diff options
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/all-tests.nix | 5 | ||||
| -rw-r--r-- | nixos/tests/buildbot.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/cage.nix | 43 | ||||
| -rw-r--r-- | nixos/tests/gitdaemon.nix | 64 | ||||
| -rw-r--r-- | nixos/tests/initrd-network.nix | 15 | ||||
| -rw-r--r-- | nixos/tests/opensmtpd.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/predictable-interface-names.nix | 6 | ||||
| -rw-r--r-- | nixos/tests/prometheus-exporters.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/rsyslogd.nix | 30 | ||||
| -rw-r--r-- | nixos/tests/service-runner.nix | 36 | ||||
| -rw-r--r-- | nixos/tests/systemd-networkd.nix (renamed from nixos/tests/systemd-networkd-wireguard.nix) | 35 |
11 files changed, 215 insertions, 25 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 2e547780439a..7dd0f23df658 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -39,6 +39,7 @@ in buildbot = handleTest ./buildbot.nix {}; caddy = handleTest ./caddy.nix {}; cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {}; + cage = handleTest ./cage.nix {}; cassandra = handleTest ./cassandra.nix {}; ceph-single-node = handleTestOn ["x86_64-linux"] ./ceph-single-node.nix {}; ceph-multi-node = handleTestOn ["x86_64-linux"] ./ceph-multi-node.nix {}; @@ -98,6 +99,7 @@ in fsck = handleTest ./fsck.nix {}; gotify-server = handleTest ./gotify-server.nix {}; grocy = handleTest ./grocy.nix {}; + gitdaemon = handleTest ./gitdaemon.nix {}; gitea = handleTest ./gitea.nix {}; gitlab = handleTest ./gitlab.nix {}; gitolite = handleTest ./gitolite.nix {}; @@ -262,6 +264,7 @@ in samba = handleTest ./samba.nix {}; sanoid = handleTest ./sanoid.nix {}; sddm = handleTest ./sddm.nix {}; + service-runner = handleTest ./service-runner.nix {}; shiori = handleTest ./shiori.nix {}; signal-desktop = handleTest ./signal-desktop.nix {}; simple = handleTest ./simple.nix {}; @@ -282,7 +285,7 @@ in systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {}; - systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {}; + systemd-networkd = handleTest ./systemd-networkd.nix {}; systemd-nspawn = handleTest ./systemd-nspawn.nix {}; pdns-recursor = handleTest ./pdns-recursor.nix {}; taskserver = handleTest ./taskserver.nix {}; diff --git a/nixos/tests/buildbot.nix b/nixos/tests/buildbot.nix index 5655a34a8b51..0d979dc2d054 100644 --- a/nixos/tests/buildbot.nix +++ b/nixos/tests/buildbot.nix @@ -41,7 +41,7 @@ import ./make-test-python.nix { systemd.services.git-daemon = { description = "Git daemon for the test"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + after = [ "network.target" "sshd.service" ]; serviceConfig.Restart = "always"; path = with pkgs; [ coreutils git openssh ]; diff --git a/nixos/tests/cage.nix b/nixos/tests/cage.nix new file mode 100644 index 000000000000..a6f73e00c066 --- /dev/null +++ b/nixos/tests/cage.nix @@ -0,0 +1,43 @@ +import ./make-test-python.nix ({ pkgs, ...} : + +{ + name = "cage"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ matthewbauer flokli ]; + }; + + machine = { ... }: + + { + imports = [ ./common/user-account.nix ]; + services.cage = { + enable = true; + user = "alice"; + program = "${pkgs.xterm}/bin/xterm -cm -pc"; # disable color and bold to make OCR easier + }; + + # this needs a fairly recent kernel, otherwise: + # [backend/drm/util.c:215] Unable to add DRM framebuffer: No such file or directory + # [backend/drm/legacy.c:15] Virtual-1: Failed to set CRTC: No such file or directory + # [backend/drm/util.c:215] Unable to add DRM framebuffer: No such file or directory + # [backend/drm/legacy.c:15] Virtual-1: Failed to set CRTC: No such file or directory + # [backend/drm/drm.c:618] Failed to initialize renderer on connector 'Virtual-1': initial page-flip failed + # [backend/drm/drm.c:701] Failed to initialize renderer for plane + boot.kernelPackages = pkgs.linuxPackages_latest; + + virtualisation.memorySize = 1024; + }; + + enableOCR = true; + + testScript = { nodes, ... }: let + user = nodes.machine.config.users.users.alice; + in '' + with subtest("Wait for cage to boot up"): + start_all() + machine.wait_for_file("/run/user/${toString user.uid}/wayland-0.lock") + machine.wait_until_succeeds("pgrep xterm") + machine.wait_for_text("alice@machine") + machine.screenshot("screen") + ''; +}) diff --git a/nixos/tests/gitdaemon.nix b/nixos/tests/gitdaemon.nix new file mode 100644 index 000000000000..b610caf06fb2 --- /dev/null +++ b/nixos/tests/gitdaemon.nix @@ -0,0 +1,64 @@ +import ./make-test-python.nix ({ pkgs, ... }: + +let + hashes = pkgs.writeText "hashes" '' + b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c /project/bar + ''; +in { + name = "gitdaemon"; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ tilpner ]; + }; + + nodes = { + server = + { config, ... }: { + networking.firewall.allowedTCPPorts = [ config.services.gitDaemon.port ]; + + environment.systemPackages = [ pkgs.git ]; + + services.gitDaemon = { + enable = true; + basePath = "/git"; + }; + }; + + client = + { pkgs, ... }: { + environment.systemPackages = [ pkgs.git ]; + }; + }; + + testScript = '' + start_all() + + with subtest("create project.git"): + server.succeed( + "mkdir /git", + "git init --bare /git/project.git", + "touch /git/project.git/git-daemon-export-ok", + ) + + with subtest("add file to project.git"): + server.succeed( + "git clone /git/project.git /project", + "echo foo > /project/bar", + "git config --global user.email 'you@example.com'", + "git config --global user.name 'Your Name'", + "git -C /project add bar", + "git -C /project commit -m 'quux'", + "git -C /project push", + "rm -r /project", + ) + + with subtest("git daemon starts"): + server.wait_for_unit("git-daemon.service") + + with subtest("client can clone project.git"): + client.succeed( + "git clone git://server/project.git /project", + "sha256sum -c ${hashes}", + ) + ''; +}) diff --git a/nixos/tests/initrd-network.nix b/nixos/tests/initrd-network.nix index 4796ff9b7c8d..9c35b7305768 100644 --- a/nixos/tests/initrd-network.nix +++ b/nixos/tests/initrd-network.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, lib, ...} : { name = "initrd-network"; meta.maintainers = [ pkgs.stdenv.lib.maintainers.eelco ]; @@ -8,15 +8,26 @@ import ./make-test-python.nix ({ pkgs, ...} : { boot.initrd.network.enable = true; boot.initrd.network.postCommands = '' + ip addr show + ip route show ip addr | grep 10.0.2.15 || exit 1 ping -c1 10.0.2.2 || exit 1 ''; + # Check if cleanup was done correctly + boot.initrd.postMountCommands = lib.mkAfter + '' + ip addr show + ip route show + ip addr | grep 10.0.2.15 && exit 1 + ping -c1 10.0.2.2 && exit 1 + ''; }; testScript = '' start_all() machine.wait_for_unit("multi-user.target") - machine.succeed("ip link >&2") + machine.succeed("ip addr show >&2") + machine.succeed("ip route show >&2") ''; }) diff --git a/nixos/tests/opensmtpd.nix b/nixos/tests/opensmtpd.nix index e6f52db1d984..17c1a569ba0d 100644 --- a/nixos/tests/opensmtpd.nix +++ b/nixos/tests/opensmtpd.nix @@ -121,5 +121,5 @@ import ./make-test-python.nix { client.succeed("check-mail-landed >&2") ''; - meta.timeout = 30; + meta.timeout = 1800; } diff --git a/nixos/tests/predictable-interface-names.nix b/nixos/tests/predictable-interface-names.nix index 83883477a5cc..bab091d57acf 100644 --- a/nixos/tests/predictable-interface-names.nix +++ b/nixos/tests/predictable-interface-names.nix @@ -17,6 +17,12 @@ in pkgs.lib.listToAttrs (pkgs.lib.crossLists (predictable: withNetworkd: { networking.useNetworkd = withNetworkd; networking.dhcpcd.enable = !withNetworkd; networking.useDHCP = !withNetworkd; + + # Check if predictable interface names are working in stage-1 + boot.initrd.postDeviceCommands = '' + ip link + ip link show eth0 ${if predictable then "&&" else "||"} exit 1 + ''; }; testScript = '' diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 563f24726477..3d0d00bfbe63 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -287,7 +287,7 @@ let services.nginx = { enable = true; statusPage = true; - virtualHosts."/".extraConfig = "return 204;"; + virtualHosts."test".extraConfig = "return 204;"; }; }; exporterTest = '' diff --git a/nixos/tests/rsyslogd.nix b/nixos/tests/rsyslogd.nix index f17e61814c5e..50523920c60b 100644 --- a/nixos/tests/rsyslogd.nix +++ b/nixos/tests/rsyslogd.nix @@ -3,40 +3,38 @@ pkgs ? import ../.. { inherit system config; } }: -with import ../lib/testing.nix { inherit system pkgs; }; +with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; { test1 = makeTest { name = "rsyslogd-test1"; - meta.maintainers = [ maintainers.aanderse ]; + meta.maintainers = [ pkgs.stdenv.lib.maintainers.aanderse ]; - machine = - { config, pkgs, ... }: - { services.rsyslogd.enable = true; - services.journald.forwardToSyslog = false; - }; + machine = { config, pkgs, ... }: { + services.rsyslogd.enable = true; + services.journald.forwardToSyslog = false; + }; # ensure rsyslogd isn't receiving messages from journald if explicitly disabled testScript = '' - $machine->waitForUnit("default.target"); - $machine->fail("test -f /var/log/messages"); + machine.wait_for_unit("default.target") + machine.fail("test -f /var/log/messages") ''; }; test2 = makeTest { name = "rsyslogd-test2"; - meta.maintainers = [ maintainers.aanderse ]; + meta.maintainers = [ pkgs.stdenv.lib.maintainers.aanderse ]; - machine = - { config, pkgs, ... }: - { services.rsyslogd.enable = true; - }; + machine = { config, pkgs, ... }: { + services.rsyslogd.enable = true; + }; # ensure rsyslogd is receiving messages from journald testScript = '' - $machine->waitForUnit("default.target"); - $machine->succeed("test -f /var/log/messages"); + machine.wait_for_unit("default.target") + machine.succeed("test -f /var/log/messages") ''; }; } diff --git a/nixos/tests/service-runner.nix b/nixos/tests/service-runner.nix new file mode 100644 index 000000000000..adb3fcd36d7a --- /dev/null +++ b/nixos/tests/service-runner.nix @@ -0,0 +1,36 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "service-runner"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ roberth ]; + }; + + nodes = { + machine = { pkgs, lib, ... }: { + services.nginx.enable = true; + services.nginx.virtualHosts.machine.root = pkgs.runCommand "webroot" {} '' + mkdir $out + echo 'yay' >$out/index.html + ''; + systemd.services.nginx.enable = false; + }; + + }; + + testScript = { nodes, ... }: '' + url = "http://localhost/index.html" + + with subtest("check systemd.services.nginx.runner"): + machine.fail(f"curl {url}") + machine.succeed( + """ + mkdir -p /run/nginx /var/spool/nginx/logs + ${nodes.machine.config.systemd.services.nginx.runner} & + echo $!>my-nginx.pid + """ + ) + machine.wait_for_open_port(80) + machine.succeed(f"curl {url}") + machine.succeed("kill -INT $(cat my-nginx.pid)") + machine.wait_for_closed_port(80) + ''; +}) diff --git a/nixos/tests/systemd-networkd-wireguard.nix b/nixos/tests/systemd-networkd.nix index be5c0da981d2..319e5e94eceb 100644 --- a/nixos/tests/systemd-networkd-wireguard.nix +++ b/nixos/tests/systemd-networkd.nix @@ -41,15 +41,25 @@ let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: { { routeConfig = { Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; }; } ]; }; - "90-eth1" = { + "30-eth1" = { matchConfig = { Name = "eth1"; }; - address = [ "192.168.1.${nodeId}/24" ]; + address = [ + "192.168.1.${nodeId}/24" + "fe80::${nodeId}/64" + ]; + routingPolicyRules = [ + { routingPolicyRuleConfig = { Table = 10; IncomingInterface = "eth1"; Family = "both"; };} + { routingPolicyRuleConfig = { Table = 20; OutgoingInterface = "eth1"; };} + { routingPolicyRuleConfig = { Table = 30; From = "192.168.1.1"; To = "192.168.1.2"; SourcePort = 666 ; DestinationPort = 667; };} + { routingPolicyRuleConfig = { Table = 40; IPProtocol = "tcp"; InvertRule = true; };} + { routingPolicyRuleConfig = { Table = 50; IncomingInterface = "eth1"; Family = "ipv4"; };} + ]; }; }; }; }; in import ./make-test-python.nix ({pkgs, ... }: { - name = "networkd-wireguard"; + name = "networkd"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ninjatrappeur ]; }; @@ -76,9 +86,28 @@ testScript = '' start_all() node1.wait_for_unit("systemd-networkd-wait-online.service") node2.wait_for_unit("systemd-networkd-wait-online.service") + + # ================================ + # Wireguard + # ================================ node1.succeed("ping -c 5 10.0.0.2") node2.succeed("ping -c 5 10.0.0.1") # Is the fwmark set? node2.succeed("wg | grep -q 42") + + # ================================ + # Routing Policies + # ================================ + # Testing all the routingPolicyRuleConfig members: + # Table + IncomingInterface + node1.succeed("sudo ip rule | grep 'from all iif eth1 lookup 10'") + # OutgoingInterface + node1.succeed("sudo ip rule | grep 'from all oif eth1 lookup 20'") + # From + To + SourcePort + DestinationPort + node1.succeed( + "sudo ip rule | grep 'from 192.168.1.1 to 192.168.1.2 sport 666 dport 667 lookup 30'" + ) + # IPProtocol + InvertRule + node1.succeed("sudo ip rule | grep 'not from all ipproto tcp lookup 40'") ''; }) |