diff options
author | Vladimír Čunát <v@cunat.cz> | 2019-08-24 08:19:05 +0200 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2019-08-24 08:55:37 +0200 |
commit | 2e6bf42a2207d5ecfe6e67de2def6e004a0eb1f1 (patch) | |
tree | 36de0660dc2c9f3731bd8b60ec852ca0c452efce /nixos/tests | |
parent | 84a91208a948be5eca97ea182c4256d9d6ecf171 (diff) | |
parent | 8943fb5f24b9e1aa1d577be4e214d166643269fd (diff) |
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to name -> pname+version. Fortunately, almost everything was auto-resolved by kdiff3, and for now I just fixed up a couple evaluation problems, as verified by the tarball job. There might be some fallback to these conflicts, but I believe it should be minimal. Hydra nixpkgs: ?compare=1538299
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/all-tests.nix | 14 | ||||
-rw-r--r-- | nixos/tests/containers-ephemeral.nix | 56 | ||||
-rw-r--r-- | nixos/tests/glusterfs.nix | 65 | ||||
-rw-r--r-- | nixos/tests/gnome-photos.nix | 42 | ||||
-rw-r--r-- | nixos/tests/icingaweb2.nix | 71 | ||||
-rw-r--r-- | nixos/tests/jormungandr.nix | 49 | ||||
-rw-r--r-- | nixos/tests/libxmlb.nix | 17 | ||||
-rw-r--r-- | nixos/tests/metabase.nix | 20 | ||||
-rw-r--r-- | nixos/tests/networking.nix | 2 | ||||
-rw-r--r-- | nixos/tests/nginx.nix | 60 | ||||
-rw-r--r-- | nixos/tests/php-pcre.nix | 41 | ||||
-rw-r--r-- | nixos/tests/prosody.nix | 38 | ||||
-rw-r--r-- | nixos/tests/subversion.nix | 121 | ||||
-rw-r--r-- | nixos/tests/systemd-networkd-wireguard.nix | 80 | ||||
-rw-r--r-- | nixos/tests/systemd.nix | 15 | ||||
-rw-r--r-- | nixos/tests/trezord.nix | 20 | ||||
-rw-r--r-- | nixos/tests/xmpp/ejabberd.nix (renamed from nixos/tests/ejabberd.nix) | 6 | ||||
-rw-r--r-- | nixos/tests/xmpp/prosody-mysql.nix | 77 | ||||
-rw-r--r-- | nixos/tests/xmpp/prosody.nix | 46 | ||||
-rw-r--r-- | nixos/tests/xmpp/xmpp-sendmessage.nix (renamed from nixos/tests/xmpp-sendmessage.nix) | 0 |
20 files changed, 625 insertions, 215 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index c24c8ae61a587..36a053e8e6bdc 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -47,6 +47,7 @@ in codimd = handleTest ./codimd.nix {}; colord = handleTest ./colord.nix {}; containers-bridge = handleTest ./containers-bridge.nix {}; + containers-ephemeral = handleTest ./containers-ephemeral.nix {}; containers-extra_veth = handleTest ./containers-extra_veth.nix {}; containers-hosts = handleTest ./containers-hosts.nix {}; containers-imperative = handleTest ./containers-imperative.nix {}; @@ -73,7 +74,7 @@ in #ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {}; ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {}; ecryptfs = handleTest ./ecryptfs.nix {}; - ejabberd = handleTest ./ejabberd.nix {}; + ejabberd = handleTest ./xmpp/ejabberd.nix {}; elk = handleTestOn ["x86_64-linux"] ./elk.nix {}; env = handleTest ./env.nix {}; etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; @@ -93,8 +94,10 @@ in gitlab = handleTest ./gitlab.nix {}; gitolite = handleTest ./gitolite.nix {}; gjs = handleTest ./gjs.nix {}; + glusterfs = handleTest ./glusterfs.nix {}; gnome3-xorg = handleTest ./gnome3-xorg.nix {}; gnome3 = handleTest ./gnome3.nix {}; + gnome-photos = handleTest ./gnome-photos.nix {}; gocd-agent = handleTest ./gocd-agent.nix {}; gocd-server = handleTest ./gocd-server.nix {}; google-oslogin = handleTest ./google-oslogin {}; @@ -114,6 +117,7 @@ in hound = handleTest ./hound.nix {}; hydra = handleTest ./hydra {}; i3wm = handleTest ./i3wm.nix {}; + icingaweb2 = handleTest ./icingaweb2.nix {}; iftop = handleTest ./iftop.nix {}; incron = handleTest ./incron.nix {}; influxdb = handleTest ./influxdb.nix {}; @@ -124,6 +128,7 @@ in jackett = handleTest ./jackett.nix {}; jellyfin = handleTest ./jellyfin.nix {}; jenkins = handleTest ./jenkins.nix {}; + jormungandr = handleTest ./jormungandr.nix {}; kafka = handleTest ./kafka.nix {}; kerberos = handleTest ./kerberos/default.nix {}; kernel-latest = handleTest ./kernel-latest.nix {}; @@ -138,6 +143,7 @@ in latestKernel.login = handleTest ./login.nix { latestKernel = true; }; ldap = handleTest ./ldap.nix {}; leaps = handleTest ./leaps.nix {}; + libxmlb = handleTest ./libxmlb.nix {}; lidarr = handleTest ./lidarr.nix {}; lightdm = handleTest ./lightdm.nix {}; limesurvey = handleTest ./limesurvey.nix {}; @@ -150,6 +156,7 @@ in mediawiki = handleTest ./mediawiki.nix {}; memcached = handleTest ./memcached.nix {}; mesos = handleTest ./mesos.nix {}; + metabase = handleTest ./metabase.nix {}; miniflux = handleTest ./miniflux.nix {}; minio = handleTest ./minio.nix {}; misc = handleTest ./misc.nix {}; @@ -217,7 +224,8 @@ in prometheus = handleTest ./prometheus.nix {}; prometheus2 = handleTest ./prometheus-2.nix {}; prometheus-exporters = handleTest ./prometheus-exporters.nix {}; - prosody = handleTest ./prosody.nix {}; + prosody = handleTest ./xmpp/prosody.nix {}; + prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {}; proxy = handleTest ./proxy.nix {}; quagga = handleTest ./quagga.nix {}; quake3 = handleTest ./quake3.nix {}; @@ -249,6 +257,7 @@ in systemd = handleTest ./systemd.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; + systemd-networkd-wireguard = handleTest ./systemd-networkd-wireguard.nix {}; pdns-recursor = handleTest ./pdns-recursor.nix {}; taskserver = handleTest ./taskserver.nix {}; telegraf = handleTest ./telegraf.nix {}; @@ -256,6 +265,7 @@ in tinydns = handleTest ./tinydns.nix {}; tor = handleTest ./tor.nix {}; transmission = handleTest ./transmission.nix {}; + trezord = handleTest ./trezord.nix {}; udisks2 = handleTest ./udisks2.nix {}; upnp = handleTest ./upnp.nix {}; uwsgi = handleTest ./uwsgi.nix {}; diff --git a/nixos/tests/containers-ephemeral.nix b/nixos/tests/containers-ephemeral.nix new file mode 100644 index 0000000000000..1ef8717d9a0e1 --- /dev/null +++ b/nixos/tests/containers-ephemeral.nix @@ -0,0 +1,56 @@ +# Test for NixOS' container support. + +import ./make-test.nix ({ pkgs, ...} : { + name = "containers-ephemeral"; + + machine = { pkgs, ... }: { + virtualisation.memorySize = 768; + virtualisation.writableStore = true; + + containers.webserver = { + ephemeral = true; + privateNetwork = true; + hostAddress = "10.231.136.1"; + localAddress = "10.231.136.2"; + config = { + services.nginx = { + enable = true; + virtualHosts.localhost = { + root = (pkgs.runCommand "localhost" {} '' + mkdir "$out" + echo hello world > "$out/index.html" + ''); + }; + }; + networking.firewall.allowedTCPPorts = [ 80 ]; + }; + }; + }; + + testScript = '' + $machine->succeed("nixos-container list") =~ /webserver/ or die; + + # Start the webserver container. + $machine->succeed("nixos-container start webserver"); + + # Check that container got its own root folder + $machine->succeed("ls /run/containers/webserver"); + + # Check that container persistent directory is not created + $machine->fail("ls /var/lib/containers/webserver"); + + # Since "start" returns after the container has reached + # multi-user.target, we should now be able to access it. + my $ip = $machine->succeed("nixos-container show-ip webserver"); + chomp $ip; + $machine->succeed("ping -n -c1 $ip"); + $machine->succeed("curl --fail http://$ip/ > /dev/null"); + + # Stop the container. + $machine->succeed("nixos-container stop webserver"); + $machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null"); + + # Check that container's root folder was removed + $machine->fail("ls /run/containers/webserver"); + ''; +}) diff --git a/nixos/tests/glusterfs.nix b/nixos/tests/glusterfs.nix new file mode 100644 index 0000000000000..9fd8bd2ed1294 --- /dev/null +++ b/nixos/tests/glusterfs.nix @@ -0,0 +1,65 @@ +import ./make-test.nix ({ ... } : + +let + client = { pkgs, ... } : { + environment.systemPackages = [ pkgs.glusterfs ]; + fileSystems = pkgs.lib.mkVMOverride + [ { mountPoint = "/gluster"; + fsType = "glusterfs"; + device = "server1:/gv0"; + } ]; + }; + + server = { pkgs, ... } : { + networking.firewall.enable = false; + services.glusterfs.enable = true; + + # create a mount point for the volume + boot.initrd.postDeviceCommands = '' + ${pkgs.e2fsprogs}/bin/mkfs.ext4 -L data /dev/vdb + ''; + + virtualisation.emptyDiskImages = [ 1024 ]; + + fileSystems = pkgs.lib.mkVMOverride + [ { mountPoint = "/data"; + device = "/dev/disk/by-label/data"; + fsType = "ext4"; + } + ]; + }; +in { + name = "glusterfs"; + + nodes = { + server1 = server; + server2 = server; + client1 = client; + client2 = client; + }; + + testScript = '' + $server1->waitForUnit("glusterd.service"); + $server2->waitForUnit("glusterd.service"); + + # establish initial contact + $server1->succeed("sleep 2"); + $server1->succeed("gluster peer probe server2"); + $server1->succeed("gluster peer probe server1"); + + $server1->succeed("gluster peer status | grep Connected"); + + # create volumes + $server1->succeed("mkdir -p /data/vg0"); + $server2->succeed("mkdir -p /data/vg0"); + $server1->succeed("gluster volume create gv0 server1:/data/vg0 server2:/data/vg0"); + $server1->succeed("gluster volume start gv0"); + + # test clients + $client1->waitForUnit("gluster.mount"); + $client2->waitForUnit("gluster.mount"); + + $client1->succeed("echo test > /gluster/file1"); + $client2->succeed("grep test /gluster/file1"); + ''; +}) diff --git a/nixos/tests/gnome-photos.nix b/nixos/tests/gnome-photos.nix new file mode 100644 index 0000000000000..2ecda1d68ce34 --- /dev/null +++ b/nixos/tests/gnome-photos.nix @@ -0,0 +1,42 @@ +# run installed tests +import ./make-test.nix ({ pkgs, lib, ... }: + +let + + # gsettings tool with access to gsettings-desktop-schemas + desktop-gsettings = with pkgs; stdenv.mkDerivation { + name = "desktop-gsettings"; + dontUnpack = true; + nativeBuildInputs = [ glib wrapGAppsHook ]; + buildInputs = [ gsettings-desktop-schemas ]; + installPhase = '' + runHook preInstall + mkdir -p $out/bin + ln -s ${glib.bin}/bin/gsettings $out/bin/desktop-gsettings + runHook postInstall + ''; + }; + +in + +{ + name = "gnome-photos"; + meta = { + maintainers = pkgs.gnome-photos.meta.maintainers; + }; + + machine = { pkgs, ... }: { + imports = [ ./common/x11.nix ]; + programs.dconf.enable = true; + services.gnome3.at-spi2-core.enable = true; # needed for dogtail + environment.systemPackages = with pkgs; [ gnome-desktop-testing desktop-gsettings ]; + services.dbus.packages = with pkgs; [ gnome-photos ]; + }; + + testScript = '' + $machine->waitForX; + # dogtail needs accessibility enabled + $machine->succeed("desktop-gsettings set org.gnome.desktop.interface toolkit-accessibility true 2>&1"); + $machine->succeed("gnome-desktop-testing-runner -d '${pkgs.gnome-photos.installedTests}/share' 2>&1"); + ''; +}) diff --git a/nixos/tests/icingaweb2.nix b/nixos/tests/icingaweb2.nix new file mode 100644 index 0000000000000..ea1b94c526b13 --- /dev/null +++ b/nixos/tests/icingaweb2.nix @@ -0,0 +1,71 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "icingaweb2"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ das_j ]; + }; + + nodes = { + icingaweb2 = { config, pkgs, ... }: { + services.icingaweb2 = { + enable = true; + + modulePackages = with pkgs.icingaweb2Modules; { + particles = theme-particles; + spring = theme-spring; + }; + + modules = { + doc.enable = true; + migrate.enable = true; + setup.enable = true; + test.enable = true; + translation.enable = true; + }; + + generalConfig = { + global = { + module_path = "${pkgs.icingaweb2}/modules"; + }; + }; + + authentications = { + icingaweb = { + backend = "external"; + }; + }; + + groupBackends = { + icingaweb = { + backend = "db"; + resource = "icingaweb_db"; + }; + }; + + resources = { + # Not used, so no DB server needed + icingaweb_db = { + type = "db"; + db = "mysql"; + host = "localhost"; + username = "icingaweb2"; + password = "icingaweb2"; + dbname = "icingaweb2"; + }; + }; + + roles = { + Administrators = { + users = "*"; + permissions = "*"; + }; + }; + }; + }; + }; + + testScript = '' + startAll(); + $icingaweb2->waitForUnit("multi-user.target"); + $icingaweb2->succeed("curl -sSf http://icingaweb2/authentication/login"); + ''; +}) diff --git a/nixos/tests/jormungandr.nix b/nixos/tests/jormungandr.nix new file mode 100644 index 0000000000000..ab4edf0506aa9 --- /dev/null +++ b/nixos/tests/jormungandr.nix @@ -0,0 +1,49 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "jormungandr"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mmahut ]; + }; + + nodes = { + bft = { ... }: { + environment.systemPackages = [ pkgs.jormungandr ]; + + services.jormungandr.enable = true; + services.jormungandr.genesisBlockFile = "/var/lib/jormungandr/block-0.bin"; + services.jormungandr.secretFile = "/etc/secrets/jormungandr.yaml"; + }; + }; + + testScript = '' + startAll; + + # Let's wait for the StateDirectory + $bft->waitForFile("/var/lib/jormungandr/"); + + # First, we generate the genesis file for our new blockchain + $bft->succeed("jcli genesis init > /root/genesis.yaml"); + + # We need to generate our secret key + $bft->succeed("jcli key generate --type=Ed25519 > /root/key.prv"); + + # We include the secret key into our services.jormungandr.secretFile + $bft->succeed("mkdir -p /etc/secrets"); + $bft->succeed("echo -e \"bft:\\n signing_key:\" \$(cat /root/key.prv) > /etc/secrets/jormungandr.yaml"); + + # After that, we generate our public key from it + $bft->succeed("cat /root/key.prv | jcli key to-public > /root/key.pub"); + + # We add our public key as a consensus leader in the genesis configration file + $bft->succeed("sed -ie \"s/ed25519_pk1vvwp2s0n5jl5f4xcjurp2e92sj2awehkrydrlas4vgqr7xzt33jsadha32/\$(cat /root/key.pub)/\" /root/genesis.yaml"); + + # Now we can generate the genesis block from it + $bft->succeed("jcli genesis encode --input /root/genesis.yaml --output /var/lib/jormungandr/block-0.bin"); + + # We should have everything to start the service now + $bft->succeed("systemctl restart jormungandr"); + $bft->waitForUnit("jormungandr.service"); + + # Now we can test if we are able to reach the REST API + $bft->waitUntilSucceeds("curl -L http://localhost:8607/api/v0/node/stats | grep uptime"); + ''; +}) diff --git a/nixos/tests/libxmlb.nix b/nixos/tests/libxmlb.nix new file mode 100644 index 0000000000000..3bee568ac5a20 --- /dev/null +++ b/nixos/tests/libxmlb.nix @@ -0,0 +1,17 @@ +# run installed tests +import ./make-test.nix ({ pkgs, ... }: + +{ + name = "libxmlb"; + meta = { + maintainers = pkgs.libxmlb.meta.maintainers; + }; + + machine = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ gnome-desktop-testing ]; + }; + + testScript = '' + $machine->succeed("gnome-desktop-testing-runner -d '${pkgs.libxmlb.installedTests}/share'"); + ''; +}) diff --git a/nixos/tests/metabase.nix b/nixos/tests/metabase.nix new file mode 100644 index 0000000000000..be9e5ed5b1e8f --- /dev/null +++ b/nixos/tests/metabase.nix @@ -0,0 +1,20 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "metabase"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mmahut ]; + }; + + nodes = { + machine = { ... }: { + services.metabase.enable = true; + virtualisation.memorySize = 1024; + }; + }; + + testScript = '' + startAll; + $machine->waitForUnit("metabase.service"); + $machine->waitForOpenPort(3000); + $machine->waitUntilSucceeds("curl -L http://localhost:3000/setup | grep Metabase"); + ''; +}) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 949d946bdc4c4..6ce64dcebea04 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -21,7 +21,7 @@ let useNetworkd = networkd; firewall.checkReversePath = true; firewall.allowedUDPPorts = [ 547 ]; - interfaces = mkOverride 0 (listToAttrs (flip map vlanIfs (n: + interfaces = mkOverride 0 (listToAttrs (forEach vlanIfs (n: nameValuePair "eth${toString n}" { ipv4.addresses = [ { address = "192.168.${toString n}.1"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "fd00:1234:5678:${toString n}::1"; prefixLength = 64; } ]; diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix index d66d99821c112..d0b7306ae83b7 100644 --- a/nixos/tests/nginx.nix +++ b/nixos/tests/nginx.nix @@ -3,15 +3,15 @@ # generated virtual hosts config. # 2. whether the ETag header is properly generated whenever we're serving # files in Nix store paths - +# 3. nginx doesn't restart on configuration changes (only reloads) import ./make-test.nix ({ pkgs, ... }: { name = "nginx"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ mbbx6spp ]; }; - nodes = let - commonConfig = { pkgs, ... }: { + nodes = { + webserver = { pkgs, lib, ... }: { services.nginx.enable = true; services.nginx.commonHttpConfig = '' log_format ceeformat '@cee: {"status":"$status",' @@ -32,30 +32,42 @@ import ./make-test.nix ({ pkgs, ... }: { location /favicon.ico { allow all; access_log off; log_not_found off; } ''; }; + services.nginx.virtualHosts.localhost = { root = pkgs.runCommand "testdir" {} '' mkdir "$out" echo hello world > "$out/index.html" ''; }; - }; - in { - webserver = commonConfig; - newwebserver = { pkgs, lib, ... }: { - imports = [ commonConfig ]; - services.nginx.virtualHosts.localhost = { - root = lib.mkForce (pkgs.runCommand "testdir2" {} '' - mkdir "$out" - echo hello world > "$out/index.html" - ''); - }; + services.nginx.enableReload = true; + + nesting.clone = [ + { + services.nginx.virtualHosts.localhost = { + root = lib.mkForce (pkgs.runCommand "testdir2" {} '' + mkdir "$out" + echo content changed > "$out/index.html" + ''); + }; + } + + { + services.nginx.virtualHosts."1.my.test".listen = [ { addr = "127.0.0.1"; port = 8080; }]; + } + + { + services.nginx.package = pkgs.nginxUnstable; + } + ]; }; + }; testScript = { nodes, ... }: let - newServerSystem = nodes.newwebserver.config.system.build.toplevel; - switch = "${newServerSystem}/bin/switch-to-configuration test"; + etagSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-1"; + justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-2"; + reloadRestartSystem = "${nodes.webserver.config.system.build.toplevel}/fine-tune/child-3"; in '' my $url = 'http://localhost/index.html'; @@ -77,9 +89,23 @@ import ./make-test.nix ({ pkgs, ... }: { subtest "check ETag if serving Nix store paths", sub { my $oldEtag = checkEtag; - $webserver->succeed('${switch}'); + $webserver->succeed("${etagSystem}/bin/switch-to-configuration test >&2"); + $webserver->sleep(1); # race condition my $newEtag = checkEtag; die "Old ETag $oldEtag is the same as $newEtag" if $oldEtag eq $newEtag; }; + + subtest "config is reloaded on nixos-rebuild switch", sub { + $webserver->succeed("${justReloadSystem}/bin/switch-to-configuration test >&2"); + $webserver->waitForOpenPort("8080"); + $webserver->fail("journalctl -u nginx | grep -q -i stopped"); + $webserver->succeed("journalctl -u nginx | grep -q -i reloaded"); + }; + + subtest "restart when nginx package changes", sub { + $webserver->succeed("${reloadRestartSystem}/bin/switch-to-configuration test >&2"); + $webserver->waitForUnit("nginx"); + $webserver->succeed("journalctl -u nginx | grep -q -i stopped"); + }; ''; }) diff --git a/nixos/tests/php-pcre.nix b/nixos/tests/php-pcre.nix index 19bde9babad5d..ae44aec7944f4 100644 --- a/nixos/tests/php-pcre.nix +++ b/nixos/tests/php-pcre.nix @@ -8,30 +8,25 @@ import ./make-test.nix ({ ...}: { services.httpd = { enable = true; adminAddr = "please@dont.contact"; - extraSubservices = lib.singleton { - function = f: { - enablePHP = true; - phpOptions = "pcre.jit = true"; + enablePHP = true; + phpOptions = "pcre.jit = true"; + extraConfig = + let + testRoot = pkgs.writeText "index.php" + '' + <?php + preg_match('/(${testString})/', '${testString}', $result); + var_dump($result); + ?> + ''; + in + '' + Alias / ${testRoot}/ - extraConfig = - let - testRoot = pkgs.writeText "index.php" - '' - <?php - preg_match('/(${testString})/', '${testString}', $result); - var_dump($result); - ?> - ''; - in - '' - Alias / ${testRoot}/ - - <Directory ${testRoot}> - Require all granted - </Directory> - ''; - }; - }; + <Directory ${testRoot}> + Require all granted + </Directory> + ''; }; }; testScript = { ... }: diff --git a/nixos/tests/prosody.nix b/nixos/tests/prosody.nix deleted file mode 100644 index a39bae7898dc2..0000000000000 --- a/nixos/tests/prosody.nix +++ /dev/null @@ -1,38 +0,0 @@ -import ./make-test.nix { - name = "prosody"; - - machine = { pkgs, ... }: { - services.prosody = { - enable = true; - # TODO: use a self-signed certificate - c2sRequireEncryption = false; - extraConfig = '' - storage = "sql" - ''; - virtualHosts.test = { - domain = "example.com"; - enabled = true; - }; - }; - environment.systemPackages = [ - (pkgs.callPackage ./xmpp-sendmessage.nix {}) - ]; - }; - - testScript = '' - $machine->waitForUnit('prosody.service'); - $machine->succeed('prosodyctl status') =~ /Prosody is running/; - - # set password to 'nothunter2' (it's asked twice) - $machine->succeed('yes nothunter2 | prosodyctl adduser cthon98@example.com'); - # set password to 'y' - $machine->succeed('yes | prosodyctl adduser azurediamond@example.com'); - # correct password to 'hunter2' - $machine->succeed('yes hunter2 | prosodyctl passwd azurediamond@example.com'); - - $machine->succeed("send-message"); - - $machine->succeed('prosodyctl deluser cthon98@example.com'); - $machine->succeed('prosodyctl deluser azurediamond@example.com'); - ''; -} diff --git a/nixos/tests/subversion.nix b/nixos/tests/subversion.nix deleted file mode 100644 index e7b99b10602a2..0000000000000 --- a/nixos/tests/subversion.nix +++ /dev/null @@ -1,121 +0,0 @@ -import ./make-test.nix ({ pkgs, ...} : - -let - - # Build some packages with coverage instrumentation. - overrides = pkgs: - with pkgs.stdenvAdapters; - let - do = pkg: pkg.override (args: { - stdenv = addCoverageInstrumentation args.stdenv; - }); - in - rec { - apr = do pkgs.apr; - aprutil = do pkgs.aprutil; - apacheHttpd = do pkgs.apacheHttpd; - mod_python = do pkgs.mod_python; - subversion = do pkgs.subversion; - - # To build the kernel with coverage instrumentation, we need a - # special patch to make coverage data available under /proc. - linux = pkgs.linux.override (orig: { - stdenv = overrideInStdenv pkgs.stdenv [ pkgs.keepBuildTree ]; - extraConfig = - '' - GCOV_KERNEL y - GCOV_PROFILE_ALL y - ''; - }); - }; - -in - -{ - name = "subversion"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ eelco ]; - }; - - nodes = - { webserver = - { ... }: - - { - services.httpd.enable = true; - services.httpd.adminAddr = "e.dolstra@tudelft.nl"; - services.httpd.extraSubservices = - [ { function = import <services/subversion>; - urlPrefix = ""; - dataDir = "/data/subversion"; - userCreationDomain = "192.168.0.0/16"; - } - ]; - nixpkgs.config.packageOverrides = overrides; - }; - - client = - { pkgs, ... }: - - { - environment.systemPackages = [ pkgs.subversion ]; - nixpkgs.config.packageOverrides = overrides; - }; - - }; - - testScript = - '' - startAll; - - $webserver->waitForOpenPort(80); - - print STDERR $client->succeed("svn --version"); - - print STDERR $client->succeed("curl --fail http://webserver/"); - - # Create a new user through the web interface. - $client->succeed("curl --fail -F username=alice -F fullname='Alice Lastname' -F address=alice\@example.org -F password=foobar -F password_again=foobar http://webserver/repoman/adduser"); - - # Let Alice create a new repository. - $client->succeed("curl --fail -u alice:foobar --form repo=xyzzy --form description=Xyzzy http://webserver/repoman/create"); - - $client->succeed("curl --fail http://webserver/") =~ /alice/ or die; - - # Let Alice do a checkout. - my $svnFlags = "--non-interactive --username alice --password foobar"; - $client->succeed("svn co $svnFlags http://webserver/repos/xyzzy wc"); - $client->succeed("echo hello > wc/world"); - $client->succeed("svn add wc/world"); - $client->succeed("svn ci $svnFlags -m 'Added world.' wc/world"); - - # Create a new user on the server through the create-user.pl script. - $webserver->execute("svn-server-create-user.pl bob bob\@example.org Bob"); - $webserver->succeed("svn-server-resetpw.pl bob fnord"); - $client->succeed("curl --fail http://webserver/") =~ /bob/ or die; - - # Bob should not have access to the repo. - my $svnFlagsBob = "--non-interactive --username bob --password fnord"; - $client->fail("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2"); - - # Bob should not be able change the ACLs of the repo. - # !!! Repoman should really return a 403 here. - $client->succeed("curl --fail -u bob:fnord -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy") - =~ /not authorised/ or die; - - # Give Bob access. - $client->succeed("curl --fail -u alice:foobar -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy"); - - # So now his checkout should succeed. - $client->succeed("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2"); - - # Test ViewVC and WebSVN - $client->succeed("curl --fail -u alice:foobar http://webserver/viewvc/xyzzy"); - $client->succeed("curl --fail -u alice:foobar http://webserver/websvn/xyzzy"); - $client->succeed("curl --fail -u alice:foobar http://webserver/repos-xml/xyzzy"); - - # Stop Apache to gather all the coverage data. - $webserver->stopJob("httpd"); - ''; - -}) diff --git a/nixos/tests/systemd-networkd-wireguard.nix b/nixos/tests/systemd-networkd-wireguard.nix new file mode 100644 index 0000000000000..f1ce1e791ce3a --- /dev/null +++ b/nixos/tests/systemd-networkd-wireguard.nix @@ -0,0 +1,80 @@ +let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ...}: { + imports = [ common/user-account.nix ]; + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; + networking.useNetworkd = true; + networking.firewall.enable = false; + virtualisation.vlans = [ 1 ]; + environment.systemPackages = with pkgs; [ wireguard-tools ]; + boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; + systemd.network = { + enable = true; + netdevs = { + "90-wg0" = { + netdevConfig = { Kind = "wireguard"; Name = "wg0"; }; + wireguardConfig = { + PrivateKeyFile = privkpath ; + ListenPort = 51820; + FwMark = 42; + }; + wireguardPeers = [ {wireguardPeerConfig={ + Endpoint = "192.168.1.${peerId}:51820"; + PublicKey = pubk; + PresharedKeyFile = pkgs.writeText "psk.key" "yTL3sCOL33Wzi6yCnf9uZQl/Z8laSE+zwpqOHC4HhFU="; + AllowedIPs = [ "10.0.0.${peerId}/32" ]; + PersistentKeepalive = 15; + };}]; + }; + }; + networks = { + "99-nope" = { + matchConfig.Name = "eth*"; + linkConfig.Unmanaged = true; + }; + "90-wg0" = { + matchConfig = { Name = "wg0"; }; + address = [ "10.0.0.${nodeId}/32" ]; + routes = [ + { routeConfig = { Gateway = "10.0.0.${nodeId}"; Destination = "10.0.0.0/24"; }; } + ]; + }; + "90-eth1" = { + matchConfig = { Name = "eth1"; }; + address = [ "192.168.1.${nodeId}/24" ]; + }; + }; + }; + }; +in import ./make-test.nix ({pkgs, ... }: { + name = "networkd-wireguard"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ninjatrappeur ]; + }; + nodes = { + node1 = { pkgs, ... }@attrs: + let localConf = { + privkpath = pkgs.writeText "priv.key" "GDiXWlMQKb379XthwX0haAbK6hTdjblllpjGX0heP00="; + pubk = "iRxpqj42nnY0Qz8MAQbSm7bXxXP5hkPqWYIULmvW+EE="; + nodeId = "1"; + peerId = "2"; + }; + in generateNodeConf (attrs // localConf); + + node2 = { pkgs, ... }@attrs: + let localConf = { + privkpath = pkgs.writeText "priv.key" "eHxSI2jwX/P4AOI0r8YppPw0+4NZnjOxfbS5mt06K2k="; + pubk = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; + nodeId = "2"; + peerId = "1"; + }; + in generateNodeConf (attrs // localConf); + }; +testScript = '' + startAll; + $node1->waitForUnit('systemd-networkd-wait-online.service'); + $node2->waitForUnit('systemd-networkd-wait-online.service'); + $node1->succeed('ping -c 5 10.0.0.2'); + $node2->succeed('ping -c 5 10.0.0.1'); + # Is the fwmark set? + $node2->succeed('wg | grep -q 42'); +''; +}) diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix index fadea52f1dbc3..3168c026d5140 100644 --- a/nixos/tests/systemd.nix +++ b/nixos/tests/systemd.nix @@ -78,19 +78,16 @@ import ./make-test.nix ({ pkgs, ... }: { $machine->fail('dumpe2fs /dev/vdb | grep -q "^Last mount time: *n/a"'); }; - # Regression test for https://github.com/NixOS/nixpkgs/issues/35268 - subtest "file system with x-initrd.mount is not unmounted", sub { - $machine->shutdown; - $machine->waitForUnit('multi-user.target'); - # If the file system was unmounted during the shutdown the file system - # has a last mount time, because the file system wasn't checked. - $machine->fail('dumpe2fs /dev/vdb | grep -q "^Last mount time: *n/a"'); - }; - subtest "systemd-shutdown works", sub { $machine->shutdown; $machine->waitForUnit('multi-user.target'); $machine->succeed('test -e /tmp/shared/shutdown-test'); }; + + # Test settings from /etc/sysctl.d/50-default.conf are applied + subtest "systemd sysctl settings are applied", sub { + $machine->waitForUnit('multi-user.target'); + $machine->succeed('sysctl net.core.default_qdisc | grep -q "fq_codel"'); + }; ''; }) diff --git a/nixos/tests/trezord.nix b/nixos/tests/trezord.nix new file mode 100644 index 0000000000000..1c85bf539345d --- /dev/null +++ b/nixos/tests/trezord.nix @@ -0,0 +1,20 @@ +import ./make-test.nix ({ pkgs, ... }: { + name = "trezord"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mmahut ]; + }; + + nodes = { + machine = { ... }: { + services.trezord.enable = true; + services.trezord.emulator.enable = true; + }; + }; + + testScript = '' + startAll; + $machine->waitForUnit("trezord.service"); + $machine->waitForOpenPort(21325); + $machine->waitUntilSucceeds("curl -L http://localhost:21325/status/ | grep Version"); + ''; +}) diff --git a/nixos/tests/ejabberd.nix b/nixos/tests/xmpp/ejabberd.nix index 0691dfe780d2a..196a04aca3000 100644 --- a/nixos/tests/ejabberd.nix +++ b/nixos/tests/xmpp/ejabberd.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, ... }: { +import ../make-test.nix ({ pkgs, ... }: { name = "ejabberd"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ajs124 ]; @@ -45,8 +45,7 @@ import ./make-test.nix ({ pkgs, ... }: { ip: "127.0.0.1" module: ejabberd_service access: local - shaper_rule: fast - ip: "127.0.0.1" + shaper: fast ## Disabling digest-md5 SASL authentication. digest-md5 requires plain-text ## password storage (see auth_password_format option). @@ -181,7 +180,6 @@ import ./make-test.nix ({ pkgs, ... }: { mod_client_state: {} mod_configure: {} # requires mod_adhoc ## mod_delegation: {} # for xep0356 - mod_echo: {} #mod_irc: # host: "irc.@HOST@" # default_encoding: "utf-8" diff --git a/nixos/tests/xmpp/prosody-mysql.nix b/nixos/tests/xmpp/prosody-mysql.nix new file mode 100644 index 0000000000000..62b4a17421e53 --- /dev/null +++ b/nixos/tests/xmpp/prosody-mysql.nix @@ -0,0 +1,77 @@ +import ../make-test.nix { + name = "prosody-mysql"; + + nodes = { + client = { nodes, pkgs, ... }: { + environment.systemPackages = [ + (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; }) + ]; + }; + server = { config, pkgs, ... }: { + nixpkgs.overlays = [ + (self: super: { + prosody = super.prosody.override { + withDBI = true; + withExtraLibs = [ pkgs.luaPackages.luadbi-mysql ]; + }; + }) + ]; + networking.extraHosts = '' + ${config.networking.primaryIPAddress} example.com + ''; + networking.firewall.enable = false; + services.prosody = { + enable = true; + # TODO: use a self-signed certificate + c2sRequireEncryption = false; + extraConfig = '' + storage = "sql" + sql = { + driver = "MySQL"; + database = "prosody"; + host = "mysql"; + port = 3306; + username = "prosody"; + password = "password123"; + }; + ''; + virtualHosts.test = { + domain = "example.com"; + enabled = true; + }; + }; + }; + mysql = { config, pkgs, ... }: { + networking.firewall.enable = false; + services.mysql = { + enable = true; + initialScript = pkgs.writeText "mysql_init.sql" '' + CREATE DATABASE prosody; + CREATE USER 'prosody'@'server' IDENTIFIED BY 'password123'; + GRANT ALL PRIVILEGES ON prosody.* TO 'prosody'@'server'; + FLUSH PRIVILEGES; + ''; + package = pkgs.mariadb; + }; + }; + }; + + testScript = { nodes, ... }: '' + $mysql->waitForUnit('mysql.service'); + $server->waitForUnit('prosody.service'); + $server->succeed('prosodyctl status') =~ /Prosody is running/; + + # set password to 'nothunter2' (it's asked twice) + $server->succeed('yes nothunter2 | prosodyctl adduser cthon98@example.com'); + # set password to 'y' + $server->succeed('yes | prosodyctl adduser azurediamond@example.com'); + # correct password to 'hunter2' + $server->succeed('yes hunter2 | prosodyctl passwd azurediamond@example.com'); + + $client->succeed("send-message"); + + $server->succeed('prosodyctl deluser cthon98@example.com'); + $server->succeed('prosodyctl deluser azurediamond@example.com'); + ''; +} + diff --git a/nixos/tests/xmpp/prosody.nix b/nixos/tests/xmpp/prosody.nix new file mode 100644 index 0000000000000..8331c7b6d3310 --- /dev/null +++ b/nixos/tests/xmpp/prosody.nix @@ -0,0 +1,46 @@ +import ../make-test.nix { + name = "prosody"; + + nodes = { + client = { nodes, pkgs, ... }: { + environment.systemPackages = [ + (pkgs.callPackage ./xmpp-sendmessage.nix { connectTo = nodes.server.config.networking.primaryIPAddress; }) + ]; + }; + server = { config, pkgs, ... }: { + networking.extraHosts = '' + ${config.networking.primaryIPAddress} example.com + ''; + networking.firewall.enable = false; + services.prosody = { + enable = true; + # TODO: use a self-signed certificate + c2sRequireEncryption = false; + extraConfig = '' + storage = "sql" + ''; + virtualHosts.test = { + domain = "example.com"; + enabled = true; + }; + }; + }; + }; + + testScript = { nodes, ... }: '' + $server->waitForUnit('prosody.service'); + $server->succeed('prosodyctl status') =~ /Prosody is running/; + + # set password to 'nothunter2' (it's asked twice) + $server->succeed('yes nothunter2 | prosodyctl adduser cthon98@example.com'); + # set password to 'y' + $server->succeed('yes | prosodyctl adduser azurediamond@example.com'); + # correct password to 'hunter2' + $server->succeed('yes hunter2 | prosodyctl passwd azurediamond@example.com'); + + $client->succeed("send-message"); + + $server->succeed('prosodyctl deluser cthon98@example.com'); + $server->succeed('prosodyctl deluser azurediamond@example.com'); + ''; +} diff --git a/nixos/tests/xmpp-sendmessage.nix b/nixos/tests/xmpp/xmpp-sendmessage.nix index 2a075a0181340..2a075a0181340 100644 --- a/nixos/tests/xmpp-sendmessage.nix +++ b/nixos/tests/xmpp/xmpp-sendmessage.nix |