nixos/tests/matrix-alertmanager: init

2025-06-09 09:36:20 +09:00 · 2025-02-08 21:50:53 +02:00 · 2025-02-08 21:50:53 +02:00 · 4d68e0da82
commit 4d68e0da82
parent ce90b7889c
2 changed files with 133 additions and 0 deletions
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -643,6 +643,7 @@ in {
  mate-wayland = handleTest ./mate-wayland.nix {};
  matter-server = handleTest ./matter-server.nix {};
  matomo = runTest ./matomo.nix;
+  matrix-alertmanager = runTest ./matrix/matrix-alertmanager.nix;
  matrix-appservice-irc = runTest ./matrix/appservice-irc.nix;
  matrix-conduit = handleTest ./matrix/conduit.nix {};
  matrix-synapse = handleTest ./matrix/synapse.nix {};
--- a/nixos/tests/matrix/matrix-alertmanager.nix
+++ b/nixos/tests/matrix/matrix-alertmanager.nix
@ -0,0 +1,132 @@
+{ pkgs, ... }:
+let
+  secret-files = pkgs.runCommandLocal "secret-files" { } ''
+    mkdir -p $out
+    echo -n faketoken > $out/token.txt
+    echo -n wontbeused > $out/secret.txt
+  '';
+in
+{
+  name = "matrix-alertmanager";
+  meta.maintainers = with pkgs.lib.maintainers; [ erethon ];
+
+  nodes = {
+    homeserver =
+      { pkgs, ... }:
+      {
+        services.matrix-synapse = {
+          enable = true;
+          settings = {
+            database.name = "sqlite3";
+            tls_certificate_path = "../common/acme/server/acme.test.cert.pem";
+            tls_private_key_path = "../common/acme/server/acme.test.key.pem";
+            enable_registration = true;
+            enable_registration_without_verification = true;
+            registration_shared_secret = "supersecret-registration";
+            listeners = [
+              {
+                # The default but tls=false
+                bind_addresses = [
+                  "0.0.0.0"
+                ];
+                port = 8448;
+                resources = [
+                  {
+                    compress = true;
+                    names = [ "client" ];
+                  }
+                  {
+                    compress = false;
+                    names = [ "federation" ];
+                  }
+                ];
+                tls = false;
+                type = "http";
+                x_forwarded = false;
+              }
+            ];
+          };
+        };
+
+        networking.firewall.allowedTCPPorts = [ 8448 ];
+
+        environment.systemPackages = [
+          (pkgs.writeShellScriptBin "register_alertmanager_user" ''
+            exec ${pkgs.matrix-synapse}/bin/register_new_matrix_user \
+              -u alertmanager \
+              -p alertmanager-password \
+              --admin \
+              --shared-secret supersecret-registration \
+              http://localhost:8448
+          '')
+          # This is needed to solve a chicken and egg
+          # problem. Matrix-alertmanager expects a token for authentication,
+          # but a token is created after the user has been registered. This
+          # changes the token in the database to match the one specified in
+          # the service settings.
+          (pkgs.writers.writePython3Bin "hardcode_matrix_values"
+            {
+              libraries = with pkgs.python3Packages; [
+                sqlite-utils
+              ];
+            }
+            ''
+              import sqlite3
+              con = sqlite3.connect("/var/lib/matrix-synapse/homeserver.db")
+              cur = con.cursor()
+              cur.execute(
+                  "update access_tokens set token='%s' where user_id = '%s'"
+                  % ("faketoken", "@alertmanager:homeserver")
+              )
+              con.commit()
+              con.close()
+            ''
+          )
+        ];
+      };
+
+    matrix_alertmanager =
+      { config, pkgs, ... }:
+      {
+        environment.etc.token-file.source = "${secret-files}/token.txt";
+        environment.etc.secret-file.source = "${secret-files}/secret.txt";
+        services.matrix-alertmanager = {
+          enable = true;
+          tokenFile = "/etc/${config.environment.etc.token-file.target}";
+          secretFile = "/etc/${config.environment.etc.secret-file.target}";
+          homeserverUrl = "http://homeserver:8448";
+          # Matrix-alertmanager expects at least a room in its configuration
+          # in order to start. However, the room doesn't have to exist for
+          # matrix-alertmanager to start, so this is a configuration only
+          # placeholder.
+          matrixRooms = [
+            {
+              receivers = [ "matrix" ];
+              roomId = "!room_id:homeserver";
+            }
+          ];
+          matrixUser = "alertmanager";
+        };
+      };
+  };
+
+  testScript = ''
+    with subtest("start homeserver"):
+      homeserver.start()
+      homeserver.wait_for_unit("matrix-synapse.service")
+      homeserver.wait_until_succeeds("curl --fail -L http://localhost:8448/")
+
+    with subtest("register user"):
+      # register alertmanager user
+      homeserver.succeed("register_alertmanager_user")
+
+    with subtest("hardcode matrix values for matrix-alertmanager to use"):
+      homeserver.succeed("hardcode_matrix_values")
+
+    with subtest("start matrix_alertmanager"):
+      matrix_alertmanager.start()
+      matrix_alertmanager.wait_for_unit("matrix-alertmanager.service")
+      matrix_alertmanager.wait_until_succeeds("curl --fail -L http://localhost:3000/")
+      matrix_alertmanager.wait_for_console_text("matrix-alertmanager initialized and ready")
+  '';
+}