attempt to access garage storage correctly

nginx was trying to access the files on disk, rather than via s3 storage
This commit is contained in:
Taeer Bar-Yam 2024-09-02 12:09:10 -04:00
parent f8af95f9ab
commit 1a92108475
3 changed files with 33 additions and 17 deletions

View file

@ -2,7 +2,6 @@
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.allowedTCPPorts = [ 80 ];
services.pixelfed = { services.pixelfed = {
enable = true;
domain = "pixelfed.localhost"; domain = "pixelfed.localhost";
# TODO: secrets management! # TODO: secrets management!
secretFile = pkgs.writeText "secrets.env" '' secretFile = pkgs.writeText "secrets.env" ''
@ -14,7 +13,9 @@
}; };
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx # I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
# TODO: If that indeed makes sense, upstream it. # TODO: If that indeed makes sense, upstream it.
nginx = {}; nginx = {
locations."/storage/".proxyPass = "http://pixelfed.web.garage.localhost:3902/public/";
};
}; };
virtualisation.memorySize = 2048; virtualisation.memorySize = 2048;
virtualisation.forwardPorts = [ virtualisation.forwardPorts = [

View file

@ -32,6 +32,8 @@ in
}; };
}; };
services.pixelfed.enable = true;
# TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place # TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
services.pixelfed.settings = { services.pixelfed.settings = {
FILESYSTEM_CLOUD = "s3"; FILESYSTEM_CLOUD = "s3";

View file

@ -12,11 +12,13 @@ let
from selenium.webdriver.support.wait import WebDriverWait from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.chrome.options import Options from selenium.webdriver.chrome.options import Options
print("starting selenium script")
email = sys.argv[1] email = sys.argv[1]
password = sys.argv[2] password = sys.argv[2]
green_path = "${./green.png}" green_path = "${./green.png}"
screenshot_path = "/screenshot.png" screenshot_path = "/home/seleniumUser/screenshot.png"
# Create and configure driver. It is important to set the window size such that # Create and configure driver. It is important to set the window size such that
# the “Create New Post” button is visible. # the “Create New Post” button is visible.
@ -62,10 +64,12 @@ let
) )
) )
print("Take screenshot...") print("Take screenshot...")
driver.save_screenshot(screenshot_path) if not driver.save_screenshot(screenshot_path):
raise Exception("selenium could not save screenshot")
# All done ^-^ print("Quitting...")
driver.quit() driver.quit()
print("All done!")
''; '';
in in
pkgs.nixosTest { pkgs.nixosTest {
@ -77,11 +81,16 @@ pkgs.nixosTest {
memorySize = lib.mkVMOverride 8192; memorySize = lib.mkVMOverride 8192;
cores = 8; cores = 8;
}; };
imports = with self.nixosModules; [ garage pixelfed pixelfed-vm ]; imports = with self.nixosModules; [
garage
pixelfed
pixelfed-vm
];
# TODO: pair down # TODO: pair down
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
python3 python3
chromium chromium
chromedriver
xh xh
seleniumScript seleniumScript
helix helix
@ -89,8 +98,12 @@ pkgs.nixosTest {
]; ];
environment.variables = { environment.variables = {
POST_MEDIA = ./green.png; POST_MEDIA = ./green.png;
AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id; # AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret; # AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
};
# chrome does not like being run as root
users.users.seleniumUser = {
isNormalUser = true;
}; };
}; };
}; };
@ -137,14 +150,14 @@ pkgs.nixosTest {
# server.succeed("toot post --media $POST_MEDIA") # server.succeed("toot post --media $POST_MEDIA")
# with subtest("access garage"): # with subtest("access garage"):
# server.succeed("mc alias set garage http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY") # server.succeed("mc alias set pixelfed http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
# server.succeed("mc ls garage/mastodon") # server.succeed("mc ls garage/pixelfed")
# with subtest("access image in garage"): # with subtest("access image in garage"):
# image = server.succeed("mc find garage --regex original") # image = server.succeed("mc find garage --regex original")
# image = image.rstrip() # image = image.rstrip()
# if image == "": # if image == "":
# raise Exception("image posted to mastodon did not get stored in garage") # raise Exception("image posted to pixelfed did not get stored in garage")
# server.succeed(f"mc cat {image} >/garage-image.webp") # server.succeed(f"mc cat {image} >/garage-image.webp")
# garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp") # garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp")
# image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA") # image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA")
@ -152,7 +165,7 @@ pkgs.nixosTest {
# raise Exception("image stored in garage did not match image uploaded") # raise Exception("image stored in garage did not match image uploaded")
# with subtest("Content security policy allows garage images"): # with subtest("Content security policy allows garage images"):
# headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local") # headers = server.succeed("xh -h http://mastodon.localhost:55001/public/local")
# csp_match = None # csp_match = None
# # I can't figure out re.MULTILINE # # I can't figure out re.MULTILINE
# for header in headers.split("\n"): # for header in headers.split("\n"):
@ -160,21 +173,21 @@ pkgs.nixosTest {
# if csp_match is not None: # if csp_match is not None:
# break # break
# if csp_match is None: # if csp_match is None:
# raise Exception("mastodon did not send a content security policy header") # raise Exception("pixelfed did not send a content security policy header")
# csp = csp_match.group(1) # csp = csp_match.group(1)
# # the img-src content security policy should include the garage server # # the img-src content security policy should include the garage server
# garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp) # garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
# if garage_csp is None: # if garage_csp is None:
# raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.") # raise Exception("Pixelfed's content security policy does not include garage server. image will not be displayed properly on pixelfed.")
# NOTE: This could in theory give a false positive if pixelfed changes it's # NOTE: This could in theory give a false positive if pixelfed changes it's
# colorscheme to include pure green. (see same problem in mastodon-garage.nix). # colorscheme to include pure green. (see same problem in pixelfed-garage.nix).
# TODO: For instance: post a red image and check that the green pixel IS NOT # TODO: For instance: post a red image and check that the green pixel IS NOT
# there, then post a green image and check that the green pixel IS there. # there, then post a green image and check that the green pixel IS there.
with subtest("image displays"): with subtest("image displays"):
server.succeed(f"selenium-script test@test.com {password}") server.succeed(f"su - seleniumUser -c 'selenium-script test@test.com {password}'")
server.copy_from_vm("/screenshot.png", "") server.copy_from_vm("/home/seleniumUser/screenshot.png", "")
displayed_colors = server.succeed("convert /screenshot.png -define histogram:unique-colors=true -format %c histogram:info:") displayed_colors = server.succeed("convert /screenshot.png -define histogram:unique-colors=true -format %c histogram:info:")
# check that the green image displayed somewhere # check that the green image displayed somewhere
green_check = re.match(".*#00FF00.*", displayed_colors, re.S) green_check = re.match(".*#00FF00.*", displayed_colors, re.S)