diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-09-22 19:21:26 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-09-22 19:21:26 +0000 |
commit | ea2acbed493e218f696673a004a95829392c5e33 (patch) | |
tree | c5716552f205bbf4d4addfa4675ea5073786bd06 /nixpkgs/nixos/tests | |
parent | 06ba6c84f858b011fb1132721e5d5e28fcda4a8a (diff) | |
parent | 8aa8cd68f4745eb92f003666bfd300f3e67cd9c1 (diff) | |
download | nixlib-ea2acbed493e218f696673a004a95829392c5e33.tar nixlib-ea2acbed493e218f696673a004a95829392c5e33.tar.gz nixlib-ea2acbed493e218f696673a004a95829392c5e33.tar.bz2 nixlib-ea2acbed493e218f696673a004a95829392c5e33.tar.lz nixlib-ea2acbed493e218f696673a004a95829392c5e33.tar.xz nixlib-ea2acbed493e218f696673a004a95829392c5e33.tar.zst nixlib-ea2acbed493e218f696673a004a95829392c5e33.zip |
Merge branch 'staging' of https://github.com/NixOS/nixpkgs
Diffstat (limited to 'nixpkgs/nixos/tests')
-rw-r--r-- | nixpkgs/nixos/tests/all-tests.nix | 9 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/docker-tools.nix | 2 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/frp.nix | 86 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/kernel-generic.nix | 1 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/matrix/synapse-workers.nix | 50 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/plausible.nix | 2 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/qgis.nix | 30 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/sudo-rs.nix | 97 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/wordpress.nix | 2 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/zfs.nix | 7 |
10 files changed, 280 insertions, 6 deletions
diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index 30ea7c70026f..a9bac3346b90 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -290,6 +290,7 @@ in { freshrss-sqlite = handleTest ./freshrss-sqlite.nix {}; freshrss-pgsql = handleTest ./freshrss-pgsql.nix {}; frigate = handleTest ./frigate.nix {}; + frp = handleTest ./frp.nix {}; frr = handleTest ./frr.nix {}; fsck = handleTest ./fsck.nix {}; fsck-systemd-stage-1 = handleTest ./fsck.nix { systemdStage1 = true; }; @@ -467,6 +468,7 @@ in { matrix-appservice-irc = handleTest ./matrix/appservice-irc.nix {}; matrix-conduit = handleTest ./matrix/conduit.nix {}; matrix-synapse = handleTest ./matrix/synapse.nix {}; + matrix-synapse-workers = handleTest ./matrix/synapse-workers.nix {}; mattermost = handleTest ./mattermost.nix {}; mediamtx = handleTest ./mediamtx.nix {}; mediatomb = handleTest ./mediatomb.nix {}; @@ -671,9 +673,11 @@ in { qboot = handleTestOn ["x86_64-linux" "i686-linux"] ./qboot.nix {}; qemu-vm-restrictnetwork = handleTest ./qemu-vm-restrictnetwork.nix {}; qemu-vm-volatile-root = runTest ./qemu-vm-volatile-root.nix; - quorum = handleTest ./quorum.nix {}; - quake3 = handleTest ./quake3.nix {}; + qgis = handleTest ./qgis.nix { qgisPackage = pkgs.qgis; }; + qgis-ltr = handleTest ./qgis.nix { qgisPackage = pkgs.qgis-ltr; }; qownnotes = handleTest ./qownnotes.nix {}; + quake3 = handleTest ./quake3.nix {}; + quorum = handleTest ./quorum.nix {}; rabbitmq = handleTest ./rabbitmq.nix {}; radarr = handleTest ./radarr.nix {}; radicale = handleTest ./radicale.nix {}; @@ -739,6 +743,7 @@ in { strongswan-swanctl = handleTest ./strongswan-swanctl.nix {}; stunnel = handleTest ./stunnel.nix {}; sudo = handleTest ./sudo.nix {}; + sudo-rs = handleTest ./sudo-rs.nix {}; swap-file-btrfs = handleTest ./swap-file-btrfs.nix {}; swap-partition = handleTest ./swap-partition.nix {}; swap-random-encryption = handleTest ./swap-random-encryption.nix {}; diff --git a/nixpkgs/nixos/tests/docker-tools.nix b/nixpkgs/nixos/tests/docker-tools.nix index 44b583ebcea5..fcdfa586fd55 100644 --- a/nixpkgs/nixos/tests/docker-tools.nix +++ b/nixpkgs/nixos/tests/docker-tools.nix @@ -55,7 +55,7 @@ in { nodes = { docker = { ... }: { virtualisation = { - diskSize = 2048; + diskSize = 3072; docker.enable = true; }; }; diff --git a/nixpkgs/nixos/tests/frp.nix b/nixpkgs/nixos/tests/frp.nix new file mode 100644 index 000000000000..2f5c0f8ec933 --- /dev/null +++ b/nixpkgs/nixos/tests/frp.nix @@ -0,0 +1,86 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "frp"; + meta.maintainers = with lib.maintainers; [ zaldnoay janik ]; + nodes = { + frps = { + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + }; + + systemd.network.networks."01-eth1" = { + name = "eth1"; + networkConfig.Address = "10.0.0.1/24"; + }; + + services.frp = { + enable = true; + role = "server"; + settings = { + common = { + bind_port = 7000; + vhost_http_port = 80; + }; + }; + }; + }; + + + frpc = { + networking = { + useNetworkd = true; + useDHCP = false; + }; + + systemd.network.networks."01-eth1" = { + name = "eth1"; + networkConfig.Address = "10.0.0.2/24"; + }; + + services.httpd = { + enable = true; + adminAddr = "admin@example.com"; + virtualHosts."test-appication" = + let + testdir = pkgs.writeTextDir "web/index.php" "<?php phpinfo();"; + in + { + documentRoot = "${testdir}/web"; + locations."/" = { + index = "index.php index.html"; + }; + }; + phpPackage = pkgs.php81; + enablePHP = true; + }; + + services.frp = { + enable = true; + role = "client"; + settings = { + common = { + server_addr = "10.0.0.1"; + server_port = 7000; + }; + web = { + type = "http"; + local_port = 80; + custom_domains = "10.0.0.1"; + }; + }; + }; + }; + }; + + testScript = '' + start_all() + frps.wait_for_unit("frp.service") + frps.wait_for_open_port(80) + frpc.wait_for_unit("frp.service") + response = frpc.succeed("curl -fvvv -s http://127.0.0.1/") + assert "PHP Version ${pkgs.php81.version}" in response, "PHP version not detected" + response = frpc.succeed("curl -fvvv -s http://10.0.0.1/") + assert "PHP Version ${pkgs.php81.version}" in response, "PHP version not detected" + ''; +}) diff --git a/nixpkgs/nixos/tests/kernel-generic.nix b/nixpkgs/nixos/tests/kernel-generic.nix index e69dd550289c..148f66c464d6 100644 --- a/nixpkgs/nixos/tests/kernel-generic.nix +++ b/nixpkgs/nixos/tests/kernel-generic.nix @@ -32,6 +32,7 @@ let linux_5_15_hardened linux_6_1_hardened linux_6_4_hardened + linux_6_5_hardened linux_rt_5_4 linux_rt_5_10 linux_rt_5_15 diff --git a/nixpkgs/nixos/tests/matrix/synapse-workers.nix b/nixpkgs/nixos/tests/matrix/synapse-workers.nix new file mode 100644 index 000000000000..e90301aeae9e --- /dev/null +++ b/nixpkgs/nixos/tests/matrix/synapse-workers.nix @@ -0,0 +1,50 @@ +import ../make-test-python.nix ({ pkgs, ... }: { + name = "matrix-synapse-workers"; + meta = with pkgs.lib; { + maintainers = teams.matrix.members; + }; + + nodes = { + homeserver = + { pkgs + , nodes + , ... + }: { + services.postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; + + services.matrix-synapse = { + enable = true; + settings = { + database = { + name = "psycopg2"; + args.password = "synapse"; + }; + enable_registration = true; + enable_registration_without_verification = true; + + federation_sender_instances = [ "federation_sender" ]; + }; + configureRedisLocally = true; + workers = { + "federation_sender" = { }; + }; + }; + }; + }; + + testScript = '' + start_all() + + homeserver.wait_for_unit("matrix-synapse.service"); + homeserver.wait_for_unit("matrix-synapse-worker-federation_sender.service"); + ''; +}) diff --git a/nixpkgs/nixos/tests/plausible.nix b/nixpkgs/nixos/tests/plausible.nix index ab91e08beb34..ef32bb3a805f 100644 --- a/nixpkgs/nixos/tests/plausible.nix +++ b/nixpkgs/nixos/tests/plausible.nix @@ -30,6 +30,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine.succeed("curl -f localhost:8000 >&2") + machine.succeed("curl -f localhost:8000/js/script.js >&2") + csrf_token = machine.succeed( "curl -c /tmp/cookies localhost:8000/login | grep '_csrf_token' | sed -E 's,.*value=\"(.*)\".*,\\1,g'" ) diff --git a/nixpkgs/nixos/tests/qgis.nix b/nixpkgs/nixos/tests/qgis.nix new file mode 100644 index 000000000000..7706b8c07747 --- /dev/null +++ b/nixpkgs/nixos/tests/qgis.nix @@ -0,0 +1,30 @@ +import ./make-test-python.nix ({ pkgs, lib, qgisPackage, ... }: + let + testScript = pkgs.writeTextFile { + name = "qgis-test.py"; + text = (builtins.readFile ../../pkgs/applications/gis/qgis/test.py); + }; + in + { + name = "qgis"; + meta = { + maintainers = with lib; [ teams.geospatial.members ]; + }; + + nodes = { + machine = { pkgs, ... }: { + virtualisation.diskSize = 2 * 1024; + + imports = [ ./common/x11.nix ]; + environment.systemPackages = [ qgisPackage ]; + + }; + }; + + testScript = '' + start_all() + + machine.succeed("${qgisPackage}/bin/qgis --version | grep 'QGIS ${qgisPackage.version}'") + machine.succeed("${qgisPackage}/bin/qgis --code ${testScript}") + ''; + }) diff --git a/nixpkgs/nixos/tests/sudo-rs.nix b/nixpkgs/nixos/tests/sudo-rs.nix new file mode 100644 index 000000000000..150c0d5b4f1d --- /dev/null +++ b/nixpkgs/nixos/tests/sudo-rs.nix @@ -0,0 +1,97 @@ +# Some tests to ensure sudo is working properly. +{ pkgs, ... }: +let + inherit (pkgs.lib) mkIf optionalString; + password = "helloworld"; +in + import ./make-test-python.nix ({ lib, pkgs, ...} : { + name = "sudo"; + meta.maintainers = pkgs.sudo-rs.meta.maintainers; + + nodes.machine = + { lib, ... }: + { + environment.systemPackages = [ pkgs.faketty ]; + users.groups = { foobar = {}; barfoo = {}; baz = { gid = 1337; }; }; + users.users = { + test0 = { isNormalUser = true; extraGroups = [ "wheel" ]; }; + test1 = { isNormalUser = true; password = password; }; + test2 = { isNormalUser = true; extraGroups = [ "foobar" ]; password = password; }; + test3 = { isNormalUser = true; extraGroups = [ "barfoo" ]; }; + test4 = { isNormalUser = true; extraGroups = [ "baz" ]; }; + test5 = { isNormalUser = true; }; + }; + + security.sudo = { + enable = true; + package = pkgs.sudo-rs; + wheelNeedsPassword = false; + + extraRules = [ + # SUDOERS SYNTAX CHECK (Test whether the module produces a valid output; + # errors being detected by the visudo checks. + + # These should not create any entries + { users = [ "notest1" ]; commands = [ ]; } + { commands = [ { command = "ALL"; options = [ ]; } ]; } + + # Test defining commands with the options syntax, though not setting any options + { users = [ "notest2" ]; commands = [ { command = "ALL"; options = [ ]; } ]; } + + + # CONFIGURATION FOR TEST CASES + { users = [ "test1" ]; groups = [ "foobar" ]; commands = [ "ALL" ]; } + { groups = [ "barfoo" 1337 ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } + { users = [ "test5" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; runAs = "test1:barfoo"; } + ]; + }; + }; + + nodes.strict = { ... }: { + environment.systemPackages = [ pkgs.faketty ]; + users.users = { + admin = { isNormalUser = true; extraGroups = [ "wheel" ]; }; + noadmin = { isNormalUser = true; }; + }; + + security.sudo = { + package = pkgs.sudo-rs; + enable = true; + wheelNeedsPassword = false; + execWheelOnly = true; + }; + }; + + testScript = + '' + with subtest("users in wheel group should have passwordless sudo"): + machine.succeed('faketty -- su - test0 -c "sudo -u root true"') + + with subtest("test1 user should have sudo with password"): + machine.succeed('faketty -- su - test1 -c "echo ${password} | sudo -S -u root true"') + + with subtest("test1 user should not be able to use sudo without password"): + machine.fail('faketty -- su - test1 -c "sudo -n -u root true"') + + with subtest("users in group 'foobar' should be able to use sudo with password"): + machine.succeed('faketty -- su - test2 -c "echo ${password} | sudo -S -u root true"') + + with subtest("users in group 'barfoo' should be able to use sudo without password"): + machine.succeed("sudo -u test3 sudo -n -u root true") + + with subtest("users in group 'baz' (GID 1337)"): + machine.succeed("sudo -u test4 sudo -n -u root echo true") + + with subtest("test5 user should be able to run commands under test1"): + machine.succeed("sudo -u test5 sudo -n -u test1 true") + + with subtest("test5 user should not be able to run commands under root"): + machine.fail("sudo -u test5 sudo -n -u root true") + + with subtest("users in wheel should be able to run sudo despite execWheelOnly"): + strict.succeed('faketty -- su - admin -c "sudo -u root true"') + + with subtest("non-wheel users should be unable to run sudo thanks to execWheelOnly"): + strict.fail('faketty -- su - noadmin -c "sudo --help"') + ''; + }) diff --git a/nixpkgs/nixos/tests/wordpress.nix b/nixpkgs/nixos/tests/wordpress.nix index 4e322774fef5..106bbff46c54 100644 --- a/nixpkgs/nixos/tests/wordpress.nix +++ b/nixpkgs/nixos/tests/wordpress.nix @@ -67,7 +67,7 @@ rec { networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ]; }; }) {} [ - "6_1" "6_2" + "6_1" "6_2" "6_3" ]; testScript = '' diff --git a/nixpkgs/nixos/tests/zfs.nix b/nixpkgs/nixos/tests/zfs.nix index 8e52e0065745..800f5e43cd15 100644 --- a/nixpkgs/nixos/tests/zfs.nix +++ b/nixpkgs/nixos/tests/zfs.nix @@ -113,6 +113,8 @@ let }; testScript = '' + # TODO: Remove this when upgrading stable to zfs 2.2.0 + unstable = ${if enableUnstable then "True" else "False"}; machine.wait_for_unit("multi-user.target") machine.succeed( "zpool status", @@ -133,9 +135,10 @@ let ) machine.crash() machine.wait_for_unit("multi-user.target") + machine.succeed("zfs set sharesmb=on rpool/shared_smb") + if not unstable: + machine.succeed("zfs share rpool/shared_smb") machine.succeed( - "zfs set sharesmb=on rpool/shared_smb", - "zfs share rpool/shared_smb", "smbclient -gNL localhost | grep rpool_shared_smb", "umount /tmp/mnt", "zpool destroy rpool", |