diff options
| author | Tomasz Czyż <tomasz.czyz@gmail.com> | 2017-04-07 10:28:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-07 10:28:58 +0100 |
| commit | e57cf5efd110e33fcce675b24d3f06f7739c5940 (patch) | |
| tree | 4e951677c7a0a9bf0a86fb9cbe386c792878d472 /nixos/tests | |
| parent | ab22a0803996c40eee80aa0f81d151090ab15b01 (diff) | |
| parent | 78adf1832f2bec0cb90141202262ca5f7b9a7a30 (diff) | |
| download | nixpkgs-e57cf5efd110e33fcce675b24d3f06f7739c5940.tar nixpkgs-e57cf5efd110e33fcce675b24d3f06f7739c5940.tar.gz nixpkgs-e57cf5efd110e33fcce675b24d3f06f7739c5940.tar.bz2 nixpkgs-e57cf5efd110e33fcce675b24d3f06f7739c5940.tar.lz nixpkgs-e57cf5efd110e33fcce675b24d3f06f7739c5940.tar.xz nixpkgs-e57cf5efd110e33fcce675b24d3f06f7739c5940.tar.zst nixpkgs-e57cf5efd110e33fcce675b24d3f06f7739c5940.zip | |
Merge branch 'master' into postgresql-tests
Diffstat (limited to 'nixos/tests')
31 files changed, 735 insertions, 175 deletions
diff --git a/nixos/tests/buildbot.nix b/nixos/tests/buildbot.nix new file mode 100644 index 00000000000..13a162e6c6e --- /dev/null +++ b/nixos/tests/buildbot.nix @@ -0,0 +1,46 @@ +# Test ensures buildbot master comes up correctly and workers can connect + +import ./make-test.nix ({ pkgs, ... } : { + name = "buildbot"; + + nodes = { + bbmaster = { config, pkgs, nodes, ... }: { + services.buildbot-master = { + enable = true; + factorySteps = [ + "steps.Git(repourl='git://github.com/buildbot/pyflakes.git', mode='incremental')" + "steps.ShellCommand(command=['trial', 'pyflakes'])" + ]; + changeSource = [ + "changes.GitPoller('git://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)" + ]; + }; + networking.firewall.allowedTCPPorts = [ 8010 9989 ]; + }; + + bbworker = { config, pkgs, ... }: { + services.buildbot-worker = { + enable = true; + masterUrl = "bbmaster:9989"; + }; + }; + }; + + testScript = '' + + $bbmaster->waitForUnit("network.target"); + $bbworker->waitForUnit("network.target"); + + # Additional tests to be added + #$bbmaster->waitForUnit("buildbot-master.service"); + #$bbmaster->waitUntilSucceeds("curl -s --head http://bbmaster:8010") =~ /200 OK/ or die; + #$bbworker->waitForUnit("buildbot-worker.service"); + #$bbworker->waitUntilSucceeds("tail -10 /home/bbworker/worker/twistd.log") =~ /success/ or die; + + ''; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nand0p ]; + }; + +}) diff --git a/nixos/tests/cjdns.nix b/nixos/tests/cjdns.nix index f32ec52dfc2..46666379924 100644 --- a/nixos/tests/cjdns.nix +++ b/nixos/tests/cjdns.nix @@ -109,14 +109,14 @@ import ./make-test.nix ({ pkgs, ...} : { # ping a few times each to let the routing table establish itself - $alice->succeed("ping6 -c 4 $carolIp6"); - $bob->succeed("ping6 -c 4 $carolIp6"); + $alice->succeed("ping -c 4 $carolIp6"); + $bob->succeed("ping -c 4 $carolIp6"); - $carol->succeed("ping6 -c 4 $aliceIp6"); - $carol->succeed("ping6 -c 4 $bobIp6"); + $carol->succeed("ping -c 4 $aliceIp6"); + $carol->succeed("ping -c 4 $bobIp6"); - $alice->succeed("ping6 -c 4 $bobIp6"); - $bob->succeed("ping6 -c 4 $aliceIp6"); + $alice->succeed("ping -c 4 $bobIp6"); + $bob->succeed("ping -c 4 $aliceIp6"); $alice->waitForUnit("httpd.service"); diff --git a/nixos/tests/containers-bridge.nix b/nixos/tests/containers-bridge.nix index bb32d852a6f..598abd22e61 100644 --- a/nixos/tests/containers-bridge.nix +++ b/nixos/tests/containers-bridge.nix @@ -66,7 +66,7 @@ import ./make-test.nix ({ pkgs, ...} : { "${containerIp6}" =~ /([^\/]+)\/([0-9+])/; my $ip6 = $1; chomp $ip6; - $machine->succeed("ping6 -n -c 1 $ip6"); + $machine->succeed("ping -n -c 1 $ip6"); $machine->succeed("curl --fail http://[$ip6]/ > /dev/null"); # Stop the container. diff --git a/nixos/tests/containers-extra_veth.nix b/nixos/tests/containers-extra_veth.nix index 2a54b1d961c..6339c8c558b 100644 --- a/nixos/tests/containers-extra_veth.nix +++ b/nixos/tests/containers-extra_veth.nix @@ -84,7 +84,7 @@ import ./make-test.nix ({ pkgs, ...} : { # Ping on main veth $machine->succeed("ping -n -c 1 192.168.0.100"); - $machine->succeed("ping6 -n -c 1 fc00::2"); + $machine->succeed("ping -n -c 1 fc00::2"); # Ping on the first extra veth $machine->succeed("ping -n -c 1 192.168.1.100 >&2"); diff --git a/nixos/tests/containers-ipv6.nix b/nixos/tests/containers-ipv6.nix index 320465ebb95..f676ed122bb 100644 --- a/nixos/tests/containers-ipv6.nix +++ b/nixos/tests/containers-ipv6.nix @@ -47,7 +47,7 @@ import ./make-test.nix ({ pkgs, ...} : { # multi-user.target, we should now be able to access it. my $ip = "${localIp}"; chomp $ip; - $machine->succeed("ping6 -n -c 1 $ip"); + $machine->succeed("ping -n -c 1 $ip"); $machine->succeed("curl --fail http://[$ip]/ > /dev/null"); # Stop the container. diff --git a/nixos/tests/containers-portforward.nix b/nixos/tests/containers-portforward.nix new file mode 100644 index 00000000000..78cc445c2dd --- /dev/null +++ b/nixos/tests/containers-portforward.nix @@ -0,0 +1,63 @@ +# Test for NixOS' container support. + +let + hostIp = "192.168.0.1"; + hostPort = 10080; + containerIp = "192.168.0.100"; + containerPort = 80; +in + +import ./make-test.nix ({ pkgs, ...} : { + name = "containers-portforward"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ aristid aszlig eelco chaoflow kampfschlaefer ianwookim ]; + }; + + machine = + { config, pkgs, ... }: + { imports = [ ../modules/installer/cd-dvd/channel.nix ]; + virtualisation.writableStore = true; + virtualisation.memorySize = 768; + + containers.webserver = + { privateNetwork = true; + hostAddress = hostIp; + localAddress = containerIp; + forwardPorts = [ { protocol = "tcp"; hostPort = hostPort; containerPort = containerPort; } ]; + config = + { services.httpd.enable = true; + services.httpd.adminAddr = "foo@example.org"; + networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowPing = true; + }; + }; + + virtualisation.pathsInNixDB = [ pkgs.stdenv ]; + }; + + testScript = + '' + $machine->succeed("nixos-container list") =~ /webserver/ or die; + + # Start the webserver container. + $machine->succeed("nixos-container start webserver"); + + # wait two seconds for the container to start and the network to be up + sleep 2; + + # Since "start" returns after the container has reached + # multi-user.target, we should now be able to access it. + #my $ip = $machine->succeed("nixos-container show-ip webserver"); + #chomp $ip; + $machine->succeed("ping -n -c1 ${hostIp}"); + $machine->succeed("curl --fail http://${hostIp}:${toString hostPort}/ > /dev/null"); + + # Stop the container. + $machine->succeed("nixos-container stop webserver"); + $machine->fail("curl --fail --connect-timeout 2 http://${hostIp}:${toString hostPort}/ > /dev/null"); + + # Destroying a declarative container should fail. + $machine->fail("nixos-container destroy webserver"); + ''; + +}) diff --git a/nixos/tests/containers-restart_networking.nix b/nixos/tests/containers-restart_networking.nix new file mode 100644 index 00000000000..086d056c51c --- /dev/null +++ b/nixos/tests/containers-restart_networking.nix @@ -0,0 +1,114 @@ +# Test for NixOS' container support. + +let + client_base = rec { + networking.firewall.enable = false; + + containers.webserver = { + autoStart = true; + privateNetwork = true; + hostBridge = "br0"; + config = { + networking.firewall.enable = false; + networking.firewall.allowPing = true; + networking.interfaces.eth0.ip4 = [ + { address = "192.168.1.122"; prefixLength = 24; } + ]; + }; + }; + }; +in import ./make-test.nix ({ pkgs, lib, ...} : +{ + name = "containers-restart_networking"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ kampfschlaefer ]; + }; + + nodes = { + client = { lib, pkgs, ... }: client_base // { + virtualisation.vlans = [ 1 ]; + + networking.bridges.br0 = { + interfaces = []; + rstp = false; + }; + networking.interfaces = { + eth1.ip4 = lib.mkOverride 0 [ ]; + br0.ip4 = [{ address = "192.168.1.1"; prefixLength = 24; }]; + }; + + }; + client_eth1 = { lib, pkgs, ... }: client_base // { + networking.bridges.br0 = { + interfaces = [ "eth1" ]; + rstp = false; + }; + networking.interfaces = { + eth1.ip4 = lib.mkOverride 0 [ ]; + br0.ip4 = [{ address = "192.168.1.2"; prefixLength = 24; }]; + }; + }; + client_eth1_rstp = { lib, pkgs, ... }: client_base // { + networking.bridges.br0 = { + interfaces = [ "eth1" ]; + rstp = true; + }; + networking.interfaces = { + eth1.ip4 = lib.mkOverride 0 [ ]; + br0.ip4 = [{ address = "192.168.1.2"; prefixLength = 24; }]; + }; + }; + }; + + testScript = {nodes, ...}: let + originalSystem = nodes.client.config.system.build.toplevel; + eth1_bridged = nodes.client_eth1.config.system.build.toplevel; + eth1_rstp = nodes.client_eth1_rstp.config.system.build.toplevel; + in '' + $client->start(); + + $client->waitForUnit("default.target"); + + subtest "initial state", sub { + $client->succeed("ping 192.168.1.122 -c 1 -n >&2"); + $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.1 >&2"); + + $client->fail("ip l show eth1 |grep \"master br0\" >&2"); + $client->fail("grep eth1 /run/br0.interfaces >&2"); + }; + + subtest "interfaces without stp", sub { + $client->succeed("${eth1_bridged}/bin/switch-to-configuration test >&2"); + + $client->succeed("ping 192.168.1.122 -c 1 -n >&2"); + $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.2 >&2"); + + $client->succeed("ip l show eth1 |grep \"master br0\" >&2"); + $client->succeed("grep eth1 /run/br0.interfaces >&2"); + }; + + # activating rstp needs another service, therefor the bridge will restart and the container will loose its connectivity + #subtest "interfaces with rstp", sub { + # $client->succeed("${eth1_rstp}/bin/switch-to-configuration test >&2"); + # $client->execute("ip -4 a >&2"); + # $client->execute("ip l >&2"); + # + # $client->succeed("ping 192.168.1.122 -c 1 -n >&2"); + # $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.2 >&2"); + # + # $client->succeed("ip l show eth1 |grep \"master br0\" >&2"); + # $client->succeed("grep eth1 /run/br0.interfaces >&2"); + #}; + + subtest "back to no interfaces and no stp", sub { + $client->succeed("${originalSystem}/bin/switch-to-configuration test >&2"); + + $client->succeed("ping 192.168.1.122 -c 1 -n >&2"); + $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.1 >&2"); + + $client->fail("ip l show eth1 |grep \"master br0\" >&2"); + $client->fail("grep eth1 /run/br0.interfaces >&2"); + }; + ''; + +}) diff --git a/nixos/tests/dnscrypt-proxy.nix b/nixos/tests/dnscrypt-proxy.nix index 26409949ec6..84562336825 100644 --- a/nixos/tests/dnscrypt-proxy.nix +++ b/nixos/tests/dnscrypt-proxy.nix @@ -15,6 +15,7 @@ import ./make-test.nix ({ pkgs, ... }: { services.dnscrypt-proxy.enable = true; services.dnscrypt-proxy.localPort = localProxyPort; + services.dnscrypt-proxy.extraArgs = [ "-X libdcplugin_example.so" ]; services.dnsmasq.enable = true; services.dnsmasq.servers = [ "127.0.0.1#${toString localProxyPort}" ]; diff --git a/nixos/tests/docker.nix b/nixos/tests/docker.nix index 1b57a94a05d..9096a5868f6 100644 --- a/nixos/tests/docker.nix +++ b/nixos/tests/docker.nix @@ -11,6 +11,21 @@ import ./make-test.nix ({ pkgs, ...} : { { config, pkgs, ... }: { virtualisation.docker.enable = true; + + users.users = { + noprivs = { + isNormalUser = true; + description = "Can't access the docker daemon"; + password = "foobar"; + }; + + hasprivs = { + isNormalUser = true; + description = "Can access the docker daemon"; + password = "foobar"; + extraGroups = [ "docker" ]; + }; + }; }; }; @@ -21,6 +36,8 @@ import ./make-test.nix ({ pkgs, ...} : { $docker->succeed("tar cv --files-from /dev/null | docker import - scratchimg"); $docker->succeed("docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"); $docker->succeed("docker ps | grep sleeping"); + $docker->succeed("sudo -u hasprivs docker ps"); + $docker->fail("sudo -u noprivs docker ps"); $docker->succeed("docker stop sleeping"); ''; }) diff --git a/nixos/tests/ec2.nix b/nixos/tests/ec2.nix index e1f7143e3a9..4ec7e56cc6c 100644 --- a/nixos/tests/ec2.nix +++ b/nixos/tests/ec2.nix @@ -25,8 +25,13 @@ let # access. Mostly copied from # modules/profiles/installation-device.nix. system.extraDependencies = - [ pkgs.stdenv pkgs.busybox pkgs.perlPackages.ArchiveCpio - pkgs.unionfs-fuse pkgs.mkinitcpio-nfs-utils + with pkgs; [ + stdenv busybox perlPackages.ArchiveCpio unionfs-fuse mkinitcpio-nfs-utils + + # These are used in the configure-from-userdata tests for EC2. Httpd and valgrind are requested + # directly by the configuration we set, and libxslt.bin is used indirectly as a build dependency + # of the derivation for dbus configuration files. + apacheHttpd valgrind.doc libxslt.bin ]; } ]; @@ -137,6 +142,8 @@ in { # ### http://nixos.org/channels/nixos-unstable nixos userData = '' + { pkgs, ... }: + { imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> @@ -146,12 +153,22 @@ in { environment.etc.testFile = { text = "whoa"; }; + + services.httpd = { + enable = true; + adminAddr = "test@example.org"; + documentRoot = "${pkgs.valgrind.doc}/share/doc/valgrind/html"; + }; + networking.firewall.allowedTCPPorts = [ 80 ]; } ''; script = '' $machine->start; $machine->waitForFile("/etc/testFile"); $machine->succeed("cat /etc/testFile | grep -q 'whoa'"); + + $machine->waitForUnit("httpd.service"); + $machine->succeed("curl http://localhost | grep Valgrind"); ''; }; } diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix index 1bdabe93fec..e1b628c9144 100644 --- a/nixos/tests/firefox.nix +++ b/nixos/tests/firefox.nix @@ -8,15 +8,21 @@ import ./make-test.nix ({ pkgs, ... }: { { config, pkgs, ... }: { imports = [ ./common/x11.nix ]; - environment.systemPackages = [ pkgs.firefox ]; + environment.systemPackages = [ pkgs.firefox pkgs.xdotool ]; }; testScript = '' $machine->waitForX; - $machine->execute("firefox file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html &"); + $machine->execute("xterm -e 'firefox file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' &"); $machine->waitForWindow(qr/Valgrind/); $machine->sleep(40); # wait until Firefox has finished loading the page + $machine->execute("xdotool key space"); # do I want to make Firefox the + # default browser? I just want to close the dialog + $machine->sleep(2); # wait until Firefox hides the default browser window + $machine->execute("xdotool key F12"); + $machine->sleep(10); # wait until Firefox draws the developer tool panel + $machine->succeed("xwininfo -root -tree | grep Valgrind"); $machine->screenshot("screen"); ''; diff --git a/nixos/tests/gnome3-gdm.nix b/nixos/tests/gnome3-gdm.nix index 42425b57ba3..2c9c745021a 100644 --- a/nixos/tests/gnome3-gdm.nix +++ b/nixos/tests/gnome3-gdm.nix @@ -11,6 +11,7 @@ import ./make-test.nix ({ pkgs, ...} : { services.xserver.enable = true; + services.xserver.displayManager.slim.enable = false; services.xserver.displayManager.gdm = { enable = true; autoLogin = { diff --git a/nixos/tests/hibernate.nix b/nixos/tests/hibernate.nix index 7616a75b021..db58a2f5c85 100644 --- a/nixos/tests/hibernate.nix +++ b/nixos/tests/hibernate.nix @@ -13,7 +13,7 @@ import ./make-test.nix (pkgs: { networking.firewall.allowedTCPPorts = [ 4444 ]; - systemd.services.listener.serviceConfig.ExecStart = "${pkgs.netcat}/bin/nc -l 4444"; + systemd.services.listener.serviceConfig.ExecStart = "${pkgs.netcat}/bin/nc -l 4444 -k"; }; probe = { config, lib, pkgs, ...}: { @@ -32,6 +32,7 @@ import ./make-test.nix (pkgs: { $machine->succeed("mkswap /dev/vdb"); $machine->succeed("swapon -a"); $machine->startJob("listener"); + $machine->waitForOpenPort(4444); $machine->succeed("systemctl hibernate &"); $machine->waitForShutdown; $machine->start; diff --git a/nixos/tests/ipv6.nix b/nixos/tests/ipv6.nix index 4e2e6379cad..060f6321679 100644 --- a/nixos/tests/ipv6.nix +++ b/nixos/tests/ipv6.nix @@ -54,22 +54,22 @@ import ./make-test.nix ({ pkgs, ...} : { } subtest "loopback address", sub { - $client->succeed("ping6 -c 1 ::1 >&2"); - $client->fail("ping6 -c 1 ::2 >&2"); + $client->succeed("ping -c 1 ::1 >&2"); + $client->fail("ping -c 1 ::2 >&2"); }; subtest "local link addressing", sub { my $clientIp = waitForAddress $client, "eth1", "link"; my $serverIp = waitForAddress $server, "eth1", "link"; - $client->succeed("ping6 -c 1 -I eth1 $clientIp >&2"); - $client->succeed("ping6 -c 1 -I eth1 $serverIp >&2"); + $client->succeed("ping -c 1 $clientIp%eth1 >&2"); + $client->succeed("ping -c 1 $serverIp%eth1 >&2"); }; subtest "global addressing", sub { my $clientIp = waitForAddress $client, "eth1", "global"; my $serverIp = waitForAddress $server, "eth1", "global"; - $client->succeed("ping6 -c 1 $clientIp >&2"); - $client->succeed("ping6 -c 1 $serverIp >&2"); + $client->succeed("ping -c 1 $clientIp >&2"); + $client->succeed("ping -c 1 $serverIp >&2"); $client->succeed("curl --fail -g http://[$serverIp]"); $client->fail("curl --fail -g http://[$clientIp]"); }; diff --git a/nixos/tests/kde4.nix b/nixos/tests/kde4.nix deleted file mode 100644 index 9ecfe687056..00000000000 --- a/nixos/tests/kde4.nix +++ /dev/null @@ -1,70 +0,0 @@ -import ./make-test.nix ({ pkgs, ... }: { - name = "kde4"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ domenkozar eelco chaoflow ]; - }; - - machine = - { config, pkgs, ... }: - - { imports = [ ./common/user-account.nix ]; - - virtualisation.memorySize = 1024; - - services.xserver.enable = true; - - services.httpd.enable = true; - services.httpd.adminAddr = "foo@example.org"; - services.httpd.documentRoot = "${pkgs.valgrind.doc}/share/doc/valgrind/html"; - - services.xserver.displayManager.kdm.enable = true; - services.xserver.displayManager.kdm.extraConfig = - '' - [X-:0-Core] - AutoLoginEnable=true - AutoLoginUser=alice - AutoLoginPass=foobar - ''; - - services.xserver.desktopManager.kde4.enable = true; - - # Include most of KDE. We don't really test these here, but at - # least they should build. - environment.systemPackages = - [ pkgs.kde4.kdemultimedia - pkgs.kde4.kdegraphics - pkgs.kde4.kdeutils - pkgs.kde4.kdegames - #pkgs.kde4.kdeedu - pkgs.kde4.kdeaccessibility - pkgs.kde4.kdeadmin - pkgs.kde4.kdenetwork - pkgs.kde4.kdetoys - pkgs.kde4.kdewebdev - pkgs.xorg.xmessage - ]; - }; - - testScript = '' - $machine->waitUntilSucceeds("pgrep plasma-desktop"); - $machine->succeed("xauth merge ~alice/.Xauthority"); - $machine->waitForWindow(qr/plasma-desktop/); - - # Check that logging in has given the user ownership of devices. - $machine->succeed("getfacl /dev/snd/timer | grep -q alice"); - - $machine->execute("su - alice -c 'DISPLAY=:0.0 kwrite /var/log/messages &'"); - $machine->waitForWindow(qr/messages.*KWrite/); - - $machine->execute("su - alice -c 'DISPLAY=:0.0 konqueror http://localhost/ &'"); - $machine->waitForWindow(qr/Valgrind.*Konqueror/); - - $machine->execute("su - alice -c 'DISPLAY=:0.0 gwenview ${pkgs.kde4.kde_wallpapers}/share/wallpapers/Hanami/contents/images/1280x1024.jpg &'"); - $machine->waitForWindow(qr/Gwenview/); - - $machine->sleep(10); - - $machine->screenshot("screen"); - ''; - -}) diff --git a/nixos/tests/leaps.nix b/nixos/tests/leaps.nix index 3c390e1a169..6163fed56b6 100644 --- a/nixos/tests/leaps.nix +++ b/nixos/tests/leaps.nix @@ -24,6 +24,7 @@ import ./make-test.nix ({ pkgs, ... }: '' startAll; $server->waitForOpenPort(6666); - $client->succeed("curl http://server:6666/leaps/ | grep -i 'leaps'"); + $client->waitForUnit("network.target"); + $client->succeed("${pkgs.curl}/bin/curl http://server:6666/leaps/ | grep -i 'leaps'"); ''; }) diff --git a/nixos/tests/munin.nix b/nixos/tests/munin.nix index 50746d17b45..40fafc62514 100644 --- a/nixos/tests/munin.nix +++ b/nixos/tests/munin.nix @@ -29,6 +29,7 @@ import ./make-test.nix ({ pkgs, ...} : { startAll; $one->waitForUnit("munin-node.service"); + $one->succeed('systemctl start munin-cron'); $one->waitForFile("/var/lib/munin/one/one-uptime-uptime-g.rrd"); $one->waitForFile("/var/www/munin/one/index.html"); ''; diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index 83103f35d48..6a7e628d8ef 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -1,4 +1,6 @@ -{ system ? builtins.currentSystem, networkd }: +{ system ? builtins.currentSystem +# bool: whether to use networkd in the tests +, networkd }: with import ../lib/testing.nix { inherit system; }; with pkgs.lib; @@ -166,24 +168,24 @@ let # Test vlan 1 $client->waitUntilSucceeds("ping -c 1 192.168.1.1"); $client->waitUntilSucceeds("ping -c 1 192.168.1.2"); - $client->waitUntilSucceeds("ping6 -c 1 fd00:1234:5678:1::1"); - $client->waitUntilSucceeds("ping6 -c 1 fd00:1234:5678:1::2"); + $client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1"); + $client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::2"); $router->waitUntilSucceeds("ping -c 1 192.168.1.1"); $router->waitUntilSucceeds("ping -c 1 192.168.1.2"); - $router->waitUntilSucceeds("ping6 -c 1 fd00:1234:5678:1::1"); - $router->waitUntilSucceeds("ping6 -c 1 fd00:1234:5678:1::2"); + $router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::1"); + $router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:1::2"); # Test vlan 2 $client->waitUntilSucceeds("ping -c 1 192.168.2.1"); $client->waitUntilSucceeds("ping -c 1 192.168.2.2"); - $client->waitUntilSucceeds("ping6 -c 1 fd00:1234:5678:2::1"); - $client->waitUntilSucceeds("ping6 -c 1 fd00:1234:5678:2::2"); + $client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::1"); + $client->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::2"); $router->waitUntilSucceeds("ping -c 1 192.168.2.1"); $router->waitUntilSucceeds("ping -c 1 192.168.2.2"); - $router->waitUntilSucceeds("ping6 -c 1 fd00:1234:5678:2::1"); - $router->waitUntilSucceeds("ping6 -c 1 fd00:1234:5678:2::2"); + $router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::1"); + $router->waitUntilSucceeds("ping -c 1 fd00:1234:5678:2::2"); ''; }; dhcpOneIf = { @@ -236,8 +238,8 @@ let firewall.allowPing = true; useDHCP = false; bonds.bond = { - mode = "balance-rr"; interfaces = [ "eth1" "eth2" ]; + driverOptions.mode = "balance-rr"; }; interfaces.eth1.ip4 = mkOverride 0 [ ]; interfaces.eth2.ip4 = mkOverride 0 [ ]; @@ -390,11 +392,11 @@ let $client2->succeed("ip addr >&2"); # Test ipv6 - $client1->waitUntilSucceeds("ping6 -c 1 fc00::1"); - $client1->waitUntilSucceeds("ping6 -c 1 fc00::2"); + $client1->waitUntilSucceeds("ping -c 1 fc00::1"); + $client1->waitUntilSucceeds("ping -c 1 fc00::2"); - $client2->waitUntilSucceeds("ping6 -c 1 fc00::1"); - $client2->waitUntilSucceeds("ping6 -c 1 fc00::2"); + $client2->waitUntilSucceeds("ping -c 1 fc00::1"); + $client2->waitUntilSucceeds("ping -c 1 fc00::2"); ''; }; vlan = let diff --git a/nixos/tests/nginx.nix b/nixos/tests/nginx.nix new file mode 100644 index 00000000000..c2beb5590ef --- /dev/null +++ b/nixos/tests/nginx.nix @@ -0,0 +1,42 @@ +# verifies: +# 1. nginx generates config file with shared http context definitions above +# generated virtual hosts config. + +import ./make-test.nix ({ pkgs, ...} : { + name = "jenkins"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mbbx6spp ]; + }; + + nodes = { + webserver = + { config, pkgs, ... }: + { services.nginx.enable = true; + services.nginx.commonHttpConfig = '' + log_format ceeformat '@cee: {"status":"$status",' + '"request_time":$request_time,' + '"upstream_response_time":$upstream_response_time,' + '"pipe":"$pipe","bytes_sent":$bytes_sent,' + '"connection":"$connection",' + '"remote_addr":"$remote_addr",' + '"host":"$host",' + '"timestamp":"$time_iso8601",' + '"request":"$request",' + '"http_referer":"$http_referer",' + '"upstream_addr":"$upstream_addr"}'; + ''; + services.nginx.virtualHosts."0.my.test" = { + extraConfig = '' + access_log syslog:server=unix:/dev/log,facility=user,tag=mytag,severity=info ceeformat; + ''; + }; + }; + }; + + testScript = '' + startAll; + + $webserver->waitForUnit("nginx"); + $webserver->waitForOpenPort("80"); + ''; +}) diff --git a/nixos/tests/pam-oath-login.nix b/nixos/tests/pam-oath-login.nix new file mode 100644 index 00000000000..4364d6e354a --- /dev/null +++ b/nixos/tests/pam-oath-login.nix @@ -0,0 +1,126 @@ +import ./make-test.nix ({ pkgs, latestKernel ? false, ... }: + +let + oathSnakeoilSecret = "cdd4083ef8ff1fa9178c6d46bfb1a3"; + + # With HOTP mode the password is calculated based on a counter of + # how many passwords have been made. In this env, we'll always be on + # the 0th counter, so the password is static. + # + # Generated in nix-shell -p oathToolkit + # via: oathtool -v -d6 -w10 cdd4083ef8ff1fa9178c6d46bfb1a3 + # and picking a the first 4: + oathSnakeOilPassword1 = "143349"; + oathSnakeOilPassword2 = "801753"; + oathSnakeOilPassword3 = "019933"; + oathSnakeOilPassword4 = "403895"; + + alicePassword = "foobar"; + # Generated via: mkpasswd -m sha-512 and passing in "foobar" + hashedAlicePassword = "$6$MsMrE1q.1HrCgTS$Vq2e/uILzYjSN836TobAyN9xh9oi7EmCmucnZID25qgPoibkw8qTCugiAPnn4eCGvn1A.7oEBFJaaGUaJsQQY."; + +in +{ + name = "pam-oath-login"; + + machine = + { config, pkgs, lib, ... }: + { + security.pam.oath = { + enable = true; + }; + + users.extraUsers.alice = { + isNormalUser = true; + name = "alice"; + uid = 1000; + hashedPassword = hashedAlicePassword; + extraGroups = [ "wheel" ]; + createHome = true; + home = "/home/alice"; + }; + + + systemd.services.setupOathSnakeoilFile = { + wantedBy = [ "default.target" ]; + before = [ "default.target" ]; + unitConfig = { + type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + touch /etc/users.oath + chmod 600 /etc/users.oath + chown root /etc/users.oath + echo "HOTP/E/6 alice - ${oathSnakeoilSecret}" > /etc/users.oath + ''; + }; + }; + + testScript = + '' + $machine->waitForUnit('multi-user.target'); + $machine->waitUntilSucceeds("pgrep -f 'agetty.*tty1'"); + $machine->screenshot("postboot"); + + + subtest "Invalid password", sub { + $machine->fail("pgrep -f 'agetty.*tty2'"); + $machine->sendKeys("alt-f2"); + $machine->waitUntilSucceeds("[ \$(fgconsole) = 2 ]"); + $machine->waitForUnit('getty@tty2.service'); + $machine->waitUntilSucceeds("pgrep -f 'agetty.*tty2'"); + + $machine->waitUntilTTYMatches(2, "login: "); + $machine->sendChars("alice\n"); + $machine->waitUntilTTYMatches(2, "login: alice"); + $machine->waitUntilSucceeds("pgrep login"); + + $machine->waitUntilTTYMatches(2, "One-time password"); + $machine->sendChars("${oathSnakeOilPassword1}\n"); + $machine->waitUntilTTYMatches(2, "Password: "); + $machine->sendChars("blorg\n"); + $machine->waitUntilTTYMatches(2, "Login incorrect"); + }; + + subtest "Invalid oath token", sub { + $machine->fail("pgrep -f 'agetty.*tty3'"); + $machine->sendKeys("alt-f3"); + $machine->waitUntilSucceeds("[ \$(fgconsole) = 3 ]"); + $machine->waitForUnit('getty@tty3.service'); + $machine->waitUntilSucceeds("pgrep -f 'agetty.*tty3'"); + + $machine->waitUntilTTYMatches(3, "login: "); + $machine->sendChars("alice\n"); + $machine->waitUntilTTYMatches(3, "login: alice"); + $machine->waitUntilSucceeds("pgrep login"); + $machine->waitUntilTTYMatches(3, "One-time password"); + $machine->sendChars("000000\n"); + $machine->waitUntilTTYMatches(3, "Login incorrect"); + $machine->waitUntilTTYMatches(3, "login:"); + }; + + subtest "Happy path (both passwords are mandatory to get us in)", sub { + $machine->fail("pgrep -f 'agetty.*tty4'"); + $machine->sendKeys("alt-f4"); + $machine->waitUntilSucceeds("[ \$(fgconsole) = 4 ]"); + $machine->waitForUnit('getty@tty4.service'); + $machine->waitUntilSucceeds("pgrep -f 'agetty.*tty4'"); + + $machine->waitUntilTTYMatches(4, "login: "); + $machine->sendChars("alice\n"); + $machine->waitUntilTTYMatches(4, "login: alice"); + $machine->waitUntilSucceeds("pgrep login"); + $machine->waitUntilTTYMatches(4, "One-time password"); + $machine->sendChars("${oathSnakeOilPassword2}\n"); + $machine->waitUntilTTYMatches(4, "Password: "); + $machine->sendChars("${alicePassword}\n"); + + $machine->waitUntilSucceeds("pgrep -u alice bash"); + $machine->sendChars("touch done4\n"); + $machine->waitForFile("/home/alice/done4"); + }; + + ''; + +}) diff --git a/nixos/tests/pgjwt.nix b/nixos/tests/pgjwt.nix new file mode 100644 index 00000000000..2cf2963ae31 --- /dev/null +++ b/nixos/tests/pgjwt.nix @@ -0,0 +1,42 @@ +import ./make-test.nix ({ pkgs, ...} : +let + test = pkgs.writeText "test.sql" '' + CREATE EXTENSION pgcrypto; + CREATE EXTENSION pgjwt; + select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret'); + select * from verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', 'secret'); + ''; +in +{ + name = "pgjwt"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ spinus ]; + }; + + nodes = { + master = + { pkgs, config, ... }: + + { + services.postgresql = let mypg = pkgs.postgresql95; in { + enable = true; + package = mypg; + extraPlugins =[pkgs.pgjwt]; + initialScript = pkgs.writeText "postgresql-init.sql" + '' + CREATE ROLE postgres WITH superuser login createdb; + ''; + }; + }; + }; + + testScript = '' + startAll; + $master->waitForUnit("postgresql"); + $master->succeed("timeout 10 bash -c 'while ! psql postgres -c \"SELECT 1;\";do sleep 1;done;'"); + $master->succeed("cat ${test} | psql postgres"); + # I can't make original test working :[ + # $master->succeed("${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}/bin/pg_prove -d postgres ${pkgs.pgjwt.src}/test.sql"); + + ''; +}) diff --git a/nixos/tests/phabricator.nix b/nixos/tests/phabricator.nix index 85faafd5689..fdc39393fae 100644 --- a/nixos/tests/phabricator.nix +++ b/nixos/tests/phabricator.nix @@ -54,7 +54,7 @@ import ./make-test.nix ({ pkgs, ... }: { client = { config, pkgs, ... }: { imports = [ ./common/x11.nix ]; - services.xserver.desktopManager.kde5.enable = true; + services.xserver.desktopManager.plasma5.enable = true; }; }; diff --git a/nixos/tests/kde5.nix b/nixos/tests/plasma5.nix index 2b61d6f3f0a..f561fc8c3c4 100644 --- a/nixos/tests/kde5.nix +++ b/nixos/tests/plasma5.nix @@ -1,31 +1,34 @@ import ./make-test.nix ({ pkgs, ...} : { - name = "kde5"; + name = "plasma5"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ttuegel ]; }; machine = { lib, ... }: { imports = [ ./common/user-account.nix ]; - virtualisation.memorySize = 1024; services.xserver.enable = true; - services.xserver.displayManager.sddm = { - enable = true; - autoLogin = { - enable = true; - user = "alice"; - }; - }; - services.xserver.desktopManager.kde5.enable = true; - virtualisation.writableStore = false; # FIXME + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.desktopManager.default = "plasma5"; + virtualisation.memorySize = 1024; }; - testScript = { nodes, ... }: - let xdo = "${pkgs.xdotool}/bin/xdotool"; in - '' + enableOCR = true; + + testScript = { nodes, ... }: let + user = nodes.machine.config.users.extraUsers.alice; + xdo = "${pkgs.xdotool}/bin/xdotool"; + in '' startAll; + # Wait for display manager to start + $machine->waitForText(qr/${user.description}/); + $machine->screenshot("sddm"); + + # Log in + $machine->sendChars("${user.password}\n"); $machine->waitForFile("/home/alice/.Xauthority"); $machine->succeed("xauth merge ~alice/.Xauthority"); diff --git a/nixos/tests/pump.io.nix b/nixos/tests/pump.io.nix index 18da52b5134..0991ed3fce1 100644 --- a/nixos/tests/pump.io.nix +++ b/nixos/tests/pump.io.nix @@ -51,16 +51,6 @@ import ./make-test.nix ({ pkgs, ...} : let Vd5WD2HJhLb9u0UxVp9vfWIUDgydopV5ZmWCQ5YvNepb1w== -----END CERTIFICATE----- ''; - - makePump = { opts ? { } }: - { - enable = true; - sslCert = pkgs.writeText "snakeoil.cert" snakeOilCert; - sslKey = pkgs.writeText "snakeoil.pem" snakeOilKey; - secret = "test"; - site = "test"; - } // opts; - in { name = "pumpio"; meta = with pkgs.stdenv.lib.maintainers; { @@ -72,9 +62,14 @@ in { { config, pkgs, ... }: { services = { - pumpio = makePump { opts = { + pumpio = { port = 443; - }; }; + enable = true; + sslCert = pkgs.writeText "snakeoil.cert" snakeOilCert; + sslKey = pkgs.writeText "snakeoil.pem" snakeOilKey; + secretFile = pkgs.writeText "secretFile" "test123"; + site = "test"; + }; mongodb.enable = true; mongodb.extraConfig = '' storage.journal.enabled: false diff --git a/nixos/tests/samba.nix b/nixos/tests/samba.nix index d6658ef0400..e446284fc0e 100644 --- a/nixos/tests/samba.nix +++ b/nixos/tests/samba.nix @@ -37,12 +37,11 @@ import ./make-test.nix ({ pkgs, ... }: testScript = '' $server->start; - $server->waitForUnit("samba-smbd"); - $server->waitForUnit("samba-nmbd"); + $server->waitForUnit("samba.target"); $server->succeed("mkdir -p /public; echo bar > /public/foo"); $client->start; - $client->waitForUnit("network.target"); + $client->waitForUnit("remote-fs.target"); $client->succeed("[[ \$(cat /public/foo) = bar ]]"); ''; }) diff --git a/nixos/tests/sddm.nix b/nixos/tests/sddm.nix index 041d88fbeae..f78a77efbf0 100644 --- a/nixos/tests/sddm.nix +++ b/nixos/tests/sddm.nix @@ -1,28 +1,66 @@ -import ./make-test.nix ({ pkgs, ...} : { - name = "sddm"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ttuegel ]; - }; +{ system ? builtins.currentSystem }: + +with import ../lib/testing.nix { inherit system; }; + +let + inherit (pkgs) lib; + + tests = { + default = { + name = "sddm"; - machine = { lib, ... }: { - imports = [ ./common/user-account.nix ]; - services.xserver.enable = true; - services.xserver.displayManager.sddm = { - enable = true; - autoLogin = { - enable = true; - user = "alice"; + machine = { lib, ... }: { + imports = [ ./common/user-account.nix ]; + services.xserver.enable = true; + services.xserver.displayManager.sddm.enable = true; + services.xserver.windowManager.default = "icewm"; + services.xserver.windowManager.icewm.enable = true; + services.xserver.desktopManager.default = "none"; }; + + enableOCR = true; + + testScript = { nodes, ... }: let + user = nodes.machine.config.users.extraUsers.alice; + in '' + startAll; + $machine->waitForText(qr/BOB/); + $machine->screenshot("sddm"); + $machine->sendChars("${user.password}\n"); + $machine->waitForFile("/home/alice/.Xauthority"); + $machine->succeed("xauth merge ~alice/.Xauthority"); + $machine->waitForWindow("^IceWM "); + ''; }; - services.xserver.windowManager.default = "icewm"; - services.xserver.windowManager.icewm.enable = true; - services.xserver.desktopManager.default = "none"; - }; - testScript = { nodes, ... }: '' - startAll; - $machine->waitForFile("/home/alice/.Xauthority"); - $machine->succeed("xauth merge ~alice/.Xauthority"); - $machine->waitForWindow("^IceWM "); - ''; -}) + autoLogin = { + name = "sddm-autologin"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ttuegel ]; + }; + + machine = { lib, ... }: { + imports = [ ./common/user-account.nix ]; + services.xserver.enable = true; + services.xserver.displayManager.sddm = { + enable = true; + autoLogin = { + enable = true; + user = "alice"; + }; + }; + services.xserver.windowManager.default = "icewm"; + services.xserver.windowManager.icewm.enable = true; + services.xserver.desktopManager.default = "none"; + }; + + testScript = { nodes, ... }: '' + startAll; + $machine->waitForFile("/home/alice/.Xauthority"); + $machine->succeed("xauth merge ~alice/.Xauthority"); + $machine->waitForWindow("^IceWM "); + ''; + }; + }; +in + lib.mapAttrs (lib.const makeTest) tests diff --git a/nixos/tests/smokeping.nix b/nixos/tests/smokeping.nix index 9de3030417f..4c77e4b7861 100644 --- a/nixos/tests/smokeping.nix +++ b/nixos/tests/smokeping.nix @@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ...} : { mailHost = "127.0.0.2"; probeConfig = '' + FPing - binary = /var/setuid-wrappers/fping + binary = /run/wrappers/bin/fping offset = 0% ''; }; diff --git a/nixos/tests/taskserver.nix b/nixos/tests/taskserver.nix index d770b20a775..cdccb11d888 100644 --- a/nixos/tests/taskserver.nix +++ b/nixos/tests/taskserver.nix @@ -1,4 +1,62 @@ -import ./make-test.nix { +import ./make-test.nix ({ pkgs, ... }: let + snakeOil = pkgs.runCommand "snakeoil-certs" { + outputs = [ "out" "cacert" "cert" "key" "crl" ]; + buildInputs = [ pkgs.gnutls.bin ]; + caTemplate = pkgs.writeText "snakeoil-ca.template" '' + cn = server + expiration_days = -1 + cert_signing_key + ca + ''; + certTemplate = pkgs.writeText "snakeoil-cert.template" '' + cn = server + expiration_days = -1 + tls_www_server + encryption_key + signing_key + ''; + crlTemplate = pkgs.writeText "snakeoil-crl.template" '' + expiration_days = -1 + ''; + userCertTemplace = pkgs.writeText "snakoil-user-cert.template" '' + organization = snakeoil + cn = server + expiration_days = -1 + tls_www_client + encryption_key + signing_key + ''; + } '' + certtool -p --bits 4096 --outfile ca.key + certtool -s --template "$caTemplate" --load-privkey ca.key \ + --outfile "$cacert" + certtool -p --bits 4096 --outfile "$key" + certtool -c --template "$certTemplate" \ + --load-ca-privkey ca.key \ + --load-ca-certificate "$cacert" \ + --load-privkey "$key" \ + --outfile "$cert" + certtool --generate-crl --template "$crlTemplate" \ + --load-ca-privkey ca.key \ + --load-ca-certificate "$cacert" \ + --outfile "$crl" + + mkdir "$out" + + # Stripping key information before the actual PEM-encoded values is solely + # to make test output a bit less verbose when copying the client key to the + # actual client. + certtool -p --bits 4096 | sed -n \ + -e '/^----* *BEGIN/,/^----* *END/p' > "$out/alice.key" + + certtool -c --template "$userCertTemplace" \ + --load-privkey "$out/alice.key" \ + --load-ca-privkey ca.key \ + --load-ca-certificate "$cacert" \ + --outfile "$out/alice.cert" + ''; + +in { name = "taskserver"; nodes = rec { @@ -12,6 +70,23 @@ import ./make-test.nix { }; }; + # New generation of the server with manual config + newServer = { lib, nodes, ... }: { + imports = [ server ]; + services.taskserver.pki.manual = { + ca.cert = snakeOil.cacert; + server.cert = snakeOil.cert; + server.key = snakeOil.key; + server.crl = snakeOil.crl; + }; + # This is to avoid assigning a different network address to the new + # generation. + networking = lib.mapAttrs (lib.const lib.mkForce) { + inherit (nodes.server.config.networking) + hostName interfaces primaryIPAddress extraHosts; + }; + }; + client1 = { pkgs, ... }: { environment.systemPackages = [ pkgs.taskwarrior pkgs.gnutls ]; users.users.alice.isNormalUser = true; @@ -26,6 +101,8 @@ import ./make-test.nix { testScript = { nodes, ... }: let cfg = nodes.server.config.services.taskserver; portStr = toString cfg.listenPort; + newServerSystem = nodes.newServer.config.system.build.toplevel; + switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test"; in '' sub su ($$) { my ($user, $cmd) = @_; @@ -33,8 +110,8 @@ import ./make-test.nix { return "su - $user -c '$esc'"; } - sub setupClientsFor ($$) { - my ($org, $user) = @_; + sub setupClientsFor ($$;$) { + my ($org, $user, $extraInit) = @_; for my $client ($client1, $client2) { $client->nest("initialize client for user $user", sub { @@ -58,6 +135,8 @@ import ./make-test.nix { } }); + eval { &$extraInit($client, $org, $user) }; + $client->succeed(su $user, "task config taskd.server server:${portStr} >&2" ); @@ -104,7 +183,10 @@ import ./make-test.nix { return su $user, $cmd; } - startAll; + # Explicitly start the VMs so that we don't accidentally start newServer + $server->start; + $client1->start; + $client2->start; $server->waitForUnit("taskserver.service"); @@ -162,5 +244,42 @@ import ./make-test.nix { restartServer; testSync "bar"; }; + + subtest "check manual configuration", sub { + $server->succeed('${switchToNewServer} >&2'); + $server->waitForUnit("taskserver.service"); + $server->waitForOpenPort(${portStr}); + + $server->succeed( + "nixos-taskserver org add manualOrg", + "nixos-taskserver user add manualOrg alice" + ); + + setupClientsFor "manualOrg", "alice", sub { + my ($client, $org, $user) = @_; + my $cfgpath = "/home/$user/.task"; + + $client->copyFileFromHost("${snakeOil.cacert}", "$cfgpath/ca.cert"); + for my $file ('alice.key', 'alice.cert') { + $client->copyFileFromHost("${snakeOil}/$file", "$cfgpath/$file"); + } + + for my $file ("$user.key", "$user.cert") { + $client->copyFileFromHost( + "${snakeOil}/$file", "$cfgpath/$file" + ); + } + $client->copyFileFromHost( + "${snakeOil.cacert}", "$cfgpath/ca.cert" + ); + $client->succeed( + (su "alice", "task config taskd.ca $cfgpath/ca.cert"), + (su "alice", "task config taskd.key $cfgpath/$user.key"), + (su $user, "task config taskd.certificate $cfgpath/$user.cert") + ); + }; + + testSync "alice"; + }; ''; -} +}) diff --git a/nixos/tests/trac.nix b/nixos/tests/trac.nix index 0d56c564e18..d426bbde68d 100644 --- a/nixos/tests/trac.nix +++ b/nixos/tests/trac.nix @@ -45,7 +45,7 @@ import ./make-test.nix ({ pkgs, ... }: { client = { config, pkgs, ... }: { imports = [ ./common/x11.nix ]; - services.xserver.desktopManager.kde5.enable = true; + services.xserver.desktopManager.plasma5.enable = true; }; }; diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index 376c4f21dc0..4f7cb176d96 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -65,7 +65,7 @@ let touch /mnt-root/boot-done hostname "${vmName}" mkdir -p /nix/store - unshare -m "@shell@" -c ' + unshare -m ${escapeShellArg pkgs.stdenv.shell} -c ' mount -t vboxsf nixstore /nix/store exec "$stage2Init" ' diff --git a/nixos/tests/wordpress.nix b/nixos/tests/wordpress.nix index afee1f7f6dd..c51306a8c7a 100644 --- a/nixos/tests/wordpress.nix +++ b/nixos/tests/wordpress.nix @@ -10,14 +10,10 @@ import ./make-test.nix ({ pkgs, ... }: { web = { config, pkgs, ... }: { - services.mysql.enable = true; - services.mysql.package = pkgs.mysql; - services.mysql.initialScript = pkgs.writeText "start.sql" '' - CREATE DATABASE wordpress; - CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'wordpress'; - GRANT ALL on wordpress.* TO 'wordpress'@'localhost'; - ''; - + services.mysql = { + enable = true; + package = pkgs.mysql; + }; services.httpd = { enable = true; logPerVirtualHost = true; |