diff options
Diffstat (limited to 'nixpkgs/nixos/tests')
27 files changed, 871 insertions, 123 deletions
diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index 2c08fdba6c98..f7ad6c16f587 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -309,6 +309,7 @@ in { firefox-devedition = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-devedition; }; firefox-esr = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr; }; # used in `tested` job firefox-esr-115 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-115; }; + firefoxpwa = handleTest ./firefoxpwa.nix {}; firejail = handleTest ./firejail.nix {}; firewall = handleTest ./firewall.nix { nftables = false; }; firewall-nftables = handleTest ./firewall.nix { nftables = true; }; @@ -542,7 +543,9 @@ in { mobilizon = handleTest ./mobilizon.nix {}; mod_perl = handleTest ./mod_perl.nix {}; molly-brown = handleTest ./molly-brown.nix {}; + mollysocket = handleTest ./mollysocket.nix { }; monado = handleTest ./monado.nix {}; + monetdb = handleTest ./monetdb.nix {}; monica = handleTest ./web-apps/monica.nix {}; mongodb = handleTest ./mongodb.nix {}; moodle = handleTest ./moodle.nix {}; @@ -695,6 +698,7 @@ in { pgmanage = handleTest ./pgmanage.nix {}; pgvecto-rs = handleTest ./pgvecto-rs.nix {}; phosh = handleTest ./phosh.nix {}; + photonvision = handleTest ./photonvision.nix {}; photoprism = handleTest ./photoprism.nix {}; php = handleTest ./php {}; php81 = handleTest ./php { php = pkgs.php81; }; @@ -788,6 +792,7 @@ in { sanoid = handleTest ./sanoid.nix {}; scaphandre = handleTest ./scaphandre.nix {}; schleuder = handleTest ./schleuder.nix {}; + scion-freestanding-deployment = handleTest ./scion/freestanding-deployment {}; scrutiny = handleTest ./scrutiny.nix {}; sddm = handleTest ./sddm.nix {}; seafile = handleTest ./seafile.nix {}; @@ -899,6 +904,7 @@ in { systemd-sysusers-immutable = runTest ./systemd-sysusers-immutable.nix; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; systemd-timesyncd-nscd-dnssec = handleTest ./systemd-timesyncd-nscd-dnssec.nix {}; + systemd-user-linger = handleTest ./systemd-user-linger.nix {}; systemd-user-tmpfiles-rules = handleTest ./systemd-user-tmpfiles-rules.nix {}; systemd-misc = handleTest ./systemd-misc.nix {}; systemd-userdbd = handleTest ./systemd-userdbd.nix {}; @@ -959,6 +965,7 @@ in { user-activation-scripts = handleTest ./user-activation-scripts.nix {}; user-expiry = runTest ./user-expiry.nix; user-home-mode = handleTest ./user-home-mode.nix {}; + ustreamer = handleTest ./ustreamer.nix {}; uwsgi = handleTest ./uwsgi.nix {}; v2ray = handleTest ./v2ray.nix {}; varnish60 = handleTest ./varnish.nix { package = pkgs.varnish60; }; diff --git a/nixpkgs/nixos/tests/armagetronad.nix b/nixpkgs/nixos/tests/armagetronad.nix index ff2841dedd21..d59827354b77 100644 --- a/nixpkgs/nixos/tests/armagetronad.nix +++ b/nixpkgs/nixos/tests/armagetronad.nix @@ -1,4 +1,9 @@ -import ./make-test-python.nix ({ pkgs, ...} : +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing-python.nix { inherit system pkgs; }; let user = "alice"; @@ -16,7 +21,8 @@ let test-support.displayManager.auto.user = user; }; -in { +in +makeTest { name = "armagetronad"; meta = with pkgs.lib.maintainers; { maintainers = [ numinit ]; @@ -269,4 +275,4 @@ in { srv.node.wait_until_fails(f"ss --numeric --udp --listening | grep -q {srv.port}") ''; -}) +} diff --git a/nixpkgs/nixos/tests/firefoxpwa.nix b/nixpkgs/nixos/tests/firefoxpwa.nix new file mode 100644 index 000000000000..374d67b01ac6 --- /dev/null +++ b/nixpkgs/nixos/tests/firefoxpwa.nix @@ -0,0 +1,36 @@ +import ./make-test-python.nix ({ lib, ... }: + +{ + name = "firefoxpwa"; + meta.maintainers = with lib.maintainers; [ camillemndn ]; + + nodes.machine = + { pkgs, ... }: + { + imports = [ ./common/x11.nix ]; + environment.systemPackages = with pkgs; [ firefoxpwa jq ]; + + programs.firefox = { + enable = true; + nativeMessagingHosts.packages = [ pkgs.firefoxpwa ]; + }; + + services.jellyfin.enable = true; + }; + + enableOCR = true; + + testScript = '' + machine.start() + + with subtest("Install a progressive web app"): + machine.wait_for_unit("jellyfin.service") + machine.wait_for_open_port(8096) + machine.succeed("firefoxpwa site install http://localhost:8096/web/manifest.json >&2") + + with subtest("Launch the progressive web app"): + machine.succeed("firefoxpwa site launch $(jq -r < ~/.local/share/firefoxpwa/config.json '.sites | keys[0]') >&2") + machine.wait_for_window("Jellyfin") + machine.wait_for_text("Jellyfin") + ''; +}) diff --git a/nixpkgs/nixos/tests/goss.nix b/nixpkgs/nixos/tests/goss.nix index 6b772d19215e..2e77b2734464 100644 --- a/nixpkgs/nixos/tests/goss.nix +++ b/nixpkgs/nixos/tests/goss.nix @@ -28,10 +28,6 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; group.root.exists = true; kernel-param."kernel.ostype".value = "Linux"; - service.goss = { - enabled = true; - running = true; - }; user.root.exists = true; }; }; @@ -46,8 +42,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { with subtest("returns health status"): result = json.loads(machine.succeed("curl -sS http://localhost:8080/healthz")) - assert len(result["results"]) == 10, f".results should be an array of 10 items, was {result['results']!r}" + assert len(result["results"]) == 8, f".results should be an array of 10 items, was {result['results']!r}" assert result["summary"]["failed-count"] == 0, f".summary.failed-count should be zero, was {result['summary']['failed-count']}" - assert result["summary"]["test-count"] == 10, f".summary.test-count should be 10, was {result['summary']['test-count']}" + assert result["summary"]["test-count"] == 8, f".summary.test-count should be 10, was {result['summary']['test-count']}" ''; }) diff --git a/nixpkgs/nixos/tests/incus/container.nix b/nixpkgs/nixos/tests/incus/container.nix index 9260f70da98c..a71c5355046a 100644 --- a/nixpkgs/nixos/tests/incus/container.nix +++ b/nixpkgs/nixos/tests/incus/container.nix @@ -1,20 +1,21 @@ -import ../make-test-python.nix ({ pkgs, lib, extra ? {}, ... } : +import ../make-test-python.nix ({ pkgs, lib, extra ? {}, name ? "incus-container", ... } : let releases = import ../../release.nix { - configuration = { - # Building documentation makes the test unnecessarily take a longer time: - documentation.enable = lib.mkForce false; + configuration = lib.recursiveUpdate { + # Building documentation makes the test unnecessarily take a longer time: + documentation.enable = lib.mkForce false; - boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; - } // extra; + boot.kernel.sysctl."net.ipv4.ip_forward" = "1"; + } + extra; }; container-image-metadata = releases.lxdContainerMeta.${pkgs.stdenv.hostPlatform.system}; container-image-rootfs = releases.lxdContainerImage.${pkgs.stdenv.hostPlatform.system}; in { - name = "incus-container"; + inherit name; meta = { maintainers = lib.teams.lxc.members; diff --git a/nixpkgs/nixos/tests/incus/default.nix b/nixpkgs/nixos/tests/incus/default.nix index 32bc5396a164..b850c4fba018 100644 --- a/nixpkgs/nixos/tests/incus/default.nix +++ b/nixpkgs/nixos/tests/incus/default.nix @@ -5,16 +5,22 @@ handleTestOn, }: { - container-old-init = import ./container.nix { inherit system pkgs; }; - container-new-init = import ./container.nix { inherit system pkgs; extra = { - # Enable new systemd init - boot.initrd.systemd.enable = true; - }; }; + container-legacy-init = import ./container.nix { + name = "container-legacy-init"; + inherit system pkgs; + }; + container-systemd-init = import ./container.nix { + name = "container-systemd-init"; + inherit system pkgs; + extra = { + boot.initrd.systemd.enable = true; + }; + }; lxd-to-incus = import ./lxd-to-incus.nix { inherit system pkgs; }; openvswitch = import ./openvswitch.nix { inherit system pkgs; }; preseed = import ./preseed.nix { inherit system pkgs; }; socket-activated = import ./socket-activated.nix { inherit system pkgs; }; storage = import ./storage.nix { inherit system pkgs; }; - ui = import ./ui.nix {inherit system pkgs;}; + ui = import ./ui.nix { inherit system pkgs; }; virtual-machine = handleTestOn [ "x86_64-linux" ] ./virtual-machine.nix { inherit system pkgs; }; } diff --git a/nixpkgs/nixos/tests/incus/lxd-to-incus.nix b/nixpkgs/nixos/tests/incus/lxd-to-incus.nix index 262f63c0f26f..e93b76591eca 100644 --- a/nixpkgs/nixos/tests/incus/lxd-to-incus.nix +++ b/nixpkgs/nixos/tests/incus/lxd-to-incus.nix @@ -95,7 +95,7 @@ import ../make-test-python.nix ( machine.wait_for_unit("incus.service") with machine.nested("run migration"): - machine.succeed("lxd-to-incus --yes") + machine.succeed("${pkgs.incus}/bin/lxd-to-incus --yes") with machine.nested("verify resources migrated to incus"): machine.succeed("incus config show container") diff --git a/nixpkgs/nixos/tests/k3s/multi-node.nix b/nixpkgs/nixos/tests/k3s/multi-node.nix index 932b4639b39c..20279f3ca4b9 100644 --- a/nixpkgs/nixos/tests/k3s/multi-node.nix +++ b/nixpkgs/nixos/tests/k3s/multi-node.nix @@ -128,9 +128,7 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }: }; }; - meta = with pkgs.lib.maintainers; { - maintainers = [ euank ]; - }; + meta.maintainers = k3s.meta.maintainers; testScript = '' machines = [server, server2, agent] diff --git a/nixpkgs/nixos/tests/k3s/single-node.nix b/nixpkgs/nixos/tests/k3s/single-node.nix index e059603b9c9d..fd64a050e61e 100644 --- a/nixpkgs/nixos/tests/k3s/single-node.nix +++ b/nixpkgs/nixos/tests/k3s/single-node.nix @@ -25,9 +25,7 @@ import ../make-test-python.nix ({ pkgs, lib, k3s, ... }: in { name = "${k3s.name}-single-node"; - meta = with pkgs.lib.maintainers; { - maintainers = [ euank ]; - }; + meta.maintainers = k3s.meta.maintainers; nodes.machine = { pkgs, ... }: { environment.systemPackages = with pkgs; [ k3s gzip ]; diff --git a/nixpkgs/nixos/tests/kavita.nix b/nixpkgs/nixos/tests/kavita.nix index f27b3fffbcf6..bb55e1fb29d4 100644 --- a/nixpkgs/nixos/tests/kavita.nix +++ b/nixpkgs/nixos/tests/kavita.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ pkgs, ...} : { +import ./make-test-python.nix ({ pkgs, ... }: { name = "kavita"; meta = with pkgs.lib.maintainers; { maintainers = [ misterio77 ]; @@ -8,29 +8,35 @@ import ./make-test-python.nix ({ pkgs, ...} : { kavita = { config, pkgs, ... }: { services.kavita = { enable = true; - port = 5000; - tokenKeyFile = builtins.toFile "kavita.key" "QfpjFvjT83BLtZ74GE3U3Q=="; + tokenKeyFile = builtins.toFile "kavita.key" "d26ba694b455271a8872415830fb7b5c58f8da98f9ef7f58b2ca4c34bd406512"; }; }; }; - testScript = let - regUrl = "http://kavita:5000/api/Account/register"; - payload = builtins.toFile "payload.json" (builtins.toJSON { - username = "foo"; - password = "correcthorsebatterystaple"; - email = "foo@bar"; - }); - in '' - kavita.start - kavita.wait_for_unit("kavita.service") + testScript = + let + regUrl = "http://kavita:5000/api/Account/register"; + loginUrl = "http://kavita:5000/api/Account/login"; + localeUrl = "http://kavita:5000/api/locale"; + in + '' + import json - # Check that static assets are working - kavita.wait_until_succeeds("curl http://kavita:5000/site.webmanifest | grep Kavita") + kavita.start + kavita.wait_for_unit("kavita.service") - # Check that registration is working - kavita.succeed("curl -fX POST ${regUrl} --json @${payload}") - # But only for the first one - kavita.fail("curl -fX POST ${regUrl} --json @${payload}") - ''; + # Check that static assets are working + kavita.wait_until_succeeds("curl http://kavita:5000/site.webmanifest | grep Kavita") + + # Check that registration is working + kavita.succeed("""curl -fX POST ${regUrl} --json '{"username": "foo", "password": "correcthorsebatterystaple"}'""") + # But only for the first one + kavita.fail("""curl -fX POST ${regUrl} --json '{"username": "foo", "password": "correcthorsebatterystaple"}'""") + + # Log in and retrieve token + session = json.loads(kavita.succeed("""curl -fX POST ${loginUrl} --json '{"username": "foo", "password": "correcthorsebatterystaple"}'""")) + # Check list of locales + locales = json.loads(kavita.succeed(f"curl -fX GET ${localeUrl} -H 'Authorization: Bearer {session['token']}'")) + assert len(locales) > 0, "expected a list of locales" + ''; }) diff --git a/nixpkgs/nixos/tests/make-test-python.nix b/nixpkgs/nixos/tests/make-test-python.nix index 32531fffd2bf..28569f1d2955 100644 --- a/nixpkgs/nixos/tests/make-test-python.nix +++ b/nixpkgs/nixos/tests/make-test-python.nix @@ -1,5 +1,5 @@ f: { - system, + system ? builtins.currentSystem, pkgs ? import ../.. { inherit system; config = {}; overlays = []; }, ... } @ args: diff --git a/nixpkgs/nixos/tests/mollysocket.nix b/nixpkgs/nixos/tests/mollysocket.nix new file mode 100644 index 000000000000..8cbd0c0272e0 --- /dev/null +++ b/nixpkgs/nixos/tests/mollysocket.nix @@ -0,0 +1,27 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: + +let + port = 1234; +in { + name = "mollysocket"; + meta.maintainers = with lib.maintainers; [ dotlambda ]; + + nodes.mollysocket = { ... }: { + services.mollysocket = { + enable = true; + settings = { + inherit port; + }; + }; + }; + + testScript = '' + import json + + mollysocket.wait_for_unit("mollysocket.service") + mollysocket.wait_for_open_port(${toString port}) + + out = mollysocket.succeed("curl --fail http://127.0.0.1:${toString port}") + assert json.loads(out)["mollysocket"]["version"] == "${toString pkgs.mollysocket.version}" + ''; +}) diff --git a/nixpkgs/nixos/tests/monetdb.nix b/nixpkgs/nixos/tests/monetdb.nix new file mode 100644 index 000000000000..acbf01f76975 --- /dev/null +++ b/nixpkgs/nixos/tests/monetdb.nix @@ -0,0 +1,77 @@ +import ./make-test-python.nix ({ pkgs, ...} : + let creds = pkgs.writeText ".monetdb" '' + user=monetdb + password=monetdb + ''; + createUser = pkgs.writeText "createUser.sql" '' + CREATE USER "voc" WITH PASSWORD 'voc' NAME 'VOC Explorer' SCHEMA "sys"; + CREATE SCHEMA "voc" AUTHORIZATION "voc"; + ALTER USER "voc" SET SCHEMA "voc"; + ''; + credsVoc = pkgs.writeText ".monetdb" '' + user=voc + password=voc + ''; + transaction = pkgs.writeText "transaction" '' + START TRANSACTION; + CREATE TABLE test (id int, data varchar(30)); + ROLLBACK; + ''; + vocData = pkgs.fetchzip { + url = "https://dev.monetdb.org/Assets/VOC/voc_dump.zip"; + hash = "sha256-sQ5acTsSAiXQfOgt2PhN7X7Z9TZGZtLrPPxgQT2pCGQ="; + }; + onboardPeople = pkgs.writeText "onboardPeople" '' + CREATE VIEW onboard_people AS + SELECT * FROM ( + SELECT 'craftsmen' AS type, craftsmen.* FROM craftsmen + UNION ALL + SELECT 'impotenten' AS type, impotenten.* FROM impotenten + UNION ALL + SELECT 'passengers' AS type, passengers.* FROM passengers + UNION ALL + SELECT 'seafarers' AS type, seafarers.* FROM seafarers + UNION ALL + SELECT 'soldiers' AS type, soldiers.* FROM soldiers + UNION ALL + SELECT 'total' AS type, total.* FROM total + ) AS onboard_people_table; + SELECT type, COUNT(*) AS total + FROM onboard_people GROUP BY type ORDER BY type; + ''; + onboardExpected = pkgs.lib.strings.replaceStrings ["\n"] ["\\n"] '' + +------------+-------+ + | type | total | + +============+=======+ + | craftsmen | 2349 | + | impotenten | 938 | + | passengers | 2813 | + | seafarers | 4468 | + | soldiers | 4177 | + | total | 2467 | + +------------+-------+ + ''; + in { + name = "monetdb"; + meta = with pkgs.lib.maintainers; { + maintainers = [ StillerHarpo ]; + }; + nodes.machine.services.monetdb.enable = true; + testScript = '' + machine.start() + machine.wait_for_unit("monetdb") + machine.succeed("monetdbd create mydbfarm") + machine.succeed("monetdbd start mydbfarm") + machine.succeed("monetdb create voc") + machine.succeed("monetdb release voc") + machine.succeed("cp ${creds} ./.monetdb") + assert "hello world" in machine.succeed("mclient -d voc -s \"SELECT 'hello world'\"") + machine.succeed("mclient -d voc ${createUser}") + machine.succeed("cp ${credsVoc} ./.monetdb") + machine.succeed("mclient -d voc ${transaction}") + machine.succeed("mclient -d voc ${vocData}/voc_dump.sql") + assert "8131" in machine.succeed("mclient -d voc -s \"SELECT count(*) FROM voyages\"") + assert "${onboardExpected}" in machine.succeed("mclient -d voc ${onboardPeople}") + + ''; + }) diff --git a/nixpkgs/nixos/tests/nix-ld.nix b/nixpkgs/nixos/tests/nix-ld.nix index 8733f5b0c397..9b851f88617a 100644 --- a/nixpkgs/nixos/tests/nix-ld.nix +++ b/nixpkgs/nixos/tests/nix-ld.nix @@ -1,17 +1,39 @@ -import ./make-test-python.nix ({ lib, pkgs, ...} : +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../.. { inherit system config; } +}: +let + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; + shared = + { config, pkgs, ... }: + { + programs.nix-ld.enable = true; + environment.systemPackages = [ + (pkgs.runCommand "patched-hello" { } '' + install -D -m755 ${pkgs.hello}/bin/hello $out/bin/hello + patchelf $out/bin/hello --set-interpreter $(cat ${config.programs.nix-ld.package}/nix-support/ldpath) + '') + ]; + }; +in { - name = "nix-ld"; - nodes.machine = { pkgs, ... }: { - programs.nix-ld.enable = true; - environment.systemPackages = [ - (pkgs.runCommand "patched-hello" {} '' - install -D -m755 ${pkgs.hello}/bin/hello $out/bin/hello - patchelf $out/bin/hello --set-interpreter $(cat ${pkgs.nix-ld}/nix-support/ldpath) - '') - ]; + nix-ld = makeTest { + name = "nix-ld"; + nodes.machine = shared; + testScript = '' + start_all() + machine.succeed("hello") + ''; }; - testScript = '' - start_all() - machine.succeed("hello") - ''; -}) + nix-ld-rs = makeTest { + name = "nix-ld-rs"; + nodes.machine = { + imports = [ shared ]; + programs.nix-ld.package = pkgs.nix-ld-rs; + }; + testScript = '' + start_all() + machine.succeed("hello") + ''; + }; +} diff --git a/nixpkgs/nixos/tests/nixos-rebuild-install-bootloader.nix b/nixpkgs/nixos/tests/nixos-rebuild-install-bootloader.nix index 3ade90ea24a7..94554a93bd63 100644 --- a/nixpkgs/nixos/tests/nixos-rebuild-install-bootloader.nix +++ b/nixpkgs/nixos/tests/nixos-rebuild-install-bootloader.nix @@ -60,7 +60,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { # Need to run `nixos-rebuild` twice because the first run will install # GRUB anyway with subtest("Switch system again and install bootloader"): - result = machine.succeed("nixos-rebuild switch --install-bootloader") + result = machine.succeed("nixos-rebuild switch --install-bootloader 2>&1") # install-grub2.pl messages assert "updating GRUB 2 menu..." in result assert "installing the GRUB 2 boot loader on /dev/vda..." in result diff --git a/nixpkgs/nixos/tests/photonvision.nix b/nixpkgs/nixos/tests/photonvision.nix new file mode 100644 index 000000000000..2cadaa4bc02e --- /dev/null +++ b/nixpkgs/nixos/tests/photonvision.nix @@ -0,0 +1,21 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: +{ + name = "photonvision"; + + nodes = { + machine = { pkgs, ... }: { + services.photonvision = { + enable = true; + }; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("photonvision.service") + machine.wait_for_open_port(5800) + ''; + + meta.maintainers = with lib.maintainers; [ max-niederman ]; +}) + diff --git a/nixpkgs/nixos/tests/scion/freestanding-deployment/README.rst b/nixpkgs/nixos/tests/scion/freestanding-deployment/README.rst new file mode 100644 index 000000000000..b2448a2dc9ad --- /dev/null +++ b/nixpkgs/nixos/tests/scion/freestanding-deployment/README.rst @@ -0,0 +1,12 @@ +This NixOS VM test implements the network topology outlined in https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst#sample-scion-demo-topology, below is an excerpt from that document + +Sample SCION Demo Topology +.......................... + +The topology of the ISD includes the inter-AS connections to neighboring ASes, and defines the underlay IP/UDP addresses of services and routers running in this AS. This is specified in topology files - this guide later explains how to configure these files. A following graphic depicts the topology on a high level. + +.. figure:: https://github.com/scionproto/scion/raw/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy/SCION-deployment-guide.drawio.png + :width: 95 % + :figwidth: 100 % + + *Figure 1 - Topology of the sample SCION demo environment. It consists of 1 ISD, 3 core ASes and 2 non-core ASes.* diff --git a/nixpkgs/nixos/tests/scion/freestanding-deployment/default.nix b/nixpkgs/nixos/tests/scion/freestanding-deployment/default.nix new file mode 100644 index 000000000000..0c9686fbfbad --- /dev/null +++ b/nixpkgs/nixos/tests/scion/freestanding-deployment/default.nix @@ -0,0 +1,172 @@ +# implements https://github.com/scionproto/scion/blob/27983125bccac6b84d1f96f406853aab0e460405/doc/tutorials/deploy.rst +import ../../make-test-python.nix ({ pkgs, ... }: +let + trust-root-configuration-keys = pkgs.runCommand "generate-trc-keys.sh" { + buildInputs = [ + pkgs.scion + ]; + } '' + set -euo pipefail + + mkdir /tmp/tutorial-scion-certs && cd /tmp/tutorial-scion-certs + mkdir AS{1..5} + + # Create voting and root keys and (self-signed) certificates for core ASes + pushd AS1 + scion-pki certificate create --not-after=3650d --profile=sensitive-voting <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 sensitive voting cert"}') sensitive-voting.pem sensitive-voting.key + scion-pki certificate create --not-after=3650d --profile=regular-voting <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 regular voting cert"}') regular-voting.pem regular-voting.key + scion-pki certificate create --not-after=3650d --profile=cp-root <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 cp root cert"}') cp-root.pem cp-root.key + popd + + pushd AS2 + scion-pki certificate create --not-after=3650d --profile=cp-root <(echo '{"isd_as": "42-ffaa:1:2", "common_name": "42-ffaa:1:2 cp root cert"}') cp-root.pem cp-root.key + popd + + pushd AS3 + scion-pki certificate create --not-after=3650d --profile=sensitive-voting <(echo '{"isd_as": "42-ffaa:1:3", "common_name": "42-ffaa:1:3 sensitive voting cert"}') sensitive-voting.pem sensitive-voting.key + scion-pki certificate create --not-after=3650d --profile=regular-voting <(echo '{"isd_as": "42-ffaa:1:3", "common_name": "42-ffaa:1:3 regular voting cert"}') regular-voting.pem regular-voting.key + popd + + # Create the TRC (Trust Root Configuration) + mkdir tmp + echo ' + isd = 42 + description = "Demo ISD 42" + serial_version = 1 + base_version = 1 + voting_quorum = 2 + + core_ases = ["ffaa:1:1", "ffaa:1:2", "ffaa:1:3"] + authoritative_ases = ["ffaa:1:1", "ffaa:1:2", "ffaa:1:3"] + cert_files = ["AS1/sensitive-voting.pem", "AS1/regular-voting.pem", "AS1/cp-root.pem", "AS2/cp-root.pem", "AS3/sensitive-voting.pem", "AS3/regular-voting.pem"] + + [validity] + not_before = '$(date +%s)' + validity = "365d"' \ + > trc-B1-S1-pld.tmpl + + scion-pki trc payload --out=tmp/ISD42-B1-S1.pld.der --template trc-B1-S1-pld.tmpl + rm trc-B1-S1-pld.tmpl + + # Sign and bundle the TRC + scion-pki trc sign tmp/ISD42-B1-S1.pld.der AS1/sensitive-voting.{pem,key} --out tmp/ISD42-B1-S1.AS1-sensitive.trc + scion-pki trc sign tmp/ISD42-B1-S1.pld.der AS1/regular-voting.{pem,key} --out tmp/ISD42-B1-S1.AS1-regular.trc + scion-pki trc sign tmp/ISD42-B1-S1.pld.der AS3/sensitive-voting.{pem,key} --out tmp/ISD42-B1-S1.AS3-sensitive.trc + scion-pki trc sign tmp/ISD42-B1-S1.pld.der AS3/regular-voting.{pem,key} --out tmp/ISD42-B1-S1.AS3-regular.trc + + scion-pki trc combine tmp/ISD42-B1-S1.AS{1,3}-{sensitive,regular}.trc --payload tmp/ISD42-B1-S1.pld.der --out ISD42-B1-S1.trc + rm tmp -r + + # Create CA key and certificate for issuing ASes + pushd AS1 + scion-pki certificate create --profile=cp-ca <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 CA cert"}') cp-ca.pem cp-ca.key --ca cp-root.pem --ca-key cp-root.key + popd + pushd AS2 + scion-pki certificate create --profile=cp-ca <(echo '{"isd_as": "42-ffaa:1:2", "common_name": "42-ffaa:1:2 CA cert"}') cp-ca.pem cp-ca.key --ca cp-root.pem --ca-key cp-root.key + popd + + # Create AS key and certificate chains + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:1", "common_name": "42-ffaa:1:1 AS cert"}') AS1/cp-as.pem AS1/cp-as.key --ca AS1/cp-ca.pem --ca-key AS1/cp-ca.key --bundle + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:2", "common_name": "42-ffaa:1:2 AS cert"}') AS2/cp-as.pem AS2/cp-as.key --ca AS2/cp-ca.pem --ca-key AS2/cp-ca.key --bundle + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:3", "common_name": "42-ffaa:1:3 AS cert"}') AS3/cp-as.pem AS3/cp-as.key --ca AS1/cp-ca.pem --ca-key AS1/cp-ca.key --bundle + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:4", "common_name": "42-ffaa:1:4 AS cert"}') AS4/cp-as.pem AS4/cp-as.key --ca AS1/cp-ca.pem --ca-key AS1/cp-ca.key --bundle + scion-pki certificate create --profile=cp-as <(echo '{"isd_as": "42-ffaa:1:5", "common_name": "42-ffaa:1:5 AS cert"}') AS5/cp-as.pem AS5/cp-as.key --ca AS2/cp-ca.pem --ca-key AS2/cp-ca.key --bundle + + for i in {1..5} + do + mkdir -p $out/AS$i + cp AS$i/cp-as.{key,pem} $out/AS$i + done + + mv *.trc $out + ''; + imports = hostId: [ + ({ + services.scion = { + enable = true; + bypassBootstrapWarning = true; + }; + networking = { + useNetworkd = true; + useDHCP = false; + }; + systemd.network.networks."01-eth1" = { + name = "eth1"; + networkConfig.Address = "192.168.1.${toString hostId}/24"; + }; + environment.etc = { + "scion/topology.json".source = ./topology${toString hostId}.json; + "scion/crypto/as".source = trust-root-configuration-keys + "/AS${toString hostId}"; + "scion/certs/ISD42-B1-S1.trc".source = trust-root-configuration-keys + "/ISD42-B1-S1.trc"; + "scion/keys/master0.key".text = "U${toString hostId}v4k23ZXjGDwDofg/Eevw=="; + "scion/keys/master1.key".text = "dBMko${toString hostId}qMS8DfrN/zP2OUdA=="; + }; + environment.systemPackages = [ + pkgs.scion + ]; + }) + ]; +in +{ + name = "scion-test"; + nodes = { + scion01 = { ... }: { + imports = (imports 1); + }; + scion02 = { ... }: { + imports = (imports 2); + }; + scion03 = { ... }: { + imports = (imports 3); + }; + scion04 = { ... }: { + imports = (imports 4); + }; + scion05 = { ... }: { + imports = (imports 5); + }; + }; + testScript = let + pingAll = pkgs.writeShellScript "ping-all-scion.sh" '' + addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5" + timeout=100 + wait_for_all() { + for as in "$@" + do + scion showpaths $as --no-probe > /dev/null + return 1 + done + return 0 + } + ping_all() { + for as in "$@" + do + scion ping "$as,127.0.0.1" -c 3 + done + return 0 + } + for i in $(seq 0 $timeout); do + wait_for_all $addresses && exit 0 + ping_all $addresses && exit 0 + sleep 1 + done + ''; + in + '' + # List of AS instances + machines = [scion01, scion02, scion03, scion04, scion05] + + # Wait for scion-control.service on all instances + for i in machines: + i.wait_for_unit("scion-control.service") + + # Execute pingAll command on all instances + for i in machines: + i.succeed("${pingAll} >&2") + + # Restart scion-dispatcher and ping again to test robustness + for i in machines: + i.succeed("systemctl restart scion-dispatcher >&2") + i.succeed("${pingAll} >&2") + ''; +}) diff --git a/nixpkgs/nixos/tests/scion/freestanding-deployment/topology1.json b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology1.json new file mode 100644 index 000000000000..de51515eebc2 --- /dev/null +++ b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology1.json @@ -0,0 +1,51 @@ +{ + "attributes": [ + "core" + ], + "isd_as": "42-ffaa:1:1", + "mtu": 1472, + "control_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "discovery_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "border_routers": { + "br": { + "internal_addr": "127.0.0.1:31002", + "interfaces": { + "1": { + "underlay": { + "public": "192.168.1.1:50014", + "remote": "192.168.1.4:50014" + }, + "isd_as": "42-ffaa:1:4", + "link_to": "child", + "mtu": 1472 + }, + "2": { + "underlay": { + "public": "192.168.1.1:50012", + "remote": "192.168.1.2:50012" + }, + "isd_as": "42-ffaa:1:2", + "link_to": "core", + "mtu": 1472 + }, + "3": { + "underlay": { + "public": "192.168.1.1:50013", + "remote": "192.168.1.3:50013" + }, + "isd_as": "42-ffaa:1:3", + "link_to": "core", + "mtu": 1472 + } + } + } + } +} diff --git a/nixpkgs/nixos/tests/scion/freestanding-deployment/topology2.json b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology2.json new file mode 100644 index 000000000000..f8e10d5d1f75 --- /dev/null +++ b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology2.json @@ -0,0 +1,51 @@ +{ + "attributes": [ + "core" + ], + "isd_as": "42-ffaa:1:2", + "mtu": 1472, + "control_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "discovery_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "border_routers": { + "br": { + "internal_addr": "127.0.0.1:31002", + "interfaces": { + "1": { + "underlay": { + "public": "192.168.1.2:50012", + "remote": "192.168.1.1:50012" + }, + "isd_as": "42-ffaa:1:1", + "link_to": "core", + "mtu": 1472 + }, + "2": { + "underlay": { + "public": "192.168.1.2:50023", + "remote": "192.168.1.3:50023" + }, + "isd_as": "42-ffaa:1:3", + "link_to": "core", + "mtu": 1472 + }, + "3": { + "underlay": { + "public": "192.168.1.2:50025", + "remote": "192.168.1.5:50025" + }, + "isd_as": "42-ffaa:1:5", + "link_to": "child", + "mtu": 1472 + } + } + } + } +} diff --git a/nixpkgs/nixos/tests/scion/freestanding-deployment/topology3.json b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology3.json new file mode 100644 index 000000000000..53cee431885b --- /dev/null +++ b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology3.json @@ -0,0 +1,60 @@ +{ + "attributes": [ + "core" + ], + "isd_as": "42-ffaa:1:3", + "mtu": 1472, + "control_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "discovery_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "border_routers": { + "br": { + "internal_addr": "127.0.0.1:31002", + "interfaces": { + "1": { + "underlay": { + "public": "192.168.1.3:50013", + "remote": "192.168.1.1:50013" + }, + "isd_as": "42-ffaa:1:1", + "link_to": "core", + "mtu": 1472 + }, + "2": { + "underlay": { + "public": "192.168.1.3:50023", + "remote": "192.168.1.2:50023" + }, + "isd_as": "42-ffaa:1:2", + "link_to": "core", + "mtu": 1472 + }, + "3": { + "underlay": { + "public": "192.168.1.3:50034", + "remote": "192.168.1.4:50034" + }, + "isd_as": "42-ffaa:1:4", + "link_to": "child", + "mtu": 1472 + }, + "4": { + "underlay": { + "public": "192.168.1.3:50035", + "remote": "192.168.1.5:50035" + }, + "isd_as": "42-ffaa:1:5", + "link_to": "child", + "mtu": 1472 + } + } + } + } +} diff --git a/nixpkgs/nixos/tests/scion/freestanding-deployment/topology4.json b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology4.json new file mode 100644 index 000000000000..03c507a4daf5 --- /dev/null +++ b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology4.json @@ -0,0 +1,40 @@ +{ + "attributes": [], + "isd_as": "42-ffaa:1:4", + "mtu": 1472, + "control_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "discovery_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "border_routers": { + "br": { + "internal_addr": "127.0.0.1:31002", + "interfaces": { + "1": { + "underlay": { + "public": "192.168.1.4:50014", + "remote": "192.168.1.1:50014" + }, + "isd_as": "42-ffaa:1:1", + "link_to": "parent", + "mtu": 1472 + }, + "2": { + "underlay": { + "public": "192.168.1.4:50034", + "remote": "192.168.1.3:50034" + }, + "isd_as": "42-ffaa:1:3", + "link_to": "parent", + "mtu": 1472 + } + } + } + } +} diff --git a/nixpkgs/nixos/tests/scion/freestanding-deployment/topology5.json b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology5.json new file mode 100644 index 000000000000..6114c1f73c2a --- /dev/null +++ b/nixpkgs/nixos/tests/scion/freestanding-deployment/topology5.json @@ -0,0 +1,40 @@ +{ + "attributes": [], + "isd_as": "42-ffaa:1:5", + "mtu": 1472, + "control_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "discovery_service": { + "cs": { + "addr": "127.0.0.1:31000" + } + }, + "border_routers": { + "br": { + "internal_addr": "127.0.0.1:31002", + "interfaces": { + "1": { + "underlay": { + "public": "192.168.1.5:50025", + "remote": "192.168.1.2:50025" + }, + "isd_as": "42-ffaa:1:2", + "link_to": "parent", + "mtu": 1472 + }, + "2": { + "underlay": { + "public": "192.168.1.5:50035", + "remote": "192.168.1.3:50035" + }, + "isd_as": "42-ffaa:1:3", + "link_to": "parent", + "mtu": 1472 + } + } + } + } +} diff --git a/nixpkgs/nixos/tests/systemd-user-linger.nix b/nixpkgs/nixos/tests/systemd-user-linger.nix new file mode 100644 index 000000000000..2c3d71668979 --- /dev/null +++ b/nixpkgs/nixos/tests/systemd-user-linger.nix @@ -0,0 +1,39 @@ +import ./make-test-python.nix ( + { lib, ... }: + { + name = "systemd-user-linger"; + + nodes.machine = + { ... }: + { + users.users = { + alice = { + isNormalUser = true; + linger = true; + uid = 1000; + }; + + bob = { + isNormalUser = true; + linger = false; + uid = 10001; + }; + }; + }; + + testScript = + { ... }: + '' + machine.wait_for_file("/var/lib/systemd/linger/alice") + machine.succeed("systemctl status user-1000.slice") + + machine.fail("test -e /var/lib/systemd/linger/bob") + machine.fail("systemctl status user-1001.slice") + + with subtest("missing users have linger purged"): + machine.succeed("touch /var/lib/systemd/linger/missing") + machine.systemctl("restart linger-users") + machine.succeed("test ! -e /var/lib/systemd/linger/missing") + ''; + } +) diff --git a/nixpkgs/nixos/tests/tracee.nix b/nixpkgs/nixos/tests/tracee.nix index 3dadc0f9fdb3..1c241f3ec498 100644 --- a/nixpkgs/nixos/tests/tracee.nix +++ b/nixpkgs/nixos/tests/tracee.nix @@ -1,7 +1,13 @@ -import ./make-test-python.nix ({ pkgs, ... }: { +import ./make-test-python.nix ({ pkgs, ... }: rec { name = "tracee-integration"; meta.maintainers = pkgs.tracee.meta.maintainers; + passthru.hello-world-builder = pkgs: pkgs.dockerTools.buildImage { + name = "hello-world"; + tag = "latest"; + config.Cmd = [ "${pkgs.hello}/bin/hello" ]; + }; + nodes = { machine = { config, pkgs, ... }: { # EventFilters/trace_only_events_from_new_containers and @@ -12,57 +18,48 @@ import ./make-test-python.nix ({ pkgs, ... }: { environment.systemPackages = with pkgs; [ # required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes which - # build the go integration tests as a binary - (tracee.overrideAttrs (oa: { - pname = oa.pname + "-integration"; - postPatch = oa.postPatch or "" + '' - # prepare tester.sh (which will be embedded in the test binary) - patchShebangs tests/integration/tester.sh - - # fix the test to look at nixos paths for running programs - substituteInPlace tests/integration/integration_test.go \ - --replace "bin=/usr/bin/" "comm=" \ - --replace "binary=/usr/bin/" "comm=" \ - --replace "/usr/bin/dockerd" "dockerd" \ - --replace "/usr/bin" "/run/current-system/sw/bin" - ''; - nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ]; - buildPhase = '' - runHook preBuild - # just build the static lib we need for the go test binary - make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core ./dist/btfhub - - # then compile the tests to be ran later - CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/... - runHook postBuild - ''; - doCheck = false; - outputs = [ "out" ]; - installPhase = '' - mkdir -p $out/bin - mv $GOPATH/tracee-integration $out/bin/ - ''; - doInstallCheck = false; - - meta = oa.meta // { - outputsToInstall = []; - }; - })) + # the go integration tests as a binary + tracee.passthru.tests.integration-test-cli ]; }; }; - testScript = '' - machine.wait_for_unit("docker.service") + testScript = + let + skippedTests = [ + # these comm tests for some reason do not resolve. + # something about the test is different as it works fine if I replicate + # the policies and run tracee myself but doesn't work in the integration + # test either with the automatic run or running the commands by hand + # while it's searching. + "Test_EventFilters/comm:_event:_args:_trace_event_set_in_a_specific_policy_with_args_from_ls_command" + "Test_EventFilters/comm:_event:_trace_events_set_in_two_specific_policies_from_ls_and_uname_commands" + + # worked at some point, seems to be flakey + "Test_EventFilters/pid:_event:_args:_trace_event_sched_switch_with_args_from_pid_0" + ]; + in + '' + with subtest("prepare for integration tests"): + machine.wait_for_unit("docker.service") + machine.succeed('which bash') + + # EventFilters/trace_only_events_from_new_containers also requires a container called "hello-world" + machine.succeed('docker load < ${passthru.hello-world-builder pkgs}') - with subtest("run integration tests"): - # EventFilters/trace_only_events_from_new_containers also requires a container called "alpine" - machine.succeed('tar c -C ${pkgs.pkgsStatic.busybox} . | docker import - alpine --change "ENTRYPOINT [\"sleep\"]"') + # exec= needs fully resolved paths + machine.succeed( + 'mkdir /tmp/testdir', + 'cp $(which who) /tmp/testdir/who', + 'cp $(which uname) /tmp/testdir/uname', + ) - # Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration" - print(machine.succeed( - 'mkdir /tmp/integration', - 'cd /tmp/integration && tracee-integration -test.v' - )) - ''; + with subtest("run integration tests"): + # Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration" + # tests must be ran with 1 process + print(machine.succeed( + 'mkdir /tmp/integration', + 'cd /tmp/integration && export PATH="/tmp/testdir:$PATH" && integration.test -test.v -test.parallel 1 -test.skip="^${builtins.concatStringsSep "$|^" skippedTests}$"' + )) + ''; }) diff --git a/nixpkgs/nixos/tests/ustreamer.nix b/nixpkgs/nixos/tests/ustreamer.nix new file mode 100644 index 000000000000..1354eb03a326 --- /dev/null +++ b/nixpkgs/nixos/tests/ustreamer.nix @@ -0,0 +1,75 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "ustreamer-vmtest"; + nodes = { + client = {...}: { + environment.systemPackages = [ pkgs.curl ]; + }; + camera = {config, ...}: let + configFile = pkgs.writeText "akvcam-configFile" '' + [Cameras] + cameras/size = 2 + + cameras/1/type = output + cameras/1/mode = mmap, userptr, rw + cameras/1/description = Virtual Camera (output device) + cameras/1/formats = 2 + cameras/1/videonr = 7 + + cameras/2/type = capture + cameras/2/mode = mmap, rw + cameras/2/description = Virtual Camera + cameras/2/formats = 1, 2 + cameras/2/videonr = 9 + + [Connections] + connections/size = 1 + connections/1/connection = 1:2 + + [Formats] + formats/size = 2 + + formats/1/format = YUY2 + formats/1/width = 640 + formats/1/height = 480 + formats/1/fps = 30 + + formats/2/format = RGB24, YUY2 + formats/2/width = 640 + formats/2/height = 480 + formats/2/fps = 20/1, 15/2 + ''; + in { + environment.systemPackages = [ pkgs.ustreamer ]; + networking.firewall.enable = false; + systemd.services.ustreamer = { + description = "ustreamer service"; + wantedBy = ["multi-user.target"]; + serviceConfig = { + DynamicUser = true; + ExecStart = "${pkgs.ustreamer}/bin/ustreamer --host=0.0.0.0 --port 8000 --device /dev/video9 --device-timeout=8"; + PrivateTmp = true; + BindReadOnlyPaths = "/dev/video9"; + SupplementaryGroups = [ + "video" + ]; + Restart = "always"; + }; + }; + boot.extraModulePackages = [config.boot.kernelPackages.akvcam]; + boot.kernelModules = ["akvcam"]; + boot.extraModprobeConfig = '' + options akvcam config_file=${configFile} + ''; + }; + }; + + testScript = '' + start_all() + + camera.wait_for_unit("ustreamer.service") + camera.wait_for_open_port(8000) + + client.wait_for_unit("multi-user.target") + client.succeed("curl http://camera:8000") + ''; +}) diff --git a/nixpkgs/nixos/tests/web-apps/peertube.nix b/nixpkgs/nixos/tests/web-apps/peertube.nix index 0e5f39c08a02..83c7cf03701e 100644 --- a/nixpkgs/nixos/tests/web-apps/peertube.nix +++ b/nixpkgs/nixos/tests/web-apps/peertube.nix @@ -17,16 +17,18 @@ import ../make-test-python.nix ({pkgs, ...}: services.postgresql = { enable = true; enableTCPIP = true; + ensureDatabases = [ "peertube_test" ]; + ensureUsers = [ + { + name = "peertube_test"; + ensureDBOwnership = true; + } + ]; authentication = '' - hostnossl peertube_local peertube_test 192.168.2.11/32 md5 + hostnossl peertube_test peertube_test 192.168.2.11/32 md5 ''; initialScript = pkgs.writeText "postgresql_init.sql" '' CREATE ROLE peertube_test LOGIN PASSWORD '0gUN0C1mgST6czvjZ8T9'; - CREATE DATABASE peertube_local TEMPLATE template0 ENCODING UTF8; - GRANT ALL PRIVILEGES ON DATABASE peertube_local TO peertube_test; - \connect peertube_local - CREATE EXTENSION IF NOT EXISTS pg_trgm; - CREATE EXTENSION IF NOT EXISTS unaccent; ''; }; @@ -41,6 +43,9 @@ import ../make-test-python.nix ({pkgs, ...}: server = { pkgs, ... }: { environment = { etc = { + "peertube/password-init-root".text = '' + PT_INITIAL_ROOT_PASSWORD=zw4SqYVdcsXUfRX8aaFX + ''; "peertube/secrets-peertube".text = '' 063d9c60d519597acef26003d5ecc32729083965d09181ef3949200cbe5f09ee ''; @@ -70,13 +75,15 @@ import ../make-test-python.nix ({pkgs, ...}: localDomain = "peertube.local"; enableWebHttps = false; + serviceEnvironmentFile = "/etc/peertube/password-init-root"; + secrets = { secretsFile = "/etc/peertube/secrets-peertube"; }; database = { host = "192.168.2.10"; - name = "peertube_local"; + name = "peertube_test"; user = "peertube_test"; passwordFile = "/etc/peertube/password-posgressql-db"; }; @@ -99,7 +106,7 @@ import ../make-test-python.nix ({pkgs, ...}: }; client = { - environment.systemPackages = [ pkgs.jq ]; + environment.systemPackages = [ pkgs.jq pkgs.peertube.cli ]; networking = { interfaces.eth1 = { ipv4.addresses = [ @@ -130,7 +137,10 @@ import ../make-test-python.nix ({pkgs, ...}: client.succeed("curl --fail http://peertube.local:9000/api/v1/config/about | jq -r '.instance.name' | grep 'PeerTube\ Test\ Server'") # Check PeerTube CLI version - assert "${pkgs.peertube.version}" in server.succeed('su - peertube -s /bin/sh -c "peertube --version"') + client.succeed('peertube-cli auth add -u "http://peertube.local:9000" -U "root" --password "zw4SqYVdcsXUfRX8aaFX"') + client.succeed('peertube-cli auth list | grep "http://peertube.local:9000"') + client.succeed('peertube-cli auth del "http://peertube.local:9000"') + client.fail('peertube-cli auth list | grep "http://peertube.local:9000"') client.shutdown() server.shutdown() |