forked from Fediversity/simple-nixos-fediverse
attempt to access garage storage correctly
nginx was trying to access the files on disk, rather than via s3 storage
This commit is contained in:
Taeer Bar-Yam
parent
5d504d0879
commit
dc06c54c31
|
|
@ -2,7 +2,6 @@
|
||||||
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
|
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
services.pixelfed = {
|
services.pixelfed = {
|
||||||
enable = true;
|
|
||||||
domain = "pixelfed.localhost";
|
domain = "pixelfed.localhost";
|
||||||
# TODO: secrets management!
|
# TODO: secrets management!
|
||||||
secretFile = pkgs.writeText "secrets.env" ''
|
secretFile = pkgs.writeText "secrets.env" ''
|
||||||
|
|
@ -14,7 +13,9 @@
|
||||||
};
|
};
|
||||||
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
|
# I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx
|
||||||
# TODO: If that indeed makes sense, upstream it.
|
# TODO: If that indeed makes sense, upstream it.
|
||||||
nginx = {};
|
nginx = {
|
||||||
|
locations."/storage/".proxyPass = "http://pixelfed.web.garage.localhost:3902/public/";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
virtualisation.memorySize = 2048;
|
virtualisation.memorySize = 2048;
|
||||||
virtualisation.forwardPorts = [
|
virtualisation.forwardPorts = [
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,8 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.pixelfed.enable = true;
|
||||||
|
|
||||||
# TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
|
# TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place
|
||||||
services.pixelfed.settings = {
|
services.pixelfed.settings = {
|
||||||
FILESYSTEM_CLOUD = "s3";
|
FILESYSTEM_CLOUD = "s3";
|
||||||
|
|
|
||||||
|
|
@ -12,11 +12,13 @@ let
|
||||||
from selenium.webdriver.support.wait import WebDriverWait
|
from selenium.webdriver.support.wait import WebDriverWait
|
||||||
from selenium.webdriver.chrome.options import Options
|
from selenium.webdriver.chrome.options import Options
|
||||||
|
|
||||||
|
print("starting selenium script")
|
||||||
|
|
||||||
email = sys.argv[1]
|
email = sys.argv[1]
|
||||||
password = sys.argv[2]
|
password = sys.argv[2]
|
||||||
|
|
||||||
green_path = "${./green.png}"
|
green_path = "${./green.png}"
|
||||||
screenshot_path = "/screenshot.png"
|
screenshot_path = "/home/seleniumUser/screenshot.png"
|
||||||
|
|
||||||
# Create and configure driver. It is important to set the window size such that
|
# Create and configure driver. It is important to set the window size such that
|
||||||
# the “Create New Post” button is visible.
|
# the “Create New Post” button is visible.
|
||||||
|
|
@ -62,10 +64,12 @@ let
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
print("Take screenshot...")
|
print("Take screenshot...")
|
||||||
driver.save_screenshot(screenshot_path)
|
if not driver.save_screenshot(screenshot_path):
|
||||||
|
raise Exception("selenium could not save screenshot")
|
||||||
|
|
||||||
# All done ^-^
|
print("Quitting...")
|
||||||
driver.quit()
|
driver.quit()
|
||||||
|
print("All done!")
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
pkgs.nixosTest {
|
pkgs.nixosTest {
|
||||||
|
|
@ -77,11 +81,16 @@ pkgs.nixosTest {
|
||||||
memorySize = lib.mkVMOverride 8192;
|
memorySize = lib.mkVMOverride 8192;
|
||||||
cores = 8;
|
cores = 8;
|
||||||
};
|
};
|
||||||
imports = with self.nixosModules; [ garage pixelfed pixelfed-vm ];
|
imports = with self.nixosModules; [
|
||||||
|
garage
|
||||||
|
pixelfed
|
||||||
|
pixelfed-vm
|
||||||
|
];
|
||||||
# TODO: pair down
|
# TODO: pair down
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
python3
|
python3
|
||||||
chromium
|
chromium
|
||||||
|
chromedriver
|
||||||
xh
|
xh
|
||||||
seleniumScript
|
seleniumScript
|
||||||
helix
|
helix
|
||||||
|
|
@ -89,8 +98,12 @@ pkgs.nixosTest {
|
||||||
];
|
];
|
||||||
environment.variables = {
|
environment.variables = {
|
||||||
POST_MEDIA = ./green.png;
|
POST_MEDIA = ./green.png;
|
||||||
AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
|
# AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
|
||||||
AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
|
# AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
|
||||||
|
};
|
||||||
|
# chrome does not like being run as root
|
||||||
|
users.users.seleniumUser = {
|
||||||
|
isNormalUser = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -137,14 +150,14 @@ pkgs.nixosTest {
|
||||||
# server.succeed("toot post --media $POST_MEDIA")
|
# server.succeed("toot post --media $POST_MEDIA")
|
||||||
|
|
||||||
# with subtest("access garage"):
|
# with subtest("access garage"):
|
||||||
# server.succeed("mc alias set garage http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
|
# server.succeed("mc alias set pixelfed http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY")
|
||||||
# server.succeed("mc ls garage/mastodon")
|
# server.succeed("mc ls garage/pixelfed")
|
||||||
|
|
||||||
# with subtest("access image in garage"):
|
# with subtest("access image in garage"):
|
||||||
# image = server.succeed("mc find garage --regex original")
|
# image = server.succeed("mc find garage --regex original")
|
||||||
# image = image.rstrip()
|
# image = image.rstrip()
|
||||||
# if image == "":
|
# if image == "":
|
||||||
# raise Exception("image posted to mastodon did not get stored in garage")
|
# raise Exception("image posted to pixelfed did not get stored in garage")
|
||||||
# server.succeed(f"mc cat {image} >/garage-image.webp")
|
# server.succeed(f"mc cat {image} >/garage-image.webp")
|
||||||
# garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp")
|
# garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp")
|
||||||
# image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA")
|
# image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA")
|
||||||
|
|
@ -152,7 +165,7 @@ pkgs.nixosTest {
|
||||||
# raise Exception("image stored in garage did not match image uploaded")
|
# raise Exception("image stored in garage did not match image uploaded")
|
||||||
|
|
||||||
# with subtest("Content security policy allows garage images"):
|
# with subtest("Content security policy allows garage images"):
|
||||||
# headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local")
|
# headers = server.succeed("xh -h http://mastodon.localhost:55001/public/local")
|
||||||
# csp_match = None
|
# csp_match = None
|
||||||
# # I can't figure out re.MULTILINE
|
# # I can't figure out re.MULTILINE
|
||||||
# for header in headers.split("\n"):
|
# for header in headers.split("\n"):
|
||||||
|
|
@ -160,21 +173,21 @@ pkgs.nixosTest {
|
||||||
# if csp_match is not None:
|
# if csp_match is not None:
|
||||||
# break
|
# break
|
||||||
# if csp_match is None:
|
# if csp_match is None:
|
||||||
# raise Exception("mastodon did not send a content security policy header")
|
# raise Exception("pixelfed did not send a content security policy header")
|
||||||
# csp = csp_match.group(1)
|
# csp = csp_match.group(1)
|
||||||
# # the img-src content security policy should include the garage server
|
# # the img-src content security policy should include the garage server
|
||||||
# garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
|
# garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
|
||||||
# if garage_csp is None:
|
# if garage_csp is None:
|
||||||
# raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
|
# raise Exception("Pixelfed's content security policy does not include garage server. image will not be displayed properly on pixelfed.")
|
||||||
|
|
||||||
# NOTE: This could in theory give a false positive if pixelfed changes it's
|
# NOTE: This could in theory give a false positive if pixelfed changes it's
|
||||||
# colorscheme to include pure green. (see same problem in mastodon-garage.nix).
|
# colorscheme to include pure green. (see same problem in pixelfed-garage.nix).
|
||||||
# TODO: For instance: post a red image and check that the green pixel IS NOT
|
# TODO: For instance: post a red image and check that the green pixel IS NOT
|
||||||
# there, then post a green image and check that the green pixel IS there.
|
# there, then post a green image and check that the green pixel IS there.
|
||||||
|
|
||||||
with subtest("image displays"):
|
with subtest("image displays"):
|
||||||
server.succeed(f"selenium-script test@test.com {password}")
|
server.succeed(f"su - seleniumUser -c 'selenium-script test@test.com {password}'")
|
||||||
server.copy_from_vm("/screenshot.png", "")
|
server.copy_from_vm("/home/seleniumUser/screenshot.png", "")
|
||||||
displayed_colors = server.succeed("convert /screenshot.png -define histogram:unique-colors=true -format %c histogram:info:")
|
displayed_colors = server.succeed("convert /screenshot.png -define histogram:unique-colors=true -format %c histogram:info:")
|
||||||
# check that the green image displayed somewhere
|
# check that the green image displayed somewhere
|
||||||
green_check = re.match(".*#00FF00.*", displayed_colors, re.S)
|
green_check = re.match(".*#00FF00.*", displayed_colors, re.S)
|
||||||
|
|
|
||||||
Reference in a new issue