attempt to access garage storage correctly

nginx was trying to access the files on disk, rather than via s3 storage
This commit is contained in:
Taeer Bar-Yam 2024-09-02 12:09:10 -04:00
parent f8af95f9ab
commit 1a92108475
3 changed files with 33 additions and 17 deletions

View file

@ -2,7 +2,6 @@
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
networking.firewall.allowedTCPPorts = [ 80 ];
services.pixelfed = {
enable = true;
domain = "pixelfed.localhost";
# TODO: secrets management!
secretFile = pkgs.writeText "secrets.env" ''
@ -14,7 +13,9 @@
};
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
# TODO: If that indeed makes sense, upstream it.
nginx = {};
nginx = {
locations."/storage/".proxyPass = "http://pixelfed.web.garage.localhost:3902/public/";
};
};
virtualisation.memorySize = 2048;
virtualisation.forwardPorts = [

View file

@ -32,6 +32,8 @@ in
};
};
services.pixelfed.enable = true;
# TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
services.pixelfed.settings = {
FILESYSTEM_CLOUD = "s3";

View file

@ -12,11 +12,13 @@ let
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.chrome.options import Options
print("starting selenium script")
email = sys.argv[1]
password = sys.argv[2]
green_path = "${./green.png}"
screenshot_path = "/screenshot.png"
screenshot_path = "/home/seleniumUser/screenshot.png"
# Create and configure driver. It is important to set the window size such that
# the “Create New Post” button is visible.
@ -62,10 +64,12 @@ let
)
)
print("Take screenshot...")
driver.save_screenshot(screenshot_path)
if not driver.save_screenshot(screenshot_path):
raise Exception("selenium could not save screenshot")
# All done ^-^
print("Quitting...")
driver.quit()
print("All done!")
'';
in
pkgs.nixosTest {
@ -77,11 +81,16 @@ pkgs.nixosTest {
memorySize = lib.mkVMOverride 8192;
cores = 8;
};
imports = with self.nixosModules; [ garage pixelfed pixelfed-vm ];
imports = with self.nixosModules; [
garage
pixelfed
pixelfed-vm
];
# TODO: pair down
environment.systemPackages = with pkgs; [
python3
chromium
chromedriver
xh
seleniumScript
helix
@ -89,8 +98,12 @@ pkgs.nixosTest {
];
environment.variables = {
POST_MEDIA = ./green.png;
AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
# AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
# AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
};
# chrome does not like being run as root
users.users.seleniumUser = {
isNormalUser = true;
};
};
};
@ -137,14 +150,14 @@ pkgs.nixosTest {
# server.succeed("toot post --media $POST_MEDIA")
# with subtest("access garage"):
# server.succeed("mc alias set garage http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
# server.succeed("mc ls garage/mastodon")
# server.succeed("mc alias set pixelfed http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
# server.succeed("mc ls garage/pixelfed")
# with subtest("access image in garage"):
# image = server.succeed("mc find garage --regex original")
# image = image.rstrip()
# if image == "":
# raise Exception("image posted to mastodon did not get stored in garage")
# raise Exception("image posted to pixelfed did not get stored in garage")
# server.succeed(f"mc cat {image} >/garage-image.webp")
# garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp")
# image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA")
@ -152,7 +165,7 @@ pkgs.nixosTest {
# raise Exception("image stored in garage did not match image uploaded")
# with subtest("Content security policy allows garage images"):
# headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local")
# headers = server.succeed("xh -h http://mastodon.localhost:55001/public/local")
# csp_match = None
# # I can't figure out re.MULTILINE
# for header in headers.split("\n"):
@ -160,21 +173,21 @@ pkgs.nixosTest {
# if csp_match is not None:
# break
# if csp_match is None:
# raise Exception("mastodon did not send a content security policy header")
# raise Exception("pixelfed did not send a content security policy header")
# csp = csp_match.group(1)
# # the img-src content security policy should include the garage server
# garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
# if garage_csp is None:
# raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
# raise Exception("Pixelfed's content security policy does not include garage server. image will not be displayed properly on pixelfed.")
# NOTE: This could in theory give a false positive if pixelfed changes it's
# colorscheme to include pure green. (see same problem in mastodon-garage.nix).
# colorscheme to include pure green. (see same problem in pixelfed-garage.nix).
# TODO: For instance: post a red image and check that the green pixel IS NOT
# there, then post a green image and check that the green pixel IS there.
with subtest("image displays"):
server.succeed(f"selenium-script test@test.com {password}")
server.copy_from_vm("/screenshot.png", "")
server.succeed(f"su - seleniumUser -c 'selenium-script test@test.com {password}'")
server.copy_from_vm("/home/seleniumUser/screenshot.png", "")
displayed_colors = server.succeed("convert /screenshot.png -define histogram:unique-colors=true -format %c histogram:info:")
# check that the green image displayed somewhere
green_check = re.match(".*#00FF00.*", displayed_colors, re.S)