Loading nixos/modules/services/web-apps/miniflux.nix +12 −0 Original line number Diff line number Diff line Loading @@ -130,5 +130,17 @@ in environment = cfg.config; }; environment.systemPackages = [ cfg.package ]; security.apparmor.policies."bin.miniflux".profile = '' include <tunables/global> ${cfg.package}/bin/miniflux { include <abstractions/base> include <abstractions/nameservice> include <abstractions/ssl_certs> include "${pkgs.apparmorRulesFromClosure { name = "miniflux"; } cfg.package}" r ${cfg.package}/bin/miniflux, r @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size, } ''; }; } nixos/tests/miniflux.nix +6 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ in default = { ... }: { security.apparmor.enable = true; services.miniflux = { enable = true; inherit adminCredentialsFile; Loading @@ -34,6 +35,7 @@ in withoutSudo = { ... }: { security.apparmor.enable = true; services.miniflux = { enable = true; inherit adminCredentialsFile; Loading @@ -44,6 +46,7 @@ in customized = { ... }: { security.apparmor.enable = true; services.miniflux = { enable = true; config = { Loading @@ -63,6 +66,7 @@ in default.succeed( "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) default.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') withoutSudo.wait_for_unit("miniflux.service") withoutSudo.wait_for_open_port(${toString defaultPort}) Loading @@ -70,6 +74,7 @@ in withoutSudo.succeed( "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) withoutSudo.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') customized.wait_for_unit("miniflux.service") customized.wait_for_open_port(${toString port}) Loading @@ -77,5 +82,6 @@ in customized.succeed( "curl 'http://localhost:${toString port}/v1/me' -u '${username}:${password}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) customized.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') ''; }) Loading
nixos/modules/services/web-apps/miniflux.nix +12 −0 Original line number Diff line number Diff line Loading @@ -130,5 +130,17 @@ in environment = cfg.config; }; environment.systemPackages = [ cfg.package ]; security.apparmor.policies."bin.miniflux".profile = '' include <tunables/global> ${cfg.package}/bin/miniflux { include <abstractions/base> include <abstractions/nameservice> include <abstractions/ssl_certs> include "${pkgs.apparmorRulesFromClosure { name = "miniflux"; } cfg.package}" r ${cfg.package}/bin/miniflux, r @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size, } ''; }; }
nixos/tests/miniflux.nix +6 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ in default = { ... }: { security.apparmor.enable = true; services.miniflux = { enable = true; inherit adminCredentialsFile; Loading @@ -34,6 +35,7 @@ in withoutSudo = { ... }: { security.apparmor.enable = true; services.miniflux = { enable = true; inherit adminCredentialsFile; Loading @@ -44,6 +46,7 @@ in customized = { ... }: { security.apparmor.enable = true; services.miniflux = { enable = true; config = { Loading @@ -63,6 +66,7 @@ in default.succeed( "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) default.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') withoutSudo.wait_for_unit("miniflux.service") withoutSudo.wait_for_open_port(${toString defaultPort}) Loading @@ -70,6 +74,7 @@ in withoutSudo.succeed( "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) withoutSudo.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') customized.wait_for_unit("miniflux.service") customized.wait_for_open_port(${toString port}) Loading @@ -77,5 +82,6 @@ in customized.succeed( "curl 'http://localhost:${toString port}/v1/me' -u '${username}:${password}' -H Content-Type:application/json | grep '\"is_admin\":true'" ) customized.fail('journalctl -b --no-pager --grep "^audit: .*apparmor=\\"DENIED\\""') ''; })
