diff options
Diffstat (limited to 'nixpkgs/nixos/tests')
46 files changed, 860 insertions, 132 deletions
diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index 7376cd40b910..2c08fdba6c98 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -290,8 +290,8 @@ in { activation-etc-overlay-mutable = runTest ./activation/etc-overlay-mutable.nix; activation-etc-overlay-immutable = runTest ./activation/etc-overlay-immutable.nix; activation-perlless = runTest ./activation/perlless.nix; - etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; - etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {}; + etcd = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./etcd/etcd.nix {}; + etcd-cluster = handleTestOn [ "aarch64-linux" "x86_64-linux" ] ./etcd/etcd-cluster.nix {}; etebase-server = handleTest ./etebase-server.nix {}; etesync-dav = handleTest ./etesync-dav.nix {}; evcc = handleTest ./evcc.nix {}; @@ -464,7 +464,7 @@ in { keymap = handleTest ./keymap.nix {}; knot = handleTest ./knot.nix {}; komga = handleTest ./komga.nix {}; - krb5 = discoverTests (import ./krb5 {}); + krb5 = discoverTests (import ./krb5); ksm = handleTest ./ksm.nix {}; kthxbye = handleTest ./kthxbye.nix {}; kubernetes = handleTestOn ["x86_64-linux"] ./kubernetes {}; @@ -513,6 +513,7 @@ in { mastodon = discoverTests (import ./web-apps/mastodon { inherit handleTestOn; }); pixelfed = discoverTests (import ./web-apps/pixelfed { inherit handleTestOn; }); mate = handleTest ./mate.nix {}; + mate-wayland = handleTest ./mate-wayland.nix {}; matter-server = handleTest ./matter-server.nix {}; matomo = handleTest ./matomo.nix {}; matrix-appservice-irc = handleTest ./matrix/appservice-irc.nix {}; @@ -528,6 +529,7 @@ in { memcached = handleTest ./memcached.nix {}; merecat = handleTest ./merecat.nix {}; metabase = handleTest ./metabase.nix {}; + mihomo = handleTest ./mihomo.nix {}; mindustry = handleTest ./mindustry.nix {}; minecraft = handleTest ./minecraft.nix {}; minecraft-server = handleTest ./minecraft-server.nix {}; @@ -560,6 +562,7 @@ in { munin = handleTest ./munin.nix {}; mutableUsers = handleTest ./mutable-users.nix {}; mxisd = handleTest ./mxisd.nix {}; + mycelium = handleTest ./mycelium {}; mympd = handleTest ./mympd.nix {}; mysql = handleTest ./mysql/mysql.nix {}; mysql-autobackup = handleTest ./mysql/mysql-autobackup.nix {}; @@ -579,6 +582,7 @@ in { ndppd = handleTest ./ndppd.nix {}; nebula = handleTest ./nebula.nix {}; netbird = handleTest ./netbird.nix {}; + nimdow = handleTest ./nimdow.nix {}; neo4j = handleTest ./neo4j.nix {}; netdata = handleTest ./netdata.nix {}; networking.networkd = handleTest ./networking.nix { networkd = true; }; @@ -613,6 +617,7 @@ in { nginx-variants = handleTest ./nginx-variants.nix {}; nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {}; nitter = handleTest ./nitter.nix {}; + nix-config = handleTest ./nix-config.nix {}; nix-ld = handleTest ./nix-ld.nix {}; nix-serve = handleTest ./nix-serve.nix {}; nix-serve-ssh = handleTest ./nix-serve-ssh.nix {}; @@ -640,6 +645,7 @@ in { nzbget = handleTest ./nzbget.nix {}; nzbhydra2 = handleTest ./nzbhydra2.nix {}; oh-my-zsh = handleTest ./oh-my-zsh.nix {}; + ollama = handleTest ./ollama.nix {}; ombi = handleTest ./ombi.nix {}; openarena = handleTest ./openarena.nix {}; openldap = handleTest ./openldap.nix {}; @@ -682,10 +688,12 @@ in { peering-manager = handleTest ./web-apps/peering-manager.nix {}; peertube = handleTestOn ["x86_64-linux"] ./web-apps/peertube.nix {}; peroxide = handleTest ./peroxide.nix {}; + pg_anonymizer = handleTest ./pg_anonymizer.nix {}; pgadmin4 = handleTest ./pgadmin4.nix {}; pgbouncer = handleTest ./pgbouncer.nix {}; pgjwt = handleTest ./pgjwt.nix {}; pgmanage = handleTest ./pgmanage.nix {}; + pgvecto-rs = handleTest ./pgvecto-rs.nix {}; phosh = handleTest ./phosh.nix {}; photoprism = handleTest ./photoprism.nix {}; php = handleTest ./php {}; @@ -725,6 +733,7 @@ in { pppd = handleTest ./pppd.nix {}; predictable-interface-names = handleTest ./predictable-interface-names.nix {}; pretalx = runTest ./web-apps/pretalx.nix; + pretix = runTest ./web-apps/pretix.nix; printing-socket = handleTest ./printing.nix { socket = true; }; printing-service = handleTest ./printing.nix { socket = false; }; privoxy = handleTest ./privoxy.nix {}; diff --git a/nixpkgs/nixos/tests/budgie.nix b/nixpkgs/nixos/tests/budgie.nix index fe0ed2cf80ed..5228e869b056 100644 --- a/nixpkgs/nixos/tests/budgie.nix +++ b/nixpkgs/nixos/tests/budgie.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "budgie"; - meta.maintainers = [ lib.maintainers.federicoschonborn ]; + meta.maintainers = lib.teams.budgie.members; nodes.machine = { ... }: { imports = [ @@ -29,6 +29,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { testScript = { nodes, ... }: let user = nodes.machine.users.users.alice; + env = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${toString user.uid}/bus DISPLAY=:0"; + su = command: "su - ${user.name} -c '${env} ${command}'"; in '' with subtest("Wait for login"): @@ -47,21 +49,46 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") with subtest("Check if Budgie session components actually start"): - machine.wait_until_succeeds("pgrep budgie-daemon") + for i in ["budgie-daemon", "budgie-panel", "budgie-wm", "budgie-desktop-view", "gsd-media-keys"]: + machine.wait_until_succeeds(f"pgrep -f {i}") + # We don't check xwininfo for budgie-wm. + # See https://github.com/NixOS/nixpkgs/pull/216737#discussion_r1155312754 machine.wait_for_window("budgie-daemon") - machine.wait_until_succeeds("pgrep budgie-panel") machine.wait_for_window("budgie-panel") - # We don't check xwininfo for this one. - # See https://github.com/NixOS/nixpkgs/pull/216737#discussion_r1155312754 - machine.wait_until_succeeds("pgrep budgie-wm") - with subtest("Open MATE terminal"): - machine.succeed("su - ${user.name} -c 'DISPLAY=:0 mate-terminal >&2 &'") - machine.wait_for_window("Terminal") + with subtest("Check if various environment variables are set"): + cmd = "xargs --null --max-args=1 echo < /proc/$(pgrep -xf /run/current-system/sw/bin/budgie-wm)/environ" + machine.succeed(f"{cmd} | grep 'XDG_CURRENT_DESKTOP' | grep 'Budgie:GNOME'") + machine.succeed(f"{cmd} | grep 'BUDGIE_PLUGIN_DATADIR' | grep '${pkgs.budgie.budgie-desktop-with-plugins.pname}'") + + with subtest("Open run dialog"): + machine.send_key("alt-f2") + machine.wait_for_window("budgie-run-dialog") + machine.sleep(2) + machine.screenshot("run_dialog") + machine.send_key("esc") + + with subtest("Open Budgie Control Center"): + machine.succeed("${su "budgie-control-center >&2 &"}") + machine.wait_for_window("Budgie Control Center") + + with subtest("Lock the screen"): + machine.succeed("${su "budgie-screensaver-command -l >&2 &"}") + machine.wait_until_succeeds("${su "budgie-screensaver-command -q"} | grep 'The screensaver is active'") + machine.sleep(2) + machine.send_chars("${user.password}", delay=0.5) + machine.screenshot("budgie_screensaver") + machine.send_chars("\n") + machine.wait_until_succeeds("${su "budgie-screensaver-command -q"} | grep 'The screensaver is inactive'") + machine.sleep(2) + + with subtest("Open GNOME terminal"): + machine.succeed("${su "gnome-terminal"}") + machine.wait_for_window("${user.name}@machine: ~") - with subtest("Check if budgie-wm has ever coredumped"): - machine.fail("coredumpctl --json=short | grep budgie-wm") - machine.sleep(20) + with subtest("Check if Budgie has ever coredumped"): + machine.fail("coredumpctl --json=short | grep budgie") + machine.sleep(10) machine.screenshot("screen") ''; }) diff --git a/nixpkgs/nixos/tests/drawterm.nix b/nixpkgs/nixos/tests/drawterm.nix index 1d444bb55433..3594343853c0 100644 --- a/nixpkgs/nixos/tests/drawterm.nix +++ b/nixpkgs/nixos/tests/drawterm.nix @@ -38,11 +38,24 @@ let def drawterm_running(): machine.succeed("pgrep drawterm") + # cage is a bit wonky here. + # it seems to lag behind drawing + # and somehow needs a single input character + # in order to get the first prompt to show up. + # This is not present in any other compositor + # as far as I know, and after spending a couple + # hours with the upstream source trying to deduce + # how to perhaps fix it, I figured just polling is OK. + @polling_condition + def cpu_shown_up(): + machine.send_chars(".") + machine.wait_for_text("cpu", 1) + start_all() machine.wait_for_unit("graphical.target") drawterm_running.wait() # type: ignore[union-attr] - machine.wait_for_text("cpu") + cpu_shown_up.wait() # type: ignore[union-attr] machine.send_chars("cpu\n") machine.wait_for_text("auth") machine.send_chars("cpu\n") diff --git a/nixpkgs/nixos/tests/etcd-cluster.nix b/nixpkgs/nixos/tests/etcd/etcd-cluster.nix index c77c0dd73c25..734d56dbc223 100644 --- a/nixpkgs/nixos/tests/etcd-cluster.nix +++ b/nixpkgs/nixos/tests/etcd/etcd-cluster.nix @@ -1,6 +1,6 @@ # This test runs simple etcd cluster -import ./make-test-python.nix ({ pkgs, ... } : let +import ../make-test-python.nix ({ pkgs, ... } : let runWithOpenSSL = file: cmd: pkgs.runCommand file { buildInputs = [ pkgs.openssl ]; diff --git a/nixpkgs/nixos/tests/etcd.nix b/nixpkgs/nixos/tests/etcd/etcd.nix index 79857778ae1b..a32d0f9a55d1 100644 --- a/nixpkgs/nixos/tests/etcd.nix +++ b/nixpkgs/nixos/tests/etcd/etcd.nix @@ -1,6 +1,6 @@ # This test runs simple etcd node -import ./make-test-python.nix ({ pkgs, ... } : { +import ../make-test-python.nix ({ pkgs, ... } : { name = "etcd"; meta = with pkgs.lib.maintainers; { diff --git a/nixpkgs/nixos/tests/freetube.nix b/nixpkgs/nixos/tests/freetube.nix index faa534938227..10f0773cb884 100644 --- a/nixpkgs/nixos/tests/freetube.nix +++ b/nixpkgs/nixos/tests/freetube.nix @@ -40,4 +40,4 @@ let ''; }); in -builtins.mapAttrs (k: v: mkTest k v { }) tests +builtins.mapAttrs (k: v: mkTest k v) tests diff --git a/nixpkgs/nixos/tests/hibernate.nix b/nixpkgs/nixos/tests/hibernate.nix index 296aa9ba68b9..6de287f63e08 100644 --- a/nixpkgs/nixos/tests/hibernate.nix +++ b/nixpkgs/nixos/tests/hibernate.nix @@ -24,8 +24,8 @@ makeTest { virtualisation.useNixStoreImage = true; swapDevices = lib.mkOverride 0 [ { device = "/dev/vdc"; options = [ "x-systemd.makefs" ]; } ]; - boot.resumeDevice = "/dev/vdc"; boot.initrd.systemd.enable = systemdStage1; + virtualisation.useEFIBoot = true; }; }; diff --git a/nixpkgs/nixos/tests/incus/container.nix b/nixpkgs/nixos/tests/incus/container.nix index eb00429e53fe..9260f70da98c 100644 --- a/nixpkgs/nixos/tests/incus/container.nix +++ b/nixpkgs/nixos/tests/incus/container.nix @@ -29,6 +29,7 @@ in incus.enable = true; }; + networking.nftables.enable = true; }; testScript = '' diff --git a/nixpkgs/nixos/tests/incus/default.nix b/nixpkgs/nixos/tests/incus/default.nix index ff36fe9d6730..32bc5396a164 100644 --- a/nixpkgs/nixos/tests/incus/default.nix +++ b/nixpkgs/nixos/tests/incus/default.nix @@ -11,8 +11,10 @@ boot.initrd.systemd.enable = true; }; }; lxd-to-incus = import ./lxd-to-incus.nix { inherit system pkgs; }; + openvswitch = import ./openvswitch.nix { inherit system pkgs; }; preseed = import ./preseed.nix { inherit system pkgs; }; socket-activated = import ./socket-activated.nix { inherit system pkgs; }; + storage = import ./storage.nix { inherit system pkgs; }; ui = import ./ui.nix {inherit system pkgs;}; virtual-machine = handleTestOn [ "x86_64-linux" ] ./virtual-machine.nix { inherit system pkgs; }; } diff --git a/nixpkgs/nixos/tests/incus/lxd-to-incus.nix b/nixpkgs/nixos/tests/incus/lxd-to-incus.nix index c0fc98c224df..262f63c0f26f 100644 --- a/nixpkgs/nixos/tests/incus/lxd-to-incus.nix +++ b/nixpkgs/nixos/tests/incus/lxd-to-incus.nix @@ -67,6 +67,7 @@ import ../make-test-python.nix ( incus.enable = true; }; + networking.nftables.enable = true; }; testScript = '' diff --git a/nixpkgs/nixos/tests/incus/openvswitch.nix b/nixpkgs/nixos/tests/incus/openvswitch.nix new file mode 100644 index 000000000000..5d4aef031ad0 --- /dev/null +++ b/nixpkgs/nixos/tests/incus/openvswitch.nix @@ -0,0 +1,65 @@ +import ../make-test-python.nix ({ pkgs, lib, ... } : + +{ + name = "incus-openvswitch"; + + meta = { + maintainers = lib.teams.lxc.members; + }; + + nodes.machine = { lib, ... }: { + virtualisation = { + incus.enable = true; + vswitch.enable = true; + incus.preseed = { + networks = [ + { + name = "nixostestbr0"; + type = "bridge"; + config = { + "bridge.driver" = "openvswitch"; + "ipv4.address" = "10.0.100.1/24"; + "ipv4.nat" = "true"; + }; + } + ]; + profiles = [ + { + name = "nixostest_default"; + devices = { + eth0 = { + name = "eth0"; + network = "nixostestbr0"; + type = "nic"; + }; + root = { + path = "/"; + pool = "default"; + size = "35GiB"; + type = "disk"; + }; + }; + } + ]; + storage_pools = [ + { + name = "nixostest_pool"; + driver = "dir"; + } + ]; + }; + }; + networking.nftables.enable = true; + }; + + testScript = '' + machine.wait_for_unit("incus.service") + machine.wait_for_unit("incus-preseed.service") + + with subtest("Verify openvswitch bridge"): + machine.succeed("incus network info nixostestbr0") + + with subtest("Verify openvswitch bridge"): + machine.succeed("ovs-vsctl br-exists nixostestbr0") + ''; +}) diff --git a/nixpkgs/nixos/tests/incus/preseed.nix b/nixpkgs/nixos/tests/incus/preseed.nix index a488d71f3c92..f2d928115f3e 100644 --- a/nixpkgs/nixos/tests/incus/preseed.nix +++ b/nixpkgs/nixos/tests/incus/preseed.nix @@ -48,6 +48,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... } : ]; }; }; + networking.nftables.enable = true; }; testScript = '' diff --git a/nixpkgs/nixos/tests/incus/socket-activated.nix b/nixpkgs/nixos/tests/incus/socket-activated.nix index fca536b7054f..59caf1090fbd 100644 --- a/nixpkgs/nixos/tests/incus/socket-activated.nix +++ b/nixpkgs/nixos/tests/incus/socket-activated.nix @@ -12,6 +12,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... } : incus.enable = true; incus.socketActivation = true; }; + networking.nftables.enable = true; }; testScript = '' diff --git a/nixpkgs/nixos/tests/incus/storage.nix b/nixpkgs/nixos/tests/incus/storage.nix new file mode 100644 index 000000000000..190f4f7451c2 --- /dev/null +++ b/nixpkgs/nixos/tests/incus/storage.nix @@ -0,0 +1,46 @@ +import ../make-test-python.nix ( + { pkgs, lib, ... }: + + { + name = "incus-storage"; + + meta = { + maintainers = lib.teams.lxc.members; + }; + + nodes.machine = + { lib, ... }: + { + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + environment.systemPackages = [ pkgs.parted ]; + networking.hostId = "01234567"; + networking.nftables.enable = true; + + virtualisation = { + emptyDiskImages = [ 2048 ]; + incus.enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("incus.service") + + with subtest("Verify zfs pool created and usable"): + machine.succeed( + "zpool status", + "parted --script /dev/vdb mklabel gpt", + "zpool create zfs_pool /dev/vdb", + ) + + machine.succeed("incus storage create zfs_pool zfs source=zfs_pool/incus") + machine.succeed("zfs list zfs_pool/incus") + machine.succeed("incus storage volume create zfs_pool test_fs --type filesystem") + machine.succeed("incus storage volume create zfs_pool test_vol --type block") + machine.succeed("incus storage show zfs_pool") + machine.succeed("incus storage volume list zfs_pool") + machine.succeed("incus storage volume show zfs_pool test_fs") + machine.succeed("incus storage volume show zfs_pool test_vol") + ''; + } +) diff --git a/nixpkgs/nixos/tests/incus/ui.nix b/nixpkgs/nixos/tests/incus/ui.nix index 24ce1217d8df..837eb14844ce 100644 --- a/nixpkgs/nixos/tests/incus/ui.nix +++ b/nixpkgs/nixos/tests/incus/ui.nix @@ -10,6 +10,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: { incus.enable = true; incus.ui.enable = true; }; + networking.nftables.enable = true; environment.systemPackages = let diff --git a/nixpkgs/nixos/tests/incus/virtual-machine.nix b/nixpkgs/nixos/tests/incus/virtual-machine.nix index c76e4f448f2f..ab378c7b9490 100644 --- a/nixpkgs/nixos/tests/incus/virtual-machine.nix +++ b/nixpkgs/nixos/tests/incus/virtual-machine.nix @@ -32,6 +32,7 @@ in incus.enable = true; }; + networking.nftables.enable = true; }; testScript = '' diff --git a/nixpkgs/nixos/tests/installer-systemd-stage-1.nix b/nixpkgs/nixos/tests/installer-systemd-stage-1.nix index 662017935412..d10256d91d7f 100644 --- a/nixpkgs/nixos/tests/installer-systemd-stage-1.nix +++ b/nixpkgs/nixos/tests/installer-systemd-stage-1.nix @@ -37,6 +37,7 @@ clevisLuksFallback clevisZfs clevisZfsFallback + gptAutoRoot ; } diff --git a/nixpkgs/nixos/tests/installer.nix b/nixpkgs/nixos/tests/installer.nix index 97bb7f8def59..1de886d6a0d1 100644 --- a/nixpkgs/nixos/tests/installer.nix +++ b/nixpkgs/nixos/tests/installer.nix @@ -82,6 +82,7 @@ let testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi, grubIdentifier , postInstallCommands, preBootCommands, postBootCommands, extraConfig , testSpecialisationConfig, testFlakeSwitch, clevisTest, clevisFallbackTest + , disableFileSystems }: let qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; }; @@ -163,7 +164,7 @@ let ${createPartitions} with subtest("Create the NixOS configuration"): - machine.succeed("nixos-generate-config --root /mnt") + machine.succeed("nixos-generate-config ${optionalString disableFileSystems "--no-filesystems"} --root /mnt") machine.succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2") machine.copy_from_host( "${ makeConfig { @@ -433,6 +434,7 @@ let , testFlakeSwitch ? false , clevisTest ? false , clevisFallbackTest ? false + , disableFileSystems ? false }: makeTest { inherit enableOCR; @@ -541,7 +543,8 @@ let testScript = testScriptFun { inherit bootLoader createPartitions postInstallCommands preBootCommands postBootCommands grubDevice grubIdentifier grubUseEfi extraConfig - testSpecialisationConfig testFlakeSwitch clevisTest clevisFallbackTest; + testSpecialisationConfig testFlakeSwitch clevisTest clevisFallbackTest + disableFileSystems; }; }; @@ -1414,4 +1417,39 @@ in { }; }; }; + + gptAutoRoot = let + rootPartType = { + ia32 = "44479540-F297-41B2-9AF7-D131D5F0458A"; + x64 = "4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709"; + arm = "69DAD710-2CE4-4E3C-B16C-21A1D49ABED3"; + aa64 = "B921B045-1DF0-41C3-AF44-4C6F280D3FAE"; + }.${pkgs.stdenv.hostPlatform.efiArch}; + in makeInstallerTest "gptAutoRoot" { + disableFileSystems = true; + createPartitions = '' + machine.succeed( + "sgdisk --zap-all /dev/vda", + "sgdisk --new=1:0:+100M --typecode=0:ef00 /dev/vda", # /boot + "sgdisk --new=2:0:+1G --typecode=0:8200 /dev/vda", # swap + "sgdisk --new=3:0:+5G --typecode=0:${rootPartType} /dev/vda", # / + "udevadm settle", + + "mkfs.vfat /dev/vda1", + "mkswap /dev/vda2 -L swap", + "swapon -L swap", + "mkfs.ext4 -L root /dev/vda3", + "udevadm settle", + + "mount /dev/vda3 /mnt", + "mkdir -p /mnt/boot", + "mount /dev/vda1 /mnt/boot" + ) + ''; + bootLoader = "systemd-boot"; + extraConfig = '' + boot.initrd.systemd.root = "gpt-auto"; + boot.initrd.supportedFilesystems = ["ext4"]; + ''; + }; } diff --git a/nixpkgs/nixos/tests/kea.nix b/nixpkgs/nixos/tests/kea.nix index c8ecf771fa13..98a8e93a0760 100644 --- a/nixpkgs/nixos/tests/kea.nix +++ b/nixpkgs/nixos/tests/kea.nix @@ -44,6 +44,11 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: { name = "/var/lib/kea/dhcp4.leases"; }; + control-socket = { + socket-type = "unix"; + socket-name = "/run/kea/dhcp4.sock"; + }; + interfaces-config = { dhcp-socket-type = "raw"; interfaces = [ @@ -89,6 +94,25 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: { }; }; }; + + services.kea.ctrl-agent = { + enable = true; + settings = { + http-host = "127.0.0.1"; + http-port = 8000; + control-sockets.dhcp4 = { + socket-type = "unix"; + socket-name = "/run/kea/dhcp4.sock"; + }; + }; + }; + + services.prometheus.exporters.kea = { + enable = true; + controlSocketPaths = [ + "http://127.0.0.1:8000" + ]; + }; }; nameserver = { config, pkgs, ... }: { @@ -182,5 +206,7 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: { client.wait_until_succeeds("ping -c 5 10.0.0.1") router.wait_until_succeeds("ping -c 5 10.0.0.3") nameserver.wait_until_succeeds("kdig +short client.lan.nixos.test @10.0.0.2 | grep -q 10.0.0.3") + router.log(router.execute("curl 127.0.0.1:9547")[1]) + router.succeed("curl --no-buffer 127.0.0.1:9547 | grep -qE '^kea_dhcp4_addresses_assigned_total.*1.0$'") ''; }) diff --git a/nixpkgs/nixos/tests/keycloak.nix b/nixpkgs/nixos/tests/keycloak.nix index 228e57d1cdd6..67b412c80961 100644 --- a/nixpkgs/nixos/tests/keycloak.nix +++ b/nixpkgs/nixos/tests/keycloak.nix @@ -6,8 +6,8 @@ let certs = import ./common/acme/server/snakeoil-certs.nix; frontendUrl = "https://${certs.domain}"; - keycloakTest = import ./make-test-python.nix ( - { pkgs, databaseType, ... }: + keycloakTest = databaseType: import ./make-test-python.nix ( + { pkgs, ... }: let initialAdminPassword = "h4Iho\"JFn't2>iQIR9"; adminPasswordFile = pkgs.writeText "admin-password" "${initialAdminPassword}"; @@ -76,16 +76,18 @@ let enabled = true; realm = "test-realm"; clients = [ client ]; - users = [( - user // { - enabled = true; - credentials = [{ - type = "password"; - temporary = false; - value = password; - }]; - } - )]; + users = [ + ( + user // { + enabled = true; + credentials = [{ + type = "password"; + temporary = false; + value = password; + }]; + } + ) + ]; }; realmDataJson = pkgs.writeText "realm-data.json" (builtins.toJSON realm); @@ -177,7 +179,7 @@ let ); in { - postgres = keycloakTest { databaseType = "postgresql"; }; - mariadb = keycloakTest { databaseType = "mariadb"; }; - mysql = keycloakTest { databaseType = "mysql"; }; + postgres = keycloakTest "postgresql"; + mariadb = keycloakTest "mariadb"; + mysql = keycloakTest "mysql"; } diff --git a/nixpkgs/nixos/tests/krb5/default.nix b/nixpkgs/nixos/tests/krb5/default.nix index ede085632c63..274ad580cebc 100644 --- a/nixpkgs/nixos/tests/krb5/default.nix +++ b/nixpkgs/nixos/tests/krb5/default.nix @@ -1,4 +1,3 @@ -{ system ? builtins.currentSystem }: { - example-config = import ./example-config.nix { inherit system; }; + example-config = import ./example-config.nix; } diff --git a/nixpkgs/nixos/tests/ladybird.nix b/nixpkgs/nixos/tests/ladybird.nix index 4e9ab9a36d13..8ed0f47887c7 100644 --- a/nixpkgs/nixos/tests/ladybird.nix +++ b/nixpkgs/nixos/tests/ladybird.nix @@ -21,7 +21,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { '' machine.wait_for_x() machine.succeed("echo '<!DOCTYPE html><html><body><h1>Hello world</h1></body></html>' > page.html") - machine.execute("ladybird file://$(pwd)/page.html >&2 &") + machine.execute("Ladybird file://$(pwd)/page.html >&2 &") machine.wait_for_window("Ladybird") machine.sleep(5) machine.wait_for_text("Hello world") diff --git a/nixpkgs/nixos/tests/make-test-python.nix b/nixpkgs/nixos/tests/make-test-python.nix index 28569f1d2955..32531fffd2bf 100644 --- a/nixpkgs/nixos/tests/make-test-python.nix +++ b/nixpkgs/nixos/tests/make-test-python.nix @@ -1,5 +1,5 @@ f: { - system ? builtins.currentSystem, + system, pkgs ? import ../.. { inherit system; config = {}; overlays = []; }, ... } @ args: diff --git a/nixpkgs/nixos/tests/mate-wayland.nix b/nixpkgs/nixos/tests/mate-wayland.nix new file mode 100644 index 000000000000..df39ead286e1 --- /dev/null +++ b/nixpkgs/nixos/tests/mate-wayland.nix @@ -0,0 +1,63 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "mate-wayland"; + + meta.maintainers = lib.teams.mate.members; + + nodes.machine = { ... }: { + imports = [ + ./common/user-account.nix + ]; + + services.xserver.enable = true; + services.xserver.displayManager = { + sddm.enable = true; # https://github.com/canonical/lightdm/issues/63 + sddm.wayland.enable = true; + defaultSession = "MATE"; + autoLogin = { + enable = true; + user = "alice"; + }; + }; + services.xserver.desktopManager.mate.enableWaylandSession = true; + + hardware.pulseaudio.enable = true; + + # Need to switch to a different GPU driver than the default one (-vga std) so that wayfire can launch: + virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ]; + }; + + enableOCR = true; + + testScript = { nodes, ... }: + let + user = nodes.machine.users.users.alice; + in + '' + machine.wait_for_unit("display-manager.service") + + with subtest("Wait for Wayland server"): + machine.wait_for_file("/run/user/${toString user.uid}/wayland-1") + + with subtest("Check if MATE session components actually start"): + for i in ["wayfire", "mate-panel", "mate-wayland.sh", "mate-wayland-components.sh"]: + machine.wait_until_succeeds(f"pgrep -f {i}") + machine.wait_for_text('(Applications|Places|System)') + # It is expected that this applet doesn't work in Wayland + machine.wait_for_text('WorkspaceSwitcherApplet') + + with subtest("Check if various environment variables are set"): + cmd = "xargs --null --max-args=1 echo < /proc/$(pgrep -xf mate-panel)/environ" + machine.succeed(f"{cmd} | grep 'XDG_SESSION_TYPE' | grep 'wayland'") + machine.succeed(f"{cmd} | grep 'XDG_SESSION_DESKTOP' | grep 'MATE'") + machine.succeed(f"{cmd} | grep 'MATE_PANEL_APPLETS_DIR' | grep '${pkgs.mate.mate-panel-with-applets.pname}'") + + with subtest("Check if Wayfire config is properly configured"): + for i in ["button_style = mate", "firedecor", "mate-wayland-components.sh"]: + machine.wait_until_succeeds(f"cat /home/${user.name}/.config/mate/wayfire.ini | grep '{i}'") + + with subtest("Check if Wayfire has ever coredumped"): + machine.fail("coredumpctl --json=short | grep wayfire") + machine.sleep(10) + machine.screenshot("screen") + ''; +}) diff --git a/nixpkgs/nixos/tests/mate.nix b/nixpkgs/nixos/tests/mate.nix index 48582e18d520..1252ec43cf3d 100644 --- a/nixpkgs/nixos/tests/mate.nix +++ b/nixpkgs/nixos/tests/mate.nix @@ -54,6 +54,15 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine.wait_for_text('(Applications|Places|System)') machine.wait_for_text('(Computer|Home|Trash)') + with subtest("Check if various environment variables are set"): + machine.succeed("xargs --null --max-args=1 echo < /proc/$(pgrep -xf marco)/environ | grep 'XDG_CURRENT_DESKTOP' | grep 'MATE'") + # From mate-panel-with-applets packaging + machine.succeed("xargs --null --max-args=1 echo < /proc/$(pgrep -xf mate-panel)/environ | grep 'MATE_PANEL_APPLETS_DIR' | grep '${pkgs.mate.mate-panel-with-applets.pname}'") + + with subtest("Check if applets are built with in-process support"): + # This is needed for Wayland support + machine.fail("pgrep -fa clock-applet") + with subtest("Lock the screen"): machine.wait_until_succeeds("su - ${user.name} -c '${env} mate-screensaver-command -q' | grep 'The screensaver is inactive'") machine.succeed("su - ${user.name} -c '${env} mate-screensaver-command -l >&2 &'") diff --git a/nixpkgs/nixos/tests/mihomo.nix b/nixpkgs/nixos/tests/mihomo.nix new file mode 100644 index 000000000000..472d10050f7f --- /dev/null +++ b/nixpkgs/nixos/tests/mihomo.nix @@ -0,0 +1,44 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "mihomo"; + meta.maintainers = with pkgs.lib.maintainers; [ Guanran928 ]; + + nodes.machine = { + environment.systemPackages = [ pkgs.curl ]; + + services.nginx = { + enable = true; + statusPage = true; + }; + + services.mihomo = { + enable = true; + configFile = pkgs.writeTextFile { + name = "config.yaml"; + text = '' + mixed-port: 7890 + external-controller: 127.0.0.1:9090 + authentication: + - "user:supersecret" + ''; + }; + }; + }; + + testScript = '' + # Wait until it starts + machine.wait_for_unit("nginx.service") + machine.wait_for_unit("mihomo.service") + machine.wait_for_open_port(80) + machine.wait_for_open_port(7890) + machine.wait_for_open_port(9090) + + # Proxy + machine.succeed("curl --fail --max-time 10 --proxy http://user:supersecret@localhost:7890 http://localhost") + machine.succeed("curl --fail --max-time 10 --proxy socks5://user:supersecret@localhost:7890 http://localhost") + machine.fail("curl --fail --max-time 10 --proxy http://user:supervillain@localhost:7890 http://localhost") + machine.fail("curl --fail --max-time 10 --proxy socks5://user:supervillain@localhost:7890 http://localhost") + + # Web UI + machine.succeed("curl --fail http://localhost:9090") == '{"hello":"clash"}' + ''; +}) diff --git a/nixpkgs/nixos/tests/miriway.nix b/nixpkgs/nixos/tests/miriway.nix index a0987d9fc41b..24e6ec6367cd 100644 --- a/nixpkgs/nixos/tests/miriway.nix +++ b/nixpkgs/nixos/tests/miriway.nix @@ -100,7 +100,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { # Test Wayland # We let Miriway start the first terminal, as we might get stuck if it's not ready to process the first keybind # machine.send_key("ctrl-alt-t") - machine.wait_for_text("alice@machine") + machine.wait_for_text(r"(alice|machine)") machine.send_chars("test-wayland\n") machine.wait_for_file("/tmp/test-wayland-exit-ok") machine.copy_from_vm("/tmp/test-wayland.out") @@ -112,7 +112,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { # Test XWayland machine.send_key("ctrl-alt-a") - machine.wait_for_text("alice@machine") + machine.wait_for_text(r"(alice|machine)") machine.send_chars("test-x11\n") machine.wait_for_file("/tmp/test-x11-exit-ok") machine.copy_from_vm("/tmp/test-x11.out") diff --git a/nixpkgs/nixos/tests/mycelium/default.nix b/nixpkgs/nixos/tests/mycelium/default.nix new file mode 100644 index 000000000000..f0d72436843c --- /dev/null +++ b/nixpkgs/nixos/tests/mycelium/default.nix @@ -0,0 +1,57 @@ +import ../make-test-python.nix ({ lib, ... }: let + peer1-ip = "531:c350:28c1:dfde:ea6d:77d1:a60b:7209"; + peer2-ip = "49f:3942:3a55:d100:4c78:c558:c4f:695b"; +in + { + name = "mycelium"; + meta.maintainers = with lib.maintainers; [ lassulus ]; + + nodes = { + + peer1 = { config, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + networking.interfaces.eth1.ipv4.addresses = [{ + address = "192.168.1.11"; + prefixLength = 24; + }]; + + services.mycelium = { + enable = true; + addHostedPublicNodes = false; + openFirewall = true; + keyFile = ./peer1.key; + peers = [ + "quic://192.168.1.12:9651" + "tcp://192.168.1.12:9651" + ]; + }; + }; + + peer2 = { config, pkgs, ... }: { + virtualisation.vlans = [ 1 ]; + networking.interfaces.eth1.ipv4.addresses = [{ + address = "192.168.1.12"; + prefixLength = 24; + }]; + + services.mycelium = { + enable = true; + addHostedPublicNodes = false; + openFirewall = true; + keyFile = ./peer2.key; + }; + }; + }; + + testScript = '' + start_all() + + peer1.wait_for_unit("network-online.target") + peer2.wait_for_unit("network-online.target") + peer1.wait_for_unit("mycelium.service") + peer2.wait_for_unit("mycelium.service") + + peer1.succeed("ping -c5 ${peer2-ip}") + peer2.succeed("ping -c5 ${peer1-ip}") + ''; + }) diff --git a/nixpkgs/nixos/tests/mycelium/peer1.key b/nixpkgs/nixos/tests/mycelium/peer1.key new file mode 100644 index 000000000000..db1cf9e72fe4 --- /dev/null +++ b/nixpkgs/nixos/tests/mycelium/peer1.key @@ -0,0 +1 @@ +s B0dRH5u?^ \ No newline at end of file diff --git a/nixpkgs/nixos/tests/mycelium/peer2.key b/nixpkgs/nixos/tests/mycelium/peer2.key new file mode 100644 index 000000000000..7e757de48efb --- /dev/null +++ b/nixpkgs/nixos/tests/mycelium/peer2.key @@ -0,0 +1 @@ +X1yGՅSAMe7] \ No newline at end of file diff --git a/nixpkgs/nixos/tests/nebula.nix b/nixpkgs/nixos/tests/nebula.nix index 89b91d89fcb3..6c468153d5b2 100644 --- a/nixpkgs/nixos/tests/nebula.nix +++ b/nixpkgs/nixos/tests/nebula.nix @@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let environment.systemPackages = [ pkgs.nebula ]; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; services.openssh.enable = true; + networking.firewall.enable = true; # Implicitly true, but let's make sure. networking.interfaces.eth1.useDHCP = false; services.nebula.networks.smoke = { @@ -17,7 +18,10 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let ca = "/etc/nebula/ca.crt"; cert = "/etc/nebula/${name}.crt"; key = "/etc/nebula/${name}.key"; - listen = { host = "0.0.0.0"; port = 4242; }; + listen = { + host = "0.0.0.0"; + port = if (config.services.nebula.networks.smoke.isLighthouse || config.services.nebula.networks.smoke.isRelay) then 4242 else 0; + }; }; } extraConfig diff --git a/nixpkgs/nixos/tests/nimdow.nix b/nixpkgs/nixos/tests/nimdow.nix new file mode 100644 index 000000000000..cefe46edc5fb --- /dev/null +++ b/nixpkgs/nixos/tests/nimdow.nix @@ -0,0 +1,25 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "nimdow"; + meta = with pkgs.lib.maintainers; { + maintainers = [ marcusramberg ]; + }; + + nodes.machine = { lib, ... }: { + imports = [ ./common/x11.nix ./common/user-account.nix ]; + test-support.displayManager.auto.user = "alice"; + services.xserver.displayManager.defaultSession = lib.mkForce "none+nimdow"; + services.xserver.windowManager.nimdow.enable = true; + }; + + testScript = { ... }: '' + with subtest("ensure x starts"): + machine.wait_for_x() + machine.wait_for_file("/home/alice/.Xauthority") + machine.succeed("xauth merge ~alice/.Xauthority") + + with subtest("ensure we can open a new terminal"): + machine.send_key("meta_l-ret") + machine.wait_for_window(r"alice.*?machine") + machine.screenshot("terminal") + ''; +}) diff --git a/nixpkgs/nixos/tests/nix-config.nix b/nixpkgs/nixos/tests/nix-config.nix new file mode 100644 index 000000000000..907e886def35 --- /dev/null +++ b/nixpkgs/nixos/tests/nix-config.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ... }: +{ + name = "nix-config"; + nodes.machine = { pkgs, ... }: { + nix.settings = { + nix-path = [ "nonextra=/etc/value.nix" ]; + extra-nix-path = [ "extra=/etc/value.nix" ]; + }; + environment.etc."value.nix".text = "42"; + }; + testScript = '' + start_all() + machine.wait_for_unit("nix-daemon.socket") + # regression test for the workaround for https://github.com/NixOS/nix/issues/9487 + print(machine.succeed("nix-instantiate --find-file extra")) + print(machine.succeed("nix-instantiate --find-file nonextra")) + ''; +}) diff --git a/nixpkgs/nixos/tests/nixops/default.nix b/nixpkgs/nixos/tests/nixops/default.nix index 8477e5059fca..6468b8c38224 100644 --- a/nixpkgs/nixos/tests/nixops/default.nix +++ b/nixpkgs/nixos/tests/nixops/default.nix @@ -93,23 +93,5 @@ let inherit (import ../ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey; - /* - Return a store path with a closure containing everything including - derivations and all build dependency outputs, all the way down. - */ - allDrvOutputs = pkg: - let name = "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}"; - in - pkgs.runCommand name { refs = pkgs.writeReferencesToFile pkg.drvPath; } '' - touch $out - while read ref; do - case $ref in - *.drv) - cat $ref >>$out - ;; - esac - done <$refs - ''; - in tests diff --git a/nixpkgs/nixos/tests/ollama.nix b/nixpkgs/nixos/tests/ollama.nix new file mode 100644 index 000000000000..4b21f445cdbd --- /dev/null +++ b/nixpkgs/nixos/tests/ollama.nix @@ -0,0 +1,56 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: +let + mainPort = "11434"; + altPort = "11435"; + + curlRequest = port: request: + "curl http://127.0.0.1:${port}/api/generate -d '${builtins.toJSON request}'"; + + prompt = { + model = "tinydolphin"; + prompt = "lorem ipsum"; + options = { + seed = 69; + temperature = 0; + }; + }; +in +{ + name = "ollama"; + meta = with lib.maintainers; { + maintainers = [ abysssol ]; + }; + + nodes = { + cpu = { ... }: { + services.ollama.enable = true; + }; + + rocm = { ... }: { + services.ollama.enable = true; + services.ollama.acceleration = "rocm"; + }; + + cuda = { ... }: { + services.ollama.enable = true; + services.ollama.acceleration = "cuda"; + }; + + altAddress = { ... }: { + services.ollama.enable = true; + services.ollama.listenAddress = "127.0.0.1:${altPort}"; + }; + }; + + testScript = '' + vms = [ cpu, rocm, cuda, altAddress ]; + + start_all() + for vm in vms: + vm.wait_for_unit("multi-user.target") + + stdout = cpu.succeed("""${curlRequest mainPort prompt}""", timeout=100) + + stdout = altAddress.succeed("""${curlRequest altPort prompt}""", timeout=100) + ''; +}) diff --git a/nixpkgs/nixos/tests/opensearch.nix b/nixpkgs/nixos/tests/opensearch.nix index 2887ac967765..7d37583464cb 100644 --- a/nixpkgs/nixos/tests/opensearch.nix +++ b/nixpkgs/nixos/tests/opensearch.nix @@ -1,7 +1,7 @@ let - opensearchTest = + opensearchTest = extraSettings: import ./make-test-python.nix ( - { pkgs, lib, extraSettings ? {} }: { + { pkgs, lib, ... }: { name = "opensearch"; meta.maintainers = with pkgs.lib.maintainers; [ shyim ]; @@ -27,20 +27,18 @@ in { opensearch = opensearchTest {}; opensearchCustomPathAndUser = opensearchTest { - extraSettings = { - services.opensearch.dataDir = "/var/opensearch_test"; - services.opensearch.user = "open_search"; - services.opensearch.group = "open_search"; - systemd.tmpfiles.rules = [ - "d /var/opensearch_test 0700 open_search open_search -" - ]; - users = { - groups.open_search = {}; - users.open_search = { - description = "OpenSearch daemon user"; - group = "open_search"; - isSystemUser = true; - }; + services.opensearch.dataDir = "/var/opensearch_test"; + services.opensearch.user = "open_search"; + services.opensearch.group = "open_search"; + systemd.tmpfiles.rules = [ + "d /var/opensearch_test 0700 open_search open_search -" + ]; + users = { + groups.open_search = { }; + users.open_search = { + description = "OpenSearch daemon user"; + group = "open_search"; + isSystemUser = true; }; }; }; diff --git a/nixpkgs/nixos/tests/pass-secret-service.nix b/nixpkgs/nixos/tests/pass-secret-service.nix index e0dddf0ad29e..cdbdaa52dbc0 100644 --- a/nixpkgs/nixos/tests/pass-secret-service.nix +++ b/nixpkgs/nixos/tests/pass-secret-service.nix @@ -26,7 +26,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { programs.gnupg = { agent.enable = true; - agent.pinentryFlavor = "tty"; dirmngr.enable = true; }; }; diff --git a/nixpkgs/nixos/tests/pg_anonymizer.nix b/nixpkgs/nixos/tests/pg_anonymizer.nix new file mode 100644 index 000000000000..2960108e37c3 --- /dev/null +++ b/nixpkgs/nixos/tests/pg_anonymizer.nix @@ -0,0 +1,94 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "pg_anonymizer"; + meta.maintainers = lib.teams.flyingcircus.members; + + nodes.machine = { pkgs, ... }: { + environment.systemPackages = [ pkgs.pg-dump-anon ]; + services.postgresql = { + enable = true; + extraPlugins = ps: [ ps.anonymizer ]; + settings.shared_preload_libraries = "anon"; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("multi-user.target") + machine.wait_for_unit("postgresql.service") + + with subtest("Setup"): + machine.succeed("sudo -u postgres psql --command 'create database demo'") + machine.succeed( + "sudo -u postgres psql -d demo -f ${pkgs.writeText "init.sql" '' + create extension anon cascade; + select anon.init(); + create table player(id serial, name text, points int); + insert into player(id,name,points) values (1,'Foo', 23); + insert into player(id,name,points) values (2,'Bar',42); + security label for anon on column player.name is 'MASKED WITH FUNCTION anon.fake_last_name();'; + security label for anon on column player.points is 'MASKED WITH VALUE NULL'; + ''}" + ) + + def get_player_table_contents(): + return [ + x.split(',') for x in machine.succeed("sudo -u postgres psql -d demo --csv --command 'select * from player'").splitlines()[1:] + ] + + def check_anonymized_row(row, id, original_name): + assert row[0] == id, f"Expected first row to have ID {id}, but got {row[0]}" + assert row[1] != original_name, f"Expected first row to have a name other than {original_name}" + assert not bool(row[2]), "Expected points to be NULL in first row" + + def find_xsv_in_dump(dump, sep=','): + """ + Expecting to find a CSV (for pg_dump_anon) or TSV (for pg_dump) structure, looking like + + COPY public.player ... + 1,Shields, + 2,Salazar, + \. + + in the given dump (the commas are tabs in case of pg_dump). + Extract the CSV lines and split by `sep`. + """ + + try: + from itertools import dropwhile, takewhile + return [x.split(sep) for x in list(takewhile( + lambda x: x != "\\.", + dropwhile( + lambda x: not x.startswith("COPY public.player"), + dump.splitlines() + ) + ))[1:]] + except: + print(f"Dump to process: {dump}") + raise + + def check_original_data(output): + assert output[0] == ['1','Foo','23'], f"Expected first row from player table to be 1,Foo,23; got {output[0]}" + assert output[1] == ['2','Bar','42'], f"Expected first row from player table to be 2,Bar,42; got {output[1]}" + + def check_anonymized_rows(output): + check_anonymized_row(output[0], '1', 'Foo') + check_anonymized_row(output[1], '2', 'Bar') + + with subtest("Check initial state"): + check_original_data(get_player_table_contents()) + + with subtest("Anonymous dumps"): + check_original_data(find_xsv_in_dump( + machine.succeed("sudo -u postgres pg_dump demo"), + sep='\t' + )) + check_anonymized_rows(find_xsv_in_dump( + machine.succeed("sudo -u postgres pg_dump_anon -U postgres -h /run/postgresql -d demo"), + sep=',' + )) + + with subtest("Anonymize"): + machine.succeed("sudo -u postgres psql -d demo --command 'select anon.anonymize_database();'") + check_anonymized_rows(get_player_table_contents()) + ''; +}) diff --git a/nixpkgs/nixos/tests/pgvecto-rs.nix b/nixpkgs/nixos/tests/pgvecto-rs.nix new file mode 100644 index 000000000000..cd871dab6a0f --- /dev/null +++ b/nixpkgs/nixos/tests/pgvecto-rs.nix @@ -0,0 +1,76 @@ +# mostly copied from ./timescaledb.nix which was copied from ./postgresql.nix +# as it seemed unapproriate to test additional extensions for postgresql there. + +{ system ? builtins.currentSystem +, config ? { } +, pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; + +let + postgresql-versions = import ../../pkgs/servers/sql/postgresql pkgs; + # Test cases from https://docs.pgvecto.rs/use-cases/hybrid-search.html + test-sql = pkgs.writeText "postgresql-test" '' + CREATE EXTENSION vectors; + + CREATE TABLE items ( + id bigserial PRIMARY KEY, + content text NOT NULL, + embedding vectors.vector(3) NOT NULL -- 3 dimensions + ); + + INSERT INTO items (content, embedding) VALUES + ('a fat cat sat on a mat and ate a fat rat', '[1, 2, 3]'), + ('a fat dog sat on a mat and ate a fat rat', '[4, 5, 6]'), + ('a thin cat sat on a mat and ate a thin rat', '[7, 8, 9]'), + ('a thin dog sat on a mat and ate a thin rat', '[10, 11, 12]'); + ''; + make-postgresql-test = postgresql-name: postgresql-package: makeTest { + name = postgresql-name; + meta = with pkgs.lib.maintainers; { + maintainers = [ diogotcorreia ]; + }; + + nodes.machine = { ... }: + { + services.postgresql = { + enable = true; + package = postgresql-package; + extraPlugins = ps: with ps; [ + pgvecto-rs + ]; + settings.shared_preload_libraries = "vectors"; + }; + }; + + testScript = '' + def check_count(statement, lines): + return 'test $(sudo -u postgres psql postgres -tAc "{}"|wc -l) -eq {}'.format( + statement, lines + ) + + + machine.start() + machine.wait_for_unit("postgresql") + + with subtest("Postgresql with extension vectors is available just after unit start"): + machine.succeed(check_count("SELECT * FROM pg_available_extensions WHERE name = 'vectors' AND default_version = '${postgresql-package.pkgs.pgvecto-rs.version}';", 1)) + + machine.succeed("sudo -u postgres psql -f ${test-sql}") + + machine.succeed(check_count("SELECT content, embedding FROM items WHERE to_tsvector('english', content) @@ 'cat & rat'::tsquery;", 2)) + + machine.shutdown() + ''; + + }; + applicablePostgresqlVersions = filterAttrs (_: value: versionAtLeast value.version "12") postgresql-versions; +in +mapAttrs' + (name: package: { + inherit name; + value = make-postgresql-test name package; + }) + applicablePostgresqlVersions diff --git a/nixpkgs/nixos/tests/privoxy.nix b/nixpkgs/nixos/tests/privoxy.nix index 2d95c4522a01..2a18d332c877 100644 --- a/nixpkgs/nixos/tests/privoxy.nix +++ b/nixpkgs/nixos/tests/privoxy.nix @@ -77,6 +77,11 @@ in networking.proxy.httpsProxy = "http://localhost:8118"; }; + nodes.machine_socks4 = { ... }: { services.privoxy = { enable = true; settings.forward-socks4 = "/ 127.0.0.1:9050 ."; }; }; + nodes.machine_socks4a = { ... }: { services.privoxy = { enable = true; settings.forward-socks4a = "/ 127.0.0.1:9050 ."; }; }; + nodes.machine_socks5 = { ... }: { services.privoxy = { enable = true; settings.forward-socks5 = "/ 127.0.0.1:9050 ."; }; }; + nodes.machine_socks5t = { ... }: { services.privoxy = { enable = true; settings.forward-socks5t = "/ 127.0.0.1:9050 ."; }; }; + testScript = '' with subtest("Privoxy is running"): @@ -109,5 +114,13 @@ in machine.systemctl("start systemd-tmpfiles-clean") # ...and count again machine.succeed("test $(ls /run/privoxy/certs | wc -l) -eq 0") + + with subtest("Privoxy supports socks upstream proxies"): + for m in [machine_socks4, machine_socks4a, machine_socks5, machine_socks5t]: + m.wait_for_unit("privoxy") + m.wait_for_open_port(8118) + # We expect a 503 error because the dummy upstream proxy is not reachable. + # In issue #265654, instead privoxy segfaulted causing curl to exit with "Empty reply from server". + m.succeed("http_proxy=http://localhost:8118 curl -v http://does-not-exist/ 2>&1 | grep 'HTTP/1.1 503'") ''; }) diff --git a/nixpkgs/nixos/tests/prometheus-exporters.nix b/nixpkgs/nixos/tests/prometheus-exporters.nix index 632656ad5795..3dc368e320ff 100644 --- a/nixpkgs/nixos/tests/prometheus-exporters.nix +++ b/nixpkgs/nixos/tests/prometheus-exporters.nix @@ -418,54 +418,6 @@ let ''; }; - kea = let - controlSocketPathV4 = "/run/kea/dhcp4.sock"; - controlSocketPathV6 = "/run/kea/dhcp6.sock"; - in - { - exporterConfig = { - enable = true; - controlSocketPaths = [ - controlSocketPathV4 - controlSocketPathV6 - ]; - }; - metricProvider = { - services.kea = { - dhcp4 = { - enable = true; - settings = { - control-socket = { - socket-type = "unix"; - socket-name = controlSocketPathV4; - }; - }; - }; - dhcp6 = { - enable = true; - settings = { - control-socket = { - socket-type = "unix"; - socket-name = controlSocketPathV6; - }; - }; - }; - }; - }; - - exporterTest = '' - wait_for_unit("kea-dhcp4-server.service") - wait_for_unit("kea-dhcp6-server.service") - wait_for_file("${controlSocketPathV4}") - wait_for_file("${controlSocketPathV6}") - wait_for_unit("prometheus-kea-exporter.service") - wait_for_open_port(9547) - succeed( - "curl --fail localhost:9547/metrics | grep 'packets_received_total'" - ) - ''; - }; - knot = { exporterConfig = { enable = true; diff --git a/nixpkgs/nixos/tests/redlib.nix b/nixpkgs/nixos/tests/redlib.nix new file mode 100644 index 000000000000..e4bde25e30a6 --- /dev/null +++ b/nixpkgs/nixos/tests/redlib.nix @@ -0,0 +1,20 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: { + name = "redlib"; + meta.maintainers = with lib.maintainers; [ soispha ]; + + nodes.machine = { + services.libreddit = { + package = pkgs.redlib; + enable = true; + # Test CAP_NET_BIND_SERVICE + port = 80; + }; + }; + + testScript = '' + machine.wait_for_unit("libreddit.service") + machine.wait_for_open_port(80) + # Query a page that does not require Internet access + machine.succeed("curl --fail http://localhost:80/settings") + ''; +}) diff --git a/nixpkgs/nixos/tests/systemd-machinectl.nix b/nixpkgs/nixos/tests/systemd-machinectl.nix index b8ed0c33e8e4..02b4d9c590b5 100644 --- a/nixpkgs/nixos/tests/systemd-machinectl.nix +++ b/nixpkgs/nixos/tests/systemd-machinectl.nix @@ -42,8 +42,18 @@ import ./make-test-python.nix ({ pkgs, ... }: virtualisation.additionalPaths = [ containerSystem ]; - # not needed, but we want to test the nspawn file generation - systemd.nspawn.${containerName} = { }; + systemd.tmpfiles.rules = [ + "d /var/lib/machines/shared-decl 0755 root root - -" + ]; + systemd.nspawn.shared-decl = { + execConfig = { + Boot = false; + Parameters = "${containerSystem}/init"; + }; + filesConfig = { + BindReadOnly = "/nix/store"; + }; + }; systemd.services."systemd-nspawn@${containerName}" = { serviceConfig.Environment = [ @@ -52,14 +62,33 @@ import ./make-test-python.nix ({ pkgs, ... }: ]; overrideStrategy = "asDropin"; }; + + # open DHCP for container + networking.firewall.extraCommands = '' + ${pkgs.iptables}/bin/iptables -A nixos-fw -i ve-+ -p udp -m udp --dport 67 -j nixos-fw-accept + ''; }; testScript = '' start_all() machine.wait_for_unit("default.target"); - # Install container + # Test machinectl start stop of shared-decl + machine.succeed("machinectl start shared-decl"); + machine.wait_until_succeeds("systemctl -M shared-decl is-active default.target"); + machine.succeed("machinectl stop shared-decl"); + + # create containers root machine.succeed("mkdir -p ${containerRoot}"); + + # start container with shared nix store by using same arguments as for systemd-nspawn@.service + machine.succeed("systemd-run systemd-nspawn --machine=${containerName} --network-veth -U --bind-ro=/nix/store ${containerSystem}/init") + machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + + # Test machinectl stop + machine.succeed("machinectl stop ${containerName}"); + + # Install container # Workaround for nixos-install machine.succeed("chmod o+rx /var/lib/machines"); machine.succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd"); @@ -77,6 +106,12 @@ import ./make-test-python.nix ({ pkgs, ... }: # Test nss_mymachines via nscd machine.succeed("getent hosts ${containerName}"); + # Test systemd-nspawn network configuration to container + machine.succeed("networkctl --json=short status ve-${containerName} | ${pkgs.jq}/bin/jq -e '.OperationalState == \"routable\"'"); + + # Test systemd-nspawn network configuration to host + machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/networkctl --json=short status host0 | ${pkgs.jq}/bin/jq -r '.OperationalState == \"routable\"'"); + # Test systemd-nspawn network configuration machine.succeed("ping -n -c 1 ${containerName}"); diff --git a/nixpkgs/nixos/tests/vscodium.nix b/nixpkgs/nixos/tests/vscodium.nix index d817ce927ff8..76d5244b3ee3 100644 --- a/nixpkgs/nixos/tests/vscodium.nix +++ b/nixpkgs/nixos/tests/vscodium.nix @@ -76,4 +76,4 @@ let }); in -builtins.mapAttrs (k: v: mkTest k v { }) tests +builtins.mapAttrs (k: v: mkTest k v) tests diff --git a/nixpkgs/nixos/tests/web-apps/gotosocial.nix b/nixpkgs/nixos/tests/web-apps/gotosocial.nix index 6d279ab63a79..8c4e76b14e3b 100644 --- a/nixpkgs/nixos/tests/web-apps/gotosocial.nix +++ b/nixpkgs/nixos/tests/web-apps/gotosocial.nix @@ -1,7 +1,7 @@ { lib, ... }: { name = "gotosocial"; - meta.maintainers = with lib.maintainers; [ misuzu ]; + meta.maintainers = with lib.maintainers; [ misuzu blakesmith ]; nodes.machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.jq ]; diff --git a/nixpkgs/nixos/tests/web-apps/pretix.nix b/nixpkgs/nixos/tests/web-apps/pretix.nix new file mode 100644 index 000000000000..559316f9b85c --- /dev/null +++ b/nixpkgs/nixos/tests/web-apps/pretix.nix @@ -0,0 +1,47 @@ +{ + lib, + pkgs, + ... +}: + +{ + name = "pretix"; + meta.maintainers = with lib.maintainers; [ hexa ]; + + nodes = { + pretix = { + networking.extraHosts = '' + 127.0.0.1 tickets.local + ''; + + services.pretix = { + enable = true; + nginx.domain = "tickets.local"; + plugins = with pkgs.pretix.plugins; [ + passbook + pages + ]; + settings = { + pretix = { + instance_name = "NixOS Test"; + url = "http://tickets.local"; + }; + mail.from = "hello@tickets.local"; + }; + }; + }; + }; + + testScript = '' + start_all() + + pretix.wait_for_unit("pretix-web.service") + pretix.wait_for_unit("pretix-worker.service") + + pretix.wait_until_succeeds("curl -q --fail http://tickets.local") + + pretix.succeed("pretix-manage --help") + + pretix.log(pretix.succeed("systemd-analyze security pretix-web.service")) + ''; +} |