The tests TLS setup was bogus: the xmpp-send-message script was trying to connect to the server through a bogus domain name. Injecting the right one. I'm a bit confused about that one. I know for sure this NixOS test succeeded last time I checked it, but the TLS conf is bogus for sure. I assume the slixmpp SNI validation was a bit too loose and was tightened at some point.
94 lines
3.1 KiB
94 lines
3.1 KiB
cert = pkgs: pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } ''
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=uploads.example.com/CN=conference.example.com' -days 36500
mkdir -p $out
cp key.pem cert.pem $out
createUsers = pkgs: pkgs.writeScriptBin "create-prosody-users" ''
set -e
# Creates and set password for the 2 xmpp test users.
# Doing that in a bash script instead of doing that in the test
# script allow us to easily provision the users when running that
# test interactively.
prosodyctl register cthon98 example.com nothunter2
prosodyctl register azurediamond example.com hunter2
delUsers = pkgs: pkgs.writeScriptBin "delete-prosody-users" ''
set -e
# Deletes the test users.
# Doing that in a bash script instead of doing that in the test
# script allow us to easily provision the users when running that
# test interactively.
prosodyctl deluser cthon98@example.com
prosodyctl deluser azurediamond@example.com
in import ../make-test-python.nix {
name = "prosody";
nodes = {
client = { nodes, pkgs, config, ... }: {
security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
console.keyMap = "fr-bepo";
networking.extraHosts = ''
${nodes.server.config.networking.primaryIPAddress} example.com
${nodes.server.config.networking.primaryIPAddress} conference.example.com
${nodes.server.config.networking.primaryIPAddress} uploads.example.com
environment.systemPackages = [
(pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = "example.com"; })
server = { config, pkgs, ... }: {
security.pki.certificateFiles = [ "${cert pkgs}/cert.pem" ];
console.keyMap = "fr-bepo";
networking.extraHosts = ''
${config.networking.primaryIPAddress} example.com
${config.networking.primaryIPAddress} conference.example.com
${config.networking.primaryIPAddress} uploads.example.com
networking.firewall.enable = false;
environment.systemPackages = [
(createUsers pkgs)
(delUsers pkgs)
services.prosody = {
enable = true;
ssl.cert = "${cert pkgs}/cert.pem";
ssl.key = "${cert pkgs}/key.pem";
virtualHosts.example = {
domain = "example.com";
enabled = true;
ssl.cert = "${cert pkgs}/cert.pem";
ssl.key = "${cert pkgs}/key.pem";
muc = [
domain = "conference.example.com";
uploadHttp = {
domain = "uploads.example.com";
testScript = { nodes, ... }: ''
# Check with sqlite storage
server.succeed('prosodyctl status | grep "Prosody is running"')