Commit 93ef567f authored by Jonas Heinrich's avatar Jonas Heinrich
Browse files

nixos/invoiceplane: Don't force http with Caddy

parent 8f3f3cf1

nixos/doc/manual/release-notes/rl-2605.section.md

+4 −0
Original line number Diff line number Diff line
@@ -200,6 +200,10 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>. 
  - `nextcloud31` is EOL and was thus removed.

  - Please note that an upgrade from v31 (or older) to v33 directly is not possible. Please upgrade to `nextcloud32` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud32;`](#opt-services.nextcloud.package).



- InvoicePlane with the Caddy webserver (`services.invoiceplane.webserver = "caddy"`) now sets up sites with Caddy's automatic HTTPS instead of HTTP-only.

  To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`.

  If you set custom Caddy options for a InvoicePlane site, migrate these options by removing `http://` from `services.caddy.virtualHosts."http://example.com"`.



- `services.slurm` now supports slurmrestd usage through the `services.slurm.rest` NixOS options.



- `services.kanidm` options for server, client and unix were moved under dedicated namespaces.

nixos/modules/services/web-apps/invoiceplane.nix

+1 −1
Original line number Diff line number Diff line
@@ -441,7 +441,7 @@ in 
        enable = true;

        virtualHosts = mapAttrs' (

          hostName: cfg:

          (nameValuePair "http://${hostName}" {

          (nameValuePair hostName {

            extraConfig = ''

              root * ${pkg hostName cfg}

              file_server

nixos/tests/invoiceplane.nix

+19 −9
Original line number Diff line number Diff line
@@ -26,7 +26,17 @@ 
          };

        };



        networking.firewall.allowedTCPPorts = [ 80 ];

        services.caddy.virtualHosts."site1.local".extraConfig = ''

          tls internal

        '';

        services.caddy.virtualHosts."site2.local".extraConfig = ''

          tls internal

        '';



        networking.firewall.allowedTCPPorts = [

          80

          443

        ];

        networking.hosts."127.0.0.1" = [

          "site1.local"

          "site2.local"
@@ -76,41 +86,41 @@ 
          machine.wait_for_unit(f"phpfpm-invoiceplane-{site_name}")



          with subtest("Website returns welcome screen"):

              assert "Please install InvoicePlane" in machine.succeed(f"curl -L {site_name}")

              assert "Please install InvoicePlane" in machine.succeed(f"curl -sSfkL {site_name}")



          with subtest("Finish InvoicePlane setup"):

            machine.succeed(

              f"curl -sSfL --cookie-jar cjar {site_name}/setup/language"

              f"curl -sSfkL --cookie-jar cjar {site_name}/setup/language"

            )

            csrf_token = machine.succeed(

              "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"

            )

            machine.succeed(

              f"curl -sSfL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&ip_lang=english&btn_continue=Continue' {site_name}/setup/language"

              f"curl -sSfkL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&ip_lang=english&btn_continue=Continue' {site_name}/setup/language"

            )

            csrf_token = machine.succeed(

              "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"

            )

            machine.succeed(

              f"curl -sSfL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/prerequisites"

              f"curl -sSfkL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/prerequisites"

            )

            csrf_token = machine.succeed(

              "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"

            )

            machine.succeed(

              f"curl -sSfL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/configure_database"

              f"curl -sSfkL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/configure_database"

            )

            csrf_token = machine.succeed(

              "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"

            )

            machine.succeed(

              f"curl -sSfl --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/install_tables"

              f"curl -sSfkl --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/install_tables"

            )

            csrf_token = machine.succeed(

              "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"

            )

            machine.succeed(

              f"curl -sSfl --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/upgrade_tables"

              f"curl -sSfkl --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/upgrade_tables"

          )

  '';

}