diff options
Diffstat (limited to 'nixos/tests')
41 files changed, 775 insertions, 325 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 51b463747b0..76ca4941617 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -97,6 +97,7 @@ in fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {}; freeswitch = handleTest ./freeswitch.nix {}; fsck = handleTest ./fsck.nix {}; + gerrit = handleTest ./gerrit.nix {}; gotify-server = handleTest ./gotify-server.nix {}; grocy = handleTest ./grocy.nix {}; gitdaemon = handleTest ./gitdaemon.nix {}; @@ -120,12 +121,16 @@ in handbrake = handleTestOn ["x86_64-linux"] ./handbrake.nix {}; haproxy = handleTest ./haproxy.nix {}; hardened = handleTest ./hardened.nix {}; - hibernate = handleTest ./hibernate.nix {}; + # 9pnet_virtio used to mount /nix partition doesn't support + # hibernation. This test happens to work on x86_64-linux but + # not on other platforms. + hibernate = handleTestOn ["x86_64-linux"] ./hibernate.nix {}; hitch = handleTest ./hitch {}; hocker-fetchdocker = handleTest ./hocker-fetchdocker {}; home-assistant = handleTest ./home-assistant.nix {}; hound = handleTest ./hound.nix {}; hydra = handleTest ./hydra {}; + hydra-db-migration = handleTest ./hydra/db-migration.nix {}; i3wm = handleTest ./i3wm.nix {}; icingaweb2 = handleTest ./icingaweb2.nix {}; iftop = handleTest ./iftop.nix {}; @@ -165,6 +170,7 @@ in #logstash = handleTest ./logstash.nix {}; lorri = handleTest ./lorri/default.nix {}; magnetico = handleTest ./magnetico.nix {}; + magic-wormhole-mailbox-server = handleTest ./magic-wormhole-mailbox-server.nix {}; mailcatcher = handleTest ./mailcatcher.nix {}; mathics = handleTest ./mathics.nix {}; matomo = handleTest ./matomo.nix {}; @@ -210,6 +216,7 @@ in nghttpx = handleTest ./nghttpx.nix {}; nginx = handleTest ./nginx.nix {}; nginx-etag = handleTest ./nginx-etag.nix {}; + nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-sso = handleTest ./nginx-sso.nix {}; nix-ssh-serve = handleTest ./nix-ssh-serve.nix {}; nixos-generate-config = handleTest ./nixos-generate-config.nix {}; @@ -234,7 +241,7 @@ in peerflix = handleTest ./peerflix.nix {}; pgjwt = handleTest ./pgjwt.nix {}; pgmanage = handleTest ./pgmanage.nix {}; - php-pcre = handleTest ./php-pcre.nix {}; + php = handleTest ./php {}; plasma5 = handleTest ./plasma5.nix {}; plotinus = handleTest ./plotinus.nix {}; postgis = handleTest ./postgis.nix {}; @@ -250,6 +257,7 @@ in prosodyMysql = handleTest ./xmpp/prosody-mysql.nix {}; proxy = handleTest ./proxy.nix {}; quagga = handleTest ./quagga.nix {}; + quorum = handleTest ./quorum.nix {}; rabbitmq = handleTest ./rabbitmq.nix {}; radarr = handleTest ./radarr.nix {}; radicale = handleTest ./radicale.nix {}; @@ -306,6 +314,7 @@ in vault = handleTest ./vault.nix {}; victoriametrics = handleTest ./victoriametrics.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; + wg-quick = handleTest ./wireguard/wg-quick.nix {}; wireguard = handleTest ./wireguard {}; wireguard-generated = handleTest ./wireguard/generated.nix {}; wireguard-namespaces = handleTest ./wireguard/namespaces.nix {}; diff --git a/nixos/tests/ceph-multi-node.nix b/nixos/tests/ceph-multi-node.nix index 90dd747525d..22fe5cada48 100644 --- a/nixos/tests/ceph-multi-node.nix +++ b/nixos/tests/ceph-multi-node.nix @@ -183,15 +183,15 @@ let monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'") monA.succeed( - "ceph osd pool create multi-node-test 100 100", + "ceph osd pool create multi-node-test 128 128", "ceph osd pool ls | grep 'multi-node-test'", "ceph osd pool rename multi-node-test multi-node-other-test", "ceph osd pool ls | grep 'multi-node-other-test'", ) - monA.wait_until_succeeds("ceph -s | grep '1 pools, 100 pgs'") + monA.wait_until_succeeds("ceph -s | grep '1 pools, 128 pgs'") monA.succeed("ceph osd pool set multi-node-other-test size 2") monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'") - monA.wait_until_succeeds("ceph -s | grep '100 active+clean'") + monA.wait_until_succeeds("ceph -s | grep '128 active+clean'") monA.fail( "ceph osd pool ls | grep 'multi-node-test'", "ceph osd pool delete multi-node-other-test multi-node-other-test --yes-i-really-really-mean-it", diff --git a/nixos/tests/ceph-single-node.nix b/nixos/tests/ceph-single-node.nix index 1a027e17836..01c4b413845 100644 --- a/nixos/tests/ceph-single-node.nix +++ b/nixos/tests/ceph-single-node.nix @@ -143,12 +143,12 @@ let monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'") monA.succeed( - "ceph osd pool create single-node-test 100 100", + "ceph osd pool create single-node-test 128 128", "ceph osd pool ls | grep 'single-node-test'", "ceph osd pool rename single-node-test single-node-other-test", "ceph osd pool ls | grep 'single-node-other-test'", ) - monA.wait_until_succeeds("ceph -s | grep '1 pools, 100 pgs'") + monA.wait_until_succeeds("ceph -s | grep '1 pools, 128 pgs'") monA.succeed( "ceph osd getcrushmap -o crush", "crushtool -d crush -o decrushed", @@ -158,7 +158,7 @@ let "ceph osd pool set single-node-other-test size 2", ) monA.wait_until_succeeds("ceph -s | grep 'HEALTH_OK'") - monA.wait_until_succeeds("ceph -s | grep '100 active+clean'") + monA.wait_until_succeeds("ceph -s | grep '128 active+clean'") monA.fail( "ceph osd pool ls | grep 'multi-node-test'", "ceph osd pool delete single-node-other-test single-node-other-test --yes-i-really-really-mean-it", diff --git a/nixos/tests/dovecot.nix b/nixos/tests/dovecot.nix index c19850f418b..bcbe234fd80 100644 --- a/nixos/tests/dovecot.nix +++ b/nixos/tests/dovecot.nix @@ -8,7 +8,7 @@ import ./make-test-python.nix { services.dovecot2.protocols = [ "imap" "pop3" ]; environment.systemPackages = let sendTestMail = pkgs.writeScriptBin "send-testmail" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} exec sendmail -vt <<MAIL From: root@localhost To: alice@localhost @@ -19,7 +19,7 @@ import ./make-test-python.nix { ''; sendTestMailViaDeliveryAgent = pkgs.writeScriptBin "send-lda" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} exec ${pkgs.dovecot}/libexec/dovecot/deliver -d bob <<MAIL From: root@localhost diff --git a/nixos/tests/gerrit.nix b/nixos/tests/gerrit.nix new file mode 100644 index 00000000000..6cee64a2009 --- /dev/null +++ b/nixos/tests/gerrit.nix @@ -0,0 +1,55 @@ +import ./make-test-python.nix ({ pkgs, ... }: + +let + lfs = pkgs.fetchurl { + url = "https://gerrit-ci.gerritforge.com/job/plugin-lfs-bazel-master/90/artifact/bazel-bin/plugins/lfs/lfs.jar"; + sha256 = "023b0kd8djm3cn1lf1xl67yv3j12yl8bxccn42lkfmwxjwjfqw6h"; + }; + +in { + name = "gerrit"; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ flokli zimbatm ]; + }; + + nodes = { + server = + { config, pkgs, ... }: { + networking.firewall.allowedTCPPorts = [ 80 2222 ]; + + virtualisation.memorySize = 1024; + + services.gerrit = { + enable = true; + serverId = "aa76c84b-50b0-4711-a0a0-1ee30e45bbd0"; + listenAddress = "[::]:80"; + jvmHeapLimit = "1g"; + + plugins = [ lfs ]; + builtinPlugins = [ "hooks" "webhooks" ]; + settings = { + gerrit.canonicalWebUrl = "http://server"; + lfs.plugin = "lfs"; + plugins.allowRemoteAdmin = true; + sshd.listenAddress = "[::]:2222"; + sshd.advertisedAddress = "[::]:2222"; + }; + }; + }; + + client = + { ... }: { + }; + }; + + testScript = '' + start_all() + server.wait_for_unit("gerrit.service") + server.wait_for_open_port(80) + client.succeed("curl http://server") + + server.wait_for_open_port(2222) + client.succeed("nc -z server 2222") + ''; +}) diff --git a/nixos/tests/hydra/common.nix b/nixos/tests/hydra/common.nix new file mode 100644 index 00000000000..f612717dc96 --- /dev/null +++ b/nixos/tests/hydra/common.nix @@ -0,0 +1,47 @@ +{ system, ... }: +{ + baseConfig = { pkgs, ... }: let + trivialJob = pkgs.writeTextDir "trivial.nix" '' + { trivial = builtins.derivation { + name = "trivial"; + system = "${system}"; + builder = "/bin/sh"; + allowSubstitutes = false; + preferLocalBuild = true; + args = ["-c" "echo success > $out; exit 0"]; + }; + } + ''; + + createTrivialProject = pkgs.stdenv.mkDerivation { + name = "create-trivial-project"; + dontUnpack = true; + buildInputs = [ pkgs.makeWrapper ]; + installPhase = "install -m755 -D ${./create-trivial-project.sh} $out/bin/create-trivial-project.sh"; + postFixup = '' + wrapProgram "$out/bin/create-trivial-project.sh" --prefix PATH ":" ${pkgs.stdenv.lib.makeBinPath [ pkgs.curl ]} --set EXPR_PATH ${trivialJob} + ''; + }; + in { + virtualisation.memorySize = 2048; + time.timeZone = "UTC"; + environment.systemPackages = [ createTrivialProject pkgs.jq ]; + services.hydra = { + enable = true; + # Hydra needs those settings to start up, so we add something not harmfull. + hydraURL = "example.com"; + notificationSender = "example@example.com"; + extraConfig = '' + email_notification = 1 + ''; + }; + services.postfix.enable = true; + nix = { + buildMachines = [{ + hostName = "localhost"; + systems = [ system ]; + }]; + binaryCaches = []; + }; + }; +} diff --git a/nixos/tests/hydra/db-migration.nix b/nixos/tests/hydra/db-migration.nix new file mode 100644 index 00000000000..aa1c81c9e77 --- /dev/null +++ b/nixos/tests/hydra/db-migration.nix @@ -0,0 +1,86 @@ +{ system ? builtins.currentSystem, ... }: + +let inherit (import ./common.nix { inherit system; }) baseConfig; in + +{ mig = import ../make-test-python.nix ({ pkgs, lib, ... }: { + name = "hydra-db-migration"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ma27 ]; + }; + + nodes = { + original = { pkgs, lib, ... }: { + imports = [ baseConfig ]; + + # An older version of Hydra before the db change + # for testing purposes. + services.hydra.package = pkgs.hydra-migration.overrideAttrs (old: { + inherit (old) pname; + version = "2020-02-06"; + src = pkgs.fetchFromGitHub { + owner = "NixOS"; + repo = "hydra"; + rev = "2b4f14963b16b21ebfcd6b6bfa7832842e9b2afc"; + sha256 = "16q0cffcsfx5pqd91n9k19850c1nbh4vvbd9h8yi64ihn7v8bick"; + }; + }); + }; + + migration_phase1 = { pkgs, lib, ... }: { + imports = [ baseConfig ]; + services.hydra.package = pkgs.hydra-migration; + }; + + finished = { pkgs, lib, ... }: { + imports = [ baseConfig ]; + services.hydra.package = pkgs.hydra-unstable; + }; + }; + + testScript = { nodes, ... }: let + next = nodes.migration_phase1.config.system.build.toplevel; + finished = nodes.finished.config.system.build.toplevel; + in '' + original.start() + original.wait_for_unit("multi-user.target") + original.wait_for_unit("postgresql.service") + original.wait_for_unit("hydra-init.service") + original.require_unit_state("hydra-queue-runner.service") + original.require_unit_state("hydra-evaluator.service") + original.require_unit_state("hydra-notify.service") + original.succeed("hydra-create-user admin --role admin --password admin") + original.wait_for_open_port(3000) + original.succeed("create-trivial-project.sh") + original.wait_until_succeeds( + 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' + ) + + out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'") + assert "jobset_id" not in out + + original.succeed( + "${next}/bin/switch-to-configuration test >&2" + ) + original.wait_for_unit("hydra-init.service") + + out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'") + assert "jobset_id|integer|||" in out + + original.succeed("hydra-backfill-ids") + + original.succeed( + "${finished}/bin/switch-to-configuration test >&2" + ) + original.wait_for_unit("hydra-init.service") + + out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'") + assert "jobset_id|integer||not null|" in out + + original.wait_until_succeeds( + 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' + ) + + original.shutdown() + ''; + }); +} diff --git a/nixos/tests/hydra/default.nix b/nixos/tests/hydra/default.nix index 1c0ed3369b1..2336e4033d6 100644 --- a/nixos/tests/hydra/default.nix +++ b/nixos/tests/hydra/default.nix @@ -3,102 +3,57 @@ , pkgs ? import ../../.. { inherit system config; } }: -let - - trivialJob = pkgs.writeTextDir "trivial.nix" '' - { trivial = builtins.derivation { - name = "trivial"; - system = "${system}"; - builder = "/bin/sh"; - allowSubstitutes = false; - preferLocalBuild = true; - args = ["-c" "echo success > $out; exit 0"]; - }; - } - ''; +with import ../../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; - createTrivialProject = pkgs.stdenv.mkDerivation { - name = "create-trivial-project"; - dontUnpack = true; - buildInputs = [ pkgs.makeWrapper ]; - installPhase = "install -m755 -D ${./create-trivial-project.sh} $out/bin/create-trivial-project.sh"; - postFixup = '' - wrapProgram "$out/bin/create-trivial-project.sh" --prefix PATH ":" ${pkgs.stdenv.lib.makeBinPath [ pkgs.curl ]} --set EXPR_PATH ${trivialJob} - ''; - }; +let - callTest = f: f { inherit system pkgs; }; + inherit (import ./common.nix { inherit system; }) baseConfig; hydraPkgs = { - inherit (pkgs) nixStable nixUnstable nixFlakes; + inherit (pkgs) hydra-migration hydra-unstable; }; - tests = pkgs.lib.flip pkgs.lib.mapAttrs hydraPkgs (name: nix: - callTest (import ../make-test-python.nix ({ pkgs, lib, ... }: - { - name = "hydra-with-${name}"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ pstn lewo ma27 ]; - }; - - machine = { pkgs, ... }: - { - virtualisation.memorySize = 1024; - time.timeZone = "UTC"; - - environment.systemPackages = [ createTrivialProject pkgs.jq ]; - services.hydra = { - enable = true; - - #Hydra needs those settings to start up, so we add something not harmfull. - hydraURL = "example.com"; - notificationSender = "example@example.com"; - - package = pkgs.hydra.override { inherit nix; }; - - extraConfig = '' - email_notification = 1 - ''; - }; - services.postfix.enable = true; - nix = { - buildMachines = [{ - hostName = "localhost"; - systems = [ system ]; - }]; - - binaryCaches = []; - }; - }; - - testScript = '' - # let the system boot up - machine.wait_for_unit("multi-user.target") - # test whether the database is running - machine.wait_for_unit("postgresql.service") - # test whether the actual hydra daemons are running - machine.wait_for_unit("hydra-init.service") - machine.require_unit_state("hydra-queue-runner.service") - machine.require_unit_state("hydra-evaluator.service") - machine.require_unit_state("hydra-notify.service") - - machine.succeed("hydra-create-user admin --role admin --password admin") - - # create a project with a trivial job - machine.wait_for_open_port(3000) - - # make sure the build as been successfully built - machine.succeed("create-trivial-project.sh") - - machine.wait_until_succeeds( - 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' - ) - - machine.wait_until_succeeds( - 'journalctl -eu hydra-notify.service -o cat | grep -q "sending mail notification to hydra@localhost"' - ) - ''; - }))); + makeHydraTest = with pkgs.lib; name: package: makeTest { + name = "hydra-${name}"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ pstn lewo ma27 ]; + }; + + machine = { pkgs, lib, ... }: { + imports = [ baseConfig ]; + services.hydra = { inherit package; }; + }; + + testScript = '' + # let the system boot up + machine.wait_for_unit("multi-user.target") + # test whether the database is running + machine.wait_for_unit("postgresql.service") + # test whether the actual hydra daemons are running + machine.wait_for_unit("hydra-init.service") + machine.require_unit_state("hydra-queue-runner.service") + machine.require_unit_state("hydra-evaluator.service") + machine.require_unit_state("hydra-notify.service") + + machine.succeed("hydra-create-user admin --role admin --password admin") + + # create a project with a trivial job + machine.wait_for_open_port(3000) + + # make sure the build as been successfully built + machine.succeed("create-trivial-project.sh") + + machine.wait_until_succeeds( + 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' + ) + + machine.wait_until_succeeds( + 'journalctl -eu hydra-notify.service -o cat | grep -q "sending mail notification to hydra@localhost"' + ) + ''; + }; in - tests + +mapAttrs makeHydraTest hydraPkgs diff --git a/nixos/tests/initrd-network-ssh/default.nix b/nixos/tests/initrd-network-ssh/default.nix index 73d9f938e22..017de688208 100644 --- a/nixos/tests/initrd-network-ssh/default.nix +++ b/nixos/tests/initrd-network-ssh/default.nix @@ -3,7 +3,7 @@ import ../make-test-python.nix ({ lib, ... }: { name = "initrd-network-ssh"; meta = with lib.maintainers; { - maintainers = [ willibutz ]; + maintainers = [ willibutz emily ]; }; nodes = with lib; { @@ -17,9 +17,9 @@ import ../make-test-python.nix ({ lib, ... }: enable = true; ssh = { enable = true; - authorizedKeys = [ "${readFile ./openssh.pub}" ]; + authorizedKeys = [ (readFile ./id_ed25519.pub) ]; port = 22; - hostRSAKey = ./dropbear.priv; + hostKeys = [ ./ssh_host_ed25519_key ]; }; }; boot.initrd.preLVMCommands = '' @@ -42,11 +42,11 @@ import ../make-test-python.nix ({ lib, ... }: "${toString (head (splitString " " ( toString (elemAt (splitString "\n" config.networking.extraHosts) 2) )))} " - "${readFile ./dropbear.pub}" + "${readFile ./ssh_host_ed25519_key.pub}" ]; }; sshKey = { - source = ./openssh.priv; # dont use this anywhere else + source = ./id_ed25519; mode = "0600"; }; }; @@ -56,7 +56,17 @@ import ../make-test-python.nix ({ lib, ... }: testScript = '' start_all() client.wait_for_unit("network.target") - client.wait_until_succeeds("ping -c 1 server") + + + def ssh_is_up(_) -> bool: + status, _ = client.execute("nc -z server 22") + return status == 0 + + + with client.nested("waiting for SSH server to come up"): + retry(ssh_is_up) + + client.succeed( "ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'" ) diff --git a/nixos/tests/initrd-network-ssh/dropbear.priv b/nixos/tests/initrd-network-ssh/dropbear.priv deleted file mode 100644 index af340535f0a..00000000000 --- a/nixos/tests/initrd-network-ssh/dropbear.priv +++ /dev/null Binary files differdiff --git a/nixos/tests/initrd-network-ssh/dropbear.pub b/nixos/tests/initrd-network-ssh/dropbear.pub deleted file mode 100644 index 385c625522a..00000000000 --- a/nixos/tests/initrd-network-ssh/dropbear.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzJ0OniLB91MpPC86I1m3wwJeAc+Gme7bAuaLIU/cSfPwxT5NO7MfCp0Pu94gYDKtDXMs/wXg0bTAVDeAFFkdIj6kBBumEmQLCTL48q2UxDIXVLT/E/AAgj6q7WwgCg7fwm4Vjn4z7aUyBx8EfRy+5/SQyeYla3D/lFYgMi5x4D6J+yeR+JPAptDE/IR5IizNV7mY0ZcoXYyHrrehI1tTYEEqjX13ZqS4OCBFWwHe1QHhRNM+jHhcATbgikjAj8FyFPtLvc+dSVtkuhQktQl36Bi8zMUQcV6+mM7Ln6DBcDlM9urHKLYPTWmUAyhxM955iglOn5z0RaAIcyNMT6hz0rHaNf0BIlmbXoTC0XGjHh/OnoOEC/zg0JqgQTnPiU45K4TnRSSXp2GfiDfiQAK0+HaXACkjuFR68u7WCZpB1Bse1OgKNClFqtRhIr5DilUb2/e5DCCmFkddMUcjmYqzZdbXNt7fo8CFULe+mbiCp8+tMg4aRTaDZ/Hk93nCvGE5TP2ypEMbfL6nRVKvXOjhdvSQQgKwx+O003FDEHCSG0Bpageh7yVpna+SPrbGklce7MjTpbx3iIwmvKpQ6asnK1L3KkahpY1S3NhQ+/S3Gs8KWQ5LAU+d3xiPX3jfIVHsCIIyxHDbwcJvxM4MFBFQpqRMD6E+LoM9RHjl4C9k2iQ== tmtynkky@duuni diff --git a/nixos/tests/initrd-network-ssh/generate-keys.nix b/nixos/tests/initrd-network-ssh/generate-keys.nix index 0183e12d7a8..3d7978890ab 100644 --- a/nixos/tests/initrd-network-ssh/generate-keys.nix +++ b/nixos/tests/initrd-network-ssh/generate-keys.nix @@ -1,12 +1,10 @@ with import ../../.. {}; runCommand "gen-keys" { - buildInputs = [ dropbear openssh ]; + buildInputs = [ openssh ]; } '' mkdir $out - dropbearkey -t rsa -f $out/dropbear.priv -s 4096 | sed -n 2p > $out/dropbear.pub - ssh-keygen -q -t rsa -b 4096 -N "" -f client - mv client $out/openssh.priv - mv client.pub $out/openssh.pub + ssh-keygen -q -t ed25519 -N "" -f $out/ssh_host_ed25519_key + ssh-keygen -q -t ed25519 -N "" -f $out/id_ed25519 '' diff --git a/nixos/tests/initrd-network-ssh/id_ed25519 b/nixos/tests/initrd-network-ssh/id_ed25519 new file mode 100644 index 00000000000..f914b3f712f --- /dev/null +++ b/nixos/tests/initrd-network-ssh/id_ed25519 @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAVcX+32Yqig25RxRA8bel/f604wV0p/63um+Oku/3vfwAAAJi/AJZMvwCW +TAAAAAtzc2gtZWQyNTUxOQAAACAVcX+32Yqig25RxRA8bel/f604wV0p/63um+Oku/3vfw +AAAEAPLjQusjrB90Lk3996G3AbtTeK+XweNgxaegYnml/A/RVxf7fZiqKDblHFEDxt6X9/ +rTjBXSn/re6b46S7/e9/AAAAEG5peGJsZEBsb2NhbGhvc3QBAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/nixos/tests/initrd-network-ssh/id_ed25519.pub b/nixos/tests/initrd-network-ssh/id_ed25519.pub new file mode 100644 index 00000000000..40de4a8ac60 --- /dev/null +++ b/nixos/tests/initrd-network-ssh/id_ed25519.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVxf7fZiqKDblHFEDxt6X9/rTjBXSn/re6b46S7/e9/ nixbld@localhost diff --git a/nixos/tests/initrd-network-ssh/openssh.priv b/nixos/tests/initrd-network-ssh/openssh.priv deleted file mode 100644 index 816d65435fd..00000000000 --- a/nixos/tests/initrd-network-ssh/openssh.priv +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEA7+9A2PCPOTAlFmrablrUWA+VZdAuLfM6JXeHsOF7ZbC2F6lv -WmvDM925DQqhiAjcgWnt5WHWS5Y+b7lGnuzT7fyKegXd80nCRmqlpSG3srX0/lxR -aQAJLzfoDjcsF+ceswQo6GSsYnCHVxMNs007gbbVY3f7o+sWZtLdxJPD2iHvl5Zr -LK0d1RLMmU6cfIhIABlL0S8EWiv29RROepsCQnS0dnK2b+von1SCYoggvAMe2ToA -IAJ8+uqaYfGAyn9q8fjZiRHxLmKDq90tKoCUL5r/2dmEIE+t8T/3PfHoq1QzZts9 -W9idhBdT21dEXBtGyoMtckp5njk5m82LQDYiOXkuSoIUhSOteh5g7fBv1BtVSERx -Jg3UeJjPeGKFwdnzapmAKC2w/6V8xcIINNA+fhZA7B9fD1RAi2TECZ+gyMYDc4T+ -USlMSm9cfvSOrf2+5ngtFb84nHjqvClxCMLu+bCWK8HamqUzhE/a5LbR+48E7PyG -s3KV+sWFN9KOnakTjj/6iQhXZRhgeAK39F2XTk5Ms5Y+BRSStnMoMZA2grIV+jHi -1zbWokVqXPI5YRo5isR/PgtKAV6FfNWumcYoFJ9F40pMHQ6hJVEmtrCBx7EApSl3 -mSGbQJUmilLC51qNhwQRbD//ZtpIrN82HTMKzZ6kj7kDCdsff+wsnkIXmmMCAwEA -AQKCAgA4tMINw6UF7hQF3VEsnbjr6xrzCiWv5HlMm5htPI1OdlpC81+G7ksfOfrf -UzDkFrwOtftsqBfem268Nvyy2OQprfMIbdSMCFWrEM9/XJ2u1gRGDYmMGF8TUtI8 -cduw9oWx53zHl+uKBHBoKu+k/c7flFeQf63wisIroRCawhWau0SF/h3sXCndzuie -Hw8q+4aQx2m80bDkotlmCNuXbIU3MZ/pEql9gDLlXTLHmMaryM0EqAmZhx0ErGe6 -WDqJIV4kPB0loSDwRoY6GzbugZ8ENUzcruTkQhCpIOYNNNw5idfwKkaxK1vm+SBv -iYt1fVjYyfH2vhVKSNoNsaGEloa1u4Dymt/FpFztEpRzHXcw93N8BdLxJ4OUhzm2 -iAbpiyjniTIeAVVi7BUwLXh5WAx8nT0eeb1zKoZg1p1ciK5cYl1Uel7j8xRycsSW -3YgmtuPqY4Agbc9v3eXbQZNDk48JFMEqpIxk97FAkRYpzfxg5Qq14WJCp60CkdRt -T60hXy8lT/BcI8OWLfGJuBbsVLNRiC7PpwqRKQAinXSv134FpP7jrhpkMybs2oIS -5obRG7J5OfOTp925erG5mrpwqa3BPkgqx347Wj9z8quOZyuhi+XaPvqmPtvs5JOl -4RCqjt6RQlHm7xos9ZZGI4jDAIFaFWgyVZrYplOgwxWma4DTgQKCAQEA9+tizQRU -lF0lxNcEPvsFnYJo80Y+MQK9VdtlhR19YuSfwP1NCaMG1MhQ+PVBVmepOwJMRJR7 -9PLfOouNMfixKBGP12dtStMuh7jowq/BxhRI6JWp3RhTZ1yJ9ouzHze7IDrEBa6w -p0hUu9H0Sbt51LXbC3JmTyhbdhfry559DfyGW1Ma/bv/pihL9B5Y7sNf1thNp1gi -GbQ9B+o2Yyw8ZD8zY+sl+aYDSWyCtcBV/KXEF74Bkfs/a5ExJ00X0jYj/TAp2ray -T4PY0FR8wN/O10bFLP9j+Xa/ywbcPhoj8nvVRIg9VfWT/QaEd+KR0EZVxdjCCqne -enbSQksTpAZNwQKCAQEA98E+BMmS+yHUVUhNZABtQ5avwuV4+DoSN8KTp3xwQ0CH -m9fWxSDs12FdyMhDxrJPeywvHtZ18/7cl3dr8wnFVE0s4ongnRDXsNk5xN6J3AaO -KqW4HF9cbwZqzLILy8TrO+EK/EQV9FypbrxqvxAlP1kezIA2CJNzVRAgimSuV/H7 -05HTnp5W06fjtEf8U1CUrdNetoSROUo1j/IMGPYGlsBFYAGrj5y/BlKd+3T3kjRp -Xje7HpiykjrZHn0WDp04Ln+u9nveEewXmHKch313emt7HpW0xspp8JM8OZtEKozk -D5PfYdBfMJJOUlqovCCzTTJ6kNOahknKXFeO/qs5IwKCAQEAjF0/zhWikXF/fcfD -Bql2z2vTYdEmSvdjHSYff1Nn90K71DdVk5wytOxJM/sfp/z+yoMNjVKIL/IGQw5Z -va4xFx+CUhGjxlZ0pLEjT37U9gHsGYsK5jvslLvG/MixfH5AOwoqi5ERQVTpbIF9 -jvVPEAh6YSu/ExglWGJIxTsRUIblxvTxdjEnl/p+rlM0RNJnA6vpo1J51BXA7CdF -7bZQ5u0Feo/bK1I70ClYg/DGfkmYEV0pZG5cxNkqfDbgwsqWa7YGLGd94xkh+ymq -jETqxeWyozxhbQ83nYpfzeVc7t//qlJ8b5uf0wUKoRmtNr9rtp13lzP/21REzPXW -w+oxwQKCAQAoAf2Y2lAw25KlPuq4ZlU+n9u8FkBFnWMJvBMJ7c9XHNmJMf6NkLaO -RTvWy3geYvbwxf7J9QnRH+vRTciR05cY+Olxn6A03N5nwXxRrToH3MsiWeZ0NnX/ -u8KNUYcUHbV60ulqOThuYHQ/3I9EUUAijaqqjV2sXts19ke68W0x6HKpBJhuudT9 -ktPzbdhyP8Xyl/pocNnerXwexZBsi3Ye6+eIDFz+8OnsBHVcgNPluS72tvsxgqj7 -ciNTiBGCxKKo55eCWBhRPpXE2WUrf/hGPYsBMl2h6FfZMH1+M/N7B4tgdJmS+woU -Ftws8lTjJEiwA6HFN1ZxrwLNjJobx9yPAoIBAE0igsBuWWn6rXeOPylYg4264XOq -8gb94pte2n9amDgCzyCn8m6AL3snLC/AoCD19DK+gyK0ukoesXPa3iX6w2xv69ZC -urDx36Jhd4zrJb4QsFPoeKfDP+UvNVZaS41vipRRzY/y11em15prUZ4U8FA/UT1Y -FzkBo9r6iUZRnyBLppMuEfWASDtuRNmeIHynoT1AcQOH3l9vR210iEpmAuJr0CYA -bvTuz3UzzGGEAuIUvuaiRtkfKY52jBmiEr7SSPCr1HvLj3Ccz8bgjgR2kiXmcU50 -1zLnaPAD44LZ/0Fjqj+PimQGT6K7CNXPllmYh7MvoU52g3SVPf6rHlIR0Nc= ------END RSA PRIVATE KEY----- diff --git a/nixos/tests/initrd-network-ssh/openssh.pub b/nixos/tests/initrd-network-ssh/openssh.pub deleted file mode 100644 index 5b72b8085f2..00000000000 --- a/nixos/tests/initrd-network-ssh/openssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDv70DY8I85MCUWatpuWtRYD5Vl0C4t8zold4ew4XtlsLYXqW9aa8Mz3bkNCqGICNyBae3lYdZLlj5vuUae7NPt/Ip6Bd3zScJGaqWlIbeytfT+XFFpAAkvN+gONywX5x6zBCjoZKxicIdXEw2zTTuBttVjd/uj6xZm0t3Ek8PaIe+XlmssrR3VEsyZTpx8iEgAGUvRLwRaK/b1FE56mwJCdLR2crZv6+ifVIJiiCC8Ax7ZOgAgAnz66pph8YDKf2rx+NmJEfEuYoOr3S0qgJQvmv/Z2YQgT63xP/c98eirVDNm2z1b2J2EF1PbV0RcG0bKgy1ySnmeOTmbzYtANiI5eS5KghSFI616HmDt8G/UG1VIRHEmDdR4mM94YoXB2fNqmYAoLbD/pXzFwgg00D5+FkDsH18PVECLZMQJn6DIxgNzhP5RKUxKb1x+9I6t/b7meC0VvziceOq8KXEIwu75sJYrwdqapTOET9rkttH7jwTs/IazcpX6xYU30o6dqROOP/qJCFdlGGB4Arf0XZdOTkyzlj4FFJK2cygxkDaCshX6MeLXNtaiRWpc8jlhGjmKxH8+C0oBXoV81a6ZxigUn0XjSkwdDqElUSa2sIHHsQClKXeZIZtAlSaKUsLnWo2HBBFsP/9m2kis3zYdMwrNnqSPuQMJ2x9/7CyeQheaYw== tmtynkky@duuni diff --git a/nixos/tests/initrd-network-ssh/ssh_host_ed25519_key b/nixos/tests/initrd-network-ssh/ssh_host_ed25519_key new file mode 100644 index 00000000000..f1e29459b7a --- /dev/null +++ b/nixos/tests/initrd-network-ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACDP9Mz6qlxdQqA4omrgbOlVsxSGONCJstjW9zqquajlIAAAAJg0WGFGNFhh +RgAAAAtzc2gtZWQyNTUxOQAAACDP9Mz6qlxdQqA4omrgbOlVsxSGONCJstjW9zqquajlIA +AAAEA0Hjs7LfFPdTf3ThGx6GNKvX0ItgzgXs91Z3oGIaF6S8/0zPqqXF1CoDiiauBs6VWz +FIY40Imy2Nb3Oqq5qOUgAAAAEG5peGJsZEBsb2NhbGhvc3QBAgMEBQ== +-----END OPENSSH PRIVATE KEY----- diff --git a/nixos/tests/initrd-network-ssh/ssh_host_ed25519_key.pub b/nixos/tests/initrd-network-ssh/ssh_host_ed25519_key.pub new file mode 100644 index 00000000000..3aa1587e1dc --- /dev/null +++ b/nixos/tests/initrd-network-ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/0zPqqXF1CoDiiauBs6VWzFIY40Imy2Nb3Oqq5qOUg nixbld@localhost diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 983861911e0..babde4126c4 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -104,7 +104,6 @@ let with subtest("Assert readiness of login prompt"): machine.succeed("echo hello") - machine.wait_for_unit("nixos-manual") with subtest("Wait for hard disks to appear in /dev"): machine.succeed("udevadm settle") diff --git a/nixos/tests/kafka.nix b/nixos/tests/kafka.nix index f3de24e873b..d29c802b47b 100644 --- a/nixos/tests/kafka.nix +++ b/nixos/tests/kafka.nix @@ -77,7 +77,7 @@ let + "--from-beginning --max-messages 1" ) ''); - }) {}); + }) { inherit system; }); in with pkgs; { kafka_0_9 = makeKafkaTest "kafka_0_9" apacheKafka_0_9; diff --git a/nixos/tests/magic-wormhole-mailbox-server.nix b/nixos/tests/magic-wormhole-mailbox-server.nix new file mode 100644 index 00000000000..144a07e1349 --- /dev/null +++ b/nixos/tests/magic-wormhole-mailbox-server.nix @@ -0,0 +1,38 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "magic-wormhole-mailbox-server"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mmahut ]; + }; + + nodes = { + server = { ... }: { + networking.firewall.allowedTCPPorts = [ 4000 ]; + services.magic-wormhole-mailbox-server.enable = true; + }; + + client_alice = { ... }: { + networking.firewall.enable = false; + environment.systemPackages = [ pkgs.magic-wormhole ]; + }; + + client_bob = { ... }: { + environment.systemPackages = [ pkgs.magic-wormhole ]; + }; + }; + + testScript = '' + start_all() + + # Start the wormhole relay server + server.wait_for_unit("magic-wormhole-mailbox-server.service") + server.wait_for_open_port(4000) + + # Create a secret file and send it to Bob + client_alice.succeed("echo mysecret > secretfile") + client_alice.succeed("wormhole --relay-url=ws://server:4000/v1 send -0 secretfile &") + + # Retrieve a secret file from Alice and check its content + client_bob.succeed("wormhole --relay-url=ws://server:4000/v1 receive -0 --accept-file") + client_bob.succeed("grep mysecret secretfile") + ''; +}) diff --git a/nixos/tests/mongodb.nix b/nixos/tests/mongodb.nix index 9ebf84eed23..a637ec4bfc0 100644 --- a/nixos/tests/mongodb.nix +++ b/nixos/tests/mongodb.nix @@ -1,42 +1,52 @@ # This test start mongodb, runs a query using mongo shell -import ./make-test-python.nix ({ pkgs, ...} : let - testQuery = pkgs.writeScript "nixtest.js" '' - db.greetings.insert({ "greeting": "hello" }); - print(db.greetings.findOne().greeting); - ''; -in { - name = "mongodb"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ bluescreen303 offline cstrahan rvl phile314 ]; - }; +import ./make-test-python.nix ({ pkgs, ... }: + let + testQuery = pkgs.writeScript "nixtest.js" '' + db.greetings.insert({ "greeting": "hello" }); + print(db.greetings.findOne().greeting); + ''; - nodes = { - one = - { ... }: - { - services = { - mongodb.enable = true; - mongodb.enableAuth = true; - mongodb.initialRootPassword = "root"; - mongodb.initialScript = pkgs.writeText "mongodb_initial.js" '' - db = db.getSiblingDB("nixtest"); - db.createUser({user:"nixtest",pwd:"nixtest",roles:[{role:"readWrite",db:"nixtest"}]}); - ''; - mongodb.extraConfig = '' - # Allow starting engine with only a small virtual disk - storage.journal.enabled: false - storage.mmapv1.smallFiles: true - ''; - }; - }; + runMongoDBTest = pkg: '' + node.execute("(rm -rf data || true) && mkdir data") + node.execute( + "${pkg}/bin/mongod --fork --logpath logs --dbpath data" + ) + node.wait_for_open_port(27017) + + assert "hello" in node.succeed( + "mongo ${testQuery}" + ) + + node.execute( + "${pkg}/bin/mongod --shutdown --dbpath data" + ) + node.wait_for_closed_port(27017) + ''; + + in { + name = "mongodb"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ bluescreen303 offline cstrahan rvl phile314 ]; + }; + + nodes = { + node = {...}: { + environment.systemPackages = with pkgs; [ + mongodb-3_4 + mongodb-3_6 + mongodb-4_0 + ]; + }; }; - testScript = '' - start_all() - one.wait_for_unit("mongodb.service") - one.succeed( - "mongo -u nixtest -p nixtest nixtest ${testQuery} | grep -q hello" - ) - ''; -}) + testScript = '' + node.start() + '' + + runMongoDBTest pkgs.mongodb-3_4 + + runMongoDBTest pkgs.mongodb-3_6 + + runMongoDBTest pkgs.mongodb-4_0 + + '' + node.shutdown() + ''; + }) diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index 924bac84e26..11c1dabf936 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -22,6 +22,27 @@ import ./make-test-python.nix ({ pkgs, ...} : { services.mysql.package = pkgs.mysql57; }; + mysql80 = + { pkgs, ... }: + + { + # prevent oom: + # Kernel panic - not syncing: Out of memory: compulsory panic_on_oom is enabled + virtualisation.memorySize = 1024; + + services.mysql.enable = true; + services.mysql.initialDatabases = [ + { name = "testdb"; schema = ./testdb.sql; } + { name = "empty_testdb"; } + ]; + # note that using pkgs.writeText here is generally not a good idea, + # as it will store the password in world-readable /nix/store ;) + services.mysql.initialScript = pkgs.writeText "mysql-init.sql" '' + CREATE USER 'passworduser'@'localhost' IDENTIFIED BY 'password123'; + ''; + services.mysql.package = pkgs.mysql80; + }; + mariadb = { pkgs, ... }: @@ -47,6 +68,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { "testdb2.*" = "ALL PRIVILEGES"; }; }]; + services.mysql.settings = { + mysqld = { + plugin-load-add = [ "ha_tokudb.so" "ha_rocksdb.so" ]; + }; + }; services.mysql.package = pkgs.mariadb; }; @@ -61,6 +87,12 @@ import ./make-test-python.nix ({ pkgs, ...} : { # ';' acts as no-op, just check whether login succeeds with the user created from the initialScript mysql.succeed("echo ';' | mysql -u passworduser --password=password123") + mysql80.wait_for_unit("mysql") + mysql80.succeed("echo 'use empty_testdb;' | mysql -u root") + mysql80.succeed("echo 'use testdb; select * from tests;' | mysql -u root -N | grep 4") + # ';' acts as no-op, just check whether login succeeds with the user created from the initialScript + mysql80.succeed("echo ';' | mysql -u passworduser --password=password123") + mariadb.wait_for_unit("mysql") mariadb.succeed( "echo 'use testdb; create table tests (test_id INT, PRIMARY KEY (test_id));' | sudo -u testuser mysql -u testuser" @@ -79,5 +111,33 @@ import ./make-test-python.nix ({ pkgs, ...} : { mariadb.succeed( "echo 'use testdb; select test_id from tests;' | sudo -u testuser mysql -u testuser -N | grep 42" ) + + # Check if TokuDB plugin works + mariadb.succeed( + "echo 'use testdb; create table tokudb (test_id INT, PRIMARY KEY (test_id)) ENGINE = TokuDB;' | sudo -u testuser mysql -u testuser" + ) + mariadb.succeed( + "echo 'use testdb; insert into tokudb values (25);' | sudo -u testuser mysql -u testuser" + ) + mariadb.succeed( + "echo 'use testdb; select test_id from tokudb;' | sudo -u testuser mysql -u testuser -N | grep 25" + ) + mariadb.succeed( + "echo 'use testdb; drop table tokudb;' | sudo -u testuser mysql -u testuser" + ) + + # Check if RocksDB plugin works + mariadb.succeed( + "echo 'use testdb; create table rocksdb (test_id INT, PRIMARY KEY (test_id)) ENGINE = RocksDB;' | sudo -u testuser mysql -u testuser" + ) + mariadb.succeed( + "echo 'use testdb; insert into rocksdb values (28);' | sudo -u testuser mysql -u testuser" + ) + mariadb.succeed( + "echo 'use testdb; select test_id from rocksdb;' | sudo -u testuser mysql -u testuser -N | grep 28" + ) + mariadb.succeed( + "echo 'use testdb; drop table rocksdb;' | sudo -u testuser mysql -u testuser" + ) ''; }) diff --git a/nixos/tests/nextcloud/basic.nix b/nixos/tests/nextcloud/basic.nix index 75862feb202..92ac5c46e8f 100644 --- a/nixos/tests/nextcloud/basic.nix +++ b/nixos/tests/nextcloud/basic.nix @@ -32,7 +32,7 @@ in { testScript = let withRcloneEnv = pkgs.writeScript "with-rclone-env" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/" export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud" @@ -41,12 +41,12 @@ in { "''${@}" ''; copySharedFile = pkgs.writeScript "copy-shared-file" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} echo 'hi' | ${withRcloneEnv} ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file ''; diffSharedFile = pkgs.writeScript "diff-shared-file" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file) ''; in '' diff --git a/nixos/tests/nextcloud/with-mysql-and-memcached.nix b/nixos/tests/nextcloud/with-mysql-and-memcached.nix index b9ba5888187..8db630be893 100644 --- a/nixos/tests/nextcloud/with-mysql-and-memcached.nix +++ b/nixos/tests/nextcloud/with-mysql-and-memcached.nix @@ -61,14 +61,14 @@ in { testScript = let configureMemcached = pkgs.writeScript "configure-memcached" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} nextcloud-occ config:system:set memcached_servers 0 0 --value 127.0.0.1 --type string nextcloud-occ config:system:set memcached_servers 0 1 --value 11211 --type integer nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\APCu' --type string nextcloud-occ config:system:set memcache.distributed --value '\OC\Memcache\Memcached' --type string ''; withRcloneEnv = pkgs.writeScript "with-rclone-env" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/" export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud" @@ -76,12 +76,12 @@ in { export RCLONE_CONFIG_NEXTCLOUD_PASS="$(${pkgs.rclone}/bin/rclone obscure ${adminpass})" ''; copySharedFile = pkgs.writeScript "copy-shared-file" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} echo 'hi' | ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file ''; diffSharedFile = pkgs.writeScript "diff-shared-file" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file) ''; in '' diff --git a/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixos/tests/nextcloud/with-postgresql-and-redis.nix index 324853350af..95219cac9be 100644 --- a/nixos/tests/nextcloud/with-postgresql-and-redis.nix +++ b/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -60,14 +60,14 @@ in { testScript = let configureRedis = pkgs.writeScript "configure-redis" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} nextcloud-occ config:system:set redis 'host' --value 'localhost' --type string nextcloud-occ config:system:set redis 'port' --value 6379 --type integer nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string ''; withRcloneEnv = pkgs.writeScript "with-rclone-env" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} export RCLONE_CONFIG_NEXTCLOUD_TYPE=webdav export RCLONE_CONFIG_NEXTCLOUD_URL="http://nextcloud/remote.php/webdav/" export RCLONE_CONFIG_NEXTCLOUD_VENDOR="nextcloud" @@ -76,12 +76,12 @@ in { "''${@}" ''; copySharedFile = pkgs.writeScript "copy-shared-file" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} echo 'hi' | ${pkgs.rclone}/bin/rclone rcat nextcloud:test-shared-file ''; diffSharedFile = pkgs.writeScript "diff-shared-file" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} diff <(echo 'hi') <(${pkgs.rclone}/bin/rclone cat nextcloud:test-shared-file) ''; in '' diff --git a/nixos/tests/nginx-pubhtml.nix b/nixos/tests/nginx-pubhtml.nix new file mode 100644 index 00000000000..432913cb42d --- /dev/null +++ b/nixos/tests/nginx-pubhtml.nix @@ -0,0 +1,20 @@ +import ./make-test-python.nix { + name = "nginx-pubhtml"; + + machine = { pkgs, ... }: { + services.nginx.enable = true; + services.nginx.virtualHosts.localhost = { + locations."~ ^/\\~([a-z0-9_]+)(/.*)?$".alias = "/home/$1/public_html$2"; + }; + users.users.foo.isNormalUser = true; + }; + + testScript = '' + machine.wait_for_unit("nginx") + machine.wait_for_open_port(80) + machine.succeed("chmod 0711 /home/foo") + machine.succeed("su -c 'mkdir -p /home/foo/public_html' foo") + machine.succeed("su -c 'echo bar > /home/foo/public_html/bar.txt' foo") + machine.succeed('test "$(curl -fvvv http://localhost/~foo/bar.txt)" = bar') + ''; +} diff --git a/nixos/tests/os-prober.nix b/nixos/tests/os-prober.nix index 5407a62339f..6a38f5ca531 100644 --- a/nixos/tests/os-prober.nix +++ b/nixos/tests/os-prober.nix @@ -51,6 +51,8 @@ let hashed-mirrors = connect-timeout = 1 ''; + # save some memory + documentation.enable = false; }; # /etc/nixos/configuration.nix for the vm configFile = pkgs.writeText "configuration.nix" '' diff --git a/nixos/tests/php/default.nix b/nixos/tests/php/default.nix new file mode 100644 index 00000000000..9ab14f722d0 --- /dev/null +++ b/nixos/tests/php/default.nix @@ -0,0 +1,7 @@ +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../../.. { inherit system config; } +}: { + fpm = import ./fpm.nix { inherit system pkgs; }; + pcre = import ./pcre.nix { inherit system pkgs; }; +} diff --git a/nixos/tests/php/fpm.nix b/nixos/tests/php/fpm.nix new file mode 100644 index 00000000000..e93a3183418 --- /dev/null +++ b/nixos/tests/php/fpm.nix @@ -0,0 +1,55 @@ +import ../make-test-python.nix ({pkgs, ...}: { + name = "php-fpm-nginx-test"; + meta.maintainers = with pkgs.stdenv.lib.maintainers; [ etu ]; + + machine = { config, lib, pkgs, ... }: { + services.nginx = { + enable = true; + + virtualHosts."phpfpm" = let + testdir = pkgs.writeTextDir "web/index.php" "<?php phpinfo();"; + in { + root = "${testdir}/web"; + locations."~ \.php$".extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.foobar.socket}; + fastcgi_index index.php; + include ${pkgs.nginx}/conf/fastcgi_params; + include ${pkgs.nginx}/conf/fastcgi.conf; + ''; + locations."/" = { + tryFiles = "$uri $uri/ index.php"; + index = "index.php index.html index.htm"; + }; + }; + }; + + services.phpfpm.pools."foobar" = { + user = "nginx"; + settings = { + "listen.group" = "nginx"; + "listen.mode" = "0600"; + "listen.owner" = "nginx"; + "pm" = "dynamic"; + "pm.max_children" = 5; + "pm.max_requests" = 500; + "pm.max_spare_servers" = 3; + "pm.min_spare_servers" = 1; + "pm.start_servers" = 2; + }; + }; + }; + testScript = { ... }: '' + machine.wait_for_unit("nginx.service") + machine.wait_for_unit("phpfpm-foobar.service") + + # Check so we get an evaluated PHP back + assert "PHP Version ${pkgs.php.version}" in machine.succeed("curl -vvv -s http://127.0.0.1:80/") + + # Check so we have database and some other extensions loaded + assert "json" in machine.succeed("curl -vvv -s http://127.0.0.1:80/") + assert "opcache" in machine.succeed("curl -vvv -s http://127.0.0.1:80/") + assert "pdo_mysql" in machine.succeed("curl -vvv -s http://127.0.0.1:80/") + assert "pdo_pgsql" in machine.succeed("curl -vvv -s http://127.0.0.1:80/") + assert "pdo_sqlite" in machine.succeed("curl -vvv -s http://127.0.0.1:80/") + ''; +}) diff --git a/nixos/tests/php-pcre.nix b/nixos/tests/php/pcre.nix index d5c22e0582a..56a87778579 100644 --- a/nixos/tests/php-pcre.nix +++ b/nixos/tests/php/pcre.nix @@ -1,7 +1,6 @@ - -let testString = "can-use-subgroups"; in - -import ./make-test-python.nix ({ ...}: { +let + testString = "can-use-subgroups"; +in import ../make-test-python.nix ({ ...}: { name = "php-httpd-pcre-jit-test"; machine = { lib, pkgs, ... }: { time.timeZone = "UTC"; @@ -10,15 +9,13 @@ import ./make-test-python.nix ({ ...}: { adminAddr = "please@dont.contact"; enablePHP = true; phpOptions = "pcre.jit = true"; - extraConfig = - let + extraConfig = let testRoot = pkgs.writeText "index.php" - '' - <?php + '' + <?php preg_match('/(${testString})/', '${testString}', $result); var_dump($result); - ?> - ''; + ''; in '' Alias / ${testRoot}/ @@ -30,11 +27,11 @@ import ./make-test-python.nix ({ ...}: { }; }; testScript = { ... }: - '' - machine.wait_for_unit("httpd.service") - # Ensure php evaluation by matching on the var_dump syntax - assert 'string(${toString (builtins.stringLength testString)}) "${testString}"' in machine.succeed( - "curl -vvv -s http://127.0.0.1:80/index.php" - ) - ''; + '' + machine.wait_for_unit("httpd.service") + # Ensure php evaluation by matching on the var_dump syntax + assert 'string(${toString (builtins.stringLength testString)}) "${testString}"' in machine.succeed( + "curl -vvv -s http://127.0.0.1:80/index.php" + ) + ''; }) diff --git a/nixos/tests/quorum.nix b/nixos/tests/quorum.nix new file mode 100644 index 00000000000..846d2a93018 --- /dev/null +++ b/nixos/tests/quorum.nix @@ -0,0 +1,79 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "quorum"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mmahut ]; + }; + + nodes = { + machine = { ... }: { + services.quorum = { + enable = true; + permissioned = false; + staticNodes = [ "enode://dd333ec28f0a8910c92eb4d336461eea1c20803eed9cf2c056557f986e720f8e693605bba2f4e8f289b1162e5ac7c80c914c7178130711e393ca76abc1d92f57@0.0.0.0:30303?discport=0" ]; + genesis = { + alloc = { + "189d23d201b03ae1cf9113672df29a5d672aefa3" = { + balance = "0x446c3b15f9926687d2c40534fdb564000000000000"; + }; + "44b07d2c28b8ed8f02b45bd84ac7d9051b3349e6" = { + balance = "0x446c3b15f9926687d2c40534fdb564000000000000"; + }; + "4c1ccd426833b9782729a212c857f2f03b7b4c0d" = { + balance = "0x446c3b15f9926687d2c40534fdb564000000000000"; + }; + "7ae555d0f6faad7930434abdaac2274fd86ab516" = { + balance = "0x446c3b15f9926687d2c40534fdb564000000000000"; + }; + c1056df7c02b6f1a353052eaf0533cc7cb743b52 = { + balance = "0x446c3b15f9926687d2c40534fdb564000000000000"; + }; + }; + coinbase = "0x0000000000000000000000000000000000000000"; + config = { + byzantiumBlock = 1; + chainId = 10; + eip150Block = 1; + eip150Hash = + "0x0000000000000000000000000000000000000000000000000000000000000000"; + eip155Block = 1; + eip158Block = 1; + isQuorum = true; + istanbul = { + epoch = 30000; + policy = 0; + }; + }; + difficulty = "0x1"; + extraData = + "0x0000000000000000000000000000000000000000000000000000000000000000f8aff869944c1ccd426833b9782729a212c857f2f03b7b4c0d94189d23d201b03ae1cf9113672df29a5d672aefa39444b07d2c28b8ed8f02b45bd84ac7d9051b3349e694c1056df7c02b6f1a353052eaf0533cc7cb743b52947ae555d0f6faad7930434abdaac2274fd86ab516b8410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0"; + gasLimit = "0xe0000000"; + gasUsed = "0x0"; + mixHash = + "0x63746963616c2062797a616e74696e65206661756c7420746f6c6572616e6365"; + nonce = "0x0"; + number = "0x0"; + parentHash = + "0x0000000000000000000000000000000000000000000000000000000000000000"; + timestamp = "0x5cffc201"; + }; + }; + }; + }; + + testScript = '' + start_all() + machine.wait_until_succeeds("mkdir -p /var/lib/quorum/keystore") + machine.wait_until_succeeds( + 'echo \{\\"address\\":\\"9377bc3936de934c497e22917b81aa8774ac3bb0\\",\\"crypto\\":\{\\"cipher\\":\\"aes-128-ctr\\",\\"ciphertext\\":\\"ad8341d8ef225650403fd366c955f41095e438dd966a3c84b3d406818c1e366c\\",\\"cipherparams\\":\{\\"iv\\":\\"2a09f7a72fd6dff7c43150ff437e6ac2\\"\},\\"kdf\\":\\"scrypt\\",\\"kdfparams\\":\{\\"dklen\\":32,\\"n\\":262144,\\"p\\":1,\\"r\\":8,\\"salt\\":\\"d1a153845bb80cd6274c87c5bac8ac09fdfac5ff131a6f41b5ed319667f12027\\"\},\\"mac\\":\\"a9621ad88fa1d042acca6fc2fcd711f7e05bfbadea3f30f379235570c8e270d3\\"\},\\"id\\":\\"89e847a3-1527-42f6-a321-77de0a14ce02\\",\\"version\\":3\}\\" > /var/lib/quorum/keystore/UTC--2020-03-23T11-08-34.144812212Z--9377bc3936de934c497e22917b81aa8774ac3bb0' + ) + machine.wait_until_succeeds( + "echo fe2725c4e8f7617764b845e8d939a65c664e7956eb47ed7d934573f16488efc1 > /var/lib/quorum/nodekey" + ) + machine.wait_until_succeeds("systemctl restart quorum") + machine.wait_for_unit("quorum.service") + machine.sleep(15) + machine.wait_until_succeeds( + 'geth attach /var/lib/quorum/geth.ipc --exec "eth.accounts" | grep 0x9377bc3936de934c497e22917b81aa8774ac3bb0' + ) + ''; +}) diff --git a/nixos/tests/rabbitmq.nix b/nixos/tests/rabbitmq.nix index 8e7f34d06e3..f403e4ac2ed 100644 --- a/nixos/tests/rabbitmq.nix +++ b/nixos/tests/rabbitmq.nix @@ -15,7 +15,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.wait_for_unit("rabbitmq.service") machine.wait_until_succeeds( - 'su -s ${pkgs.stdenv.shell} rabbitmq -c "rabbitmqctl status"' + 'su -s ${pkgs.runtimeShell} rabbitmq -c "rabbitmqctl status"' ) ''; }) diff --git a/nixos/tests/rxe.nix b/nixos/tests/rxe.nix index 194a2e3d2b9..10753c4ed0c 100644 --- a/nixos/tests/rxe.nix +++ b/nixos/tests/rxe.nix @@ -28,7 +28,7 @@ in { # Test if rxe interface comes up server.wait_for_unit("default.target") server.succeed("systemctl status rxe.service") - server.succeed("ibv_devices | grep rxe0") + server.succeed("ibv_devices | grep rxe_eth1") client.wait_for_unit("default.target") diff --git a/nixos/tests/switch-test.nix b/nixos/tests/switch-test.nix index 7076bd77b77..9ef96cec5ef 100644 --- a/nixos/tests/switch-test.nix +++ b/nixos/tests/switch-test.nix @@ -22,7 +22,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { # Ensures failures pass through using pipefail, otherwise failing to # switch-to-configuration is hidden by the success of `tee`. stderrRunner = pkgs.writeScript "stderr-runner" '' - #! ${pkgs.stdenv.shell} + #! ${pkgs.runtimeShell} set -e set -o pipefail exec env -i "$@" | tee /dev/stderr diff --git a/nixos/tests/systemd-confinement.nix b/nixos/tests/systemd-confinement.nix index b7b10fb36aa..f22836e227b 100644 --- a/nixos/tests/systemd-confinement.nix +++ b/nixos/tests/systemd-confinement.nix @@ -3,14 +3,14 @@ import ./make-test.nix { machine = { pkgs, lib, ... }: let testServer = pkgs.writeScript "testserver.sh" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} export PATH=${lib.escapeShellArg "${pkgs.coreutils}/bin"} - ${lib.escapeShellArg pkgs.stdenv.shell} 2>&1 + ${lib.escapeShellArg pkgs.runtimeShell} 2>&1 echo "exit-status:$?" ''; testClient = pkgs.writeScriptBin "chroot-exec" '' - #!${pkgs.stdenv.shell} -e + #!${pkgs.runtimeShell} -e output="$(echo "$@" | nc -NU "/run/test$(< /teststep).sock")" ret="$(echo "$output" | sed -nre '$s/^exit-status:([0-9]+)$/\1/p')" echo "$output" | head -n -1 diff --git a/nixos/tests/systemd.nix b/nixos/tests/systemd.nix index 8028145939b..ca2e36a443e 100644 --- a/nixos/tests/systemd.nix +++ b/nixos/tests/systemd.nix @@ -22,7 +22,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { test-support.displayManager.auto.user = "alice"; systemd.shutdown.test = pkgs.writeScript "test.shutdown" '' - #!${pkgs.stdenv.shell} + #!${pkgs.runtimeShell} PATH=${lib.makeBinPath (with pkgs; [ utillinux coreutils ])} mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared touch /tmp/shared/shutdown-test diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index f03dc1cc413..aec8da6a2af 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -23,7 +23,7 @@ let guestAdditions = pkgs.linuxPackages.virtualboxGuestAdditions; miniInit = '' - #!${pkgs.stdenv.shell} -xe + #!${pkgs.runtimeShell} -xe export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.utillinux ]}" mkdir -p /run/dbus @@ -80,7 +80,7 @@ let touch /mnt-root/boot-done hostname "${vmName}" mkdir -p /nix/store - unshare -m ${escapeShellArg pkgs.stdenv.shell} -c ' + unshare -m ${escapeShellArg pkgs.runtimeShell} -c ' mount -t vboxsf nixstore /nix/store exec "$stage2Init" ' diff --git a/nixos/tests/wireguard/default.nix b/nixos/tests/wireguard/default.nix index 8206823a918..e3bc31c600f 100644 --- a/nixos/tests/wireguard/default.nix +++ b/nixos/tests/wireguard/default.nix @@ -1,97 +1,71 @@ -let - wg-snakeoil-keys = import ./snakeoil-keys.nix; -in - -import ../make-test-python.nix ({ pkgs, ...} : { - name = "wireguard"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ma27 ]; - }; - - nodes = { - peer0 = { lib, ... }: { - boot.kernel.sysctl = { - "net.ipv6.conf.all.forwarding" = "1"; - "net.ipv6.conf.default.forwarding" = "1"; - "net.ipv4.ip_forward" = "1"; - }; - - networking.useDHCP = false; - networking.interfaces.eth1 = { - ipv4.addresses = lib.singleton { - address = "192.168.0.1"; - prefixLength = 24; - }; - ipv6.addresses = lib.singleton { - address = "fd00::1"; - prefixLength = 64; - }; - }; +import ../make-test-python.nix ({ pkgs, lib, ...} : + let + wg-snakeoil-keys = import ./snakeoil-keys.nix; + peer = (import ./make-peer.nix) { inherit lib; }; + in + { + name = "wireguard"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ma27 ]; + }; - networking.firewall.allowedUDPPorts = [ 23542 ]; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.23.42.1/32" "fc00::1/128" ]; - listenPort = 23542; + nodes = { + peer0 = peer { + ip4 = "192.168.0.1"; + ip6 = "fd00::1"; + extraConfig = { + networking.firewall.allowedUDPPorts = [ 23542 ]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.1/32" "fc00::1/128" ]; + listenPort = 23542; - inherit (wg-snakeoil-keys.peer0) privateKey; + inherit (wg-snakeoil-keys.peer0) privateKey; - peers = lib.singleton { - allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; + peers = lib.singleton { + allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; - inherit (wg-snakeoil-keys.peer1) publicKey; + inherit (wg-snakeoil-keys.peer1) publicKey; + }; + }; }; }; - }; - peer1 = { pkgs, lib, ... }: { - boot.kernel.sysctl = { - "net.ipv6.conf.all.forwarding" = "1"; - "net.ipv6.conf.default.forwarding" = "1"; - "net.ipv4.ip_forward" = "1"; - }; - - networking.useDHCP = false; - networking.interfaces.eth1 = { - ipv4.addresses = lib.singleton { - address = "192.168.0.2"; - prefixLength = 24; - }; - ipv6.addresses = lib.singleton { - address = "fd00::2"; - prefixLength = 64; + peer1 = peer { + ip4 = "192.168.0.2"; + ip6 = "fd00::2"; + extraConfig = { + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.2/32" "fc00::2/128" ]; + listenPort = 23542; + allowedIPsAsRoutes = false; + + inherit (wg-snakeoil-keys.peer1) privateKey; + + peers = lib.singleton { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "192.168.0.1:23542"; + persistentKeepalive = 25; + + inherit (wg-snakeoil-keys.peer0) publicKey; + }; + + postSetup = let inherit (pkgs) iproute; in '' + ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 + ${iproute}/bin/ip route replace fc00::1/128 dev wg0 + ''; + }; }; }; - - networking.wireguard.interfaces.wg0 = { - ips = [ "10.23.42.2/32" "fc00::2/128" ]; - listenPort = 23542; - allowedIPsAsRoutes = false; - - inherit (wg-snakeoil-keys.peer1) privateKey; - - peers = lib.singleton { - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "192.168.0.1:23542"; - persistentKeepalive = 25; - - inherit (wg-snakeoil-keys.peer0) publicKey; - }; - - postSetup = let inherit (pkgs) iproute; in '' - ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 - ${iproute}/bin/ip route replace fc00::1/128 dev wg0 - ''; - }; }; - }; - testScript = '' - start_all() + testScript = '' + start_all() - peer0.wait_for_unit("wireguard-wg0.service") - peer1.wait_for_unit("wireguard-wg0.service") + peer0.wait_for_unit("wireguard-wg0.service") + peer1.wait_for_unit("wireguard-wg0.service") - peer1.succeed("ping -c5 fc00::1") - peer1.succeed("ping -c5 10.23.42.1") - ''; -}) + peer1.succeed("ping -c5 fc00::1") + peer1.succeed("ping -c5 10.23.42.1") + ''; + } +) diff --git a/nixos/tests/wireguard/make-peer.nix b/nixos/tests/wireguard/make-peer.nix new file mode 100644 index 00000000000..d2740549738 --- /dev/null +++ b/nixos/tests/wireguard/make-peer.nix @@ -0,0 +1,23 @@ +{ lib, ... }: { ip4, ip6, extraConfig }: +lib.mkMerge [ + { + boot.kernel.sysctl = { + "net.ipv6.conf.all.forwarding" = "1"; + "net.ipv6.conf.default.forwarding" = "1"; + "net.ipv4.ip_forward" = "1"; + }; + + networking.useDHCP = false; + networking.interfaces.eth1 = { + ipv4.addresses = [{ + address = ip4; + prefixLength = 24; + }]; + ipv6.addresses = [{ + address = ip6; + prefixLength = 64; + }]; + }; + } + extraConfig +] diff --git a/nixos/tests/wireguard/wg-quick.nix b/nixos/tests/wireguard/wg-quick.nix new file mode 100644 index 00000000000..7354dd01a34 --- /dev/null +++ b/nixos/tests/wireguard/wg-quick.nix @@ -0,0 +1,63 @@ +import ../make-test-python.nix ({ pkgs, lib, ... }: + let + wg-snakeoil-keys = import ./snakeoil-keys.nix; + peer = (import ./make-peer.nix) { inherit lib; }; + in + { + name = "wg-quick"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ xwvvvvwx ]; + }; + + nodes = { + peer0 = peer { + ip4 = "192.168.0.1"; + ip6 = "fd00::1"; + extraConfig = { + networking.firewall.allowedUDPPorts = [ 23542 ]; + networking.wg-quick.interfaces.wg0 = { + address = [ "10.23.42.1/32" "fc00::1/128" ]; + listenPort = 23542; + + inherit (wg-snakeoil-keys.peer0) privateKey; + + peers = lib.singleton { + allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; + + inherit (wg-snakeoil-keys.peer1) publicKey; + }; + }; + }; + }; + + peer1 = peer { + ip4 = "192.168.0.2"; + ip6 = "fd00::2"; + extraConfig = { + networking.wg-quick.interfaces.wg0 = { + address = [ "10.23.42.2/32" "fc00::2/128" ]; + inherit (wg-snakeoil-keys.peer1) privateKey; + + peers = lib.singleton { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "192.168.0.1:23542"; + persistentKeepalive = 25; + + inherit (wg-snakeoil-keys.peer0) publicKey; + }; + }; + }; + }; + }; + + testScript = '' + start_all() + + peer0.wait_for_unit("wg-quick-wg0.service") + peer1.wait_for_unit("wg-quick-wg0.service") + + peer1.succeed("ping -c5 fc00::1") + peer1.succeed("ping -c5 10.23.42.1") + ''; + } +) |