{ pkgs, lib, ... }: let pkgs' = pkgs; testLib = pkgs.callPackage ../common.nix {}; subdomain = "grafana"; domain = "example.com"; fqdn = "${subdomain}.${domain}"; password = "securepw"; commonTestScript = testLib.accessScript { inherit fqdn; hasSSL = { node, ... }: !(isNull node.config.shb.monitoring.ssl); waitForServices = { ... }: [ "nginx.service" ]; waitForPorts = { node, ... }: [ node.config.shb.monitoring.grafanaPort ]; }; base = { imports = [ (pkgs'.path + "/nixos/modules/profiles/headless.nix") (pkgs'.path + "/nixos/modules/profiles/qemu-guest.nix") { options = { shb.backup = lib.mkOption { type = lib.types.anything; }; }; } ../../modules/blocks/postgresql.nix ../../modules/blocks/monitoring.nix ]; # Nginx port. networking.firewall.allowedTCPPorts = [ 80 443 ]; }; certs = { config, ... }: { imports = [ ../../modules/blocks/ssl.nix ]; shb.certs = { cas.selfsigned.myca = { name = "My CA"; }; certs.selfsigned = { n = { ca = config.shb.certs.cas.selfsigned.myca; domain = "*.${domain}"; group = "nginx"; }; }; }; systemd.services.nginx.after = [ config.shb.certs.certs.selfsigned.n.systemdService ]; systemd.services.nginx.requires = [ config.shb.certs.certs.selfsigned.n.systemdService ]; }; basic = { config, ... }: { shb.monitoring = { enable = true; inherit subdomain domain; grafanaPort = 3000; adminPasswordFile = pkgs.writeText "admin_password" password; secretKeyFile = pkgs.writeText "secret_key" "secret_key"; }; }; https = { config, ...}: { shb.monitoring = { ssl = config.shb.certs.certs.selfsigned.n; }; }; in { basic = pkgs.testers.runNixOSTest { name = "monitoring-basic"; nodes.server = lib.mkMerge [ base basic { options = { shb.authelia = lib.mkOption { type = lib.types.anything; }; }; } ]; nodes.client = {}; testScript = commonTestScript; }; https = pkgs.testers.runNixOSTest { name = "monitoring-https"; nodes.server = lib.mkMerge [ base certs basic https { options = { shb.authelia = lib.mkOption { type = lib.types.anything; }; }; } ]; nodes.client = {}; testScript = commonTestScript; }; }