nixos/ntfy-sh: clean up DynamicUser workarounds
this commit removes the static assignments for the ntfy-sh user and group. furthermore, it removes some tmpfiles.d rules which where initially put in place by https://github.com/NixOS/nixpkgs/pull/234811. these are however not required, as ntfy-sh will automatically create the required files and systemd automatically handles the migration process. A nixosTest is added to demonstrate that the migration is working reliably. This also fixes an issue with where systemd would sometimes not start ntfy-sh. The tmpfiles rules in combination with impermanence caused `/ var/lib/ntfy-sh` to be a directory when it should have been a symlink.
This commit is contained in:
parent
5a8e924381
commit
39fd0c3fe3
3 changed files with 78 additions and 6 deletions
|
@ -84,12 +84,6 @@ in
|
||||||
cache-file = mkDefault "/var/lib/ntfy-sh/cache-file.db";
|
cache-file = mkDefault "/var/lib/ntfy-sh/cache-file.db";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"f ${cfg.settings.auth-file} 0600 ${cfg.user} ${cfg.group} - -"
|
|
||||||
"d ${cfg.settings.attachment-cache-dir} 0700 ${cfg.user} ${cfg.group} - -"
|
|
||||||
"f ${cfg.settings.cache-file} 0600 ${cfg.user} ${cfg.group} - -"
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services.ntfy-sh = {
|
systemd.services.ntfy-sh = {
|
||||||
description = "Push notifications server";
|
description = "Push notifications server";
|
||||||
|
|
||||||
|
|
|
@ -559,6 +559,7 @@ in {
|
||||||
nscd = handleTest ./nscd.nix {};
|
nscd = handleTest ./nscd.nix {};
|
||||||
nsd = handleTest ./nsd.nix {};
|
nsd = handleTest ./nsd.nix {};
|
||||||
ntfy-sh = handleTest ./ntfy-sh.nix {};
|
ntfy-sh = handleTest ./ntfy-sh.nix {};
|
||||||
|
ntfy-sh-migration = handleTest ./ntfy-sh-migration.nix {};
|
||||||
nzbget = handleTest ./nzbget.nix {};
|
nzbget = handleTest ./nzbget.nix {};
|
||||||
nzbhydra2 = handleTest ./nzbhydra2.nix {};
|
nzbhydra2 = handleTest ./nzbhydra2.nix {};
|
||||||
oh-my-zsh = handleTest ./oh-my-zsh.nix {};
|
oh-my-zsh = handleTest ./oh-my-zsh.nix {};
|
||||||
|
|
77
nixos/tests/ntfy-sh-migration.nix
Normal file
77
nixos/tests/ntfy-sh-migration.nix
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
# the ntfy-sh module was switching to DynamicUser=true. this test assures that
|
||||||
|
# the migration does not break existing setups.
|
||||||
|
#
|
||||||
|
# this test works doing a migration and asserting ntfy-sh runs properly. first,
|
||||||
|
# ntfy-sh is configured to use a static user and group. then ntfy-sh is
|
||||||
|
# started and tested. after that, ntfy-sh is shut down and a systemd drop
|
||||||
|
# in configuration file is used to upate the service configuration to use
|
||||||
|
# DynamicUser=true. then the ntfy-sh is started again and tested.
|
||||||
|
|
||||||
|
import ./make-test-python.nix {
|
||||||
|
name = "ntfy-sh";
|
||||||
|
|
||||||
|
nodes.machine = {
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
environment.etc."ntfy-sh-dynamic-user.conf".text = ''
|
||||||
|
[Service]
|
||||||
|
Group=new-ntfy-sh
|
||||||
|
User=new-ntfy-sh
|
||||||
|
DynamicUser=true
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.ntfy-sh.enable = true;
|
||||||
|
services.ntfy-sh.settings.base-url = "http://localhost:2586";
|
||||||
|
|
||||||
|
systemd.services.ntfy-sh.serviceConfig = {
|
||||||
|
DynamicUser = lib.mkForce false;
|
||||||
|
ExecStartPre = [
|
||||||
|
"${pkgs.coreutils}/bin/id"
|
||||||
|
"${pkgs.coreutils}/bin/ls -lahd /var/lib/ntfy-sh/"
|
||||||
|
"${pkgs.coreutils}/bin/ls -lah /var/lib/ntfy-sh/"
|
||||||
|
];
|
||||||
|
Group = lib.mkForce "old-ntfy-sh";
|
||||||
|
User = lib.mkForce "old-ntfy-sh";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.old-ntfy-sh = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "old-ntfy-sh";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.old-ntfy-sh = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
testScript = ''
|
||||||
|
import json
|
||||||
|
|
||||||
|
msg = "Test notification"
|
||||||
|
|
||||||
|
def test_ntfysh():
|
||||||
|
machine.wait_for_unit("ntfy-sh.service")
|
||||||
|
machine.wait_for_open_port(2586)
|
||||||
|
|
||||||
|
machine.succeed(f"curl -d '{msg}' localhost:2586/test")
|
||||||
|
|
||||||
|
text = machine.succeed("curl -s localhost:2586/test/json?poll=1")
|
||||||
|
for line in text.splitlines():
|
||||||
|
notif = json.loads(line)
|
||||||
|
assert msg == notif["message"], "Wrong message"
|
||||||
|
|
||||||
|
machine.succeed("ntfy user list")
|
||||||
|
|
||||||
|
machine.wait_for_unit("multi-user.target")
|
||||||
|
|
||||||
|
test_ntfysh()
|
||||||
|
|
||||||
|
machine.succeed("systemctl stop ntfy-sh.service")
|
||||||
|
machine.succeed("mkdir -p /run/systemd/system/ntfy-sh.service.d")
|
||||||
|
machine.succeed("cp /etc/ntfy-sh-dynamic-user.conf /run/systemd/system/ntfy-sh.service.d/dynamic-user.conf")
|
||||||
|
machine.succeed("systemctl daemon-reload")
|
||||||
|
machine.succeed("systemctl start ntfy-sh.service")
|
||||||
|
|
||||||
|
test_ntfysh()
|
||||||
|
'';
|
||||||
|
}
|
Loading…
Reference in a new issue