diff options
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/all-tests.nix | 3 | ||||
| -rw-r--r-- | nixos/tests/libxmlb.nix | 17 | ||||
| -rw-r--r-- | nixos/tests/nginx.nix | 60 | ||||
| -rw-r--r-- | nixos/tests/php-pcre.nix | 41 | ||||
| -rw-r--r-- | nixos/tests/subversion.nix | 121 | ||||
| -rw-r--r-- | nixos/tests/systemd-networkd-wireguard.nix | 80 | ||||
| -rw-r--r-- | nixos/tests/trezord.nix | 20 |
7 files changed, 181 insertions, 161 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 943bf12c254a..3ac3d683b535 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -142,6 +142,7 @@ in latestKernel.login = handleTest ./login.nix { latestKernel = true; }; ldap = handleTest ./ldap.nix {}; leaps = handleTest ./leaps.nix {}; + libxmlb = handleTest ./libxmlb.nix {}; lidarr = handleTest ./lidarr.nix {}; lightdm = handleTest ./lightdm.nix {}; limesurvey = handleTest ./limesurvey.nix {}; @@ -255,6 +256,7 @@ in systemd = handleTest ./systemd.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; + systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {}; pdns-recursor = handleTest ./pdns-recursor.nix {}; taskserver = handleTest ./taskserver.nix {}; telegraf = handleTest ./telegraf.nix {}; @@ -262,6 +264,7 @@ in tinydns = handleTest ./tinydns.nix {}; tor = handleTest ./tor.nix {}; transmission = handleTest ./transmission.nix {}; + trezord = handleTest ./trezord.nix {}; udisks2 = handleTest ./udisks2.nix {}; upnp = handleTest ./upnp.nix {}; uwsgi = handleTest ./uwsgi.nix {}; diff --git a/nixos/tests/libxmlb.nix b/nixos/tests/libxmlb.nix new file mode 100644 index 000000000000..3bee568ac5a2 --- /dev/null +++ b/nixos/tests/libxmlb.nix @@ -0,0 +1,17 @@ +# run installed tests +import ./make-test.nix ({ pkgs, ... }: + +{ + name = "libxmlb"; + meta = { + maintainers = pkgs.libxmlb.meta.maintainers; + }; + + machine = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ gnome-desktop-testing ]; + }; + + testScript = '' + $machine->succeed("gnome-desktop-testing-runner -d '${pkgs.libxmlb.installedTests}/share'"); + ''; +}) diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix index d66d99821c11..d0b7306ae83b 100644 --- a/nixos/tests/nginx.nix +++ b/nixos/tests/nginx.nix @@ -3,15 +3,15 @@ # generated virtual hosts config. # 2. whether the ETag header is properly generated whenever we're serving # files in Nix store paths - +# 3. nginx doesn't restart on configuration changes (only reloads) import ./make-test.nix ({ pkgs, ... }: { name = "nginx"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ mbbx6spp ]; }; - nodes = let - commonConfig = { pkgs, ... }: { + nodes = { + webserver = { pkgs, lib, ... }: { services.nginx.enable = true; services.nginx.commonHttpConfig = '' log_format ceeformat '@cee: {"status":"$status",' @@ -32,30 +32,42 @@ import ./make-test.nix ({ pkgs, ... }: { location /favicon.ico { allow all; access_log off; log_not_found off; } ''; }; + services.nginx.virtualHosts.localhost = { root = pkgs.runCommand "testdir" {} '' mkdir "$out" echo hello world > "$out/index.html" ''; }; - }; - in { - webserver = commonConfig; - newwebserver = { pkgs, lib, ... }: { - imports = [ commonConfig ]; - services.nginx.virtualHosts.localhost = { - root = lib.mkForce (pkgs.runCommand "testdir2" {} '' - mkdir "$out" - echo hello world > "$out/index.html" - ''); - }; + services.nginx.enableReload = true; + + nesting.clone = [ + { + services.nginx.virtualHosts.localhost = { + root = lib.mkForce (pkgs.runCommand "testdir2" {} '' + mkdir "$out" + echo content changed > "$out/index.html" + ''); + }; + } + + { + services.nginx.virtualHosts."1.my.test".listen = [ { addr = "127.0.0.1"; port = 8080; }]; + } + + { + services.nginx.package = pkgs.nginxUnstable; + } + ]; }; + }; testScript = { nodes, ... }: let - newServerSystem = nodes.newwebserver.config.system.build.toplevel; - switch = "${newServerSystem}/bin/switch-to-configuration test"; + etagSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-1"; + justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-2"; + reloadRestartSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-3"; in '' my $url = 'http://localhost/index.html'; @@ -77,9 +89,23 @@ import ./make-test.nix ({ pkgs, ... }: { subtest "check ETag if serving Nix store paths", sub { my $oldEtag = checkEtag; - $webserver->succeed('${switch}'); + $webserver->succeed("${etagSystem}/bin/switch-to-configuration test >&2"); + $webserver->sleep(1); # race condition my $newEtag = checkEtag; die "Old ETag $oldEtag is the same as $newEtag" if $oldEtag eq $newEtag; }; + + subtest "config is reloaded on nixos-rebuild switch", sub { + $webserver->succeed("${justReloadSystem}/bin/switch-to-configuration test >&2"); + $webserver->waitForOpenPort("8080"); + $webserver->fail("journalctl -u nginx | grep -q -i stopped"); + $webserver->succeed("journalctl -u nginx | grep -q -i reloaded"); + }; + + subtest "restart when nginx package changes", sub { + $webserver->succeed("${reloadRestartSystem}/bin/switch-to-configuration test >&2"); + $webserver->waitForUnit("nginx"); + $webserver->succeed("journalctl -u nginx | grep -q -i stopped"); + }; ''; }) diff --git a/nixos/tests/php-pcre.nix b/nixos/tests/php-pcre.nix index 19bde9babad5..ae44aec7944f 100644 --- a/nixos/tests/php-pcre.nix +++ b/nixos/tests/php-pcre.nix @@ -8,30 +8,25 @@ import ./make-test.nix ({ ...}: { services.httpd = { enable = true; adminAddr = "please@dont.contact"; - extraSubservices = lib.singleton { - function = f: { - enablePHP = true; - phpOptions = "pcre.jit = true"; + enablePHP = true; + phpOptions = "pcre.jit = true"; + extraConfig = + let + testRoot = pkgs.writeText "index.php" + '' + <?php + preg_match('/(${testString})/', '${testString}', $result); + var_dump($result); + ?> + ''; + in + '' + Alias / ${testRoot}/ - extraConfig = - let - testRoot = pkgs.writeText "index.php" - '' - <?php - preg_match('/(${testString})/', '${testString}', $result); - var_dump($result); - ?> - ''; - in - '' - Alias / ${testRoot}/ - - <Directory ${testRoot}> - Require all granted - </Directory> - ''; - }; - }; + <Directory ${testRoot}> + Require all granted + </Directory> + ''; }; }; testScript = { ... }: diff --git a/nixos/tests/subversion.nix b/nixos/tests/subversion.nix deleted file mode 100644 index e7b99b10602a..000000000000 --- a/nixos/tests/subversion.nix +++ /dev/null @@ -1,121 +0,0 @@ -import ./make-test.nix ({ pkgs, ...} : - -let - - # Build some packages with coverage instrumentation. - overrides = pkgs: - with pkgs.stdenvAdapters; - let - do = pkg: pkg.override (args: { - stdenv = addCoverageInstrumentation args.stdenv; - }); - in - rec { - apr = do pkgs.apr; - aprutil = do pkgs.aprutil; - apacheHttpd = do pkgs.apacheHttpd; - mod_python = do pkgs.mod_python; - subversion = do pkgs.subversion; - - # To build the kernel with coverage instrumentation, we need a - # special patch to make coverage data available under /proc. - linux = pkgs.linux.override (orig: { - stdenv = overrideInStdenv pkgs.stdenv [ pkgs.keepBuildTree ]; - extraConfig = - '' - GCOV_KERNEL y - GCOV_PROFILE_ALL y - ''; - }); - }; - -in - -{ - name = "subversion"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ eelco ]; - }; - - nodes = - { webserver = - { ... }: - - { - services.httpd.enable = true; - services.httpd.adminAddr = "e.dolstra@tudelft.nl"; - services.httpd.extraSubservices = - [ { function = import <services/subversion>; - urlPrefix = ""; - dataDir = "/data/subversion"; - userCreationDomain = "192.168.0.0/16"; - } - ]; - nixpkgs.config.packageOverrides = overrides; - }; - - client = - { pkgs, ... }: - - { - environment.systemPackages = [ pkgs.subversion ]; - nixpkgs.config.packageOverrides = overrides; - }; - - }; - - testScript = - '' - startAll; - - $webserver->waitForOpenPort(80); - - print STDERR $client->succeed("svn --version"); - - print STDERR $client->succeed("curl --fail http://webserver/"); - - # Create a new user through the web interface. - $client->succeed("curl --fail -F username=alice -F fullname='Alice Lastname' -F address=alice\@example.org -F password=foobar -F password_again=foobar http://webserver/repoman/adduser"); - - # Let Alice create a new repository. - $client->succeed("curl --fail -u alice:foobar --form repo=xyzzy --form description=Xyzzy http://webserver/repoman/create"); - - $client->succeed("curl --fail http://webserver/") =~ /alice/ or die; - - # Let Alice do a checkout. - my $svnFlags = "--non-interactive --username alice --password foobar"; - $client->succeed("svn co $svnFlags http://webserver/repos/xyzzy wc"); - $client->succeed("echo hello > wc/world"); - $client->succeed("svn add wc/world"); - $client->succeed("svn ci $svnFlags -m 'Added world.' wc/world"); - - # Create a new user on the server through the create-user.pl script. - $webserver->execute("svn-server-create-user.pl bob bob\@example.org Bob"); - $webserver->succeed("svn-server-resetpw.pl bob fnord"); - $client->succeed("curl --fail http://webserver/") =~ /bob/ or die; - - # Bob should not have access to the repo. - my $svnFlagsBob = "--non-interactive --username bob --password fnord"; - $client->fail("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2"); - - # Bob should not be able change the ACLs of the repo. - # !!! Repoman should really return a 403 here. - $client->succeed("curl --fail -u bob:fnord -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy") - =~ /not authorised/ or die; - - # Give Bob access. - $client->succeed("curl --fail -u alice:foobar -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy"); - - # So now his checkout should succeed. - $client->succeed("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2"); - - # Test ViewVC and WebSVN - $client->succeed("curl --fail -u alice:foobar http://webserver/viewvc/xyzzy"); - $client->succeed("curl --fail -u alice:foobar http://webserver/websvn/xyzzy"); - $client->succeed("curl --fail -u alice:foobar http://webserver/repos-xml/xyzzy"); - - # Stop Apache to gather all the coverage data. - $webserver->stopJob("httpd"); - ''; - -}) diff --git a/nixos/tests/systemd-networkd-wireguard.nix b/nixos/tests/systemd-networkd-wireguard.nix new file mode 100644 index 000000000000..f1ce1e791ce3 --- /dev/null +++ b/nixos/tests/systemd-networkd-wireguard.nix @@ -0,0 +1,80 @@ +let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ...}: { + imports = [ common/user-account.nix ]; + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; + networking.useNetworkd = true; + networking.firewall.enable = false; + virtualisation.vlans = [ 1 ]; + environment.systemPackages = with pkgs; [ wireguard-tools ]; + boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; + systemd.network = { + enable = true; + netdevs = { + "90-wg0" = { + netdevConfig = { Kind = "wireguard"; Name = "wg0"; }; + wireguardConfig = { + PrivateKeyFile = privkpath ; + ListenPort = 51820; + FwMark = 42; + }; + wireguardPeers = [ {wireguardPeerConfig={ + Endpoint = "192.168.1.${peerId}:51820"; + PublicKey = pubk; + PresharedKeyFile = pkgs.writeText "psk.key" "yTL3sCOL33Wzi6yCnf9uZQl/Z8laSE+zwpqOHC4HhFU="; + AllowedIPs = [ "10.0.0.${peerId}/32" ]; + PersistentKeepalive = 15; + };}]; + }; + }; + networks = { + "99-nope" = { + matchConfig.Name = "eth*"; + linkConfig.Unmanaged = true; + }; + "90-wg0" = { + matchConfig = { Name = "wg0"; }; + address = [ "10.0.0.${nodeId}/32" ]; + routes = [ + { routeConfig = { Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; }; } + ]; + }; + "90-eth1" = { + matchConfig = { Name = "eth1"; }; + address = [ "192.168.1.${nodeId}/24" ]; + }; + }; + }; + }; +in import ./make-test.nix ({pkgs, ... }: { + name = "networkd-wireguard"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ninjatrappeur ]; + }; + nodes = { + node1 = { pkgs, ... }@attrs: + let localConf = { + privkpath = pkgs.writeText "priv.key" "GDiXWlMQKb379XthwX0haAbK6hTdjblllpjGX0heP00="; + pubk = "iRxpqj42nnY0Qz8MAQbSm7bXxXP5hkPqWYIULmvW+EE="; + nodeId = "1"; + peerId = "2"; + }; + in generateNodeConf (attrs // localConf); + + node2 = { pkgs, ... }@attrs: + let localConf = { + privkpath = pkgs.writeText "priv.key" "eHxSI2jwX/P4AOI0r8YppPw0+4NZnjOxfbS5mt06K2k="; + pubk = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; + nodeId = "2"; + peerId = "1"; + }; + in generateNodeConf (attrs // localConf); + }; +testScript = '' + startAll; + $node1->waitForUnit('systemd-networkd-wait-online.service'); + $node2->waitForUnit('systemd-networkd-wait-online.service'); + $node1->succeed('ping -c 5 10.0.0.2'); + $node2->succeed('ping -c 5 10.0.0.1'); + # Is the fwmark set? + $node2->succeed('wg | grep -q 42'); +''; +}) diff --git a/nixos/tests/trezord.nix b/nixos/tests/trezord.nix new file mode 100644 index 000000000000..1c85bf539345 --- /dev/null +++ b/nixos/tests/trezord.nix @@ -0,0 +1,20 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "trezord"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mmahut ]; + }; + + nodes = { + machine = { ... }: { + services.trezord.enable = true; + services.trezord.emulator.enable = true; + }; + }; + + testScript = '' + startAll; + $machine->waitForUnit("trezord.service"); + $machine->waitForOpenPort(21325); + $machine->waitUntilSucceeds("curl -L http://localhost:21325/status/ | grep Version"); + ''; +}) |