6 files changed, 86 insertions, 4 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix
index 6d728b387e1..c7fd4910e07 100644
--- a/nixos/tests/acme.nix
+++ b/nixos/tests/acme.nix
@@ -12,7 +12,9 @@ let
         '';
       });
 
-      pythonPackages = (super.python.override {
+      # Override certifi so that it accepts fake certificate for Let's Encrypt
+      # Need to override the attribute used by simp_le, which is python3Packages
+      python3Packages = (super.python3.override {
         packageOverrides = lib.const (pysuper: {
           certifi = pysuper.certifi.overridePythonAttrs (attrs: {
             postPatch = (attrs.postPatch or "") + ''
diff --git a/nixos/tests/cfssl.nix b/nixos/tests/cfssl.nix
new file mode 100644
index 00000000000..513ed8c4574
--- /dev/null
+++ b/nixos/tests/cfssl.nix
@@ -0,0 +1,67 @@
+import ./make-test.nix ({ pkgs, ...} : {
+  name = "cfssl";
+
+  machine = { config, lib, pkgs, ... }:
+  {
+    networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ];
+
+    services.cfssl.enable = true;
+    systemd.services.cfssl.after = [ "cfssl-init.service" ];
+
+    systemd.services.cfssl-init = {
+      description = "Initialize the cfssl CA";
+      wantedBy    = [ "multi-user.target" ];
+      serviceConfig = {
+        User             = "cfssl";
+        Type             = "oneshot";
+        WorkingDirectory = config.services.cfssl.dataDir;
+      };
+      script = with pkgs; ''
+        ${cfssl}/bin/cfssl genkey -initca ${pkgs.writeText "ca.json" (builtins.toJSON {
+          hosts = [ "ca.example.com" ];
+          key = {
+            algo = "rsa"; size = 4096; };
+            names = [
+              {
+                C = "US";
+                L = "San Francisco";
+                O = "Internet Widgets, LLC";
+                OU = "Certificate Authority";
+                ST = "California";
+              }
+            ];
+        })} | ${cfssl}/bin/cfssljson -bare ca
+      '';
+    };
+  };
+
+  testScript =
+  let
+    cfsslrequest = with pkgs; writeScript "cfsslrequest" ''
+      curl -X POST -H "Content-Type: application/json" -d @${csr} \
+        http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate
+    '';
+    csr = pkgs.writeText "csr.json" (builtins.toJSON {
+      CN = "www.example.com";
+      hosts = [ "example.com" "www.example.com" ];
+      key = {
+        algo = "rsa";
+        size = 2048;
+      };
+      names = [
+        {
+          C = "US";
+          L = "San Francisco";
+          O = "Example Company, LLC";
+          OU = "Operations";
+          ST = "California";
+        }
+      ];
+    });
+  in
+    ''
+      $machine->waitForUnit('cfssl.service');
+      $machine->waitUntilSucceeds('${cfsslrequest}');
+      $machine->succeed('ls /tmp/certificate-key.pem');
+    '';
+})
diff --git a/nixos/tests/containers-imperative.nix b/nixos/tests/containers-imperative.nix
index 93b00b5b977..913d8bed19d 100644
--- a/nixos/tests/containers-imperative.nix
+++ b/nixos/tests/containers-imperative.nix
@@ -9,6 +9,11 @@ import ./make-test.nix ({ pkgs, ...} : {
   machine =
     { config, pkgs, lib, ... }:
     { imports = [ ../modules/installer/cd-dvd/channel.nix ];
+
+      # XXX: Sandbox setup fails while trying to hardlink files from the host's
+      #      store file system into the prepared chroot directory.
+      nix.useSandbox = false;
+
       virtualisation.writableStore = true;
       virtualisation.memorySize = 1024;
       # Make sure we always have all the required dependencies for creating a
diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix
index 3f51d04163a..af2404bf530 100644
--- a/nixos/tests/gnome3.nix
+++ b/nixos/tests/gnome3.nix
@@ -15,6 +15,7 @@ import ./make-test.nix ({ pkgs, ...} : {
       services.xserver.displayManager.lightdm.autoLogin.enable = true;
       services.xserver.displayManager.lightdm.autoLogin.user = "alice";
       services.xserver.desktopManager.gnome3.enable = true;
+      services.xserver.desktopManager.default = "gnome";
 
       virtualisation.memorySize = 1024;
     };
diff --git a/nixos/tests/graphite.nix b/nixos/tests/graphite.nix
index 1fe4357191e..27a87bdbb9f 100644
--- a/nixos/tests/graphite.nix
+++ b/nixos/tests/graphite.nix
@@ -1,4 +1,4 @@
-import ./make-test.nix ({ ... } :
+import ./make-test.nix ({ pkgs, ... } :
 {
   name = "graphite";
   nodes = {
@@ -11,10 +11,12 @@ import ./make-test.nix ({ ... } :
           api = {
             enable = true;
             port = 8082;
+            finders = [ pkgs.python27Packages.influxgraph ];
           };
           carbon.enableCache = true;
           seyren.enable = true;
           pager.enable = true;
+          beacon.enable = true;
         };
       };
   };
@@ -25,6 +27,7 @@ import ./make-test.nix ({ ... } :
     $one->waitForUnit("graphiteWeb.service");
     $one->waitForUnit("graphiteApi.service");
     $one->waitForUnit("graphitePager.service");
+    $one->waitForUnit("graphite-beacon.service");
     $one->waitForUnit("carbonCache.service");
     $one->waitForUnit("seyren.service");
     # The services above are of type "simple". systemd considers them active immediately
diff --git a/nixos/tests/netdata.nix b/nixos/tests/netdata.nix
index c56506ba287..eb45db6f04c 100644
--- a/nixos/tests/netdata.nix
+++ b/nixos/tests/netdata.nix
@@ -19,8 +19,12 @@ import ./make-test.nix ({ pkgs, ...} : {
     startAll;
 
     $netdata->waitForUnit("netdata.service");
-    # check if netdata can read disk ops for root owned processes. 
-    # if > 0, successful. verifies both netdata working and 
+
+    # check if the netdata main page loads.
+    $netdata->succeed("curl --fail http://localhost:19999/");
+
+    # check if netdata can read disk ops for root owned processes.
+    # if > 0, successful. verifies both netdata working and
     # apps.plugin has elevated capabilities.
     my $cmd = <<'CMD';
     curl -s http://localhost:19999/api/v1/data\?chart=users.pwrites | \