about summary refs log tree commit diff
path: root/nixos-tests
diff options
context:
space:
mode:
authorVika <vika@fireburn.ru>2025-01-01 08:21:20 +0300
committerVika <vika@fireburn.ru>2025-01-01 08:21:20 +0300
commit45789a693daff74bda062c86d2cc095eab2e0be4 (patch)
treeac77ea7ab42c5d58bc4b10d79c0923104c463018 /nixos-tests
parent585ae01da68bb091e75ab0c2cf38f503114a043c (diff)
downloadkittybox-45789a693daff74bda062c86d2cc095eab2e0be4.tar.zst
distributed-test: add Postgres-based job queue
This test historically existed to showcase clustering via NFS, so we
don't use the Postgres backend for the data. That would be too easy.
Instead, we only use it for the webmention job queue!

Change-Id: I975893b974063f24f2761186df57db4b876366f6
Diffstat (limited to 'nixos-tests')
-rw-r--r--nixos-tests/distributed-test.nix22
1 files changed, 22 insertions, 0 deletions
diff --git a/nixos-tests/distributed-test.nix b/nixos-tests/distributed-test.nix
index 11c2dba..ee0755f 100644
--- a/nixos-tests/distributed-test.nix
+++ b/nixos-tests/distributed-test.nix
@@ -9,6 +9,7 @@ kittybox:
       enable = true;
       backendUri = "file:///srv/kittybox/data";
       blobstoreUri = "file:///srv/kittybox/media";
+      jobQueueUri = "postgres://primrose/kittybox";
     };
 
     environment.systemPackages = with pkgs; [ xh ];
@@ -22,10 +23,12 @@ kittybox:
     systemd.services.kittybox = {
       bindsTo = [ "srv.mount" ];
       after = [ "srv.mount" ];
+      environment.PGPASSWORD = "swordfish";
       serviceConfig = {
         DynamicUser = lib.mkForce false;
         User = "kittybox";
         Group = "kittybox";
+        ReadWritePaths = [ "/srv/kittybox" ];
       };
     };
   };
@@ -54,6 +57,25 @@ in {
         "d /srv/kittybox/data  1750 kittybox root -"
         "d /srv/kittybox/media 1750 kittybox root -"
       ];
+
+      services.postgresql = {
+        enable = true;
+        enableTCPIP = true;
+        initialScript = pkgs.writeText "init-sql-script" ''
+          CREATE USER kittybox WITH LOGIN PASSWORD 'swordfish';
+          CREATE DATABASE kittybox;
+          GRANT ALL PRIVILEGES ON DATABASE kittybox TO kittybox;
+        '';
+        authentication = lib.mkOverride 10 ''
+          # type database DBuser origin-address auth-method
+          local all      all                    trust
+          # This is not exactly a good config. It would be better to use TLS and harden this line.
+          # But it'll work for the purpose of this test, as we only need a job queue.
+          # (And possibly for posts, too, though historically this test exists to demonstrate shared
+          # storage behavior with the file backend over NFS, which is simpler than Postgres)
+          host  all      all     all            scram-sha-256
+  '';      };
+      networking.firewall.allowedTCPPorts = [ 5432 ];
     };
     longiflorum = { config, pkgs, lib, ... }: {
       imports = [ kittyboxModule ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-15 16:59:52 +0000