diff --git a/nixos/tests/radicale.nix b/nixos/tests/radicale.nix new file mode 100644 index 000000000000..ea834d2768d2 --- /dev/null +++ b/nixos/tests/radicale.nix @@ -0,0 +1,70 @@ +let + port = 5232; + radicaleOverlay = self: super: { + radicale = super.radicale.overrideAttrs (oldAttrs: { + propagatedBuildInputs = with self.pythonPackages; + (oldAttrs.propagatedBuildInputs or []) ++ [ + passlib + ]; + }); + }; + common = { config, pkgs, ...}: { + services.radicale = { + enable = true; + config = let home = config.users.extraUsers.radicale.home; in '' + [server] + hosts = 127.0.0.1:${builtins.toString port} + daemon = False + [encoding] + [well-known] + [auth] + type = htpasswd + htpasswd_filename = /etc/radicale/htpasswd + htpasswd_encryption = bcrypt + [git] + [rights] + [storage] + type = filesystem + filesystem_folder = ${home}/collections + [logging] + [headers] + ''; + }; + # WARNING: DON'T DO THIS IN PRODUCTION! + # This puts secrets (albeit hashed) directly into the Nix store for ease of testing. + environment.etc."radicale/htpasswd".source = with pkgs; let + py = python.withPackages(ps: with ps; [ passlib ]); + in runCommand "htpasswd" {} '' + ${py}/bin/python -c " +from passlib.apache import HtpasswdFile +ht = HtpasswdFile( + '$out', + new=True, + default_scheme='bcrypt' +) +ht.set_password('someuser', 'really_secret_password') +ht.save() +" + ''; + }; + +in import ./make-test.nix { + name = "radicale"; + + # Test radicale with bcrypt-based htpasswd authentication + nodes = { + py2 = { config, pkgs, ... }@args: (common args) // { + nixpkgs.overlays = [ + radicaleOverlay + ]; + }; + }; + + testScript = '' + for my $machine ($py2) { + $machine->waitForUnit('radicale.service'); + $machine->waitForOpenPort(${builtins.toString port}); + $machine->succeed('curl -s http://someuser:really_secret_password@127.0.0.1:${builtins.toString port}/someuser/calendar.ics/'); + } + ''; +}