tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{ pkgs, ... }:
2
3let
4 testString = "NixOS Gemini test successful";
5in
6{
7
8 name = "molly-brown";
9 meta = with pkgs.lib.maintainers; {
10 maintainers = [ ehmry ];
11 };
12
13 nodes = {
14
15 geminiServer =
16 { config, pkgs, ... }:
17 let
18 inherit (config.networking) hostName;
19 cfg = config.services.molly-brown;
20 in
21 {
22
23 environment.systemPackages = [
24 (pkgs.writeScriptBin "test-gemini" ''
25 #!${pkgs.python3}/bin/python
26
27 import socket
28 import ssl
29 import tempfile
30 import textwrap
31 import urllib.parse
32
33 url = "gemini://geminiServer/init.gmi"
34 parsed_url = urllib.parse.urlparse(url)
35
36 s = socket.create_connection((parsed_url.netloc, 1965))
37 context = ssl.SSLContext()
38 context.check_hostname = False
39 context.verify_mode = ssl.CERT_NONE
40 s = context.wrap_socket(s, server_hostname=parsed_url.netloc)
41 s.sendall((url + "\r\n").encode("UTF-8"))
42 fp = s.makefile("rb")
43 print(fp.readline().strip())
44 print(fp.readline().strip())
45 print(fp.readline().strip())
46 '')
47 ];
48
49 networking.firewall.allowedTCPPorts = [ cfg.settings.Port ];
50
51 services.molly-brown = {
52 enable = true;
53 docBase = "/tmp/docs";
54 certPath = "/tmp/cert.pem";
55 keyPath = "/tmp/key.pem";
56 };
57
58 systemd.services.molly-brown.preStart = ''
59 ${pkgs.openssl}/bin/openssl genrsa -out "/tmp/key.pem"
60 ${pkgs.openssl}/bin/openssl req -new \
61 -subj "/CN=${config.networking.hostName}" \
62 -key "/tmp/key.pem" -out /tmp/request.pem
63 ${pkgs.openssl}/bin/openssl x509 -req -days 3650 \
64 -in /tmp/request.pem -signkey "/tmp/key.pem" -out "/tmp/cert.pem"
65
66 mkdir -p "${cfg.settings.DocBase}"
67 echo "${testString}" > "${cfg.settings.DocBase}/test.gmi"
68 '';
69 };
70 };
71 testScript = ''
72 geminiServer.wait_for_unit("molly-brown")
73 geminiServer.wait_for_open_port(1965)
74 geminiServer.succeed("test-gemini")
75 '';
76
77}