diff options
| -rw-r--r-- | nixos-tests/distributed-test.nix | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/nixos-tests/distributed-test.nix b/nixos-tests/distributed-test.nix index 11c2dba..ee0755f 100644 --- a/nixos-tests/distributed-test.nix +++ b/nixos-tests/distributed-test.nix @@ -9,6 +9,7 @@ kittybox: enable = true; backendUri = "file:///srv/kittybox/data"; blobstoreUri = "file:///srv/kittybox/media"; + jobQueueUri = "postgres://primrose/kittybox"; }; environment.systemPackages = with pkgs; [ xh ]; @@ -22,10 +23,12 @@ kittybox: systemd.services.kittybox = { bindsTo = [ "srv.mount" ]; after = [ "srv.mount" ]; + environment.PGPASSWORD = "swordfish"; serviceConfig = { DynamicUser = lib.mkForce false; User = "kittybox"; Group = "kittybox"; + ReadWritePaths = [ "/srv/kittybox" ]; }; }; }; @@ -54,6 +57,25 @@ in { "d /srv/kittybox/data 1750 kittybox root -" "d /srv/kittybox/media 1750 kittybox root -" ]; + + services.postgresql = { + enable = true; + enableTCPIP = true; + initialScript = pkgs.writeText "init-sql-script" '' + CREATE USER kittybox WITH LOGIN PASSWORD 'swordfish'; + CREATE DATABASE kittybox; + GRANT ALL PRIVILEGES ON DATABASE kittybox TO kittybox; + ''; + authentication = lib.mkOverride 10 '' + # type database DBuser origin-address auth-method + local all all trust + # This is not exactly a good config. It would be better to use TLS and harden this line. + # But it'll work for the purpose of this test, as we only need a job queue. + # (And possibly for posts, too, though historically this test exists to demonstrate shared + # storage behavior with the file backend over NFS, which is simpler than Postgres) + host all all all scram-sha-256 + ''; }; + networking.firewall.allowedTCPPorts = [ 5432 ]; }; longiflorum = { config, pkgs, lib, ... }: { imports = [ kittyboxModule ]; |