nixos/invoiceplane: Don't force http with Caddy

NixOS · Jan 5, 2025 · 1b999f4 · 1b999f4
1 parent 63f67a5
commit 1b999f4
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 9 deletions.
diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -194,6 +194,10 @@
 
 - `nodePackages.expo-cli` has been removed, as it was deprecated by upstream. The suggested replacement is the `npx expo` command.
 
+- InvoicePlane with the Caddy webserver (`services.invoiceplane.webserver = "caddy"`) now sets up sites with Caddy's automatic HTTPS instead of HTTP-only.
+  To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`.
+  If you set custom Caddy options for a InvoicePlane site, migrate these options by removing `http://` from `services.caddy.virtualHosts."http://example.com"`.
+
 - DokuWiki with the Caddy webserver (`services.dokuwiki.webserver = "caddy"`) now sets up sites with Caddy's automatic HTTPS instead of HTTP-only.
   To keep the old behavior for a site `example.com`, set `services.caddy.virtualHosts."example.com".hostName = "http://example.com"`.
   If you set custom Caddy options for a DokuWiki site, migrate these options by removing `http://` from `services.caddy.virtualHosts."http://example.com"`.

diff --git a/nixos/modules/services/web-apps/invoiceplane.nix b/nixos/modules/services/web-apps/invoiceplane.nix
@@ -401,7 +401,7 @@ in
         enable = true;
         virtualHosts = mapAttrs' (
           hostName: cfg:
-          (nameValuePair "http://${hostName}" {
+          (nameValuePair hostName {
             extraConfig = ''
               root * ${pkg hostName cfg}
               file_server

diff --git a/nixos/tests/invoiceplane.nix b/nixos/tests/invoiceplane.nix
@@ -27,7 +27,17 @@ import ./make-test-python.nix (
             };
           };
 
-          networking.firewall.allowedTCPPorts = [ 80 ];
+          services.caddy.virtualHosts."site1.local".extraConfig = ''
+            tls internal
+          '';
+          services.caddy.virtualHosts."site2.local".extraConfig = ''
+            tls internal
+          '';
+
+          networking.firewall.allowedTCPPorts = [
+            80
+            443
+          ];
           networking.hosts."127.0.0.1" = [
             "site1.local"
             "site2.local"
@@ -77,41 +87,41 @@ import ./make-test-python.nix (
             machine.wait_for_unit(f"phpfpm-invoiceplane-{site_name}")
 
             with subtest("Website returns welcome screen"):
-                assert "Please install InvoicePlane" in machine.succeed(f"curl -L {site_name}")
+                assert "Please install InvoicePlane" in machine.succeed(f"curl -sSfkL {site_name}")
 
             with subtest("Finish InvoicePlane setup"):
               machine.succeed(
-                f"curl -sSfL --cookie-jar cjar {site_name}/setup/language"
+                f"curl -sSfkL --cookie-jar cjar {site_name}/setup/language"
               )
               csrf_token = machine.succeed(
                 "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"
               )
               machine.succeed(
-                f"curl -sSfL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&ip_lang=english&btn_continue=Continue' {site_name}/setup/language"
+                f"curl -sSfkL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&ip_lang=english&btn_continue=Continue' {site_name}/setup/language"
               )
               csrf_token = machine.succeed(
                 "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"
               )
               machine.succeed(
-                f"curl -sSfL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/prerequisites"
+                f"curl -sSfkL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/prerequisites"
               )
               csrf_token = machine.succeed(
                 "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"
               )
               machine.succeed(
-                f"curl -sSfL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/configure_database"
+                f"curl -sSfkL --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/configure_database"
               )
               csrf_token = machine.succeed(
                 "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"
               )
               machine.succeed(
-                f"curl -sSfl --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/install_tables"
+                f"curl -sSfkl --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/install_tables"
               )
               csrf_token = machine.succeed(
                 "grep ip_csrf_cookie cjar | cut -f 7 | tr -d '\n'"
               )
               machine.succeed(
-                f"curl -sSfl --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/upgrade_tables"
+                f"curl -sSfkl --cookie cjar --cookie-jar cjar -d '_ip_csrf={csrf_token}&btn_continue=Continue' {site_name}/setup/upgrade_tables"
               )
     '';
   }