1 files changed, 46 insertions, 17 deletions
diff --git a/nixos/tests/uwsgi.nix b/nixos/tests/uwsgi.nix
index 5c0b294e2d2..80dcde324aa 100644
--- a/nixos/tests/uwsgi.nix
+++ b/nixos/tests/uwsgi.nix
@@ -1,36 +1,53 @@
 import ./make-test-python.nix ({ pkgs, ... }:
 {
   name = "uwsgi";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
     maintainers = [ lnl7 ];
   };
 
   machine = { pkgs, ... }: {
-    services.uwsgi.enable = true;
-    services.uwsgi.plugins = [ "python3" "php" ];
-    services.uwsgi.instance = {
-      type = "emperor";
-      vassals.python = {
+    users.users.hello  =
+      { isSystemUser = true;
+        group = "hello";
+      };
+    users.groups.hello = { };
+
+    services.uwsgi = {
+      enable = true;
+      plugins = [ "python3" "php" ];
+      capabilities = [ "CAP_NET_BIND_SERVICE" ];
+      instance.type = "emperor";
+
+      instance.vassals.hello = {
         type = "normal";
-        master = true;
-        workers = 2;
-        http = ":8000";
+        immediate-uid = "hello";
+        immediate-gid = "hello";
         module = "wsgi:application";
+        http = ":80";
+        cap = "net_bind_service";
+        pythonPackages = self: [ self.flask ];
         chdir = pkgs.writeTextDir "wsgi.py" ''
           from flask import Flask
+          import subprocess
           application = Flask(__name__)
 
           @application.route("/")
           def hello():
-              return "Hello World!"
+              return "Hello, World!"
+
+          @application.route("/whoami")
+          def whoami():
+              whoami = "${pkgs.coreutils}/bin/whoami"
+              proc = subprocess.run(whoami, capture_output=True)
+              return proc.stdout.decode().strip()
         '';
-        pythonPackages = self: with self; [ flask ];
       };
-      vassals.php = {
+
+      instance.vassals.php = {
         type = "normal";
         master = true;
         workers = 2;
-        http-socket = ":8001";
+        http-socket = ":8000";
         http-socket-modifier1 = 14;
         php-index = "index.php";
         php-docroot = pkgs.writeTextDir "index.php" ''
@@ -44,9 +61,21 @@ import ./make-test-python.nix ({ pkgs, ... }:
     ''
       machine.wait_for_unit("multi-user.target")
       machine.wait_for_unit("uwsgi.service")
-      machine.wait_for_open_port(8000)
-      machine.wait_for_open_port(8001)
-      assert "Hello World" in machine.succeed("curl -fv 127.0.0.1:8000")
-      assert "Hello World" in machine.succeed("curl -fv 127.0.0.1:8001")
+
+      with subtest("uWSGI has started"):
+          machine.wait_for_unit("uwsgi.service")
+
+      with subtest("Vassal can bind on port <1024"):
+          machine.wait_for_open_port(80)
+          hello = machine.succeed("curl -f http://machine").strip()
+          assert "Hello, World!" in hello, f"Excepted 'Hello, World!', got '{hello}'"
+
+      with subtest("Vassal is running as dedicated user"):
+          username = machine.succeed("curl -f http://machine/whoami").strip()
+          assert username == "hello", f"Excepted 'hello', got '{username}'"
+
+      with subtest("PHP plugin is working"):
+          machine.wait_for_open_port(8000)
+          assert "Hello World" in machine.succeed("curl -fv http://machine:8000")
     '';
 })