diff options
author | Patryk Wychowaniec <wychowaniec.patryk@gmail.com> | 2020-06-08 21:33:21 +0200 |
---|---|---|
committer | Patryk Wychowaniec <wychowaniec.patryk@gmail.com> | 2020-06-08 21:35:47 +0200 |
commit | 8ae7ac9e8c959cf0524331550f858549edd5152e (patch) | |
tree | 1c4da6fd4ea851c70fb2ca286fb9653aa57df596 /nixos/tests/lxd-nftables.nix | |
parent | 6c6924b2eb54658ededd4e20275c4a5b2ebab24c (diff) |
lxd: Add tests
Diffstat (limited to 'nixos/tests/lxd-nftables.nix')
-rw-r--r-- | nixos/tests/lxd-nftables.nix | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/nixos/tests/lxd-nftables.nix b/nixos/tests/lxd-nftables.nix new file mode 100644 index 0000000000000..25517914db857 --- /dev/null +++ b/nixos/tests/lxd-nftables.nix @@ -0,0 +1,50 @@ +# This test makes sure that lxd stops implicitly depending on iptables when +# user enabled nftables. +# +# It has been extracted from `lxd.nix` for clarity, and because switching from +# iptables to nftables requires a full reboot, which is a bit hard inside NixOS +# tests. + +import ./make-test-python.nix ({ pkgs, ...} : { + name = "lxd-nftables"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ patryk27 ]; + }; + + machine = { lib, ... }: { + virtualisation = { + lxd.enable = true; + }; + + networking = { + firewall.enable = false; + nftables.enable = true; + nftables.ruleset = '' + table inet filter { + chain incoming { + type filter hook input priority 0; + policy accept; + } + + chain forward { + type filter hook forward priority 0; + policy accept; + } + + chain output { + type filter hook output priority 0; + policy accept; + } + } + ''; + }; + }; + + testScript = '' + machine.wait_for_unit("network.target") + + with subtest("When nftables are enabled, lxd doesn't depend on iptables anymore"): + machine.succeed("lsmod | grep nf_tables") + machine.fail("lsmod | grep ip_tables") + ''; +}) |