nixpkgs/nixos/tests/radicale.nix

import ./make-test-python.nix ({ lib, pkgs, ... }:

let
  user = "someuser";
  password = "some_password";
  port = "5232";
  filesystem_folder = "/data/radicale";

  cli = "${pkgs.calendar-cli}/bin/calendar-cli --caldav-user ${user} --caldav-pass ${password}";
in {
  name = "radicale3";
  meta.maintainers = with lib.maintainers; [ dotlambda ];

  machine = { pkgs, ... }: {
    services.radicale = {
      enable = true;
      settings = {
        auth = {
          type = "htpasswd";
          htpasswd_filename = "/etc/radicale/users";
          htpasswd_encryption = "bcrypt";
        };
        storage = {
          inherit filesystem_folder;
          hook = "git add -A && (git diff --cached --quiet || git commit -m 'Changes by '%(user)s)";
        };
        logging.level = "info";
      };
      rights = {
        principal = {
          user = ".+";
          collection = "{user}";
          permissions = "RW";
        };
        calendars = {
          user = ".+";
          collection = "{user}/[^/]+";
          permissions = "rw";
        };
      };
    };
    systemd.services.radicale.path = [ pkgs.git ];
    environment.systemPackages = [ pkgs.git ];
    systemd.tmpfiles.rules = [ "d ${filesystem_folder} 0750 radicale radicale -" ];
    # WARNING: DON'T DO THIS IN PRODUCTION!
    # This puts unhashed secrets directly into the Nix store for ease of testing.
    environment.etc."radicale/users".source = pkgs.runCommand "htpasswd" {} ''
      ${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password}
    '';
  };
  testScript = ''
    machine.wait_for_unit("radicale.service")
    machine.wait_for_open_port(${port})

    machine.succeed("sudo -u radicale git -C ${filesystem_folder} init")
    machine.succeed(
        "sudo -u radicale git -C ${filesystem_folder} config --local user.email radicale@example.com"
    )
    machine.succeed(
        "sudo -u radicale git -C ${filesystem_folder} config --local user.name radicale"
    )

    with subtest("Test calendar and event creation"):
        machine.succeed(
            "${cli} --caldav-url http://localhost:${port}/${user} calendar create cal"
        )
        machine.succeed("test -d ${filesystem_folder}/collection-root/${user}/cal")
        machine.succeed('test -z "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
        machine.succeed(
            "${cli} --caldav-url http://localhost:${port}/${user}/cal calendar add 2021-04-23 testevent"
        )
        machine.succeed('test -n "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')
        (status, stdout) = machine.execute(
            "sudo -u radicale git -C ${filesystem_folder} log --format=oneline | wc -l"
        )
        assert status == 0, "git log failed"
        assert stdout == "3\n", "there should be exactly 3 commits"

    with subtest("Test rights file"):
        machine.fail(
            "${cli} --caldav-url http://localhost:${port}/${user} calendar create sub/cal"
        )
        machine.fail(
            "${cli} --caldav-url http://localhost:${port}/otheruser calendar create cal"
        )

    with subtest("Test web interface"):
        machine.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/")

    with subtest("Test security"):
        output = machine.succeed("systemd-analyze security radicale.service")
        machine.log(output)
        assert output[-9:-1] == "SAFE :-}"
  '';
})
nixos/radicale: add settings option The radicale version is no longer chosen automatically based on system.stateVersion because that gave the impression that old versions are still supported. 2021-04-23 20:23:24 +02:00			`import ./make-test-python.nix ({ lib, pkgs, ... }:`

radicale: Add NixOS test with Python 2 Includes testing bcrypt authentication. 2017-02-02 17:59:39 -05:00			`let`
radicale: 1.1.4 -> 2.1.2 This commit readds and updates the 1.x package from 1.1.4 to 1.1.6 which also includes the needed command for migrating to 2.x The module is adjusted to the version change, defaulting to radicale2 if stateVersion >= 17.09 and radicale1 otherwise. It also now uses ExecStart instead of the script service attribute. Some missing dots at the end of sentences were also added. I added a paragraph in the release notes on how to update to a newer version. 2017-07-25 09:01:08 +02:00			`user = "someuser";`
			`password = "some_password";`
nixos/radicale: add settings option The radicale version is no longer chosen automatically based on system.stateVersion because that gave the impression that old versions are still supported. 2021-04-23 20:23:24 +02:00			`port = "5232";`
			`filesystem_folder = "/data/radicale";`

			`cli = "${pkgs.calendar-cli}/bin/calendar-cli --caldav-user ${user} --caldav-pass ${password}";`
			`in {`
			`name = "radicale3";`
			`meta.maintainers = with lib.maintainers; [ dotlambda ];`
radicale: 1.1.4 -> 2.1.2 This commit readds and updates the 1.x package from 1.1.4 to 1.1.6 which also includes the needed command for migrating to 2.x The module is adjusted to the version change, defaulting to radicale2 if stateVersion >= 17.09 and radicale1 otherwise. It also now uses ExecStart instead of the script service attribute. Some missing dots at the end of sentences were also added. I added a paragraph in the release notes on how to update to a newer version. 2017-07-25 09:01:08 +02:00
nixos/radicale: add settings option The radicale version is no longer chosen automatically based on system.stateVersion because that gave the impression that old versions are still supported. 2021-04-23 20:23:24 +02:00			`machine = { pkgs, ... }: {`
radicale: Add NixOS test with Python 2 Includes testing bcrypt authentication. 2017-02-02 17:59:39 -05:00			`services.radicale = {`
			`enable = true;`
nixos/radicale: add settings option The radicale version is no longer chosen automatically based on system.stateVersion because that gave the impression that old versions are still supported. 2021-04-23 20:23:24 +02:00			`settings = {`
			`auth = {`
			`type = "htpasswd";`
			`htpasswd_filename = "/etc/radicale/users";`
			`htpasswd_encryption = "bcrypt";`
			`};`
			`storage = {`
			`inherit filesystem_folder;`
			`hook = "git add -A && (git diff --cached --quiet \|\| git commit -m 'Changes by '%(user)s)";`
			`};`
			`logging.level = "info";`
			`};`
			`rights = {`
			`principal = {`
			`user = ".+";`
			`collection = "{user}";`
			`permissions = "RW";`
			`};`
			`calendars = {`
			`user = ".+";`
			`collection = "{user}/[^/]+";`
			`permissions = "rw";`
			`};`
			`};`
radicale: Add NixOS test with Python 2 Includes testing bcrypt authentication. 2017-02-02 17:59:39 -05:00			`};`
nixos/radicale: add settings option The radicale version is no longer chosen automatically based on system.stateVersion because that gave the impression that old versions are still supported. 2021-04-23 20:23:24 +02:00			`systemd.services.radicale.path = [ pkgs.git ];`
			`environment.systemPackages = [ pkgs.git ];`
			`systemd.tmpfiles.rules = [ "d ${filesystem_folder} 0750 radicale radicale -" ];`
radicale: Add NixOS test with Python 2 Includes testing bcrypt authentication. 2017-02-02 17:59:39 -05:00			`# WARNING: DON'T DO THIS IN PRODUCTION!`
nixos/tests: correct comment in radicale.nix (#32574) The secrets are in fact also stored unhashed, as part of the .drv file which produces the htpasswd. 2017-12-11 22:09:23 +00:00			`# This puts unhashed secrets directly into the Nix store for ease of testing.`
nixos/radicale: add settings option The radicale version is no longer chosen automatically based on system.stateVersion because that gave the impression that old versions are still supported. 2021-04-23 20:23:24 +02:00			`environment.etc."radicale/users".source = pkgs.runCommand "htpasswd" {} ''`
radicale: 1.1.4 -> 2.1.2 This commit readds and updates the 1.x package from 1.1.4 to 1.1.6 which also includes the needed command for migrating to 2.x The module is adjusted to the version change, defaulting to radicale2 if stateVersion >= 17.09 and radicale1 otherwise. It also now uses ExecStart instead of the script service attribute. Some missing dots at the end of sentences were also added. I added a paragraph in the release notes on how to update to a newer version. 2017-07-25 09:01:08 +02:00			`${pkgs.apacheHttpd}/bin/htpasswd -bcB "$out" ${user} ${password}`
radicale: Add NixOS test with Python 2 Includes testing bcrypt authentication. 2017-02-02 17:59:39 -05:00			`'';`
			`};`
nixos/radicale: add settings option The radicale version is no longer chosen automatically based on system.stateVersion because that gave the impression that old versions are still supported. 2021-04-23 20:23:24 +02:00			`testScript = ''`
			`machine.wait_for_unit("radicale.service")`
			`machine.wait_for_open_port(${port})`

			`machine.succeed("sudo -u radicale git -C ${filesystem_folder} init")`
			`machine.succeed(`
			`"sudo -u radicale git -C ${filesystem_folder} config --local user.email radicale@example.com"`
			`)`
			`machine.succeed(`
			`"sudo -u radicale git -C ${filesystem_folder} config --local user.name radicale"`
			`)`

			`with subtest("Test calendar and event creation"):`
			`machine.succeed(`
			`"${cli} --caldav-url http://localhost:${port}/${user} calendar create cal"`
			`)`
			`machine.succeed("test -d ${filesystem_folder}/collection-root/${user}/cal")`
			`machine.succeed('test -z "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')`
			`machine.succeed(`
			`"${cli} --caldav-url http://localhost:${port}/${user}/cal calendar add 2021-04-23 testevent"`
			`)`
			`machine.succeed('test -n "$(ls ${filesystem_folder}/collection-root/${user}/cal)"')`
			`(status, stdout) = machine.execute(`
			`"sudo -u radicale git -C ${filesystem_folder} log --format=oneline \| wc -l"`
			`)`
			`assert status == 0, "git log failed"`
			`assert stdout == "3\n", "there should be exactly 3 commits"`

			`with subtest("Test rights file"):`
			`machine.fail(`
			`"${cli} --caldav-url http://localhost:${port}/${user} calendar create sub/cal"`
			`)`
			`machine.fail(`
			`"${cli} --caldav-url http://localhost:${port}/otheruser calendar create cal"`
			`)`

			`with subtest("Test web interface"):`
			`machine.succeed("curl --fail http://${user}:${password}@localhost:${port}/.web/")`
nixos/radicale: harden systemd unit 2021-05-03 18:52:55 +02:00
			`with subtest("Test security"):`
			`output = machine.succeed("systemd-analyze security radicale.service")`
			`machine.log(output)`
			`assert output[-9:-1] == "SAFE :-}"`
nixos/radicale: add settings option The radicale version is no longer chosen automatically based on system.stateVersion because that gave the impression that old versions are still supported. 2021-04-23 20:23:24 +02:00			`'';`
radicale: Add aneeshusa as maintainer 2017-03-20 12:13:27 -04:00			`})`