From dc06c54c31eae05e6b251acd05820f0eaf6bce49 Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Mon, 2 Sep 2024 12:09:10 -0400 Subject: [PATCH] attempt to access garage storage correctly nginx was trying to access the files on disk, rather than via s3 storage --- pixelfed-vm.nix | 5 +++-- pixelfed.nix | 2 ++ tests/pixelfed-garage.nix | 43 +++++++++++++++++++++++++-------------- 3 files changed, 33 insertions(+), 17 deletions(-) diff --git a/pixelfed-vm.nix b/pixelfed-vm.nix index c065e17..40f56e5 100644 --- a/pixelfed-vm.nix +++ b/pixelfed-vm.nix @@ -2,7 +2,6 @@ imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; networking.firewall.allowedTCPPorts = [ 80 ]; services.pixelfed = { - enable = true; domain = "pixelfed.localhost"; # TODO: secrets management! secretFile = pkgs.writeText "secrets.env" '' @@ -14,7 +13,9 @@ }; # I feel like this should have an `enable` option and be configured via `services.nginx` rather than mirroring those options in services.pixelfed.nginx # TODO: If that indeed makes sense, upstream it. - nginx = {}; + nginx = { + locations."/storage/".proxyPass = "http://pixelfed.web.garage.localhost:3902/public/"; + }; }; virtualisation.memorySize = 2048; virtualisation.forwardPorts = [ diff --git a/pixelfed.nix b/pixelfed.nix index 2636117..1235215 100644 --- a/pixelfed.nix +++ b/pixelfed.nix @@ -32,6 +32,8 @@ in }; }; + services.pixelfed.enable = true; + # TODO: factor these out so we're only defining e.g. s3.garage.localhost and port 3900 in one place services.pixelfed.settings = { FILESYSTEM_CLOUD = "s3"; diff --git a/tests/pixelfed-garage.nix b/tests/pixelfed-garage.nix index 0b1bc82..c16a370 100644 --- a/tests/pixelfed-garage.nix +++ b/tests/pixelfed-garage.nix @@ -12,11 +12,13 @@ let from selenium.webdriver.support.wait import WebDriverWait from selenium.webdriver.chrome.options import Options + print("starting selenium script") + email = sys.argv[1] password = sys.argv[2] green_path = "${./green.png}" - screenshot_path = "/screenshot.png" + screenshot_path = "/home/seleniumUser/screenshot.png" # Create and configure driver. It is important to set the window size such that # the “Create New Post” button is visible. @@ -62,10 +64,12 @@ let ) ) print("Take screenshot...") - driver.save_screenshot(screenshot_path) + if not driver.save_screenshot(screenshot_path): + raise Exception("selenium could not save screenshot") - # All done ^-^ + print("Quitting...") driver.quit() + print("All done!") ''; in pkgs.nixosTest { @@ -77,11 +81,16 @@ pkgs.nixosTest { memorySize = lib.mkVMOverride 8192; cores = 8; }; - imports = with self.nixosModules; [ garage pixelfed pixelfed-vm ]; + imports = with self.nixosModules; [ + garage + pixelfed + pixelfed-vm + ]; # TODO: pair down environment.systemPackages = with pkgs; [ python3 chromium + chromedriver xh seleniumScript helix @@ -89,8 +98,12 @@ pkgs.nixosTest { ]; environment.variables = { POST_MEDIA = ./green.png; - AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id; - AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret; + # AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id; + # AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret; + }; + # chrome does not like being run as root + users.users.seleniumUser = { + isNormalUser = true; }; }; }; @@ -137,14 +150,14 @@ pkgs.nixosTest { # server.succeed("toot post --media $POST_MEDIA") # with subtest("access garage"): - # server.succeed("mc alias set garage http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY") - # server.succeed("mc ls garage/mastodon") + # server.succeed("mc alias set pixelfed http://s3.garage.localhost:3900 --api s3v4 --path off $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY") + # server.succeed("mc ls garage/pixelfed") # with subtest("access image in garage"): # image = server.succeed("mc find garage --regex original") # image = image.rstrip() # if image == "": - # raise Exception("image posted to mastodon did not get stored in garage") + # raise Exception("image posted to pixelfed did not get stored in garage") # server.succeed(f"mc cat {image} >/garage-image.webp") # garage_image_hash = server.succeed("identify -quiet -format '%#' /garage-image.webp") # image_hash = server.succeed("identify -quiet -format '%#' $POST_MEDIA") @@ -152,7 +165,7 @@ pkgs.nixosTest { # raise Exception("image stored in garage did not match image uploaded") # with subtest("Content security policy allows garage images"): - # headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local") + # headers = server.succeed("xh -h http://mastodon.localhost:55001/public/local") # csp_match = None # # I can't figure out re.MULTILINE # for header in headers.split("\n"): @@ -160,21 +173,21 @@ pkgs.nixosTest { # if csp_match is not None: # break # if csp_match is None: - # raise Exception("mastodon did not send a content security policy header") + # raise Exception("pixelfed did not send a content security policy header") # csp = csp_match.group(1) # # the img-src content security policy should include the garage server # garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp) # if garage_csp is None: - # raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.") + # raise Exception("Pixelfed's content security policy does not include garage server. image will not be displayed properly on pixelfed.") # NOTE: This could in theory give a false positive if pixelfed changes it's - # colorscheme to include pure green. (see same problem in mastodon-garage.nix). + # colorscheme to include pure green. (see same problem in pixelfed-garage.nix). # TODO: For instance: post a red image and check that the green pixel IS NOT # there, then post a green image and check that the green pixel IS there. with subtest("image displays"): - server.succeed(f"selenium-script test@test.com {password}") - server.copy_from_vm("/screenshot.png", "") + server.succeed(f"su - seleniumUser -c 'selenium-script test@test.com {password}'") + server.copy_from_vm("/home/seleniumUser/screenshot.png", "") displayed_colors = server.succeed("convert /screenshot.png -define histogram:unique-colors=true -format %c histogram:info:") # check that the green image displayed somewhere green_check = re.match(".*#00FF00.*", displayed_colors, re.S)