diff options
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/boot-stage1.nix | 1 | ||||
-rw-r--r-- | nixos/tests/ferm.nix | 72 | ||||
-rw-r--r-- | nixos/tests/postgis.nix | 30 | ||||
-rw-r--r-- | nixos/tests/quagga.nix | 97 | ||||
-rw-r--r-- | nixos/tests/virtualbox.nix | 11 |
5 files changed, 211 insertions, 0 deletions
diff --git a/nixos/tests/boot-stage1.nix b/nixos/tests/boot-stage1.nix index ad253d23c543..ccd8394a1f03 100644 --- a/nixos/tests/boot-stage1.nix +++ b/nixos/tests/boot-stage1.nix @@ -8,6 +8,7 @@ import ./make-test.nix ({ pkgs, ... }: { kdev = config.boot.kernelPackages.kernel.dev; kver = config.boot.kernelPackages.kernel.modDirVersion; ksrc = "${kdev}/lib/modules/${kver}/build"; + hardeningDisable = [ "pic" ]; } '' echo "obj-m += $name.o" > Makefile echo "$source" > "$name.c" diff --git a/nixos/tests/ferm.nix b/nixos/tests/ferm.nix new file mode 100644 index 000000000000..8f2a8c01eebc --- /dev/null +++ b/nixos/tests/ferm.nix @@ -0,0 +1,72 @@ + +import ./make-test.nix ({ pkgs, ...} : { + name = "ferm"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mic92 ]; + }; + + nodes = + { client = + { config, pkgs, ... }: + with pkgs.lib; + { + networking = { + interfaces.eth1.ip6 = mkOverride 0 [ { address = "fd00::2"; prefixLength = 64; } ]; + interfaces.eth1.ip4 = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ]; + }; + }; + server = + { config, pkgs, ... }: + with pkgs.lib; + { + networking = { + interfaces.eth1.ip6 = mkOverride 0 [ { address = "fd00::1"; prefixLength = 64; } ]; + interfaces.eth1.ip4 = mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ]; + }; + + services = { + ferm.enable = true; + ferm.config = '' + domain (ip ip6) table filter chain INPUT { + interface lo ACCEPT; + proto tcp dport 8080 REJECT reject-with tcp-reset; + } + ''; + nginx.enable = true; + nginx.httpConfig = '' + server { + listen 80; + listen [::]:80; + listen 8080; + listen [::]:8080; + + location /status { stub_status on; } + } + ''; + }; + }; + }; + + testScript = + '' + startAll; + + $client->waitForUnit("network.target"); + $server->waitForUnit("ferm.service"); + $server->waitForUnit("nginx.service"); + $server->waitUntilSucceeds("ss -ntl | grep -q 80"); + + subtest "port 80 is allowed", sub { + $client->succeed("curl --fail -g http://192.168.1.1:80/status"); + $client->succeed("curl --fail -g http://[fd00::1]:80/status"); + }; + + subtest "port 8080 is not allowed", sub { + $server->succeed("curl --fail -g http://192.168.1.1:8080/status"); + $server->succeed("curl --fail -g http://[fd00::1]:8080/status"); + + $client->fail("curl --fail -g http://192.168.1.1:8080/status"); + $client->fail("curl --fail -g http://[fd00::1]:8080/status"); + }; + ''; +}) diff --git a/nixos/tests/postgis.nix b/nixos/tests/postgis.nix new file mode 100644 index 000000000000..1dba5c363c09 --- /dev/null +++ b/nixos/tests/postgis.nix @@ -0,0 +1,30 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "postgis"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ lsix ]; + }; + + nodes = { + master = + { pkgs, config, ... }: + + { + services.postgresql = let mypg = pkgs.postgresql95; in { + enable = true; + package = mypg; + extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_2_1 ]; + initialScript = pkgs.writeText "postgresql-init.sql" + '' + CREATE ROLE postgres WITH superuser login createdb; + ''; + }; + }; + }; + + testScript = '' + startAll; + $master->waitForUnit("postgresql"); + $master->sleep(10); # Hopefully this is long enough!! + $master->succeed("sudo -u postgres psql -c 'CREATE EXTENSION postgis;'"); + ''; +}) diff --git a/nixos/tests/quagga.nix b/nixos/tests/quagga.nix new file mode 100644 index 000000000000..b9644b4768c0 --- /dev/null +++ b/nixos/tests/quagga.nix @@ -0,0 +1,97 @@ +# This test runs Quagga and checks if OSPF routing works. +# +# Network topology: +# [ client ]--net1--[ router1 ]--net2--[ router2 ]--net3--[ server ] +# +# All interfaces are in OSPF Area 0. + +import ./make-test.nix ({ pkgs, ... }: + let + + ifAddr = node: iface: (pkgs.lib.head node.config.networking.interfaces.${iface}.ip4).address; + + ospfConf = '' + interface eth2 + ip ospf hello-interval 1 + ip ospf dead-interval 5 + ! + router ospf + network 192.168.0.0/16 area 0 + ''; + + in + { + name = "quagga"; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ tavyc ]; + }; + + nodes = { + + client = + { config, pkgs, nodes, ... }: + { + virtualisation.vlans = [ 1 ]; + networking.defaultGateway = ifAddr nodes.router1 "eth1"; + }; + + router1 = + { config, pkgs, nodes, ... }: + { + virtualisation.vlans = [ 1 2 ]; + boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; + networking.firewall.extraCommands = "iptables -A nixos-fw -i eth2 -p ospf -j ACCEPT"; + services.quagga.ospf = { + enable = true; + config = ospfConf; + }; + }; + + router2 = + { config, pkgs, nodes, ... }: + { + virtualisation.vlans = [ 3 2 ]; + boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; + networking.firewall.extraCommands = "iptables -A nixos-fw -i eth2 -p ospf -j ACCEPT"; + services.quagga.ospf = { + enable = true; + config = ospfConf; + }; + }; + + server = + { config, pkgs, nodes, ... }: + { + virtualisation.vlans = [ 3 ]; + networking.defaultGateway = ifAddr nodes.router2 "eth1"; + networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowPing = true; + services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.com"; + }; + }; + + testScript = + { nodes, ... }: + '' + startAll; + + # Wait for the networking to start on all machines + $_->waitForUnit("network.target") foreach values %vms; + + # Wait for OSPF to form adjacencies + for my $gw ($router1, $router2) { + $gw->waitForUnit("ospfd"); + $gw->waitUntilSucceeds("vtysh -c 'show ip ospf neighbor' | grep Full"); + $gw->waitUntilSucceeds("vtysh -c 'show ip route' | grep '^O>'"); + } + + # Test ICMP. + $client->succeed("ping -c 3 server >&2"); + + # Test whether HTTP works. + $server->waitForUnit("httpd"); + $client->succeed("curl --fail http://server/ >&2"); + ''; + }) diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index e85ff2380893..ab4d46ab7e15 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -314,6 +314,9 @@ let test2.vmFlags = hostonlyVMFlags; test2.vmScript = dhcpScript; + + headless.virtualisation.virtualbox.headless = true; + headless.services.xserver.enable = false; }; mkVBoxTest = name: testScript: makeTest { @@ -402,6 +405,14 @@ in mapAttrs mkVBoxTest { shutdownVM_simple; ''; + headless = '' + createVM_headless; + $machine->succeed(ru("VBoxHeadless --startvm headless & disown %1")); + waitForStartup_headless; + waitForVMBoot_headless; + shutdownVM_headless; + ''; + host-usb-permissions = '' my $userUSB = removeUUIDs vbm("list usbhost"); print STDERR $userUSB; |