diff options
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/alice-lg.nix | 44 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 4 | ||||
-rw-r--r-- | nixos/tests/birdwatcher.nix | 94 | ||||
-rw-r--r-- | nixos/tests/nextcloud/basic.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nextcloud/openssl-sse.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nextcloud/with-mysql-and-memcached.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nextcloud/with-postgresql-and-redis.nix | 1 | ||||
-rw-r--r-- | nixos/tests/pam/zfs-key.nix | 83 | ||||
-rw-r--r-- | nixos/tests/rshim.nix | 25 | ||||
-rw-r--r-- | nixos/tests/systemd-repart.nix | 2 | ||||
-rw-r--r-- | nixos/tests/vikunja.nix | 5 |
11 files changed, 258 insertions, 3 deletions
diff --git a/nixos/tests/alice-lg.nix b/nixos/tests/alice-lg.nix new file mode 100644 index 0000000000000..640e60030a04e --- /dev/null +++ b/nixos/tests/alice-lg.nix @@ -0,0 +1,44 @@ +# This test does a basic functionality check for alice-lg + +{ system ? builtins.currentSystem +, pkgs ? import ../.. { inherit system; config = { }; } +}: + +let + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; + inherit (pkgs.lib) optionalString; +in +makeTest { + name = "birdwatcher"; + nodes = { + host1 = { + environment.systemPackages = with pkgs; [ jq ]; + services.alice-lg = { + enable = true; + settings = { + server = { + listen_http = "[::]:7340"; + enable_prefix_lookup = true; + asn = 1; + routes_store_refresh_parallelism = 5; + neighbors_store_refresh_parallelism = 10000; + routes_store_refresh_interval = 5; + neighbors_store_refresh_interval = 5; + }; + housekeeping = { + interval = 5; + force_release_memory = true; + }; + }; + }; + }; + }; + + testScript = '' + start_all() + + host1.wait_for_unit("alice-lg.service") + host1.wait_for_open_port(7340) + host1.succeed("curl http://[::]:7340 | grep 'Alice BGP Looking Glass'") + ''; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 20b051c1880e9..81c5e8dd9f3aa 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -102,6 +102,7 @@ in { airsonic = handleTest ./airsonic.nix {}; akkoma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix {}; akkoma-confined = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./akkoma.nix { confined = true; }; + alice-lg = handleTest ./alice-lg.nix {}; allTerminfo = handleTest ./all-terminfo.nix {}; alps = handleTest ./alps.nix {}; amazon-init-shell = handleTest ./amazon-init-shell.nix {}; @@ -123,6 +124,7 @@ in { binary-cache = handleTest ./binary-cache.nix {}; bind = handleTest ./bind.nix {}; bird = handleTest ./bird.nix {}; + birdwatcher = handleTest ./birdwatcher.nix {}; bitcoind = handleTest ./bitcoind.nix {}; bittorrent = handleTest ./bittorrent.nix {}; blockbook-frontend = handleTest ./blockbook-frontend.nix {}; @@ -562,6 +564,7 @@ in { pam-oath-login = handleTest ./pam/pam-oath-login.nix {}; pam-u2f = handleTest ./pam/pam-u2f.nix {}; pam-ussh = handleTest ./pam/pam-ussh.nix {}; + pam-zfs-key = handleTest ./pam/zfs-key.nix {}; pass-secret-service = handleTest ./pass-secret-service.nix {}; patroni = handleTestOn ["x86_64-linux"] ./patroni.nix {}; pantalaimon = handleTest ./matrix/pantalaimon.nix {}; @@ -641,6 +644,7 @@ in { retroarch = handleTest ./retroarch.nix {}; robustirc-bridge = handleTest ./robustirc-bridge.nix {}; roundcube = handleTest ./roundcube.nix {}; + rshim = handleTest ./rshim.nix {}; rspamd = handleTest ./rspamd.nix {}; rss2email = handleTest ./rss2email.nix {}; rstudio-server = handleTest ./rstudio-server.nix {}; diff --git a/nixos/tests/birdwatcher.nix b/nixos/tests/birdwatcher.nix new file mode 100644 index 0000000000000..5c41b4d0e4f3a --- /dev/null +++ b/nixos/tests/birdwatcher.nix @@ -0,0 +1,94 @@ +# This test does a basic functionality check for birdwatcher + +{ system ? builtins.currentSystem +, pkgs ? import ../.. { inherit system; config = { }; } +}: + +let + inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; + inherit (pkgs.lib) optionalString; +in +makeTest { + name = "birdwatcher"; + nodes = { + host1 = { + environment.systemPackages = with pkgs; [ jq ]; + services.bird2 = { + enable = true; + config = '' + log syslog all; + + debug protocols all; + + router id 10.0.0.1; + + protocol device { + } + + protocol kernel kernel4 { + ipv4 { + import none; + export all; + }; + } + + protocol kernel kernel6 { + ipv6 { + import none; + export all; + }; + } + ''; + }; + services.birdwatcher = { + enable = true; + settings = '' + [server] + allow_from = [] + allow_uncached = false + modules_enabled = ["status", + "protocols", + "protocols_bgp", + "protocols_short", + "routes_protocol", + "routes_peer", + "routes_table", + "routes_table_filtered", + "routes_table_peer", + "routes_filtered", + "routes_prefixed", + "routes_noexport", + "routes_pipe_filtered_count", + "routes_pipe_filtered" + ] + [status] + reconfig_timestamp_source = "bird" + reconfig_timestamp_match = "# created: (.*)" + filter_fields = [] + [bird] + listen = "0.0.0.0:29184" + config = "/etc/bird/bird2.conf" + birdc = "${pkgs.bird}/bin/birdc" + ttl = 5 # time to live (in minutes) for caching of cli output + [parser] + filter_fields = [] + [cache] + use_redis = false # if not using redis cache, activate housekeeping to save memory! + [housekeeping] + interval = 5 + force_release_memory = true + ''; + }; + }; + }; + + testScript = '' + start_all() + + host1.wait_for_unit("bird2.service") + host1.wait_for_unit("birdwatcher.service") + host1.wait_for_open_port(29184) + host1.succeed("curl http://[::]:29184/status | jq -r .status.message | grep 'Daemon is up and running'") + host1.succeed("curl http://[::]:29184/protocols | jq -r .protocols.device1.state | grep 'up'") + ''; +} diff --git a/nixos/tests/nextcloud/basic.nix b/nixos/tests/nextcloud/basic.nix index a475049e7b264..e17f701c54b7d 100644 --- a/nixos/tests/nextcloud/basic.nix +++ b/nixos/tests/nextcloud/basic.nix @@ -43,6 +43,7 @@ in { enable = true; datadir = "/var/lib/nextcloud-data"; hostName = "nextcloud"; + database.createLocally = true; config = { # Don't inherit adminuser since "root" is supposed to be the default adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; # Don't try this at home! diff --git a/nixos/tests/nextcloud/openssl-sse.nix b/nixos/tests/nextcloud/openssl-sse.nix index 871947e1d2b20..e1f2706a7348b 100644 --- a/nixos/tests/nextcloud/openssl-sse.nix +++ b/nixos/tests/nextcloud/openssl-sse.nix @@ -9,6 +9,7 @@ args@{ pkgs, nextcloudVersion ? 25, ... }: services.nextcloud = { enable = true; config.adminpassFile = "${pkgs.writeText "adminpass" adminpass}"; + database.createLocally = true; package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; }; }; diff --git a/nixos/tests/nextcloud/with-mysql-and-memcached.nix b/nixos/tests/nextcloud/with-mysql-and-memcached.nix index f673e5e75d3ba..e57aabfaf86b5 100644 --- a/nixos/tests/nextcloud/with-mysql-and-memcached.nix +++ b/nixos/tests/nextcloud/with-mysql-and-memcached.nix @@ -26,6 +26,7 @@ in { redis = false; memcached = true; }; + database.createLocally = true; config = { dbtype = "mysql"; # Don't inherit adminuser since "root" is supposed to be the default diff --git a/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixos/tests/nextcloud/with-postgresql-and-redis.nix index 43892d39e9f0c..1cbb131042876 100644 --- a/nixos/tests/nextcloud/with-postgresql-and-redis.nix +++ b/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -25,6 +25,7 @@ in { redis = true; memcached = false; }; + database.createLocally = true; config = { dbtype = "pgsql"; inherit adminuser; diff --git a/nixos/tests/pam/zfs-key.nix b/nixos/tests/pam/zfs-key.nix new file mode 100644 index 0000000000000..4f54c287e91a1 --- /dev/null +++ b/nixos/tests/pam/zfs-key.nix @@ -0,0 +1,83 @@ +import ../make-test-python.nix ({ ... }: + + let + userPassword = "password"; + mismatchPass = "mismatch"; + in + { + name = "pam-zfs-key"; + + nodes.machine = + { ... }: { + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostId = "12345678"; + + security.pam.zfs.enable = true; + + users.users = { + alice = { + isNormalUser = true; + password = userPassword; + }; + bob = { + isNormalUser = true; + password = userPassword; + }; + }; + }; + + testScript = { nodes, ... }: + let + homes = nodes.machine.security.pam.zfs.homes; + pool = builtins.head (builtins.split "/" homes); + in + '' + machine.wait_for_unit("multi-user.target") + machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") + + with subtest("Create encrypted ZFS datasets"): + machine.succeed("truncate -s 64M /testpool.img") + machine.succeed("zpool create -O canmount=off '${pool}' /testpool.img") + machine.succeed("zfs create -o canmount=off -p '${homes}'") + machine.succeed("echo ${userPassword} | zfs create -o canmount=noauto -o encryption=on -o keyformat=passphrase '${homes}/alice'") + machine.succeed("zfs unload-key '${homes}/alice'") + machine.succeed("echo ${mismatchPass} | zfs create -o canmount=noauto -o encryption=on -o keyformat=passphrase '${homes}/bob'") + machine.succeed("zfs unload-key '${homes}/bob'") + + with subtest("Switch to tty2"): + machine.fail("pgrep -f 'agetty.*tty2'") + machine.send_key("alt-f2") + machine.wait_until_succeeds("[ $(fgconsole) = 2 ]") + machine.wait_for_unit("getty@tty2.service") + machine.wait_until_succeeds("pgrep -f 'agetty.*tty2'") + + with subtest("Log in as user with home locked by login password"): + machine.wait_until_tty_matches("2", "login: ") + machine.send_chars("alice\n") + machine.wait_until_tty_matches("2", "login: alice") + machine.wait_until_succeeds("pgrep login") + machine.wait_until_tty_matches("2", "Password: ") + machine.send_chars("${userPassword}\n") + machine.wait_until_succeeds("pgrep -u alice bash") + machine.succeed("mount | grep ${homes}/alice") + + with subtest("Switch to tty3"): + machine.fail("pgrep -f 'agetty.*tty3'") + machine.send_key("alt-f3") + machine.wait_until_succeeds("[ $(fgconsole) = 3 ]") + machine.wait_for_unit("getty@tty3.service") + machine.wait_until_succeeds("pgrep -f 'agetty.*tty3'") + + with subtest("Log in as user with home locked by password different from login"): + machine.wait_until_tty_matches("3", "login: ") + machine.send_chars("bob\n") + machine.wait_until_tty_matches("3", "login: bob") + machine.wait_until_succeeds("pgrep login") + machine.wait_until_tty_matches("3", "Password: ") + machine.send_chars("${userPassword}\n") + machine.wait_until_succeeds("pgrep -u bob bash") + machine.fail("mount | grep ${homes}/bob") + ''; + } +) diff --git a/nixos/tests/rshim.nix b/nixos/tests/rshim.nix new file mode 100644 index 0000000000000..bb5cce028ae79 --- /dev/null +++ b/nixos/tests/rshim.nix @@ -0,0 +1,25 @@ +{ system ? builtins.currentSystem +, config ? { } +, pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; + +{ + basic = makeTest { + name = "rshim"; + meta.maintainers = with maintainers; [ nikstur ]; + + nodes.machine = { config, pkgs, ... }: { + services.rshim.enable = true; + }; + + testScript = { nodes, ... }: '' + machine.start() + machine.wait_for_unit("multi-user.target") + + print(machine.succeed("systemctl status rshim.service")) + ''; + }; +} diff --git a/nixos/tests/systemd-repart.nix b/nixos/tests/systemd-repart.nix index 36de5d988fdb1..b1d19c2b7cc1d 100644 --- a/nixos/tests/systemd-repart.nix +++ b/nixos/tests/systemd-repart.nix @@ -21,7 +21,7 @@ let shutil.copyfile("${machine.system.build.diskImage}/nixos.img", tmp_disk_image.name) subprocess.run([ - "${pkgs.qemu}/bin/qemu-img", + "${machine.config.virtualisation.qemu.package}/bin/qemu-img", "resize", "-f", "raw", diff --git a/nixos/tests/vikunja.nix b/nixos/tests/vikunja.nix index 2f6c4c1f46617..2660aa9767ca7 100644 --- a/nixos/tests/vikunja.nix +++ b/nixos/tests/vikunja.nix @@ -26,6 +26,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; frontendScheme = "http"; frontendHostname = "localhost"; + port = 9090; }; services.postgresql = { enable = true; @@ -52,8 +53,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { vikunjaSqlite.succeed("curl --fail http://localhost") vikunjaPostgresql.wait_for_unit("vikunja-api.service") - vikunjaPostgresql.wait_for_open_port(3456) - vikunjaPostgresql.succeed("curl --fail http://localhost:3456/api/v1/info") + vikunjaPostgresql.wait_for_open_port(9090) + vikunjaPostgresql.succeed("curl --fail http://localhost:9090/api/v1/info") vikunjaPostgresql.wait_for_unit("nginx.service") vikunjaPostgresql.wait_for_open_port(80) |