about summary refs log tree commit diff
path: root/nixos-tests/distributed-test.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos-tests/distributed-test.nix')
-rw-r--r--nixos-tests/distributed-test.nix22
1 files changed, 22 insertions, 0 deletions
diff --git a/nixos-tests/distributed-test.nix b/nixos-tests/distributed-test.nix
index 11c2dba..ee0755f 100644
--- a/nixos-tests/distributed-test.nix
+++ b/nixos-tests/distributed-test.nix
@@ -9,6 +9,7 @@ kittybox:
       enable = true;
       backendUri = "file:///srv/kittybox/data";
       blobstoreUri = "file:///srv/kittybox/media";
+      jobQueueUri = "postgres://primrose/kittybox";
     };
 
     environment.systemPackages = with pkgs; [ xh ];
@@ -22,10 +23,12 @@ kittybox:
     systemd.services.kittybox = {
       bindsTo = [ "srv.mount" ];
       after = [ "srv.mount" ];
+      environment.PGPASSWORD = "swordfish";
       serviceConfig = {
         DynamicUser = lib.mkForce false;
         User = "kittybox";
         Group = "kittybox";
+        ReadWritePaths = [ "/srv/kittybox" ];
       };
     };
   };
@@ -54,6 +57,25 @@ in {
         "d /srv/kittybox/data  1750 kittybox root -"
         "d /srv/kittybox/media 1750 kittybox root -"
       ];
+
+      services.postgresql = {
+        enable = true;
+        enableTCPIP = true;
+        initialScript = pkgs.writeText "init-sql-script" ''
+          CREATE USER kittybox WITH LOGIN PASSWORD 'swordfish';
+          CREATE DATABASE kittybox;
+          GRANT ALL PRIVILEGES ON DATABASE kittybox TO kittybox;
+        '';
+        authentication = lib.mkOverride 10 ''
+          # type database DBuser origin-address auth-method
+          local all      all                    trust
+          # This is not exactly a good config. It would be better to use TLS and harden this line.
+          # But it'll work for the purpose of this test, as we only need a job queue.
+          # (And possibly for posts, too, though historically this test exists to demonstrate shared
+          # storage behavior with the file backend over NFS, which is simpler than Postgres)
+          host  all      all     all            scram-sha-256
+  '';      };
+      networking.firewall.allowedTCPPorts = [ 5432 ];
     };
     longiflorum = { config, pkgs, lib, ... }: {
       imports = [ kittyboxModule ];