instead 2024-06-11 14:20:05 +00:00			`f.argument = "supersecret";`
matrix-synapse: add automatic user creation 2024-06-11 11:15:30 +00:00			`z = {`
			`mode = "0400";`
			`user = "root";`
			`};`
			`};`
			`"/etc/secrets/matrix-password-admin" = {`
			`f.argument = "matrix-password1";`
			`z = {`
			`mode = "0400";`
			`user = "root";`
			`};`
			`};`
			`"/etc/secrets/matrix-password-someuser" = {`
			`f.argument = "matrix-password2";`
			`z = {`
			`mode = "0400";`
			`user = "root";`
			`};`
			`};`
			`};`
checks/matrix-synapse: init 2024-03-22 11:14:36 +00:00			`}`
			`];`
			`};`
			`testScript = ''`
			`start_all()`
			`machine.wait_for_unit("matrix-synapse")`
			`machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 8008")`
			`machine.succeed("${pkgs.curl}/bin/curl -Ssf -L http://localhost/_matrix/static/ -H 'Host: matrix.clan.test'")`
matrix-synapse: add automatic user creation 2024-06-11 11:15:30 +00:00
			`machine.systemctl("restart matrix-synapse >&2") # check if user creation is idempotent`
			`machine.execute("journalctl -u matrix-synapse --no-pager >&2")`
			`machine.wait_for_unit("matrix-synapse")`
			`machine.succeed("${pkgs.netcat}/bin/nc -z -v ::1 8008")`
			`machine.succeed("${pkgs.curl}/bin/curl -Ssf -L http://localhost/_matrix/static/ -H 'Host: matrix.clan.test'")`
checks/matrix-synapse: init 2024-03-22 11:14:36 +00:00			`'';`
			`}`
			`)`