diff options
author | Vladimír Čunát <v@cunat.cz> | 2020-10-25 09:47:04 +0100 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2020-10-25 09:47:04 +0100 |
commit | 2f6b00b15eb91cb690f6d74138ba00b773ffd3d9 (patch) | |
tree | e1e004e468f7dad59163bdccf0a5c760128b8de4 /nixos/tests | |
parent | 8d6bd565a108cc7bc6d6dc5b6c5758162051ec16 (diff) | |
parent | 4bd836b381c474893747f9051cfac93d94d13786 (diff) |
Merge branch 'staging-next' into staging
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/certmgr.nix | 30 | ||||
-rw-r--r-- | nixos/tests/ferm.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nixos-generate-config.nix | 16 | ||||
-rw-r--r-- | nixos/tests/powerdns.nix | 60 |
4 files changed, 90 insertions, 17 deletions
diff --git a/nixos/tests/certmgr.nix b/nixos/tests/certmgr.nix index ef32f54400e30..8f5b89487793b 100644 --- a/nixos/tests/certmgr.nix +++ b/nixos/tests/certmgr.nix @@ -11,7 +11,7 @@ let file = { group = "nginx"; owner = "nginx"; - path = "/tmp/${host}-ca.pem"; + path = "/var/ssl/${host}-ca.pem"; }; label = "www_ca"; profile = "three-month"; @@ -20,13 +20,13 @@ let certificate = { group = "nginx"; owner = "nginx"; - path = "/tmp/${host}-cert.pem"; + path = "/var/ssl/${host}-cert.pem"; }; private_key = { group = "nginx"; mode = "0600"; owner = "nginx"; - path = "/tmp/${host}-key.pem"; + path = "/var/ssl/${host}-key.pem"; }; request = { CN = host; @@ -57,6 +57,8 @@ let services.cfssl.enable = true; systemd.services.cfssl.after = [ "cfssl-init.service" "networking.target" ]; + systemd.tmpfiles.rules = [ "d /var/ssl 777 root root" ]; + systemd.services.cfssl-init = { description = "Initialize the cfssl CA"; wantedBy = [ "multi-user.target" ]; @@ -87,8 +89,8 @@ let enable = true; virtualHosts = lib.mkMerge (map (host: { ${host} = { - sslCertificate = "/tmp/${host}-cert.pem"; - sslCertificateKey = "/tmp/${host}-key.pem"; + sslCertificate = "/var/ssl/${host}-cert.pem"; + sslCertificateKey = "/var/ssl/${host}-key.pem"; extraConfig = '' ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ''; @@ -124,16 +126,18 @@ in }; testScript = '' machine.wait_for_unit("cfssl.service") - machine.wait_until_succeeds("ls /tmp/decl.example.org-ca.pem") - machine.wait_until_succeeds("ls /tmp/decl.example.org-key.pem") - machine.wait_until_succeeds("ls /tmp/decl.example.org-cert.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-ca.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-key.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-cert.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-ca.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-key.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-cert.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-ca.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-key.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-cert.pem") machine.wait_for_unit("nginx.service") assert 1 < int(machine.succeed('journalctl -u nginx | grep "Starting Nginx" | wc -l')) - machine.succeed("curl --cacert /tmp/imp.example.org-ca.pem https://imp.example.org") - machine.succeed("curl --cacert /tmp/decl.example.org-ca.pem https://decl.example.org") + machine.succeed("curl --cacert /var/ssl/imp.example.org-ca.pem https://imp.example.org") + machine.succeed( + "curl --cacert /var/ssl/decl.example.org-ca.pem https://decl.example.org" + ) ''; }; diff --git a/nixos/tests/ferm.nix b/nixos/tests/ferm.nix index a73c9ce739cf1..112b5f19a7dea 100644 --- a/nixos/tests/ferm.nix +++ b/nixos/tests/ferm.nix @@ -56,6 +56,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { start_all() client.wait_for_unit("network-online.target") + server.wait_for_unit("network-online.target") server.wait_for_unit("ferm.service") server.wait_for_unit("nginx.service") server.wait_until_succeeds("ss -ntl | grep -q 80") diff --git a/nixos/tests/nixos-generate-config.nix b/nixos/tests/nixos-generate-config.nix index 6c83ccecc70a0..5daa55a8abbea 100644 --- a/nixos/tests/nixos-generate-config.nix +++ b/nixos/tests/nixos-generate-config.nix @@ -7,8 +7,16 @@ import ./make-test-python.nix ({ lib, ... } : { { config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; $bootLoaderConfig + $desktopConfiguration } ''; + + system.nixos-generate-config.desktopConfiguration = '' + # DESKTOP + # services.xserver.enable = true; + # services.xserver.displayManager.gdm.enable = true; + # services.xserver.desktopManager.gnome3.enable = true; + ''; }; testScript = '' start_all() @@ -18,9 +26,17 @@ import ./make-test-python.nix ({ lib, ... } : { # Test if the configuration really is overridden machine.succeed("grep 'OVERRIDDEN' /etc/nixos/configuration.nix") + # Test if desktop configuration really is overridden + machine.succeed("grep 'DESKTOP' /etc/nixos/configuration.nix") + # Test of if the Perl variable $bootLoaderConfig is spliced correctly: machine.succeed( "grep 'boot\\.loader\\.grub\\.enable = true;' /etc/nixos/configuration.nix" ) + + # Test if the Perl variable $desktopConfiguration is spliced correctly + machine.succeed( + "grep 'services\\.xserver\\.desktopManager\\.gnome3\\.enable = true;' /etc/nixos/configuration.nix" + ) ''; }) diff --git a/nixos/tests/powerdns.nix b/nixos/tests/powerdns.nix index 75d71315e644d..d025934ad2b37 100644 --- a/nixos/tests/powerdns.nix +++ b/nixos/tests/powerdns.nix @@ -1,13 +1,65 @@ -import ./make-test-python.nix ({ pkgs, ... }: { +# This test runs PowerDNS authoritative server with the +# generic MySQL backend (gmysql) to connect to a +# MariaDB server using UNIX sockets authentication. + +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "powerdns"; nodes.server = { ... }: { services.powerdns.enable = true; - environment.systemPackages = [ pkgs.dnsutils ]; + services.powerdns.extraConfig = '' + launch=gmysql + gmysql-user=pdns + ''; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureDatabases = [ "powerdns" ]; + ensureUsers = lib.singleton + { name = "pdns"; + ensurePermissions = { "powerdns.*" = "ALL PRIVILEGES"; }; + }; + }; + + environment.systemPackages = with pkgs; + [ dnsutils powerdns mariadb ]; }; testScript = '' - server.wait_for_unit("pdns") - server.succeed("dig version.bind txt chaos \@127.0.0.1") + import re + + with subtest("PowerDNS database exists"): + server.wait_for_unit("mysql") + server.succeed("echo 'SHOW DATABASES;' | sudo -u pdns mysql -u pdns >&2") + + with subtest("Loading the MySQL schema works"): + server.succeed( + "sudo -u pdns mysql -u pdns -D powerdns <" + "${pkgs.powerdns}/share/doc/pdns/schema.mysql.sql" + ) + + with subtest("PowerDNS server starts"): + server.wait_for_unit("pdns") + server.succeed("dig version.bind txt chaos @127.0.0.1 >&2") + + with subtest("Adding an example zone works"): + # Extract configuration file needed by pdnsutil + unit = server.succeed("systemctl cat pdns") + conf = re.search("(--config-dir=[^ ]+)", unit).group(1) + pdnsutil = "sudo -u pdns pdnsutil " + conf + server.succeed(f"{pdnsutil} create-zone example.com ns1.example.com") + server.succeed(f"{pdnsutil} add-record example.com ns1 A 192.168.1.2") + + with subtest("Querying the example zone works"): + reply = server.succeed("dig +noall +answer ns1.example.com @127.0.0.1") + assert ( + "192.168.1.2" in reply + ), f"""" + The reply does not contain the expected IP address: + Expected: + ns1.example.com. 3600 IN A 192.168.1.2 + Reply: + {reply}""" ''; }) |