nixos/tests/ejabberd: fix tests
It seems that SASL SCRAM in ejabberd now requires TLS to work, even if disable_sasl_scram_downgrade_protection is true. The certificate generation code is copied from nixos/tests/prosody.
This commit is contained in:
parent
89ea599a54
commit
6f5510289e
@ -1,3 +1,10 @@
|
||||
let
|
||||
cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
|
||||
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=muc.example.com' -days 36500
|
||||
mkdir -p $out
|
||||
cp key.pem cert.pem $out
|
||||
'';
|
||||
in
|
||||
import ../make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "ejabberd";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
@ -5,6 +12,7 @@ import ../make-test-python.nix ({ pkgs, ... }: {
|
||||
};
|
||||
nodes = {
|
||||
client = { nodes, pkgs, ... }: {
|
||||
security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
|
||||
networking.extraHosts = ''
|
||||
${nodes.server.config.networking.primaryIPAddress} example.com
|
||||
'';
|
||||
@ -14,6 +22,7 @@ import ../make-test-python.nix ({ pkgs, ... }: {
|
||||
];
|
||||
};
|
||||
server = { config, pkgs, ... }: {
|
||||
security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
|
||||
networking.extraHosts = ''
|
||||
${config.networking.primaryIPAddress} example.com
|
||||
'';
|
||||
@ -23,6 +32,7 @@ import ../make-test-python.nix ({ pkgs, ... }: {
|
||||
configFile = "/etc/ejabberd.yml";
|
||||
};
|
||||
|
||||
systemd.services.ejabberd.serviceConfig.TimeoutStartSec = "15min";
|
||||
environment.etc."ejabberd.yml" = {
|
||||
user = "ejabberd";
|
||||
mode = "0600";
|
||||
@ -40,6 +50,7 @@ import ../make-test-python.nix ({ pkgs, ... }: {
|
||||
max_stanza_size: 65536
|
||||
shaper: c2s_shaper
|
||||
access: c2s
|
||||
starttls: true
|
||||
-
|
||||
port: 5269
|
||||
ip: "::"
|
||||
@ -56,6 +67,10 @@ import ../make-test-python.nix ({ pkgs, ... }: {
|
||||
request_handlers:
|
||||
"/upload": mod_http_upload
|
||||
|
||||
certfiles:
|
||||
- ${cert pkgs}/key.pem
|
||||
- ${cert pkgs}/cert.pem
|
||||
|
||||
## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text
|
||||
## password storage (see auth_password_format option).
|
||||
disable_sasl_mechanisms: "digest-md5"
|
||||
|
Loading…
Reference in New Issue
Block a user