From 6431fec2c4757522ce9fe2e173a088012e206ac2 Mon Sep 17 00:00:00 2001 From: emilylange Date: Tue, 24 Oct 2023 02:32:56 +0200 Subject: nixosTests.forgejo: test backup/dump service This should allow us to catch issues regarding that in the future. nixos/gitea had an issue with the dump service recently, which didn't affect us, fortunately. But to be fair, it only affected non-default-y setups. Not something we are able to catch in the current, rather simple, config of our test. Still, I see a lot of value adding this new subtest to our test suite. Anyhow, this patch also exposes the resulting tarball as test (build) output, which is a nice addition IMHO, as it allows some sort of external sanity-check, if needed, without running the test interactive. --- nixos/tests/forgejo.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/tests/forgejo.nix b/nixos/tests/forgejo.nix index b326819e319..0f7e1585f3d 100644 --- a/nixos/tests/forgejo.nix +++ b/nixos/tests/forgejo.nix @@ -37,7 +37,7 @@ let settings."repository.signing".SIGNING_KEY = signingPrivateKeyId; settings.actions.ENABLED = true; }; - environment.systemPackages = [ config.services.forgejo.package pkgs.gnupg pkgs.jq ]; + environment.systemPackages = [ config.services.forgejo.package pkgs.gnupg pkgs.jq pkgs.file ]; services.openssh.enable = true; specialisation.runner = { @@ -53,6 +53,14 @@ let tokenFile = "/var/lib/forgejo/runner_token"; }; }; + specialisation.dump = { + inheritParentConfig = true; + configuration.services.forgejo.dump = { + enable = true; + type = "tar.zst"; + file = "dump.tar.zst"; + }; + }; }; client1 = { config, pkgs, ... }: { environment.systemPackages = [ pkgs.git ]; @@ -66,6 +74,7 @@ let let inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey; serverSystem = nodes.server.system.build.toplevel; + dumpFile = with nodes.server.specialisation.dump.configuration.services.forgejo.dump; "${backupDir}/${file}"; in '' GIT_SSH_COMMAND = "ssh -i $HOME/.ssh/privk -o StrictHostKeyChecking=no" @@ -150,6 +159,12 @@ let server.succeed("${serverSystem}/specialisation/runner/bin/switch-to-configuration test") server.wait_for_unit("gitea-runner-test.service") server.succeed("journalctl -o cat -u gitea-runner-test.service | grep -q 'Runner registered successfully'") + + with subtest("Testing backup service"): + server.succeed("${serverSystem}/specialisation/dump/bin/switch-to-configuration test") + server.systemctl("start forgejo-dump") + assert "Zstandard compressed data" in server.succeed("file ${dumpFile}") + server.copy_from_vm("${dumpFile}") ''; }); in -- cgit 1.4.1 From 402b5c67a8ce96709d31c40e000bfdd339b23409 Mon Sep 17 00:00:00 2001 From: emilylange Date: Tue, 24 Oct 2023 03:27:20 +0200 Subject: nixos/forgejo: pass {env}`GIT_PROTOCOL` via ssh to forgejo when using the host's openssh service (not the builtin golang one). This enables the use of the much faster and more efficient wire protocol version 2. See https://git-scm.com/docs/protocol-v2 --- nixos/modules/services/misc/forgejo.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nixos') diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix index b2920981efb..90b5f16f418 100644 --- a/nixos/modules/services/misc/forgejo.nix +++ b/nixos/modules/services/misc/forgejo.nix @@ -632,6 +632,8 @@ in }; }; + services.openssh.settings.AcceptEnv = mkIf (!cfg.settings.START_SSH_SERVER or false) "GIT_PROTOCOL"; + users.users = mkIf (cfg.user == "forgejo") { forgejo = { home = cfg.stateDir; -- cgit 1.4.1 From 98ebe7b877a3b9bb8b202fb2b9dafcf7ec0e16dd Mon Sep 17 00:00:00 2001 From: emilylange Date: Tue, 24 Oct 2023 03:29:08 +0200 Subject: nixosTests.forgejo: test git wire protocol version Co-Authored-By: networkException --- nixos/tests/forgejo.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'nixos') diff --git a/nixos/tests/forgejo.nix b/nixos/tests/forgejo.nix index 0f7e1585f3d..6acd6acb50f 100644 --- a/nixos/tests/forgejo.nix +++ b/nixos/tests/forgejo.nix @@ -77,6 +77,7 @@ let dumpFile = with nodes.server.specialisation.dump.configuration.services.forgejo.dump; "${backupDir}/${file}"; in '' + import json GIT_SSH_COMMAND = "ssh -i $HOME/.ssh/privk -o StrictHostKeyChecking=no" REPO = "forgejo@server:test/repo" PRIVK = "${snakeOilPrivateKey}" @@ -146,6 +147,11 @@ let client2.succeed(f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' git clone {REPO}") client2.succeed('test "$(cat repo/testfile | xargs echo -n)" = "hello world"') + with subtest("Testing git protocol version=2 over ssh"): + git_protocol = client2.succeed(f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' GIT_TRACE2_EVENT=true git -C repo fetch |& grep negotiated-version") + version = json.loads(git_protocol).get("value") + assert version == "2", f"git did not negotiate protocol version 2, but version {version} instead." + server.wait_until_succeeds( 'test "$(curl http://localhost:3000/api/v1/repos/test/repo/commits ' + '-H "Accept: application/json" | jq length)" = "1"', -- cgit 1.4.1