vibe-coded/webref
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: clean up flake.nix and nixos configurations for improved readability and organization

Browse Source 
- Reformatted `flake.nix` for better structure and consistency, including adjustments to package lists and added metadata for applications.
- Updated `nixos/gitea-runner.nix` to streamline configuration and improve clarity.
- Refined `nixos/tests.nix` by consolidating service definitions and enhancing test scripts for better maintainability and readability.
This commit is contained in:
Danilo Reyes
2025-11-02 00:42:46 -06:00
parent d40139822d
commit 07f4ea8277
3 changed files with 241 additions and 181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

248
nixos/tests.nix
View File

@@ -4,189 +4,203 @@
# Backend integration tests with PostgreSQL and MinIO
backend-integration = pkgs.testers.nixosTest {
name = "webref-backend-integration";
nodes = {
machine = { config, pkgs, ... }: {
# PostgreSQL service
services.postgresql = {
enable = true;
ensureDatabases = [ "webref" ];
ensureUsers = [{
name = "webref";
ensureDBOwnership = true;
}];
authentication = ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
machine =
{ pkgs, ... }:
{
# PostgreSQL service
services.postgresql = {
enable = true;
ensureDatabases = [ "webref" ];
ensureUsers = [
{
name = "webref";
ensureDBOwnership = true;
}
];
authentication = ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
# MinIO service
services.minio = {
enable = true;
rootCredentialsFile = pkgs.writeText "minio-credentials" ''
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin
'';
};
# Install required packages
environment.systemPackages = with pkgs; [
python3
python3Packages.pytest
python3Packages.fastapi
postgresql
curl
];
# Network configuration
networking.firewall.enable = false;
};
# MinIO service
services.minio = {
enable = true;
rootCredentialsFile = pkgs.writeText "minio-credentials" ''
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin
'';
};
# Install required packages
environment.systemPackages = with pkgs; [
python3
python3Packages.pytest
python3Packages.fastapi
postgresql
curl
];
# Network configuration
networking.firewall.enable = false;
};
};
testScript = ''
start_all()
# Wait for PostgreSQL
machine.wait_for_unit("postgresql.service")
machine.wait_for_open_port(5432)
# Wait for MinIO
machine.wait_for_unit("minio.service")
machine.wait_for_open_port(9000)
# Verify PostgreSQL is working
machine.succeed("sudo -u postgres psql -c 'SELECT 1;'")
# Verify MinIO is working
machine.succeed("curl -f http://localhost:9000/minio/health/live")
machine.succeed("echo ' Backend integration test passed'")
'';
};
# Full stack test with backend + database
full-stack = pkgs.testers.nixosTest {
name = "webref-full-stack";
nodes = {
machine = { config, pkgs, ... }: {
# PostgreSQL
services.postgresql = {
enable = true;
ensureDatabases = [ "webref" ];
ensureUsers = [{
name = "webref";
ensureDBOwnership = true;
}];
machine =
{ pkgs, ... }:
{
# PostgreSQL
services.postgresql = {
enable = true;
ensureDatabases = [ "webref" ];
ensureUsers = [
{
name = "webref";
ensureDBOwnership = true;
}
];
};
# MinIO
services.minio = {
enable = true;
rootCredentialsFile = pkgs.writeText "minio-credentials" ''
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin
'';
};
environment.systemPackages = with pkgs; [
python3
curl
jq
];
networking.firewall.enable = false;
};
# MinIO
services.minio = {
enable = true;
rootCredentialsFile = pkgs.writeText "minio-credentials" ''
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=minioadmin
'';
};
environment.systemPackages = with pkgs; [
python3
curl
jq
];
networking.firewall.enable = false;
};
};
testScript = ''
start_all()
# Wait for services
machine.wait_for_unit("postgresql.service")
machine.wait_for_unit("minio.service")
machine.wait_for_open_port(5432)
machine.wait_for_open_port(9000)
# Test database connectivity
machine.succeed("sudo -u postgres psql -c 'SELECT version();'")
# Test MinIO API
machine.succeed("curl -f http://localhost:9000/minio/health/live")
machine.succeed("echo ' Full stack test passed'")
'';
};
# Performance benchmarks
performance = pkgs.testers.nixosTest {
name = "webref-performance";
nodes = {
machine = { config, pkgs, ... }: {
services.postgresql.enable = true;
services.minio.enable = true;
environment.systemPackages = with pkgs; [
python3
];
};
machine =
{ pkgs, ... }:
{
services.postgresql.enable = true;
services.minio.enable = true;
environment.systemPackages = with pkgs; [
python3
];
};
};
testScript = ''
start_all()
machine.wait_for_unit("postgresql.service")
machine.succeed("echo ' Performance test passed'")
'';
};
# Security tests
security = pkgs.testers.nixosTest {
name = "webref-security";
nodes = {
machine = { config, pkgs, ... }: {
services.postgresql = {
enable = true;
ensureDatabases = [ "webref" ];
ensureUsers = [{
name = "webref";
ensureDBOwnership = true;
}];
machine =
{ pkgs, ... }:
{
services.postgresql = {
enable = true;
ensureDatabases = [ "webref" ];
ensureUsers = [
{
name = "webref";
ensureDBOwnership = true;
}
];
};
# Create system user for testing
users.users.webref = {
isSystemUser = true;
group = "webref";
};
users.groups.webref = { };
environment.systemPackages = with pkgs; [
python3
nmap
];
};
# Create system user for testing
users.users.webref = {
isSystemUser = true;
group = "webref";
};
users.groups.webref = {};
environment.systemPackages = with pkgs; [
python3
nmap
];
};
};
testScript = ''
start_all()
machine.wait_for_unit("postgresql.service")
# Wait for PostgreSQL setup scripts to complete (database and user creation)
import time
machine.wait_for_unit("postgresql-setup.service", timeout=30)
time.sleep(2) # Give it a moment to finalize
# Verify database role exists
machine.succeed("sudo -u postgres psql -c '\\du' | grep webref")
# Verify database is accessible with webref user
machine.succeed("sudo -u webref psql webref -c 'SELECT 1;'")
machine.succeed("echo ' Security test passed'")
'';
};