diff options
Diffstat (limited to 'nixpkgs/nixos/tests')
35 files changed, 843 insertions, 116 deletions
diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index 860262eeb6cd..4450cafd2800 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -92,7 +92,7 @@ in hadoop.yarn = handleTestOn [ "x86_64-linux" ] ./hadoop/yarn.nix {}; handbrake = handleTestOn ["x86_64-linux"] ./handbrake.nix {}; haproxy = handleTest ./haproxy.nix {}; - #hardened = handleTest ./hardened.nix {}; # broken due useSandbox = true + hardened = handleTest ./hardened.nix {}; hibernate = handleTest ./hibernate.nix {}; hitch = handleTest ./hitch {}; hocker-fetchdocker = handleTest ./hocker-fetchdocker {}; @@ -107,8 +107,10 @@ in initrdNetwork = handleTest ./initrd-network.nix {}; installer = handleTest ./installer.nix {}; ipv6 = handleTest ./ipv6.nix {}; + jackett = handleTest ./jackett.nix {}; jenkins = handleTest ./jenkins.nix {}; #kafka = handleTest ./kafka.nix {}; # broken since openjdk: 8u181 -> 8u192 + kerberos = handleTest ./kerberos/default.nix {}; kernel-latest = handleTest ./kernel-latest.nix {}; kernel-lts = handleTest ./kernel-lts.nix {}; keymap = handleTest ./keymap.nix {}; @@ -119,6 +121,7 @@ in latestKernel.login = handleTest ./login.nix { latestKernel = true; }; ldap = handleTest ./ldap.nix {}; leaps = handleTest ./leaps.nix {}; + lidarr = handleTest ./lidarr.nix {}; #lightdm = handleTest ./lightdm.nix {}; login = handleTest ./login.nix {}; #logstash = handleTest ./logstash.nix {}; @@ -126,6 +129,7 @@ in matrix-synapse = handleTest ./matrix-synapse.nix {}; memcached = handleTest ./memcached.nix {}; mesos = handleTest ./mesos.nix {}; + minio = handleTest ./minio.nix {}; misc = handleTest ./misc.nix {}; mongodb = handleTest ./mongodb.nix {}; morty = handleTest ./morty.nix {}; @@ -139,6 +143,8 @@ in nat.firewall = handleTest ./nat.nix { withFirewall = true; }; nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; }; nat.standalone = handleTest ./nat.nix { withFirewall = false; }; + ndppd = handleTest ./ndppd.nix {}; + neo4j = handleTest ./neo4j.nix {}; netdata = handleTest ./netdata.nix {}; networking.networkd = handleTest ./networking.nix { networkd = true; }; networking.scripted = handleTest ./networking.nix { networkd = false; }; @@ -150,6 +156,7 @@ in nfs4 = handleTest ./nfs.nix { version = 4; }; nghttpx = handleTest ./nghttpx.nix {}; nginx = handleTest ./nginx.nix {}; + nginx-sso = handleTest ./nginx-sso.nix {}; nix-ssh-serve = handleTest ./nix-ssh-serve.nix {}; novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {}; nsd = handleTest ./nsd.nix {}; @@ -159,6 +166,7 @@ in osquery = handleTest ./osquery.nix {}; ostree = handleTest ./ostree.nix {}; pam-oath-login = handleTest ./pam-oath-login.nix {}; + pam-u2f = handleTest ./pam-u2f.nix {}; peerflix = handleTest ./peerflix.nix {}; pgjwt = handleTest ./pgjwt.nix {}; pgmanage = handleTest ./pgmanage.nix {}; @@ -177,6 +185,7 @@ in quagga = handleTest ./quagga.nix {}; quake3 = handleTest ./quake3.nix {}; rabbitmq = handleTest ./rabbitmq.nix {}; + radarr = handleTest ./radarr.nix {}; radicale = handleTest ./radicale.nix {}; redmine = handleTest ./redmine.nix {}; roundcube = handleTest ./roundcube.nix {}; @@ -193,12 +202,14 @@ in smokeping = handleTest ./smokeping.nix {}; snapper = handleTest ./snapper.nix {}; solr = handleTest ./solr.nix {}; + sonarr = handleTest ./sonarr.nix {}; strongswan-swanctl = handleTest ./strongswan-swanctl.nix {}; sudo = handleTest ./sudo.nix {}; switchTest = handleTest ./switch-test.nix {}; syncthing-relay = handleTest ./syncthing-relay.nix {}; systemd = handleTest ./systemd.nix {}; taskserver = handleTest ./taskserver.nix {}; + telegraf = handleTest ./telegraf.nix {}; tomcat = handleTest ./tomcat.nix {}; tor = handleTest ./tor.nix {}; transmission = handleTest ./transmission.nix {}; diff --git a/nixpkgs/nixos/tests/bittorrent.nix b/nixpkgs/nixos/tests/bittorrent.nix index 8977be9b859f..27871f72b4e5 100644 --- a/nixpkgs/nixos/tests/bittorrent.nix +++ b/nixpkgs/nixos/tests/bittorrent.nix @@ -23,7 +23,7 @@ in { name = "bittorrent"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ domenkozar eelco chaoflow rob wkennington bobvanderlinden ]; + maintainers = [ domenkozar eelco chaoflow rob bobvanderlinden ]; }; nodes = diff --git a/nixpkgs/nixos/tests/containers-bridge.nix b/nixpkgs/nixos/tests/containers-bridge.nix index 777cf9a7e7f9..0eae51433d20 100644 --- a/nixpkgs/nixos/tests/containers-bridge.nix +++ b/nixpkgs/nixos/tests/containers-bridge.nix @@ -45,6 +45,19 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; + containers.web-noip = + { + autoStart = true; + privateNetwork = true; + hostBridge = "br0"; + config = + { services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall.allowedTCPPorts = [ 80 ]; + }; + }; + + virtualisation.pathsInNixDB = [ pkgs.stdenv ]; }; @@ -56,6 +69,10 @@ import ./make-test.nix ({ pkgs, ...} : { # Start the webserver container. $machine->succeed("nixos-container status webserver") =~ /up/ or die; + # Check if bridges exist inside containers + $machine->succeed("nixos-container run webserver -- ip link show eth0"); + $machine->succeed("nixos-container run web-noip -- ip link show eth0"); + "${containerIp}" =~ /([^\/]+)\/([0-9+])/; my $ip = $1; chomp $ip; diff --git a/nixpkgs/nixos/tests/containers-extra_veth.nix b/nixpkgs/nixos/tests/containers-extra_veth.nix index b4c48afe48ba..b3d3bce87579 100644 --- a/nixpkgs/nixos/tests/containers-extra_veth.nix +++ b/nixpkgs/nixos/tests/containers-extra_veth.nix @@ -13,6 +13,7 @@ import ./make-test.nix ({ pkgs, ...} : { virtualisation.memorySize = 768; virtualisation.vlans = []; + networking.useDHCP = false; networking.bridges = { br0 = { interfaces = []; diff --git a/nixpkgs/nixos/tests/docker-tools.nix b/nixpkgs/nixos/tests/docker-tools.nix index ecd14b274eb3..58f106314ab3 100644 --- a/nixpkgs/nixos/tests/docker-tools.nix +++ b/nixpkgs/nixos/tests/docker-tools.nix @@ -62,6 +62,7 @@ import ./make-test.nix ({ pkgs, ... }: { # Ensure Layered Docker images work $docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-image}'"); $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-image.imageName}"); + $docker->succeed("docker run --rm ${pkgs.dockerTools.examples.layered-image.imageName} cat extraCommands"); # Ensure building an image on top of a layered Docker images work $docker->succeed("docker load --input='${pkgs.dockerTools.examples.layered-on-top}'"); diff --git a/nixpkgs/nixos/tests/fwupd.nix b/nixpkgs/nixos/tests/fwupd.nix index 2e64149b2db3..88dac8ccbcdb 100644 --- a/nixpkgs/nixos/tests/fwupd.nix +++ b/nixpkgs/nixos/tests/fwupd.nix @@ -8,6 +8,8 @@ import ./make-test.nix ({ pkgs, ... }: { machine = { pkgs, ... }: { services.fwupd.enable = true; + services.fwupd.blacklistPlugins = []; # don't blacklist test plugin + services.fwupd.enableTestRemote = true; environment.systemPackages = with pkgs; [ gnome-desktop-testing ]; environment.variables.XDG_DATA_DIRS = [ "${pkgs.fwupd.installedTests}/share" ]; virtualisation.memorySize = 768; diff --git a/nixpkgs/nixos/tests/gitea.nix b/nixpkgs/nixos/tests/gitea.nix index 354334991852..28e6479e9cbe 100644 --- a/nixpkgs/nixos/tests/gitea.nix +++ b/nixpkgs/nixos/tests/gitea.nix @@ -64,6 +64,7 @@ with pkgs.lib; machine = { config, pkgs, ... }: { services.gitea.enable = true; + services.gitea.disableRegistration = true; }; testScript = '' @@ -72,6 +73,7 @@ with pkgs.lib; $machine->waitForUnit('gitea.service'); $machine->waitForOpenPort('3000'); $machine->succeed("curl --fail http://localhost:3000/"); + $machine->succeed("curl --fail http://localhost:3000/user/sign_up | grep 'Registration is disabled. Please contact your site administrator.'"); ''; }; } diff --git a/nixpkgs/nixos/tests/hardened.nix b/nixpkgs/nixos/tests/hardened.nix index 683f56c45af4..07bd10963bab 100644 --- a/nixpkgs/nixos/tests/hardened.nix +++ b/nixpkgs/nixos/tests/hardened.nix @@ -5,7 +5,7 @@ import ./make-test.nix ({ pkgs, ...} : { }; machine = - { lib, pkgs, ... }: + { lib, pkgs, config, ... }: with lib; { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; }; users.users.sybil = { isNormalUser = true; group = "wheel"; }; @@ -22,12 +22,19 @@ import ./make-test.nix ({ pkgs, ...} : { options = [ "noauto" ]; }; }; + boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; + boot.kernelModules = [ "wireguard" ]; }; testScript = '' $machine->waitForUnit("multi-user.target"); + # Test loading out-of-tree modules + subtest "extra-module-packages", sub { + $machine->succeed("grep -Fq wireguard /proc/modules"); + }; + # Test hidepid subtest "hidepid", sub { $machine->succeed("grep -Fq hidepid=2 /proc/mounts"); diff --git a/nixpkgs/nixos/tests/home-assistant.nix b/nixpkgs/nixos/tests/home-assistant.nix index 73c1e71eb516..a93360b252f6 100644 --- a/nixpkgs/nixos/tests/home-assistant.nix +++ b/nixpkgs/nixos/tests/home-assistant.nix @@ -50,6 +50,18 @@ in { } ]; }; + lovelaceConfig = { + title = "My Awesome Home"; + views = [ { + title = "Example"; + cards = [ { + type = "markdown"; + title = "Lovelace"; + content = "Welcome to your **Lovelace UI**."; + } ]; + } ]; + }; + lovelaceConfigWritable = true; }; }; }; @@ -59,8 +71,10 @@ in { $hass->waitForUnit("home-assistant.service"); # The config is specified using a Nix attribute set, - # but then converted from JSON to YAML - $hass->succeed("test -f ${configDir}/configuration.yaml"); + # converted from JSON to YAML, and linked to the config dir + $hass->succeed("test -L ${configDir}/configuration.yaml"); + # The lovelace config is copied because lovelaceConfigWritable = true + $hass->succeed("test -f ${configDir}/ui-lovelace.yaml"); # Check that Home Assistant's web interface and API can be reached $hass->waitForOpenPort(8123); @@ -73,7 +87,7 @@ in { $hass->succeed("curl http://localhost:8123/api/states/binary_sensor.mqtt_binary_sensor -H 'x-ha-access: ${apiPassword}' | grep -qF '\"state\": \"on\"'"); # Toggle a binary sensor using hass-cli - $hass->succeed("${hassCli} entity get binary_sensor.mqtt_binary_sensor | grep -qF '\"state\": \"on\"'"); + $hass->succeed("${hassCli} --output json entity get binary_sensor.mqtt_binary_sensor | grep -qF '\"state\": \"on\"'"); $hass->succeed("${hassCli} entity edit binary_sensor.mqtt_binary_sensor --json='{\"state\": \"off\"}'"); $hass->succeed("curl http://localhost:8123/api/states/binary_sensor.mqtt_binary_sensor -H 'x-ha-access: ${apiPassword}' | grep -qF '\"state\": \"off\"'"); diff --git a/nixpkgs/nixos/tests/installer.nix b/nixpkgs/nixos/tests/installer.nix index c8edaaba1585..2553a0d116ae 100644 --- a/nixpkgs/nixos/tests/installer.nix +++ b/nixpkgs/nixos/tests/installer.nix @@ -200,7 +200,7 @@ let name = "installer-" + name; meta = with pkgs.stdenv.lib.maintainers; { # put global maintainers here, individuals go into makeInstallerTest fkt call - maintainers = [ wkennington ] ++ (meta.maintainers or []); + maintainers = (meta.maintainers or []); }; nodes = { diff --git a/nixpkgs/nixos/tests/jackett.nix b/nixpkgs/nixos/tests/jackett.nix new file mode 100644 index 000000000000..399a0c272327 --- /dev/null +++ b/nixpkgs/nixos/tests/jackett.nix @@ -0,0 +1,18 @@ +import ./make-test.nix ({ lib, ... }: + +with lib; + +rec { + name = "jackett"; + meta.maintainers = with maintainers; [ etu ]; + + nodes.machine = + { pkgs, ... }: + { services.jackett.enable = true; }; + + testScript = '' + $machine->waitForUnit('jackett.service'); + $machine->waitForOpenPort('9117'); + $machine->succeed("curl --fail http://localhost:9117/"); + ''; +}) diff --git a/nixpkgs/nixos/tests/kerberos/default.nix b/nixpkgs/nixos/tests/kerberos/default.nix new file mode 100644 index 000000000000..f2f1a438918c --- /dev/null +++ b/nixpkgs/nixos/tests/kerberos/default.nix @@ -0,0 +1,7 @@ +{ system ? builtins.currentSystem +, pkgs ? import ../../.. { inherit system; } +}: +{ + mit = import ./mit.nix { inherit system pkgs; }; + heimdal = import ./heimdal.nix { inherit system pkgs; }; +} diff --git a/nixpkgs/nixos/tests/kerberos/heimdal.nix b/nixpkgs/nixos/tests/kerberos/heimdal.nix new file mode 100644 index 000000000000..a0551b131e91 --- /dev/null +++ b/nixpkgs/nixos/tests/kerberos/heimdal.nix @@ -0,0 +1,53 @@ +import ../make-test.nix ({pkgs, ...}: { + name = "kerberos_server-heimdal"; + machine = { config, libs, pkgs, ...}: + { services.kerberos_server = + { enable = true; + realms = { + "FOO.BAR".acl = [{principal = "admin"; access = ["add" "cpw"];}]; + }; + }; + krb5 = { + enable = true; + kerberos = pkgs.heimdalFull; + libdefaults = { + default_realm = "FOO.BAR"; + }; + realms = { + "FOO.BAR" = { + admin_server = "machine"; + kdc = "machine"; + }; + }; + }; + }; + + testScript = '' + $machine->start; + + $machine->succeed( + "kadmin -l init --realm-max-ticket-life='8 day' \\ + --realm-max-renewable-life='10 day' FOO.BAR" + ); + + $machine->succeed("systemctl restart kadmind.service kdc.service"); + $machine->waitForUnit("kadmind.service"); + $machine->waitForUnit("kdc.service"); + $machine->waitForUnit("kpasswdd.service"); + + $machine->succeed( + "kadmin -l add --password=admin_pw --use-defaults admin" + ); + $machine->succeed( + "kadmin -l ext_keytab --keytab=admin.keytab admin" + ); + $machine->succeed( + "kadmin -p admin -K admin.keytab add --password=alice_pw --use-defaults \\ + alice" + ); + $machine->succeed( + "kadmin -l ext_keytab --keytab=alice.keytab alice" + ); + $machine->succeed("kinit -kt alice.keytab alice"); + ''; +}) diff --git a/nixpkgs/nixos/tests/kerberos/mit.nix b/nixpkgs/nixos/tests/kerberos/mit.nix new file mode 100644 index 000000000000..6da3a384aa99 --- /dev/null +++ b/nixpkgs/nixos/tests/kerberos/mit.nix @@ -0,0 +1,45 @@ +import ../make-test.nix ({pkgs, ...}: { + name = "kerberos_server-mit"; + machine = { config, libs, pkgs, ...}: + { services.kerberos_server = + { enable = true; + realms = { + "FOO.BAR".acl = [{principal = "admin"; access = ["add" "cpw"];}]; + }; + }; + krb5 = { + enable = true; + kerberos = pkgs.krb5Full; + libdefaults = { + default_realm = "FOO.BAR"; + }; + realms = { + "FOO.BAR" = { + admin_server = "machine"; + kdc = "machine"; + }; + }; + }; + users.extraUsers.alice = { isNormalUser = true; }; + }; + + testScript = '' + $machine->start; + + $machine->succeed( + "kdb5_util create -s -r FOO.BAR -P master_key" + ); + + $machine->succeed("systemctl restart kadmind.service kdc.service"); + $machine->waitForUnit("kadmind.service"); + $machine->waitForUnit("kdc.service"); + + $machine->succeed( + "kadmin.local add_principal -pw admin_pw admin" + ); + $machine->succeed( + "kadmin -p admin -w admin_pw addprinc -pw alice_pw alice" + ); + $machine->succeed("echo alice_pw | sudo -u alice kinit"); + ''; +}) diff --git a/nixpkgs/nixos/tests/ldap.nix b/nixpkgs/nixos/tests/ldap.nix index 035a81924174..b3fd42e75886 100644 --- a/nixpkgs/nixos/tests/ldap.nix +++ b/nixpkgs/nixos/tests/ldap.nix @@ -1,41 +1,23 @@ import ./make-test.nix ({ pkgs, lib, ...} : let + unlines = lib.concatStringsSep "\n"; + unlinesAttrs = f: as: unlines (lib.mapAttrsToList f as); + dbDomain = "example.com"; dbSuffix = "dc=example,dc=com"; - dbPath = "/var/db/openldap"; dbAdminDn = "cn=admin,${dbSuffix}"; - dbAdminPwd = "test"; - serverUri = "ldap:///"; + dbAdminPwd = "admin-password"; + # NOTE: slappasswd -h "{SSHA}" -s '${dbAdminPwd}' + dbAdminPwdHash = "{SSHA}i7FopSzkFQMrHzDMB1vrtkI0rBnwouP8"; ldapUser = "test-ldap-user"; ldapUserId = 10000; - ldapUserPwd = "test"; + ldapUserPwd = "user-password"; + # NOTE: slappasswd -h "{SSHA}" -s '${ldapUserPwd}' + ldapUserPwdHash = "{SSHA}v12XICMZNGT6r2KJ26rIkN8Vvvp4QX6i"; ldapGroup = "test-ldap-group"; ldapGroupId = 10000; - setupLdif = pkgs.writeText "test-ldap.ldif" '' - dn: ${dbSuffix} - dc: ${with lib; let dc = head (splitString "," dbSuffix); dcName = head (tail (splitString "=" dc)); in dcName} - o: ${dbSuffix} - objectclass: top - objectclass: dcObject - objectclass: organization - - dn: cn=${ldapUser},${dbSuffix} - sn: ${ldapUser} - objectClass: person - objectClass: posixAccount - uid: ${ldapUser} - uidNumber: ${toString ldapUserId} - gidNumber: ${toString ldapGroupId} - homeDirectory: /home/${ldapUser} - loginShell: /bin/sh - userPassword: ${ldapUserPwd} - - dn: cn=${ldapGroup},${dbSuffix} - objectClass: posixGroup - gidNumber: ${toString ldapGroupId} - memberUid: ${ldapUser} - ''; + mkClient = useDaemon: { lib, ... }: { @@ -43,13 +25,24 @@ let virtualisation.vlans = [ 1 ]; security.pam.services.su.rootOK = lib.mkForce false; users.ldap.enable = true; - users.ldap.daemon.enable = useDaemon; + users.ldap.daemon = { + enable = useDaemon; + rootpwmoddn = "cn=admin,${dbSuffix}"; + rootpwmodpw = "/etc/nslcd.rootpwmodpw"; + }; + # NOTE: password stored in clear in Nix's store, but this is a test. + environment.etc."nslcd.rootpwmodpw".source = pkgs.writeText "rootpwmodpw" dbAdminPwd; users.ldap.loginPam = true; users.ldap.nsswitch = true; users.ldap.server = "ldap://server"; - users.ldap.base = "${dbSuffix}"; + users.ldap.base = "ou=posix,${dbSuffix}"; + users.ldap.bind = { + distinguishedName = "cn=admin,${dbSuffix}"; + password = "/etc/ldap/bind.password"; + }; + # NOTE: password stored in clear in Nix's store, but this is a test. + environment.etc."ldap/bind.password".source = pkgs.writeText "password" dbAdminPwd; }; - in { @@ -61,28 +54,237 @@ in nodes = { server = - { pkgs, ... }: + { pkgs, config, ... }: + let + inherit (config.services) openldap; + + slapdConfig = pkgs.writeText "cn=config.ldif" ('' + dn: cn=config + objectClass: olcGlobal + #olcPidFile: /run/slapd/slapd.pid + # List of arguments that were passed to the server + #olcArgsFile: /run/slapd/slapd.args + # Read slapd-config(5) for possible values + olcLogLevel: none + # The tool-threads parameter sets the actual amount of CPU's + # that is used for indexing. + olcToolThreads: 1 + + dn: olcDatabase={-1}frontend,cn=config + objectClass: olcDatabaseConfig + objectClass: olcFrontendConfig + # The maximum number of entries that is returned for a search operation + olcSizeLimit: 500 + # Allow unlimited access to local connection from the local root user + olcAccess: to * + by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage + by * break + # Allow unauthenticated read access for schema and base DN autodiscovery + olcAccess: to dn.exact="" + by * read + olcAccess: to dn.base="cn=Subschema" + by * read + + dn: olcDatabase=config,cn=config + objectClass: olcDatabaseConfig + olcRootDN: cn=admin,cn=config + #olcRootPW: + # NOTE: access to cn=config, system root can be manager + # with SASL mechanism (-Y EXTERNAL) over unix socket (-H ldapi://) + olcAccess: to * + by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage + by * break + + dn: cn=schema,cn=config + objectClass: olcSchemaConfig + + include: file://${pkgs.openldap}/etc/schema/core.ldif + include: file://${pkgs.openldap}/etc/schema/cosine.ldif + include: file://${pkgs.openldap}/etc/schema/nis.ldif + include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif + + dn: cn=module{0},cn=config + objectClass: olcModuleList + # Where the dynamically loaded modules are stored + #olcModulePath: /usr/lib/ldap + olcModuleLoad: back_mdb + + '' + + unlinesAttrs (olcSuffix: {conf, ...}: + "include: file://" + pkgs.writeText "config.ldif" conf + ) slapdDatabases + ); + + slapdDatabases = { + "${dbSuffix}" = { + conf = '' + dn: olcBackend={1}mdb,cn=config + objectClass: olcBackendConfig + + dn: olcDatabase={1}mdb,cn=config + olcSuffix: ${dbSuffix} + olcDbDirectory: ${openldap.dataDir}/${dbSuffix} + objectClass: olcDatabaseConfig + objectClass: olcMdbConfig + # NOTE: checkpoint the database periodically in case of system failure + # and to speed up slapd shutdown. + olcDbCheckpoint: 512 30 + # Database max size is 1G + olcDbMaxSize: 1073741824 + olcLastMod: TRUE + # NOTE: database superuser. Needed for syncrepl, + # and used to auth as admin through a TCP connection. + olcRootDN: cn=admin,${dbSuffix} + olcRootPW: ${dbAdminPwdHash} + # + olcDbIndex: objectClass eq + olcDbIndex: cn,uid eq + olcDbIndex: uidNumber,gidNumber eq + olcDbIndex: member,memberUid eq + # + olcAccess: to attrs=userPassword + by self write + by anonymous auth + by dn="cn=admin,${dbSuffix}" write + by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write + by * none + olcAccess: to attrs=shadowLastChange + by self write + by dn="cn=admin,${dbSuffix}" write + by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write + by * none + olcAccess: to dn.sub="ou=posix,${dbSuffix}" + by self read + by dn="cn=admin,${dbSuffix}" read + by dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read + olcAccess: to * + by self read + by * none + ''; + data = '' + dn: ${dbSuffix} + objectClass: top + objectClass: dcObject + objectClass: organization + o: ${dbDomain} + + dn: cn=admin,${dbSuffix} + objectClass: simpleSecurityObject + objectClass: organizationalRole + description: ${dbDomain} LDAP administrator + roleOccupant: ${dbSuffix} + userPassword: ${ldapUserPwdHash} + + dn: ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit + + dn: ou=accounts,ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit + + dn: ou=groups,ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit + '' + + lib.concatMapStrings posixAccount [ + { uid=ldapUser; uidNumber=ldapUserId; gidNumber=ldapGroupId; userPassword=ldapUserPwdHash; } + ] + + lib.concatMapStrings posixGroup [ + { gid=ldapGroup; gidNumber=ldapGroupId; members=[]; } + ]; + }; + }; + + # NOTE: create a user account using the posixAccount objectClass. + posixAccount = + { uid + , uidNumber ? null + , gidNumber ? null + , cn ? "" + , sn ? "" + , userPassword ? "" + , loginShell ? "/bin/sh" + }: '' + + dn: uid=${uid},ou=accounts,ou=posix,${dbSuffix} + objectClass: person + objectClass: posixAccount + objectClass: shadowAccount + cn: ${cn} + gecos: + ${if gidNumber == null then "#" else "gidNumber: ${toString gidNumber}"} + homeDirectory: /home/${uid} + loginShell: ${loginShell} + sn: ${sn} + ${if uidNumber == null then "#" else "uidNumber: ${toString uidNumber}"} + ${if userPassword == "" then "#" else "userPassword: ${userPassword}"} + ''; + + # NOTE: create a group using the posixGroup objectClass. + posixGroup = + { gid + , gidNumber + , members + }: '' + + dn: cn=${gid},ou=groups,ou=posix,${dbSuffix} + objectClass: top + objectClass: posixGroup + gidNumber: ${toString gidNumber} + ${lib.concatMapStrings (member: "memberUid: ${member}\n") members} + ''; + in { virtualisation.memorySize = 256; virtualisation.vlans = [ 1 ]; networking.firewall.allowedTCPPorts = [ 389 ]; services.openldap.enable = true; - services.openldap.dataDir = dbPath; + services.openldap.dataDir = "/var/db/openldap"; + services.openldap.configDir = "/var/db/slapd"; services.openldap.urlList = [ - serverUri + "ldap:///" + "ldapi:///" ]; - services.openldap.extraConfig = '' - include ${pkgs.openldap.out}/etc/schema/core.schema - include ${pkgs.openldap.out}/etc/schema/cosine.schema - include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema - include ${pkgs.openldap.out}/etc/schema/nis.schema - - database mdb - suffix ${dbSuffix} - rootdn ${dbAdminDn} - rootpw ${dbAdminPwd} - directory ${dbPath} - ''; + systemd.services.openldap = { + preStart = '' + set -e + # NOTE: slapd's config is always re-initialized. + rm -rf "${openldap.configDir}"/cn=config \ + "${openldap.configDir}"/cn=config.ldif + install -D -d -m 0700 -o "${openldap.user}" -g "${openldap.group}" "${openldap.configDir}" + # NOTE: olcDbDirectory must be created before adding the config. + '' + + unlinesAttrs (olcSuffix: {data, ...}: '' + # NOTE: database is always re-initialized. + rm -rf "${openldap.dataDir}/${olcSuffix}" + install -D -d -m 0700 -o "${openldap.user}" -g "${openldap.group}" \ + "${openldap.dataDir}/${olcSuffix}" + '') slapdDatabases + + '' + # NOTE: slapd is supposed to be stopped while in preStart, + # hence slap* commands can safely be used. + umask 0077 + ${pkgs.openldap}/bin/slapadd -n 0 \ + -F "${openldap.configDir}" \ + -l ${slapdConfig} + chown -R "${openldap.user}:${openldap.group}" "${openldap.configDir}" + # NOTE: slapadd(8): To populate the config database slapd-config(5), + # use -n 0 as it is always the first database. + # It must physically exist on the filesystem prior to this, however. + '' + + unlinesAttrs (olcSuffix: {data, ...}: '' + # NOTE: load database ${olcSuffix} + # (as root to avoid depending on sudo or chpst) + ${pkgs.openldap}/bin/slapadd \ + -F "${openldap.configDir}" \ + -l ${pkgs.writeText "data.ldif" data} + '' + '' + # NOTE: redundant with default openldap's preStart, but do not harm. + chown -R "${openldap.user}:${openldap.group}" \ + "${openldap.dataDir}/${olcSuffix}" + '') slapdDatabases; + }; }; client1 = mkClient true; # use nss_pam_ldapd @@ -91,15 +293,91 @@ in }; testScript = '' - startAll; + $server->start; $server->waitForUnit("default.target"); + + subtest "slapd", sub { + subtest "auth as database admin with SASL and check a POSIX account", sub { + $server->succeed(join ' ', 'test', + '"$(ldapsearch -LLL -H ldapi:// -Y EXTERNAL', + '-b \'uid=${ldapUser},ou=accounts,ou=posix,${dbSuffix}\' ', + '-s base uidNumber |', + 'sed -ne \'s/^uidNumber: \\(.*\\)/\\1/p\' ', + ')" -eq ${toString ldapUserId}'); + }; + subtest "auth as database admin with password and check a POSIX account", sub { + $server->succeed(join ' ', 'test', + '"$(ldapsearch -LLL -H ldap://server', + '-D \'cn=admin,${dbSuffix}\' -w \'${dbAdminPwd}\' ', + '-b \'uid=${ldapUser},ou=accounts,ou=posix,${dbSuffix}\' ', + '-s base uidNumber |', + 'sed -ne \'s/^uidNumber: \\(.*\\)/\\1/p\' ', + ')" -eq ${toString ldapUserId}'); + }; + }; + + $client1->start; $client1->waitForUnit("default.target"); - $client2->waitForUnit("default.target"); - $server->succeed("ldapadd -D '${dbAdminDn}' -w ${dbAdminPwd} -H ${serverUri} -f '${setupLdif}'"); + subtest "password", sub { + subtest "su with password to a POSIX account", sub { + $client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';', + 'spawn su "${ldapUser}"', + 'expect "Password:"', + 'send "${ldapUserPwd}\n"', + 'expect "*"', + 'send "whoami\n"', + 'expect -ex "${ldapUser}" {exit}', + 'exit 1' . "'"); + }; + subtest "change password of a POSIX account as root", sub { + $client1->succeed("chpasswd <<<'${ldapUser}:new-password'"); + $client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';', + 'spawn su "${ldapUser}"', + 'expect "Password:"', + 'send "new-password\n"', + 'expect "*"', + 'send "whoami\n"', + 'expect -ex "${ldapUser}" {exit}', + 'exit 1' . "'"); + $client1->succeed('chpasswd <<<\'${ldapUser}:${ldapUserPwd}\' '); + }; + subtest "change password of a POSIX account from itself", sub { + $client1->succeed('chpasswd <<<\'${ldapUser}:${ldapUserPwd}\' '); + $client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';', + 'spawn su --login ${ldapUser} -c passwd', + 'expect "Password: "', + 'send "${ldapUserPwd}\n"', + 'expect "(current) UNIX password: "', + 'send "${ldapUserPwd}\n"', + 'expect "New password: "', + 'send "new-password\n"', + 'expect "Retype new password: "', + 'send "new-password\n"', + 'expect "passwd: password updated successfully" {exit}', + 'exit 1' . "'"); + $client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';', + 'spawn su "${ldapUser}"', + 'expect "Password:"', + 'send "${ldapUserPwd}\n"', + 'expect "su: Authentication failure" {exit}', + 'exit 1' . "'"); + $client1->succeed("${pkgs.expect}/bin/expect -c '" . join ';', + 'spawn su "${ldapUser}"', + 'expect "Password:"', + 'send "new-password\n"', + 'expect "*"', + 'send "whoami\n"', + 'expect -ex "${ldapUser}" {exit}', + 'exit 1' . "'"); + $client1->succeed('chpasswd <<<\'${ldapUser}:${ldapUserPwd}\' '); + }; + }; + + $client2->start; + $client2->waitForUnit("default.target"); - # NSS tests - subtest "nss", sub { + subtest "NSS", sub { $client1->succeed("test \"\$(id -u '${ldapUser}')\" -eq ${toString ldapUserId}"); $client1->succeed("test \"\$(id -u -n '${ldapUser}')\" = '${ldapUser}'"); $client1->succeed("test \"\$(id -g '${ldapUser}')\" -eq ${toString ldapGroupId}"); @@ -110,8 +388,7 @@ in $client2->succeed("test \"\$(id -g -n '${ldapUser}')\" = '${ldapGroup}'"); }; - # PAM tests - subtest "pam", sub { + subtest "PAM", sub { $client1->succeed("echo ${ldapUserPwd} | su -l '${ldapUser}' -c true"); $client2->succeed("echo ${ldapUserPwd} | su -l '${ldapUser}' -c true"); }; diff --git a/nixpkgs/nixos/tests/lidarr.nix b/nixpkgs/nixos/tests/lidarr.nix new file mode 100644 index 000000000000..58bf82503f8c --- /dev/null +++ b/nixpkgs/nixos/tests/lidarr.nix @@ -0,0 +1,18 @@ +import ./make-test.nix ({ lib, ... }: + +with lib; + +rec { + name = "lidarr"; + meta.maintainers = with maintainers; [ etu ]; + + nodes.machine = + { pkgs, ... }: + { services.lidarr.enable = true; }; + + testScript = '' + $machine->waitForUnit('lidarr.service'); + $machine->waitForOpenPort('8686'); + $machine->succeed("curl --fail http://localhost:8686/"); + ''; +}) diff --git a/nixpkgs/nixos/tests/mongodb.nix b/nixpkgs/nixos/tests/mongodb.nix index 2f380ff543e9..c9439b65292d 100644 --- a/nixpkgs/nixos/tests/mongodb.nix +++ b/nixpkgs/nixos/tests/mongodb.nix @@ -8,7 +8,7 @@ import ./make-test.nix ({ pkgs, ...} : let in { name = "mongodb"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ bluescreen303 offline wkennington cstrahan rvl ]; + maintainers = [ bluescreen303 offline cstrahan rvl ]; }; nodes = { diff --git a/nixpkgs/nixos/tests/munin.nix b/nixpkgs/nixos/tests/munin.nix index 9f66005292ab..95cecf17b8cc 100644 --- a/nixpkgs/nixos/tests/munin.nix +++ b/nixpkgs/nixos/tests/munin.nix @@ -15,9 +15,7 @@ import ./make-test.nix ({ pkgs, ...} : { munin-node = { enable = true; # disable a failing plugin to prevent irrelevant error message, see #23049 - extraConfig = '' - ignore_file ^apc_nis$ - ''; + disabledPlugins = [ "apc_nis" ]; }; munin-cron = { enable = true; diff --git a/nixpkgs/nixos/tests/nat.nix b/nixpkgs/nixos/tests/nat.nix index 04b4f0f045f0..34229e913110 100644 --- a/nixpkgs/nixos/tests/nat.nix +++ b/nixpkgs/nixos/tests/nat.nix @@ -24,7 +24,7 @@ import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, name = "nat" + (if withFirewall then "WithFirewall" else "Standalone") + (lib.optionalString withConntrackHelpers "withConntrackHelpers"); meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ eelco chaoflow rob wkennington ]; + maintainers = [ eelco chaoflow rob ]; }; nodes = diff --git a/nixpkgs/nixos/tests/ndppd.nix b/nixpkgs/nixos/tests/ndppd.nix new file mode 100644 index 000000000000..9f24eb6d9d45 --- /dev/null +++ b/nixpkgs/nixos/tests/ndppd.nix @@ -0,0 +1,61 @@ +import ./make-test.nix ({ pkgs, lib, ...} : { + name = "ndppd"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ fpletz ]; + }; + + nodes = { + upstream = { pkgs, ... }: { + environment.systemPackages = [ pkgs.tcpdump ]; + networking.useDHCP = false; + networking.interfaces = { + eth1 = { + ipv6.addresses = [ + { address = "fd23::1"; prefixLength = 112; } + ]; + ipv6.routes = [ + { address = "fd42::"; + prefixLength = 112; + } + ]; + }; + }; + }; + server = { pkgs, ... }: { + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = "1"; + "net.ipv6.conf.default.forwarding" = "1"; + }; + environment.systemPackages = [ pkgs.tcpdump ]; + networking.useDHCP = false; + networking.interfaces = { + eth1 = { + ipv6.addresses = [ + { address = "fd23::2"; prefixLength = 112; } + ]; + }; + }; + services.ndppd = { + enable = true; + interface = "eth1"; + network = "fd42::/112"; + }; + containers.client = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.255.1"; + localAddress = "192.168.255.2"; + hostAddress6 = "fd42::1"; + localAddress6 = "fd42::2"; + config = {}; + }; + }; + }; + + testScript = '' + startAll; + $server->waitForUnit("multi-user.target"); + $upstream->waitForUnit("multi-user.target"); + $upstream->waitUntilSucceeds("ping -c5 fd42::2"); + ''; +}) diff --git a/nixpkgs/nixos/tests/neo4j.nix b/nixpkgs/nixos/tests/neo4j.nix new file mode 100644 index 000000000000..86ed8970517c --- /dev/null +++ b/nixpkgs/nixos/tests/neo4j.nix @@ -0,0 +1,20 @@ +import ./make-test.nix { + name = "neo4j"; + + nodes = { + master = + { ... }: + + { + services.neo4j.enable = true; + }; + }; + + testScript = '' + startAll; + + $master->waitForUnit("neo4j"); + $master->sleep(20); # Hopefully this is long enough!! + $master->succeed("curl http://localhost:7474/"); + ''; +} diff --git a/nixpkgs/nixos/tests/networking.nix b/nixpkgs/nixos/tests/networking.nix index e689eadf1dd8..ed9f287d5582 100644 --- a/nixpkgs/nixos/tests/networking.nix +++ b/nixpkgs/nixos/tests/networking.nix @@ -606,7 +606,4 @@ let in mapAttrs (const (attrs: makeTest (attrs // { name = "${attrs.name}-Networking-${if networkd then "Networkd" else "Scripted"}"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ wkennington ]; - }; }))) testCases diff --git a/nixpkgs/nixos/tests/nexus.nix b/nixpkgs/nixos/tests/nexus.nix index bf49d2247bd8..783c9f5c019f 100644 --- a/nixpkgs/nixos/tests/nexus.nix +++ b/nixpkgs/nixos/tests/nexus.nix @@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ...} : { server = { ... }: { virtualisation.memorySize = 2047; # qemu-system-i386 has a 2047M limit - virtualisation.diskSize = 2048; + virtualisation.diskSize = 8192; services.nexus.enable = true; }; diff --git a/nixpkgs/nixos/tests/nfs.nix b/nixpkgs/nixos/tests/nfs.nix index 0ef44f1a4890..ce1717018933 100644 --- a/nixpkgs/nixos/tests/nfs.nix +++ b/nixpkgs/nixos/tests/nfs.nix @@ -20,7 +20,7 @@ in { name = "nfs"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ eelco chaoflow wkennington ]; + maintainers = [ eelco chaoflow ]; }; nodes = diff --git a/nixpkgs/nixos/tests/nginx-sso.nix b/nixpkgs/nixos/tests/nginx-sso.nix new file mode 100644 index 000000000000..e19992cb6bf7 --- /dev/null +++ b/nixpkgs/nixos/tests/nginx-sso.nix @@ -0,0 +1,44 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "nginx-sso"; + meta = { + maintainers = with pkgs.stdenv.lib.maintainers; [ delroth ]; + }; + + machine = { + services.nginx.sso = { + enable = true; + configuration = { + listen = { addr = "127.0.0.1"; port = 8080; }; + + providers.token.tokens = { + myuser = "MyToken"; + }; + + acl = { + rule_sets = [ + { + rules = [ { field = "x-application"; equals = "MyApp"; } ]; + allow = [ "myuser" ]; + } + ]; + }; + }; + }; + }; + + testScript = '' + startAll; + + $machine->waitForUnit("nginx-sso.service"); + $machine->waitForOpenPort(8080); + + # No valid user -> 401. + $machine->fail("curl -sSf http://localhost:8080/auth"); + + # Valid user but no matching ACL -> 403. + $machine->fail("curl -sSf -H 'Authorization: Token MyToken' http://localhost:8080/auth"); + + # Valid user and matching ACL -> 200. + $machine->succeed("curl -sSf -H 'Authorization: Token MyToken' -H 'X-Application: MyApp' http://localhost:8080/auth"); + ''; +}) diff --git a/nixpkgs/nixos/tests/pam-u2f.nix b/nixpkgs/nixos/tests/pam-u2f.nix new file mode 100644 index 000000000000..1052a2f3b916 --- /dev/null +++ b/nixpkgs/nixos/tests/pam-u2f.nix @@ -0,0 +1,23 @@ +import ./make-test.nix ({ ... }: + +{ + name = "pam-u2f"; + + machine = + { ... }: + { + security.pam.u2f = { + control = "required"; + cue = true; + debug = true; + enable = true; + interactive = true; + }; + }; + + testScript = + '' + $machine->waitForUnit('multi-user.target'); + $machine->succeed('egrep "auth required .*/lib/security/pam_u2f.so.*debug.*interactive.*cue" /etc/pam.d/ -R'); + ''; +}) diff --git a/nixpkgs/nixos/tests/postgis.nix b/nixpkgs/nixos/tests/postgis.nix index 49be0672a8e5..294eb50b5fe5 100644 --- a/nixpkgs/nixos/tests/postgis.nix +++ b/nixpkgs/nixos/tests/postgis.nix @@ -12,7 +12,9 @@ import ./make-test.nix ({ pkgs, ...} : { services.postgresql = let mypg = pkgs.postgresql_11; in { enable = true; package = mypg; - extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }) ]; + extraPlugins = with mypg.pkgs; [ + postgis + ]; }; }; }; @@ -22,5 +24,6 @@ import ./make-test.nix ({ pkgs, ...} : { $master->waitForUnit("postgresql"); $master->sleep(10); # Hopefully this is long enough!! $master->succeed("sudo -u postgres psql -c 'CREATE EXTENSION postgis;'"); + $master->succeed("sudo -u postgres psql -c 'CREATE EXTENSION postgis_topology;'"); ''; }) diff --git a/nixpkgs/nixos/tests/postgresql.nix b/nixpkgs/nixos/tests/postgresql.nix index 1d434b62a5cb..ae5d6d095ea2 100644 --- a/nixpkgs/nixos/tests/postgresql.nix +++ b/nixpkgs/nixos/tests/postgresql.nix @@ -7,7 +7,7 @@ with import ../lib/testing.nix { inherit system pkgs; }; with pkgs.lib; let - postgresql-versions = pkgs.callPackages ../../pkgs/servers/sql/postgresql { }; + postgresql-versions = import ../../pkgs/servers/sql/postgresql pkgs; test-sql = pkgs.writeText "postgresql-test" '' CREATE EXTENSION pgcrypto; -- just to check if lib loading works CREATE TABLE sth ( @@ -21,7 +21,7 @@ let CREATE TABLE xmltest ( doc xml ); INSERT INTO xmltest (doc) VALUES ('<test>ok</test>'); -- check if libxml2 enabled ''; - make-postgresql-test = postgresql-name: postgresql-package: makeTest { + make-postgresql-test = postgresql-name: postgresql-package: backup-all: makeTest { name = postgresql-name; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ zagy ]; @@ -29,14 +29,17 @@ let machine = {...}: { - services.postgresql.package=postgresql-package; services.postgresql.enable = true; + services.postgresql.package = postgresql-package; services.postgresqlBackup.enable = true; - services.postgresqlBackup.databases = [ "postgres" ]; + services.postgresqlBackup.databases = optional (!backup-all) "postgres"; }; - testScript = '' + testScript = let + backupName = if backup-all then "all" else "postgres"; + backupService = if backup-all then "postgresqlBackup" else "postgresqlBackup-postgres"; + in '' sub check_count { my ($select, $nlines) = @_; return 'test $(sudo -u postgres psql postgres -tAc "' . $select . '"|wc -l) -eq ' . $nlines; @@ -56,12 +59,15 @@ let $machine->succeed(check_count("SELECT xpath(\'/test/text()\', doc) FROM xmltest;", 1)); # Check backup service - $machine->succeed("systemctl start postgresqlBackup-postgres.service"); - $machine->succeed("zcat /var/backup/postgresql/postgres.sql.gz | grep '<test>ok</test>'"); - $machine->succeed("stat -c '%a' /var/backup/postgresql/postgres.sql.gz | grep 600"); + $machine->succeed("systemctl start ${backupService}.service"); + $machine->succeed("zcat /var/backup/postgresql/${backupName}.sql.gz | grep '<test>ok</test>'"); + $machine->succeed("stat -c '%a' /var/backup/postgresql/${backupName}.sql.gz | grep 600"); $machine->shutdown; ''; }; in - mapAttrs' (p-name: p-package: {name=p-name; value=make-postgresql-test p-name p-package;}) postgresql-versions + (mapAttrs' (name: package: { inherit name; value=make-postgresql-test name package false;}) postgresql-versions) // { + postgresql_11-backup-all = make-postgresql-test "postgresql_11-backup-all" postgresql-versions.postgresql_11 true; + } + diff --git a/nixpkgs/nixos/tests/prometheus-exporters.nix b/nixpkgs/nixos/tests/prometheus-exporters.nix index 5d1e004c5dd1..140687a8182f 100644 --- a/nixpkgs/nixos/tests/prometheus-exporters.nix +++ b/nixpkgs/nixos/tests/prometheus-exporters.nix @@ -106,6 +106,25 @@ let ''; }; + bind = { + exporterConfig = { + enable = true; + }; + metricProvider = { + services.bind.enable = true; + services.bind.extraConfig = '' + statistics-channels { + inet 127.0.0.1 port 8053 allow { localhost; }; + }; + ''; + }; + exporterTest = '' + waitForUnit("prometheus-bind-exporter.service"); + waitForOpenPort(9119); + succeed("curl -sSf http://localhost:9119/metrics" | grep -q 'bind_query_recursions_total 0'); + ''; + }; + dovecot = { exporterConfig = { enable = true; diff --git a/nixpkgs/nixos/tests/radarr.nix b/nixpkgs/nixos/tests/radarr.nix new file mode 100644 index 000000000000..6b9a909e44b5 --- /dev/null +++ b/nixpkgs/nixos/tests/radarr.nix @@ -0,0 +1,18 @@ +import ./make-test.nix ({ lib, ... }: + +with lib; + +rec { + name = "radarr"; + meta.maintainers = with maintainers; [ etu ]; + + nodes.machine = + { pkgs, ... }: + { services.radarr.enable = true; }; + + testScript = '' + $machine->waitForUnit('radarr.service'); + $machine->waitForOpenPort('7878'); + $machine->succeed("curl --fail http://localhost:7878/"); + ''; +}) diff --git a/nixpkgs/nixos/tests/redmine.nix b/nixpkgs/nixos/tests/redmine.nix index 330f72854cac..ea72a0121d11 100644 --- a/nixpkgs/nixos/tests/redmine.nix +++ b/nixpkgs/nixos/tests/redmine.nix @@ -1,40 +1,58 @@ -import ./make-test.nix ({ pkgs, lib, ... }: -{ - name = "redmine"; - meta.maintainers = [ lib.maintainers.aanderse ]; +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing.nix { inherit system pkgs; }; +with pkgs.lib; - machine = - { config, pkgs, ... }: - { services.mysql.enable = true; - services.mysql.package = pkgs.mariadb; - services.mysql.ensureDatabases = [ "redmine" ]; - services.mysql.ensureUsers = [ - { name = "redmine"; - ensurePermissions = { "redmine.*" = "ALL PRIVILEGES"; }; - } - ]; +let + redmineTest = package: makeTest { + machine = + { config, pkgs, ... }: + { services.mysql.enable = true; + services.mysql.package = pkgs.mariadb; + services.mysql.ensureDatabases = [ "redmine" ]; + services.mysql.ensureUsers = [ + { name = "redmine"; + ensurePermissions = { "redmine.*" = "ALL PRIVILEGES"; }; + } + ]; - services.redmine.enable = true; - services.redmine.database.socket = "/run/mysqld/mysqld.sock"; - services.redmine.plugins = { - redmine_env_auth = pkgs.fetchurl { - url = https://github.com/Intera/redmine_env_auth/archive/0.6.zip; - sha256 = "0yyr1yjd8gvvh832wdc8m3xfnhhxzk2pk3gm2psg5w9jdvd6skak"; + services.redmine.enable = true; + services.redmine.package = package; + services.redmine.database.socket = "/run/mysqld/mysqld.sock"; + services.redmine.plugins = { + redmine_env_auth = pkgs.fetchurl { + url = https://github.com/Intera/redmine_env_auth/archive/0.7.zip; + sha256 = "1xb8lyarc7mpi86yflnlgyllh9hfwb9z304f19dx409gqpia99sc"; + }; }; - }; - services.redmine.themes = { - dkuk-redmine_alex_skin = pkgs.fetchurl { - url = https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip; - sha256 = "0hrin9lzyi50k4w2bd2b30vrf1i4fi1c0gyas5801wn8i7kpm9yl"; + services.redmine.themes = { + dkuk-redmine_alex_skin = pkgs.fetchurl { + url = https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip; + sha256 = "0hrin9lzyi50k4w2bd2b30vrf1i4fi1c0gyas5801wn8i7kpm9yl"; + }; }; }; - }; - testScript = '' - startAll; + testScript = '' + startAll; + + $machine->waitForUnit('redmine.service'); + $machine->waitForOpenPort('3000'); + $machine->succeed("curl --fail http://localhost:3000/"); + ''; + }; +in +{ + redmine_3 = redmineTest pkgs.redmine // { + name = "redmine_3"; + meta.maintainers = [ maintainers.aanderse ]; + }; - $machine->waitForUnit('redmine.service'); - $machine->waitForOpenPort('3000'); - $machine->succeed("curl --fail http://localhost:3000/"); - ''; -}) + redmine_4 = redmineTest pkgs.redmine_4 // { + name = "redmine_4"; + meta.maintainers = [ maintainers.aanderse ]; + }; +} diff --git a/nixpkgs/nixos/tests/sonarr.nix b/nixpkgs/nixos/tests/sonarr.nix new file mode 100644 index 000000000000..3d5c3b19b6ea --- /dev/null +++ b/nixpkgs/nixos/tests/sonarr.nix @@ -0,0 +1,18 @@ +import ./make-test.nix ({ lib, ... }: + +with lib; + +rec { + name = "sonarr"; + meta.maintainers = with maintainers; [ etu ]; + + nodes.machine = + { pkgs, ... }: + { services.sonarr.enable = true; }; + + testScript = '' + $machine->waitForUnit('sonarr.service'); + $machine->waitForOpenPort('8989'); + $machine->succeed("curl --fail http://localhost:8989/"); + ''; +}) diff --git a/nixpkgs/nixos/tests/telegraf.nix b/nixpkgs/nixos/tests/telegraf.nix new file mode 100644 index 000000000000..6776f8d8c37f --- /dev/null +++ b/nixpkgs/nixos/tests/telegraf.nix @@ -0,0 +1,30 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "telegraf"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mic92 ]; + }; + + machine = { ... }: { + services.telegraf.enable = true; + services.telegraf.extraConfig = { + agent.interval = "1s"; + agent.flush_interval = "1s"; + inputs.exec = { + commands = [ + "${pkgs.runtimeShell} -c 'echo example,tag=a i=42i'" + ]; + timeout = "5s"; + data_format = "influx"; + }; + outputs.file.files = ["/tmp/metrics.out"]; + outputs.file.data_format = "influx"; + }; + }; + + testScript = '' + startAll; + + $machine->waitForUnit("telegraf.service"); + $machine->waitUntilSucceeds("grep -q example /tmp/metrics.out"); + ''; +}) diff --git a/nixpkgs/nixos/tests/virtualbox.nix b/nixpkgs/nixos/tests/virtualbox.nix index 385e2939fe3b..84d5f3e1530e 100644 --- a/nixpkgs/nixos/tests/virtualbox.nix +++ b/nixpkgs/nixos/tests/virtualbox.nix @@ -379,7 +379,7 @@ let ''; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ aszlig wkennington cdepillabout ]; + maintainers = [ aszlig cdepillabout ]; }; }; diff --git a/nixpkgs/nixos/tests/xss-lock.nix b/nixpkgs/nixos/tests/xss-lock.nix index 045667bdcdec..b46bb1a8f6e9 100644 --- a/nixpkgs/nixos/tests/xss-lock.nix +++ b/nixpkgs/nixos/tests/xss-lock.nix @@ -9,7 +9,6 @@ with lib; machine = { imports = [ ./common/x11.nix ./common/user-account.nix ]; programs.xss-lock.enable = true; - programs.xss-lock.lockerCommand = "${pkgs.xlockmore}/bin/xlock"; services.xserver.displayManager.auto.user = "alice"; }; @@ -20,6 +19,6 @@ with lib; $machine->fail("pgrep xlock"); $machine->succeed("su -l alice -c 'xset dpms force standby'"); - $machine->waitUntilSucceeds("pgrep xlock"); + $machine->waitUntilSucceeds("pgrep i3lock"); ''; }) |