2021-05-30 16:33:09 +01:00
|
|
|
import ../make-test-python.nix (
|
|
|
|
{ pkgs, ... }:
|
|
|
|
let
|
|
|
|
# Set up SSL certs for Synapse to be happy.
|
|
|
|
runWithOpenSSL = file: cmd: pkgs.runCommand file
|
|
|
|
{
|
|
|
|
buildInputs = [ pkgs.openssl ];
|
|
|
|
}
|
|
|
|
cmd;
|
|
|
|
|
|
|
|
ca_key = runWithOpenSSL "ca-key.pem" "openssl genrsa -out $out 2048";
|
|
|
|
ca_pem = runWithOpenSSL "ca.pem" ''
|
|
|
|
openssl req \
|
|
|
|
-x509 -new -nodes -key ${ca_key} \
|
|
|
|
-days 10000 -out $out -subj "/CN=snakeoil-ca"
|
|
|
|
'';
|
|
|
|
key = runWithOpenSSL "matrix_key.pem" "openssl genrsa -out $out 2048";
|
|
|
|
csr = runWithOpenSSL "matrix.csr" ''
|
|
|
|
openssl req \
|
|
|
|
-new -key ${key} \
|
|
|
|
-out $out -subj "/CN=localhost" \
|
|
|
|
'';
|
|
|
|
cert = runWithOpenSSL "matrix_cert.pem" ''
|
|
|
|
openssl x509 \
|
|
|
|
-req -in ${csr} \
|
|
|
|
-CA ${ca_pem} -CAkey ${ca_key} \
|
|
|
|
-CAcreateserial -out $out \
|
|
|
|
-days 365
|
|
|
|
'';
|
|
|
|
in
|
|
|
|
{
|
|
|
|
name = "mjolnir";
|
|
|
|
meta = with pkgs.lib; {
|
|
|
|
maintainers = teams.matrix.members;
|
|
|
|
};
|
|
|
|
|
|
|
|
nodes = {
|
|
|
|
homeserver = { pkgs, ... }: {
|
|
|
|
services.matrix-synapse = {
|
|
|
|
enable = true;
|
2022-02-08 14:30:38 +00:00
|
|
|
settings = {
|
|
|
|
database.name = "sqlite3";
|
|
|
|
tls_certificate_path = "${cert}";
|
|
|
|
tls_private_key_path = "${key}";
|
|
|
|
enable_registration = true;
|
2022-05-27 10:50:22 +01:00
|
|
|
enable_registration_without_verification = true;
|
2022-02-08 14:30:38 +00:00
|
|
|
registration_shared_secret = "supersecret-registration";
|
2021-05-30 16:33:09 +01:00
|
|
|
|
2022-02-08 14:30:38 +00:00
|
|
|
listeners = [ {
|
|
|
|
# The default but tls=false
|
|
|
|
bind_addresses = [
|
|
|
|
"0.0.0.0"
|
2021-05-30 16:33:09 +01:00
|
|
|
];
|
2022-02-08 14:30:38 +00:00
|
|
|
port = 8448;
|
|
|
|
resources = [ {
|
|
|
|
compress = true;
|
|
|
|
names = [ "client" ];
|
|
|
|
} {
|
|
|
|
compress = false;
|
|
|
|
names = [ "federation" ];
|
|
|
|
} ];
|
|
|
|
tls = false;
|
|
|
|
type = "http";
|
|
|
|
x_forwarded = false;
|
|
|
|
} ];
|
|
|
|
};
|
2021-05-30 16:33:09 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 8448 ];
|
|
|
|
|
|
|
|
environment.systemPackages = [
|
|
|
|
(pkgs.writeShellScriptBin "register_mjolnir_user" ''
|
|
|
|
exec ${pkgs.matrix-synapse}/bin/register_new_matrix_user \
|
|
|
|
-u mjolnir \
|
|
|
|
-p mjolnir-password \
|
|
|
|
--admin \
|
|
|
|
--shared-secret supersecret-registration \
|
|
|
|
http://localhost:8448
|
|
|
|
''
|
|
|
|
)
|
|
|
|
(pkgs.writeShellScriptBin "register_moderator_user" ''
|
|
|
|
exec ${pkgs.matrix-synapse}/bin/register_new_matrix_user \
|
|
|
|
-u moderator \
|
|
|
|
-p moderator-password \
|
|
|
|
--no-admin \
|
|
|
|
--shared-secret supersecret-registration \
|
|
|
|
http://localhost:8448
|
|
|
|
''
|
|
|
|
)
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
mjolnir = { pkgs, ... }: {
|
|
|
|
services.mjolnir = {
|
|
|
|
enable = true;
|
|
|
|
homeserverUrl = "http://homeserver:8448";
|
|
|
|
pantalaimon = {
|
|
|
|
enable = true;
|
|
|
|
username = "mjolnir";
|
|
|
|
passwordFile = pkgs.writeText "password.txt" "mjolnir-password";
|
|
|
|
};
|
|
|
|
managementRoom = "#moderators:homeserver";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
client = { pkgs, ... }: {
|
|
|
|
environment.systemPackages = [
|
|
|
|
(pkgs.writers.writePython3Bin "create_management_room_and_invite_mjolnir"
|
|
|
|
{ libraries = [ pkgs.python3Packages.matrix-nio ]; } ''
|
|
|
|
import asyncio
|
|
|
|
|
|
|
|
from nio import (
|
|
|
|
AsyncClient,
|
|
|
|
EnableEncryptionBuilder
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
async def main() -> None:
|
|
|
|
client = AsyncClient("http://homeserver:8448", "moderator")
|
|
|
|
|
|
|
|
await client.login("moderator-password")
|
|
|
|
|
|
|
|
room = await client.room_create(
|
|
|
|
name="Moderators",
|
|
|
|
alias="moderators",
|
|
|
|
initial_state=[EnableEncryptionBuilder().as_dict()],
|
|
|
|
)
|
|
|
|
|
|
|
|
await client.join(room.room_id)
|
|
|
|
await client.room_invite(room.room_id, "@mjolnir:homeserver")
|
|
|
|
|
|
|
|
asyncio.run(main())
|
|
|
|
''
|
|
|
|
)
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
testScript = ''
|
|
|
|
with subtest("start homeserver"):
|
|
|
|
homeserver.start()
|
|
|
|
|
|
|
|
homeserver.wait_for_unit("matrix-synapse.service")
|
|
|
|
homeserver.wait_until_succeeds("curl --fail -L http://localhost:8448/")
|
|
|
|
|
|
|
|
with subtest("register users"):
|
|
|
|
# register mjolnir user
|
|
|
|
homeserver.succeed("register_mjolnir_user")
|
|
|
|
# register moderator user
|
|
|
|
homeserver.succeed("register_moderator_user")
|
|
|
|
|
|
|
|
with subtest("start mjolnir"):
|
|
|
|
mjolnir.start()
|
|
|
|
|
|
|
|
# wait for pantalaimon to be ready
|
|
|
|
mjolnir.wait_for_unit("pantalaimon-mjolnir.service")
|
|
|
|
mjolnir.wait_for_unit("mjolnir.service")
|
|
|
|
|
|
|
|
mjolnir.wait_until_succeeds("curl --fail -L http://localhost:8009/")
|
|
|
|
|
|
|
|
with subtest("ensure mjolnir can be invited to the management room"):
|
|
|
|
client.start()
|
|
|
|
|
|
|
|
client.wait_until_succeeds("curl --fail -L http://homeserver:8448/")
|
|
|
|
|
|
|
|
client.succeed("create_management_room_and_invite_mjolnir")
|
|
|
|
|
|
|
|
mjolnir.wait_for_console_text("Startup complete. Now monitoring rooms")
|
|
|
|
'';
|
|
|
|
}
|
|
|
|
)
|