fricklerhandwerk/simple-nixos-fediverse
Archived
1
0
Fork 0
forked from fediversity/simple-nixos-fediverse
Code Pull requests Activity

attempt to access garage storage correctly

Browse source 
nginx was trying to access the files on disk, rather than via s3 storage
This commit is contained in:
Taeer Bar-Yam 2024-09-02 12:09:10 -04:00
parent 5d504d0879
commit dc06c54c31
3 changed files with 33 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pixelfed-vm.nix
View file

@ -2,7 +2,6 @@
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
networking.firewall.allowedTCPPorts = [ 80 ];
services.pixelfed = {
enable = true;
domain = "pixelfed.localhost";
# TODO: secrets management!
secretFile = pkgs.writeText "secrets.env" ''
@ -14,7 +13,9 @@
};
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
# TODO: If that indeed makes sense, upstream it.
nginx = {};
nginx = {
locations."/storage/".proxyPass = "http://pixelfed.web.garage.localhost:3902/public/";
};
};
virtualisation.memorySize = 2048;
virtualisation.forwardPorts = [

2
pixelfed.nix
View file

@ -32,6 +32,8 @@ in
};
};
services.pixelfed.enable = true;
# TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
services.pixelfed.settings = {
FILESYSTEM_CLOUD = "s3";

43
tests/pixelfed-garage.nix
View file

@ -12,11 +12,13 @@ let
from selenium.webdriver.support.wait import WebDriverWait
from selenium.webdriver.chrome.options import Options
print("starting selenium script")
email = sys.argv[1]
password = sys.argv[2]
green_path = "${./green.png}"
screenshot_path = "/screenshot.png"
screenshot_path = "/home/seleniumUser/screenshot.png"
# Create and configure driver. It is important to set the window size such that
# the “Create New Post” button is visible.
@ -62,10 +64,12 @@ let
)
)
print("Take screenshot...")
driver.save_screenshot(screenshot_path)
if not driver.save_screenshot(screenshot_path):
raise Exception("selenium could not save screenshot")
# All done ^-^
print("Quitting...")
driver.quit()
print("All done!")
'';
in
pkgs.nixosTest {
@ -77,11 +81,16 @@ pkgs.nixosTest {
memorySize = lib.mkVMOverride 8192;
cores = 8;
};
imports = with self.nixosModules; [ garage pixelfed pixelfed-vm ];
imports = with self.nixosModules; [
garage
pixelfed
pixelfed-vm
];
# TODO: pair down
environment.systemPackages = with pkgs; [
python3
chromium
chromedriver
xh
seleniumScript
helix
@ -89,8 +98,12 @@ pkgs.nixosTest {
];
environment.variables = {
POST_MEDIA = ./green.png;
AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
# AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
# AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
};
# chrome does not like being run as root
users.users.seleniumUser = {
isNormalUser = true;
};
};
};
@ -137,14 +150,14 @@ pkgs.nixosTest {
# server.succeed("toot post --media $POST_MEDIA")
# with subtest("access garage"):
# server.succeed("mc alias set garage http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
# server.succeed("mc ls garage/mastodon")
# server.succeed("mc alias set pixelfed http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
# server.succeed("mc ls garage/pixelfed")
# with subtest("access image in garage"):
# image = server.succeed("mc find garage --regex original")
# image = image.rstrip()
# if image == "":
# raise Exception("image posted to mastodon did not get stored in garage")
# raise Exception("image posted to pixelfed did not get stored in garage")
# server.succeed(f"mc cat {image} >/garage-image.webp")
# garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp")
# image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA")
@ -152,7 +165,7 @@ pkgs.nixosTest {
# raise Exception("image stored in garage did not match image uploaded")
# with subtest("Content security policy allows garage images"):
# headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local")
# headers = server.succeed("xh -h http://mastodon.localhost:55001/public/local")
# csp_match = None
# # I can't figure out re.MULTILINE
# for header in headers.split("\n"):
@ -160,21 +173,21 @@ pkgs.nixosTest {
# if csp_match is not None:
# break
# if csp_match is None:
# raise Exception("mastodon did not send a content security policy header")
# raise Exception("pixelfed did not send a content security policy header")
# csp = csp_match.group(1)
# # the img-src content security policy should include the garage server
# garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
# if garage_csp is None:
# raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
# raise Exception("Pixelfed's content security policy does not include garage server. image will not be displayed properly on pixelfed.")
# NOTE: This could in theory give a false positive if pixelfed changes it's
# colorscheme to include pure green. (see same problem in mastodon-garage.nix).
# colorscheme to include pure green. (see same problem in pixelfed-garage.nix).
# TODO: For instance: post a red image and check that the green pixel IS NOT
# there, then post a green image and check that the green pixel IS there.
with subtest("image displays"):
server.succeed(f"selenium-script test@test.com {password}")
server.copy_from_vm("/screenshot.png", "")
server.succeed(f"su - seleniumUser -c 'selenium-script test@test.com {password}'")
server.copy_from_vm("/home/seleniumUser/screenshot.png", "")
displayed_colors = server.succeed("convert /screenshot.png -define histogram:unique-colors=true -format %c histogram:info:")
# check that the green image displayed somewhere
green_check = re.match(".*#00FF00.*", displayed_colors, re.S)