mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-10 01:53:09 +09:00
84 lines
2.5 KiB
Nix
84 lines
2.5 KiB
Nix
{ lib, ... }:
|
|
{
|
|
name = "postgres-websockets";
|
|
|
|
meta = {
|
|
maintainers = with lib.maintainers; [ wolfgangwalther ];
|
|
};
|
|
|
|
nodes.machine =
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
environment.systemPackages = [ pkgs.websocat ];
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
initialScript = pkgs.writeText "init.sql" ''
|
|
CREATE ROLE "postgres-websockets" LOGIN NOINHERIT;
|
|
CREATE ROLE "postgres-websockets_with_password" LOGIN NOINHERIT PASSWORD 'password';
|
|
'';
|
|
};
|
|
|
|
services.postgres-websockets = {
|
|
enable = true;
|
|
jwtSecretFile = "/run/secrets/jwt.secret";
|
|
environment.PGWS_DB_URI.dbname = "postgres";
|
|
environment.PGWS_LISTEN_CHANNEL = "websockets-listener";
|
|
};
|
|
|
|
specialisation.withPassword.configuration = {
|
|
services.postgresql.enableTCPIP = true;
|
|
services.postgres-websockets = {
|
|
pgpassFile = "/run/secrets/.pgpass";
|
|
environment.PGWS_DB_URI.host = "localhost";
|
|
environment.PGWS_DB_URI.user = "postgres-websockets_with_password";
|
|
};
|
|
};
|
|
};
|
|
|
|
extraPythonPackages = p: [ p.pyjwt ];
|
|
|
|
testScript =
|
|
{ nodes, ... }:
|
|
let
|
|
withPassword = "${nodes.machine.system.build.toplevel}/specialisation/withPassword";
|
|
in
|
|
''
|
|
machine.execute("""
|
|
mkdir -p /run/secrets
|
|
echo reallyreallyreallyreallyverysafe > /run/secrets/jwt.secret
|
|
""")
|
|
|
|
import jwt
|
|
token = jwt.encode({ "mode": "rw" }, "reallyreallyreallyreallyverysafe")
|
|
|
|
def test():
|
|
machine.wait_for_unit("postgresql.service")
|
|
machine.wait_for_unit("postgres-websockets.service")
|
|
|
|
machine.succeed(f"echo 'hi there' | websocat --no-close 'ws://localhost:3000/test/{token}' > output &")
|
|
machine.sleep(1)
|
|
machine.succeed("grep 'hi there' output")
|
|
|
|
machine.succeed("""
|
|
sudo -u postgres psql -c "SELECT pg_notify('websockets-listener', json_build_object('channel', 'test', 'event', 'message', 'payload', 'Hello World')::text);" >/dev/null
|
|
""")
|
|
machine.sleep(1)
|
|
machine.succeed("grep 'Hello World' output")
|
|
|
|
with subtest("without password"):
|
|
test()
|
|
|
|
with subtest("with password"):
|
|
machine.execute("""
|
|
echo "*:*:*:*:password" > /run/secrets/.pgpass
|
|
""")
|
|
machine.succeed("${withPassword}/bin/switch-to-configuration test >&2")
|
|
test()
|
|
'';
|
|
}
|