From 45789a693daff74bda062c86d2cc095eab2e0be4 Mon Sep 17 00:00:00 2001
From: Vika <vika@fireburn.ru>
Date: Wed, 1 Jan 2025 08:21:20 +0300
Subject: distributed-test: add Postgres-based job queue

This test historically existed to showcase clustering via NFS, so we
don't use the Postgres backend for the data. That would be too easy.
Instead, we only use it for the webmention job queue!

Change-Id: I975893b974063f24f2761186df57db4b876366f6
---
 nixos-tests/distributed-test.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'nixos-tests/distributed-test.nix')

diff --git a/nixos-tests/distributed-test.nix b/nixos-tests/distributed-test.nix
index 11c2dba..ee0755f 100644
--- a/nixos-tests/distributed-test.nix
+++ b/nixos-tests/distributed-test.nix
@@ -9,6 +9,7 @@ kittybox:
       enable = true;
       backendUri = "file:///srv/kittybox/data";
       blobstoreUri = "file:///srv/kittybox/media";
+      jobQueueUri = "postgres://primrose/kittybox";
     };
 
     environment.systemPackages = with pkgs; [ xh ];
@@ -22,10 +23,12 @@ kittybox:
     systemd.services.kittybox = {
       bindsTo = [ "srv.mount" ];
       after = [ "srv.mount" ];
+      environment.PGPASSWORD = "swordfish";
       serviceConfig = {
         DynamicUser = lib.mkForce false;
         User = "kittybox";
         Group = "kittybox";
+        ReadWritePaths = [ "/srv/kittybox" ];
       };
     };
   };
@@ -54,6 +57,25 @@ in {
         "d /srv/kittybox/data  1750 kittybox root -"
         "d /srv/kittybox/media 1750 kittybox root -"
       ];
+
+      services.postgresql = {
+        enable = true;
+        enableTCPIP = true;
+        initialScript = pkgs.writeText "init-sql-script" ''
+          CREATE USER kittybox WITH LOGIN PASSWORD 'swordfish';
+          CREATE DATABASE kittybox;
+          GRANT ALL PRIVILEGES ON DATABASE kittybox TO kittybox;
+        '';
+        authentication = lib.mkOverride 10 ''
+          # type database DBuser origin-address auth-method
+          local all      all                    trust
+          # This is not exactly a good config. It would be better to use TLS and harden this line.
+          # But it'll work for the purpose of this test, as we only need a job queue.
+          # (And possibly for posts, too, though historically this test exists to demonstrate shared
+          # storage behavior with the file backend over NFS, which is simpler than Postgres)
+          host  all      all     all            scram-sha-256
+  '';      };
+      networking.firewall.allowedTCPPorts = [ 5432 ];
     };
     longiflorum = { config, pkgs, lib, ... }: {
       imports = [ kittyboxModule ];
-- 
cgit 1.4.1