diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml index 44133a5d..df7222d4 100644 --- a/.forgejo/workflows/ci.yaml +++ b/.forgejo/workflows/ci.yaml @@ -21,11 +21,17 @@ jobs: - uses: actions/checkout@v4 - run: nix-shell --run 'nix-unit ./deployment/data-model-test.nix' + check-mastodon: + runs-on: native + steps: + - uses: actions/checkout@v4 + - run: nix build .#checks.x86_64-linux.test-mastodon-service -L + check-peertube: runs-on: native steps: - uses: actions/checkout@v4 - - run: nix-build services -A tests.peertube + - run: nix build .#checks.x86_64-linux.test-peertube-service -L check-panel: runs-on: native diff --git a/flake.nix b/flake.nix index 9eca940e..0bf43705 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,7 @@ ./infra/flake-part.nix ./keys/flake-part.nix ./secrets/flake-part.nix + ./services/tests/flake-part.nix ]; perSystem = diff --git a/services/default.nix b/services/default.nix deleted file mode 100644 index 3117b861..00000000 --- a/services/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - system ? builtins.currentSystem, - sources ? import ../npins, - pkgs ? import sources.nixpkgs { inherit system; }, - ... -}: -{ - tests = { - mastodon = pkgs.nixosTest ./tests/mastodon.nix; - pixelfed-garage = pkgs.nixosTest ./tests/pixelfed-garage.nix; - peertube = pkgs.nixosTest ./tests/peertube.nix; - }; -} diff --git a/services/fediversity/default.nix b/services/fediversity/default.nix index ca7b1f38..184f7dba 100644 --- a/services/fediversity/default.nix +++ b/services/fediversity/default.nix @@ -49,7 +49,7 @@ in displayName = mkOption { type = types.str; description = "Name of the initial user, for humans"; - default = config.fediversity.temp.initialUser.name; + default = config.fediversity.temp.initialUser.username; }; email = mkOption { type = types.str; diff --git a/services/tests/flake-part.nix b/services/tests/flake-part.nix new file mode 100644 index 00000000..3def25b9 --- /dev/null +++ b/services/tests/flake-part.nix @@ -0,0 +1,14 @@ +{ ... }: +{ + _class = "flake"; + + perSystem = + { pkgs, ... }: + { + checks = { + test-mastodon-service = pkgs.testers.runNixOSTest ./mastodon.nix; + test-pixelfed-garage-service = pkgs.testers.runNixOSTest ./pixelfed-garage.nix; + test-peertube-service = pkgs.testers.runNixOSTest ./peertube.nix; + }; + }; +} diff --git a/services/tests/mastodon.nix b/services/tests/mastodon.nix index f5497520..f85d8455 100644 --- a/services/tests/mastodon.nix +++ b/services/tests/mastodon.nix @@ -6,7 +6,7 @@ { pkgs, ... }: let - lib = pkgs.lib; + inherit (pkgs) lib writeText; ## FIXME: this binding was not used, but maybe we want a side-effect or something? # rebuildableTest = import ./rebuildableTest.nix pkgs; @@ -69,9 +69,17 @@ in expect ]; environment.variables = { - AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.mastodon.id; - AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.mastodon.secret; + AWS_ACCESS_KEY_ID = "$(cat ${config.fediversity.mastodon.s3AccessKeyFile})"; + AWS_SECRET_ACCESS_KEY = "$(cat ${config.fediversity.mastodon.s3SecretKeyFile})"; }; + services.mastodon.extraEnvFiles = [ + # generate as: cd ${pkgs.mastodon}; IGNORE_ALREADY_SET_SECRETS=true RAILS_ENV=development ${pkgs.mastodon}/bin/rails db:encryption:init + (writeText "rest" '' + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=naGoEzeyjUmwIlmgZZmGQDWJrlWud5eX + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=A0tE1VJ7S3cjaOQ58mNkhrVFY7o5NKDB + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=tGHhd5Os7hLxa8QTzWwjyVLrvsj5VsCw + '') + ]; }; }; diff --git a/services/tests/pixelfed-garage.nix b/services/tests/pixelfed-garage.nix index 66116774..4939fdba 100644 --- a/services/tests/pixelfed-garage.nix +++ b/services/tests/pixelfed-garage.nix @@ -161,8 +161,8 @@ in ]; environment.variables = { POST_MEDIA = ./fediversity.png; - AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.pixelfed.id; - AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.pixelfed.secret; + AWS_ACCESS_KEY_ID = "$(cat ${config.fediversity.pixelfed.s3AccessKeyFile})"; + AWS_SECRET_ACCESS_KEY = "$(cat ${config.fediversity.pixelfed.s3SecretKeyFile})"; ## without this we get frivolous errors in the logs MC_REGION = "garage"; };