diff options
Diffstat (limited to 'infra/libkookie/nixpkgs/nixos/tests')
113 files changed, 1987 insertions, 384 deletions
diff --git a/infra/libkookie/nixpkgs/nixos/tests/all-tests.nix b/infra/libkookie/nixpkgs/nixos/tests/all-tests.nix index 6564a958d5b4..c58203cc481f 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/all-tests.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/all-tests.nix @@ -24,10 +24,13 @@ in _3proxy = handleTest ./3proxy.nix {}; acme = handleTest ./acme.nix {}; agda = handleTest ./agda.nix {}; + ammonite = handleTest ./ammonite.nix {}; atd = handleTest ./atd.nix {}; avahi = handleTest ./avahi.nix {}; avahi-with-resolved = handleTest ./avahi.nix { networkd = true; }; + awscli = handleTest ./awscli.nix { }; babeld = handleTest ./babeld.nix {}; + bat = handleTest ./bat.nix {}; bazarr = handleTest ./bazarr.nix {}; bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64 beanstalkd = handleTest ./beanstalkd.nix {}; @@ -37,18 +40,18 @@ in bittorrent = handleTest ./bittorrent.nix {}; bitwarden = handleTest ./bitwarden.nix {}; blockbook-frontend = handleTest ./blockbook-frontend.nix {}; - buildkite-agents = handleTest ./buildkite-agents.nix {}; boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64 boot-stage1 = handleTest ./boot-stage1.nix {}; borgbackup = handleTest ./borgbackup.nix {}; buildbot = handleTest ./buildbot.nix {}; + buildkite-agents = handleTest ./buildkite-agents.nix {}; caddy = handleTest ./caddy.nix {}; cadvisor = handleTestOn ["x86_64-linux"] ./cadvisor.nix {}; cage = handleTest ./cage.nix {}; cagebreak = handleTest ./cagebreak.nix {}; cassandra = handleTest ./cassandra.nix {}; - ceph-single-node = handleTestOn ["x86_64-linux"] ./ceph-single-node.nix {}; ceph-multi-node = handleTestOn ["x86_64-linux"] ./ceph-multi-node.nix {}; + ceph-single-node = handleTestOn ["x86_64-linux"] ./ceph-single-node.nix {}; certmgr = handleTest ./certmgr.nix {}; cfssl = handleTestOn ["x86_64-linux"] ./cfssl.nix {}; charliecloud = handleTest ./charliecloud.nix {}; @@ -56,9 +59,9 @@ in cjdns = handleTest ./cjdns.nix {}; clickhouse = handleTest ./clickhouse.nix {}; cloud-init = handleTest ./cloud-init.nix {}; + cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {}; codimd = handleTest ./codimd.nix {}; consul = handleTest ./consul.nix {}; - cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {}; containers-bridge = handleTest ./containers-bridge.nix {}; containers-custom-pkgs.nix = handleTest ./containers-custom-pkgs.nix {}; containers-ephemeral = handleTest ./containers-ephemeral.nix {}; @@ -82,7 +85,6 @@ in dnscrypt-wrapper = handleTestOn ["x86_64-linux"] ./dnscrypt-wrapper {}; doas = handleTest ./doas.nix {}; docker = handleTestOn ["x86_64-linux"] ./docker.nix {}; - oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {}; docker-edge = handleTestOn ["x86_64-linux"] ./docker-edge.nix {}; docker-registry = handleTest ./docker-registry.nix {}; docker-tools = handleTestOn ["x86_64-linux"] ./docker-tools.nix {}; @@ -102,6 +104,7 @@ in etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {}; fancontrol = handleTest ./fancontrol.nix {}; + fcitx = handleTest ./fcitx {}; ferm = handleTest ./ferm.nix {}; firefox = handleTest ./firefox.nix {}; firefox-esr = handleTest ./firefox.nix { esr = true; }; @@ -115,24 +118,23 @@ in fsck = handleTest ./fsck.nix {}; ft2-clone = handleTest ./ft2-clone.nix {}; gerrit = handleTest ./gerrit.nix {}; - gotify-server = handleTest ./gotify-server.nix {}; - grocy = handleTest ./grocy.nix {}; gitdaemon = handleTest ./gitdaemon.nix {}; gitea = handleTest ./gitea.nix {}; gitlab = handleTest ./gitlab.nix {}; gitolite = handleTest ./gitolite.nix {}; gitolite-fcgiwrap = handleTest ./gitolite-fcgiwrap.nix {}; glusterfs = handleTest ./glusterfs.nix {}; - gnome3-xorg = handleTest ./gnome3-xorg.nix {}; gnome3 = handleTest ./gnome3.nix {}; - installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {}); + gnome3-xorg = handleTest ./gnome3-xorg.nix {}; + go-neb = handleTest ./go-neb.nix {}; gocd-agent = handleTest ./gocd-agent.nix {}; gocd-server = handleTest ./gocd-server.nix {}; - go-neb = handleTest ./go-neb.nix {}; google-oslogin = handleTest ./google-oslogin {}; + gotify-server = handleTest ./gotify-server.nix {}; grafana = handleTest ./grafana.nix {}; graphite = handleTest ./graphite.nix {}; graylog = handleTest ./graylog.nix {}; + grocy = handleTest ./grocy.nix {}; grub = handleTest ./grub.nix {}; gvisor = handleTest ./gvisor.nix {}; hadoop.hdfs = handleTestOn [ "x86_64-linux" ] ./hadoop/hdfs.nix {}; @@ -140,6 +142,8 @@ in handbrake = handleTestOn ["x86_64-linux"] ./handbrake.nix {}; haproxy = handleTest ./haproxy.nix {}; hardened = handleTest ./hardened.nix {}; + installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {}); + oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {}; # 9pnet_virtio used to mount /nix partition doesn't support # hibernation. This test happens to work on x86_64-linux but # not on other platforms. @@ -150,15 +154,14 @@ in hostname = handleTest ./hostname.nix {}; hound = handleTest ./hound.nix {}; hydra = handleTest ./hydra {}; - hydra-db-migration = handleTest ./hydra/db-migration.nix {}; i3wm = handleTest ./i3wm.nix {}; icingaweb2 = handleTest ./icingaweb2.nix {}; iftop = handleTest ./iftop.nix {}; ihatemoney = handleTest ./ihatemoney.nix {}; incron = handleTest ./incron.nix {}; influxdb = handleTest ./influxdb.nix {}; - initrd-network-ssh = handleTest ./initrd-network-ssh {}; initrd-network-openvpn = handleTest ./initrd-network-openvpn {}; + initrd-network-ssh = handleTest ./initrd-network-ssh {}; initrdNetwork = handleTest ./initrd-network.nix {}; installer = handleTest ./installer.nix {}; iodine = handleTest ./iodine.nix {}; @@ -169,6 +172,7 @@ in jenkins = handleTest ./jenkins.nix {}; jirafeau = handleTest ./jirafeau.nix {}; jitsi-meet = handleTest ./jitsi-meet.nix {}; + jq = handleTest ./jq.nix {}; k3s = handleTest ./k3s.nix {}; kafka = handleTest ./kafka.nix {}; keepalived = handleTest ./keepalived.nix {}; @@ -176,6 +180,7 @@ in kernel-latest = handleTest ./kernel-latest.nix {}; kernel-lts = handleTest ./kernel-lts.nix {}; kernel-testing = handleTest ./kernel-testing.nix {}; + keycloak = discoverTests (import ./keycloak.nix); keymap = handleTest ./keymap.nix {}; knot = handleTest ./knot.nix {}; krb5 = discoverTests (import ./krb5 {}); @@ -191,12 +196,13 @@ in limesurvey = handleTest ./limesurvey.nix {}; login = handleTest ./login.nix {}; loki = handleTest ./loki.nix {}; + lsd = handleTest ./lsd.nix {}; lxd = handleTest ./lxd.nix {}; lxd-nftables = handleTest ./lxd-nftables.nix {}; #logstash = handleTest ./logstash.nix {}; lorri = handleTest ./lorri/default.nix {}; - magnetico = handleTest ./magnetico.nix {}; magic-wormhole-mailbox-server = handleTest ./magic-wormhole-mailbox-server.nix {}; + magnetico = handleTest ./magnetico.nix {}; mailcatcher = handleTest ./mailcatcher.nix {}; mariadb-galera-mariabackup = handleTest ./mysql/mariadb-galera-mariabackup.nix {}; mariadb-galera-rsync = handleTest ./mysql/mariadb-galera-rsync.nix {}; @@ -205,9 +211,11 @@ in mediawiki = handleTest ./mediawiki.nix {}; memcached = handleTest ./memcached.nix {}; metabase = handleTest ./metabase.nix {}; + minecraft = handleTest ./minecraft.nix {}; + minecraft-server = handleTest ./minecraft-server.nix {}; + minidlna = handleTest ./minidlna.nix {}; miniflux = handleTest ./miniflux.nix {}; minio = handleTest ./minio.nix {}; - minidlna = handleTest ./minidlna.nix {}; misc = handleTest ./misc.nix {}; moinmoin = handleTest ./moinmoin.nix {}; mongodb = handleTest ./mongodb.nix {}; @@ -223,17 +231,20 @@ in mysql-autobackup = handleTest ./mysql/mysql-autobackup.nix {}; mysql-backup = handleTest ./mysql/mysql-backup.nix {}; mysql-replication = handleTest ./mysql/mysql-replication.nix {}; + n8n = handleTest ./n8n.nix {}; nagios = handleTest ./nagios.nix {}; + nano = handleTest ./nano.nix {}; + nar-serve = handleTest ./nar-serve.nix {}; nat.firewall = handleTest ./nat.nix { withFirewall = true; }; nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; }; nat.standalone = handleTest ./nat.nix { withFirewall = false; }; ncdns = handleTest ./ncdns.nix {}; ndppd = handleTest ./ndppd.nix {}; neo4j = handleTest ./neo4j.nix {}; - specialisation = handleTest ./specialisation.nix {}; netdata = handleTest ./netdata.nix {}; networking.networkd = handleTest ./networking.nix { networkd = true; }; networking.scripted = handleTest ./networking.nix { networkd = false; }; + specialisation = handleTest ./specialisation.nix {}; # TODO: put in networking.nix after the test becomes more complete networkingProxy = handleTest ./networking-proxy.nix {}; nextcloud = handleTest ./nextcloud {}; @@ -243,6 +254,7 @@ in nfs4 = handleTest ./nfs { version = 4; }; nghttpx = handleTest ./nghttpx.nix {}; nginx = handleTest ./nginx.nix {}; + nginx-auth = handleTest ./nginx-auth.nix {}; nginx-etag = handleTest ./nginx-etag.nix {}; nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {}; @@ -253,12 +265,13 @@ in novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {}; nsd = handleTest ./nsd.nix {}; nzbget = handleTest ./nzbget.nix {}; + oh-my-zsh = handleTest ./oh-my-zsh.nix {}; openarena = handleTest ./openarena.nix {}; openldap = handleTest ./openldap.nix {}; opensmtpd = handleTest ./opensmtpd.nix {}; openssh = handleTest ./openssh.nix {}; - openstack-image-userdata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).userdata or {}; openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {}; + openstack-image-userdata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).userdata or {}; orangefs = handleTest ./orangefs.nix {}; os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {}; osrm-backend = handleTest ./osrm-backend.nix {}; @@ -268,6 +281,7 @@ in pam-u2f = handleTest ./pam-u2f.nix {}; pantheon = handleTest ./pantheon.nix {}; paperless = handleTest ./paperless.nix {}; + pdns-recursor = handleTest ./pdns-recursor.nix {}; peerflix = handleTest ./peerflix.nix {}; pgjwt = handleTest ./pgjwt.nix {}; pgmanage = handleTest ./pgmanage.nix {}; @@ -309,7 +323,11 @@ in runInMachine = handleTest ./run-in-machine.nix {}; rxe = handleTest ./rxe.nix {}; samba = handleTest ./samba.nix {}; + samba-wsdd = handleTest ./samba-wsdd.nix {}; sanoid = handleTest ./sanoid.nix {}; + sbt = handleTest ./sbt.nix {}; + sbt-extras = handleTest ./sbt-extras.nix {}; + scala = handleTest ./scala.nix {}; sddm = handleTest ./sddm.nix {}; service-runner = handleTest ./service-runner.nix {}; shadowsocks = handleTest ./shadowsocks {}; @@ -323,9 +341,9 @@ in snapper = handleTest ./snapper.nix {}; sogo = handleTest ./sogo.nix {}; solr = handleTest ./solr.nix {}; + sonarr = handleTest ./sonarr.nix {}; spacecookie = handleTest ./spacecookie.nix {}; spike = handleTest ./spike.nix {}; - sonarr = handleTest ./sonarr.nix {}; sslh = handleTest ./sslh.nix {}; sssd = handleTestOn ["x86_64-linux"] ./sssd.nix {}; sssd-ldap = handleTestOn ["x86_64-linux"] ./sssd-ldap.nix {}; @@ -341,13 +359,13 @@ in systemd-binfmt = handleTestOn ["x86_64-linux"] ./systemd-binfmt.nix {}; systemd-boot = handleTest ./systemd-boot.nix {}; systemd-confinement = handleTest ./systemd-confinement.nix {}; - systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; - systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {}; + systemd-journal = handleTest ./systemd-journal.nix {}; systemd-networkd = handleTest ./systemd-networkd.nix {}; systemd-networkd-dhcpserver = handleTest ./systemd-networkd-dhcpserver.nix {}; systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {}; + systemd-networkd-vrf = handleTest ./systemd-networkd-vrf.nix {}; systemd-nspawn = handleTest ./systemd-nspawn.nix {}; - pdns-recursor = handleTest ./pdns-recursor.nix {}; + systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; taskserver = handleTest ./taskserver.nix {}; telegraf = handleTest ./telegraf.nix {}; tiddlywiki = handleTest ./tiddlywiki.nix {}; @@ -355,19 +373,22 @@ in tinydns = handleTest ./tinydns.nix {}; tor = handleTest ./tor.nix {}; # traefik test relies on docker-containers + trac = handleTest ./trac.nix {}; traefik = handleTestOn ["x86_64-linux"] ./traefik.nix {}; transmission = handleTest ./transmission.nix {}; - trac = handleTest ./trac.nix {}; - trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {}; trezord = handleTest ./trezord.nix {}; trickster = handleTest ./trickster.nix {}; + trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {}; tuptime = handleTest ./tuptime.nix {}; + ucg = handleTest ./ucg.nix {}; udisks2 = handleTest ./udisks2.nix {}; + unbound = handleTest ./unbound.nix {}; unit-php = handleTest ./web-servers/unit-php.nix {}; upnp = handleTest ./upnp.nix {}; uwsgi = handleTest ./uwsgi.nix {}; v2ray = handleTest ./v2ray.nix {}; vault = handleTest ./vault.nix {}; + vector = handleTest ./vector.nix {}; victoriametrics = handleTest ./victoriametrics.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; wasabibackend = handleTest ./wasabibackend.nix {}; @@ -379,6 +400,7 @@ in xmonad = handleTest ./xmonad.nix {}; xrdp = handleTest ./xrdp.nix {}; xss-lock = handleTest ./xss-lock.nix {}; + xterm = handleTest ./xterm.nix {}; yabar = handleTest ./yabar.nix {}; yggdrasil = handleTest ./yggdrasil.nix {}; zfs = handleTest ./zfs.nix {}; diff --git a/infra/libkookie/nixpkgs/nixos/tests/ammonite.nix b/infra/libkookie/nixpkgs/nixos/tests/ammonite.nix index 1955e42be5f0..e9f06358e13f 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/ammonite.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/ammonite.nix @@ -8,7 +8,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { amm = { pkgs, ... }: { - environment.systemPackages = [ pkgs.ammonite ]; + environment.systemPackages = [ (pkgs.ammonite.override { jre = pkgs.jre8; }) ]; }; }; diff --git a/infra/libkookie/nixpkgs/nixos/tests/avahi.nix b/infra/libkookie/nixpkgs/nixos/tests/avahi.nix index 66cff3009f7d..c1a9114a40f6 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/avahi.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/avahi.nix @@ -2,10 +2,11 @@ , config ? {} , pkgs ? import ../.. { inherit system config; } # bool: whether to use networkd in the tests -, networkd ? false }: +, networkd ? false +} @ args: # Test whether `avahi-daemon' and `libnss-mdns' work as expected. -import ./make-test-python.nix ({ ... } : { +import ./make-test-python.nix { name = "avahi"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ eelco ]; @@ -75,4 +76,4 @@ import ./make-test-python.nix ({ ... } : { two.succeed("avahi-browse -r -t _ssh._tcp | tee out >&2") two.succeed("test `wc -l < out` -gt 0") ''; -}) +} args diff --git a/infra/libkookie/nixpkgs/nixos/tests/awscli.nix b/infra/libkookie/nixpkgs/nixos/tests/awscli.nix new file mode 100644 index 000000000000..35bdd6d99b1a --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/awscli.nix @@ -0,0 +1,17 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "awscli"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { pkgs, ... }: + { + environment.systemPackages = [ pkgs.awscli ]; + }; + + testScript = + '' + assert "${pkgs.python3Packages.botocore.version}" in machine.succeed("aws --version") + assert "${pkgs.awscli.version}" in machine.succeed("aws --version") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/bat.nix b/infra/libkookie/nixpkgs/nixos/tests/bat.nix new file mode 100644 index 000000000000..8e65e235d94f --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/bat.nix @@ -0,0 +1,12 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "bat"; + meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; }; + + machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.bat ]; }; + + testScript = '' + machine.succeed("echo 'Foobar\n\n\n42' > /tmp/foo") + assert "Foobar" in machine.succeed("bat -p /tmp/foo") + assert "42" in machine.succeed("bat -p /tmp/foo -r 4:4") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/bitcoind.nix b/infra/libkookie/nixpkgs/nixos/tests/bitcoind.nix index 09f3e4a6ec07..9068b29b8e5c 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/bitcoind.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/bitcoind.nix @@ -31,16 +31,16 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.wait_for_unit("bitcoind-testnet.service") machine.wait_until_succeeds( - 'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' ' + 'curl --fail --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' ' ) machine.wait_until_succeeds( - 'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' ' + 'curl --fail --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:8332 | grep \'"chain":"main"\' ' ) machine.wait_until_succeeds( - 'curl --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' ' + 'curl --fail --user rpc:rpc --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' ' ) machine.wait_until_succeeds( - 'curl --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' ' + 'curl --fail --user rpc2:rpc2 --data-binary \'{"jsonrpc": "1.0", "id":"curltest", "method": "getblockchaininfo", "params": [] }\' -H \'content-type: text/plain;\' localhost:18332 | grep \'"chain":"test"\' ' ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/caddy.nix b/infra/libkookie/nixpkgs/nixos/tests/caddy.nix index 445a7fa6b0b4..a21dbec248ab 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/caddy.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/caddy.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "caddy"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ xfix filalex77 ]; + maintainers = [ xfix Br1ght0ne ]; }; nodes = { @@ -57,11 +57,13 @@ import ./make-test-python.nix ({ pkgs, ... }: { def check_etag(url): etag = webserver.succeed( - "curl -v '{}' 2>&1 | sed -n -e \"s/^< [Ee][Tt][Aa][Gg]: *//p\"".format(url) + "curl --fail -v '{}' 2>&1 | sed -n -e \"s/^< [Ee][Tt][Aa][Gg]: *//p\"".format( + url + ) ) etag = etag.replace("\r\n", " ") http_code = webserver.succeed( - "curl --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format( + "curl --fail --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format( etag, url ) ) diff --git a/infra/libkookie/nixpkgs/nixos/tests/cadvisor.nix b/infra/libkookie/nixpkgs/nixos/tests/cadvisor.nix index 60c04f147800..664aa3ad876a 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/cadvisor.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/cadvisor.nix @@ -19,16 +19,16 @@ import ./make-test-python.nix ({ pkgs, ... } : { testScript = '' start_all() machine.wait_for_unit("cadvisor.service") - machine.succeed("curl http://localhost:8080/containers/") + machine.succeed("curl -f http://localhost:8080/containers/") influxdb.wait_for_unit("influxdb.service") # create influxdb database influxdb.succeed( - 'curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE root"' + 'curl -f -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE root"' ) influxdb.wait_for_unit("cadvisor.service") - influxdb.succeed("curl http://localhost:8080/containers/") + influxdb.succeed("curl -f http://localhost:8080/containers/") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/certmgr.nix b/infra/libkookie/nixpkgs/nixos/tests/certmgr.nix index ef32f54400e3..8f5b89487793 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/certmgr.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/certmgr.nix @@ -11,7 +11,7 @@ let file = { group = "nginx"; owner = "nginx"; - path = "/tmp/${host}-ca.pem"; + path = "/var/ssl/${host}-ca.pem"; }; label = "www_ca"; profile = "three-month"; @@ -20,13 +20,13 @@ let certificate = { group = "nginx"; owner = "nginx"; - path = "/tmp/${host}-cert.pem"; + path = "/var/ssl/${host}-cert.pem"; }; private_key = { group = "nginx"; mode = "0600"; owner = "nginx"; - path = "/tmp/${host}-key.pem"; + path = "/var/ssl/${host}-key.pem"; }; request = { CN = host; @@ -57,6 +57,8 @@ let services.cfssl.enable = true; systemd.services.cfssl.after = [ "cfssl-init.service" "networking.target" ]; + systemd.tmpfiles.rules = [ "d /var/ssl 777 root root" ]; + systemd.services.cfssl-init = { description = "Initialize the cfssl CA"; wantedBy = [ "multi-user.target" ]; @@ -87,8 +89,8 @@ let enable = true; virtualHosts = lib.mkMerge (map (host: { ${host} = { - sslCertificate = "/tmp/${host}-cert.pem"; - sslCertificateKey = "/tmp/${host}-key.pem"; + sslCertificate = "/var/ssl/${host}-cert.pem"; + sslCertificateKey = "/var/ssl/${host}-key.pem"; extraConfig = '' ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ''; @@ -124,16 +126,18 @@ in }; testScript = '' machine.wait_for_unit("cfssl.service") - machine.wait_until_succeeds("ls /tmp/decl.example.org-ca.pem") - machine.wait_until_succeeds("ls /tmp/decl.example.org-key.pem") - machine.wait_until_succeeds("ls /tmp/decl.example.org-cert.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-ca.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-key.pem") - machine.wait_until_succeeds("ls /tmp/imp.example.org-cert.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-ca.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-key.pem") + machine.wait_until_succeeds("ls /var/ssl/decl.example.org-cert.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-ca.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-key.pem") + machine.wait_until_succeeds("ls /var/ssl/imp.example.org-cert.pem") machine.wait_for_unit("nginx.service") assert 1 < int(machine.succeed('journalctl -u nginx | grep "Starting Nginx" | wc -l')) - machine.succeed("curl --cacert /tmp/imp.example.org-ca.pem https://imp.example.org") - machine.succeed("curl --cacert /tmp/decl.example.org-ca.pem https://decl.example.org") + machine.succeed("curl --cacert /var/ssl/imp.example.org-ca.pem https://imp.example.org") + machine.succeed( + "curl --cacert /var/ssl/decl.example.org-ca.pem https://decl.example.org" + ) ''; }; diff --git a/infra/libkookie/nixpkgs/nixos/tests/cfssl.nix b/infra/libkookie/nixpkgs/nixos/tests/cfssl.nix index e291fc285fba..170f09d9b76c 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/cfssl.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/cfssl.nix @@ -38,7 +38,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { testScript = let cfsslrequest = with pkgs; writeScript "cfsslrequest" '' - curl -X POST -H "Content-Type: application/json" -d @${csr} \ + curl -f -X POST -H "Content-Type: application/json" -d @${csr} \ http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate ''; csr = pkgs.writeText "csr.json" (builtins.toJSON { diff --git a/infra/libkookie/nixpkgs/nixos/tests/cloud-init.nix b/infra/libkookie/nixpkgs/nixos/tests/cloud-init.nix index a127be6dd85f..d59d222974b5 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/cloud-init.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/cloud-init.nix @@ -51,29 +51,31 @@ in makeTest { networking.hostName = ""; }; testScript = '' - machine.wait_for_unit("cloud-init.service") - machine.succeed("cat /tmp/cloudinit-write-file | grep -q 'cloudinit'") + # To wait until cloud-init terminates its run + unnamed.wait_for_unit("cloud-final.service") + + unnamed.succeed("cat /tmp/cloudinit-write-file | grep -q 'cloudinit'") # install snakeoil ssh key and provision .ssh/config file - machine.succeed("mkdir -p ~/.ssh") - machine.succeed( + unnamed.succeed("mkdir -p ~/.ssh") + unnamed.succeed( "cat ${snakeOilPrivateKey} > ~/.ssh/id_snakeoil" ) - machine.succeed("chmod 600 ~/.ssh/id_snakeoil") + unnamed.succeed("chmod 600 ~/.ssh/id_snakeoil") - machine.wait_for_unit("sshd.service") + unnamed.wait_for_unit("sshd.service") # we should be able to log in as the root user, as well as the created nixos user - machine.succeed( + unnamed.succeed( "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/id_snakeoil root@localhost 'true'" ) - machine.succeed( + unnamed.succeed( "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/id_snakeoil nixos@localhost 'true'" ) # test changing hostname via cloud-init worked assert ( - machine.succeed( + unnamed.succeed( "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentityFile=~/.ssh/id_snakeoil nixos@localhost 'hostname'" ).strip() == "test" diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md new file mode 100644 index 000000000000..9de2b2c71029 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/README.md @@ -0,0 +1,21 @@ +# Fake Certificate Authority for ACME testing + +This will set up a test node running [pebble](https://github.com/letsencrypt/pebble) +to serve ACME certificate requests. + +## "Snake oil" certs + +The snake oil certs are hard coded into the repo for reasons explained [here](https://github.com/NixOS/nixpkgs/pull/91121#discussion_r505410235). +The root of the issue is that Nix will hash the derivation based on the arguments +to mkDerivation, not the output. [Minica](https://github.com/jsha/minica) will +always generate a random certificate even if the arguments are unchanged. As a +result, it's possible to end up in a situation where the cached and local +generated certs mismatch and cause issues with testing. + +To generate new certificates, run the following commands: + +```bash +nix-build generate-certs.nix +cp result/* . +rm result +``` diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/acme.test.cert.pem b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/acme.test.cert.pem new file mode 100644 index 000000000000..76b0d916a817 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/acme.test.cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDLDCCAhSgAwIBAgIIRDAN3FHH//IwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE +AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMB4XDTIwMTAyMTEzMjgzNloXDTIyMTEy +MDEzMjgzNlowFDESMBAGA1UEAxMJYWNtZS50ZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9 +Z4Xu5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeH +pImHO/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCN +Xf/LjIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/l +EnHrkcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOY +H+RfQfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABo3YwdDAOBgNVHQ8B +Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB +/wQCMAAwHwYDVR0jBBgwFoAU+8IZlLV/Qp5CXqpXMLvtxWlxcJwwFAYDVR0RBA0w +C4IJYWNtZS50ZXN0MA0GCSqGSIb3DQEBCwUAA4IBAQB0pe8I5/VDkB5VMgQB2GJV +GKzyigfWbVez9uLmqMj9PPP/zzYKSYeq+91aMuOZrnH7NqBxSTwanULkmqAmhbJJ +YkXw+FlFekf9FyxcuArzwzzNZDSGcjcdXpN8S2K1qkBd00iSJF9kU7pdZYCIKR20 +QirdBrELEfsJ3GU62a6N3a2YsrisZUvq5TbjGJDcytAtt+WG3gmV7RInLdFfPwbw +bEHPCnx0uiV0nxLjd/aVT+RceVrFQVt4hR99jLoMlBitSKluZ1ljsrpIyroBhQT0 +pp/pVi6HJdijG0fsPrC325NEGAwcpotLUhczoeM/rffKJd54wLhDkfYxOyRZXivs +-----END CERTIFICATE----- diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/acme.test.key.pem b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/acme.test.key.pem new file mode 100644 index 000000000000..741df99a372e --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/acme.test.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAo8XjMVUaljcaqQ5MFhfPuQgSwdyXEUbpSHz+5yPkE0h9Z4Xu +5BJF1Oq7h5ggCtadVsIspiY6Jm6aWDOjlh4myzW5UNBNUG3OPEk50vmmHFeHpImH +O/d8yb33QoF9VRcTZs4tuJYg7l9bSs4jNG72vYvv2YiGAcmjJcsmAZIfniCNXf/L +jIm+Cxykn+Vo3UuzO1w5/iuofdgWO/aZxMezmXUivlL3ih4cNzCJei8WlB/lEnHr +kcy3ogRmmynP5zcz7vmGIJX2ji6dhCa4Got5B7eZK76o2QglhQXqPatG0AOYH+Rf +QfzKemqPG5om9MgJtwFtTOU1LoaiBw//jXKESQIDAQABAoIBADox/2FwVFo8ioS4 +R+Ex5OZjMAcjU6sX/516jTmlT05q2+UFerYgqB/YqXqtW/V9/brulN8VhmRRuRbO +grq9TBu5o3hMDK0f18EkZB/MBnLbx594H033y6gEkPBZAyhRYtuNOEH3VwxdZhtW +1Lu1EoiYSUqLcNMBy6+KWJ8GRaXyacMYBlj2lMHmyzkA/t1+2mwTGC3lT6zN0F5Y +E5umXOxsn6Tb6q3KM9O5IvtmMMKpgj4HIHZLZ6j40nNgHwGRaAv4Sha/vx0DeBw3 +6VlNiTTPdShEkhESlM5/ocqTfI92VHJpM5gkqTYOWBi2aKIPfAopXoqoJdWl4pQ/ +NCFIu2ECgYEAzntNKIcQtf0ewe0/POo07SIFirvz6jVtYNMTzeQfL6CoEjYArJeu +Vzc4wEQfA4ZFVerBb1/O6M449gI3zex1PH4AX0h8q8DSjrppK1Jt2TnpVh97k7Gg +Tnat/M/yW3lWYkcMVJJ3AYurXLFTT1dYP0HvBwZN04yInrEcPNXKfmcCgYEAywyJ +51d4AE94PrANathKqSI/gk8sP+L1gzylZCcUEAiGk/1r45iYB4HN2gvWbS+CvSdp +F7ShlDWrTaNh2Bm1dgTjc4pWb4J+CPy/KN2sgLwIuM4+ZWIZmEDcio6khrM/gNqK +aR7xUsvWsqU26O84woY/xR8IHjSNF7cFWE1H2c8CgYEAt6SSi2kVQ8dMg84uYE8t +o3qO00U3OycpkOQqyQQLeKC62veMwfRl6swCfX4Y11mkcTXJtPTRYd2Ia8StPUkB +PDwUuKoPt/JXUvoYb59wc7M+BIsbrdBdc2u6cw+/zfutCNuH6/AYSBeg4WAVaIuW +wSwzG1xP+8cR+5IqOzEqWCECgYATweeVTCyQEyuHJghYMi2poXx+iIesu7/aAkex +pB/Oo5W8xrb90XZRnK7UHbzCqRHWqAQQ23Gxgztk9ZXqui2vCzC6qGZauV7cLwPG +zTMg36sVmHP314DYEM+k59ZYiQ6P0jQPoIQo407D2VGrfsOOIhQIcUmP7tsfyJ5L +hlGMfwKBgGq4VNnnuX8I5kl03NpaKfG+M8jEHmVwtI9RkPTCCX9bMjeG0cDxqPTF +TRkf3r8UWQTZ5QfAfAXYAOlZvmGhHjSembRbXMrMdi3rGsYRSrQL6n5NHnORUaMy +FCWo4gyAnniry7tx9dVNgmHmbjEHuQnf8AC1r3dibRCjvJWUiQ8H +-----END RSA PRIVATE KEY----- diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/ca.cert.pem b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/ca.cert.pem new file mode 100644 index 000000000000..5c33e879b675 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/ca.cert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIIeHRvRrNvbGQwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE +AxMVbWluaWNhIHJvb3QgY2EgNzg3NDZmMCAXDTIwMTAyMTEzMjgzNloYDzIxMjAx +MDIxMTMyODM2WjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA3ODc0NmYwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrNTzVLDJOKtGYGLU98EEcLKps +tXHCLC6G54LKbEcU80fn+ArX8qsPSHyhdXQkcYjq6Vh/EDJ1TctyRSnvAjwyG4Aa +1Zy1QFc/JnjMjvzimCkUc9lQ+wkLwHSM/KGwR1cGjmtQ/EMClZTA0NwulJsXMKVz +bd5asXbq/yJTQ5Ww25HtdNjwRQXTvB7r3IKcY+DsED9CvFvC9oG/ZhtZqZuyyRdC +kFUrrv8WNUDkWSN+lMR6xMx8v0583IN6f11IhX0b+svK98G81B2eswBdkzvVyv9M +unZBO0JuJG8sdM502KhWLmzBC1ZbvgUBF9BumDRpMFH4DCj7+qQ2taWeGyc7AgMB +AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr +BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT7whmUtX9CnkJe +qlcwu+3FaXFwnDAfBgNVHSMEGDAWgBT7whmUtX9CnkJeqlcwu+3FaXFwnDANBgkq +hkiG9w0BAQsFAAOCAQEARMe1wKmF33GjEoLLw0oDDS4EdAv26BzCwtrlljsEtwQN +95oSzUNd6o4Js7WCG2o543OX6cxzM+yju8TES3+vJKDgsbNMU0bWCv//tdrb0/G8 +OkU3Kfi5q4fOauZ1pqGv/pXdfYhZ5ieB/zwis3ykANe5JfB0XqwCb1Vd0C3UCIS2 +NPKngRwNSzphIsbzfvxGDkdM1enuGl5CVyDhrwTMqGaJGDSOv6U5jKFxKRvigqTN +Ls9lPmT5NXYETduWLBR3yUIdH6kZXrcozZ02B9vjOB2Cv4RMDc+9eM30CLIWpf1I +097e7JkhzxFhfC/bMMt3P1FeQc+fwH91wdBmNi7tQw== +-----END CERTIFICATE----- diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/ca.key.pem b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/ca.key.pem new file mode 100644 index 000000000000..ed46f5dccf46 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/ca.key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAqzU81SwyTirRmBi1PfBBHCyqbLVxwiwuhueCymxHFPNH5/gK +1/KrD0h8oXV0JHGI6ulYfxAydU3LckUp7wI8MhuAGtWctUBXPyZ4zI784pgpFHPZ +UPsJC8B0jPyhsEdXBo5rUPxDApWUwNDcLpSbFzClc23eWrF26v8iU0OVsNuR7XTY +8EUF07we69yCnGPg7BA/QrxbwvaBv2YbWambsskXQpBVK67/FjVA5FkjfpTEesTM +fL9OfNyDen9dSIV9G/rLyvfBvNQdnrMAXZM71cr/TLp2QTtCbiRvLHTOdNioVi5s +wQtWW74FARfQbpg0aTBR+Awo+/qkNrWlnhsnOwIDAQABAoIBAA3ykVkgd5ysmlSU +trcsCnHcJaojgff6l3PACoSpG4VWaGY6a8+54julgRm6MtMBONFCX0ZCsImj484U +Wl0xRmwil2YYPuL5MeJgJPktMObY1IfpBCw3tz3w2M3fiuCMf0d2dMGtO1xLiUnH ++hgFXTkfamsj6ThkOrbcQBSebeRxbKM5hqyCaQoieV+0IJnyxUVq/apib8N50VsH +SHd4oqLUuEZgg6N70+l5DpzedJUb4nrwS/KhUHUBgnoPItYBCiGPmrwLk7fUhPs6 +kTDqJDtc/xW/JbjmzhWEpVvtumcC/OEKULss7HLdeQqwVBrRQkznb0M9AnSra3d0 +X11/Y4ECgYEA3FC8SquLPFb2lHK4+YbJ4Ac6QVWeYFEHiZ0Rj+CmONmjcAvOGLPE +SblRLm3Nbrkxbm8FF6/AfXa/rviAKEVPs5xqGfSDw/3n1uInPcmShiBCLwM/jHH5 +NeVG+R5mTg5zyQ/pQMLWRcs+Ail+ZAnZuoGpW3Cdc8OtCUYFQ7XB6nsCgYEAxvBJ +zFxcTtsDzWbMWXejugQiUqJcEbKWwEfkRbf3J2rAVO2+EFr7LxdRfN2VwPiTQcWc +LnN2QN+ouOjqBMTh3qm5oQY+TLLHy86k9g1k0gXWkMRQgP2ZdfWH1HyrwjLUgLe1 +VezFN7N1azgy6xFkInAAvuA4loxElZNvkGBgekECgYA/Xw26ILvNIGqO6qzgQXAh ++5I7JsiGheg4IjDiBMlrQtbrLMoceuD0H9UFGNplhel9DXwWgxxIOncKejpK2x0A +2fX+/0FDh+4+9hA5ipiV8gN3iGSoHkSDxy5yC9d7jlapt+TtFt4Rd1OfxZWwatDw +/8jaH3t6yAcmyrhK8KYVrwKBgAE5KwsBqmOlvyE9N5Z5QN189wUREIXfVkP6bTHs +jq2EX4hmKdwJ4y+H8i1VY31bSfSGlY5HkXuWpH/2lrHO0CDBZG3UDwADvWzIaYVF +0c/kz0v2mRQh+xaZmus4lQnNrDbaalgL666LAPbW0qFVaws3KxoBYPe0BxvwWyhF +H3LBAoGBAKRRNsq2pWQ8Gqxc0rVoH0FlexU9U2ci3lsLmgEB0A/o/kQkSyAxaRM+ +VdKp3sWfO8o8lX5CVQslCNBSjDTNcat3Co4NEBLg6Xv1yKN/WN1GhusnchP9szsP +oU47gC89QhUyWSd6vvr2z2NG9C3cACxe4dhDSHQcE4nHSldzCKv2 +-----END RSA PRIVATE KEY----- diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/default.nix b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/default.nix index cea10c16900d..1c3bfdf76b7e 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/default.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/default.nix @@ -51,10 +51,7 @@ # that it has to be started _before_ the ACME service. { config, pkgs, lib, ... }: let - testCerts = import ./snakeoil-certs.nix { - minica = pkgs.minica; - mkDerivation = pkgs.stdenv.mkDerivation; - }; + testCerts = import ./snakeoil-certs.nix; domain = testCerts.domain; resolver = let diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/generate-certs.nix b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/generate-certs.nix new file mode 100644 index 000000000000..cd8fe0dffca1 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/generate-certs.nix @@ -0,0 +1,29 @@ +# Minica can provide a CA key and cert, plus a key +# and cert for our fake CA server's Web Front End (WFE). +{ + pkgs ? import <nixpkgs> {}, + minica ? pkgs.minica, + mkDerivation ? pkgs.stdenv.mkDerivation +}: +let + conf = import ./snakeoil-certs.nix; + domain = conf.domain; +in mkDerivation { + name = "test-certs"; + buildInputs = [ minica ]; + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + minica \ + --ca-key ca.key.pem \ + --ca-cert ca.cert.pem \ + --domains ${domain} + ''; + + installPhase = '' + mkdir -p $out + mv ca.*.pem $out/ + mv ${domain}/key.pem $out/${domain}.key.pem + mv ${domain}/cert.pem $out/${domain}.cert.pem + ''; +} diff --git a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/snakeoil-certs.nix b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/snakeoil-certs.nix index 4b6a38b8fa30..11c3f7fc9290 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/snakeoil-certs.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/common/acme/server/snakeoil-certs.nix @@ -1,37 +1,13 @@ -# Minica can provide a CA key and cert, plus a key -# and cert for our fake CA server's Web Front End (WFE). -{ minica, mkDerivation }: let domain = "acme.test"; - - selfSignedCertData = mkDerivation { - name = "test-certs"; - buildInputs = [ minica ]; - phases = [ "buildPhase" "installPhase" ]; - - buildPhase = '' - mkdir ca - minica \ - --ca-key ca/key.pem \ - --ca-cert ca/cert.pem \ - --domains ${domain} - chmod 600 ca/* - chmod 640 ${domain}/*.pem - ''; - - installPhase = '' - mkdir -p $out - mv ${domain} ca $out/ - ''; - }; in { inherit domain; ca = { - cert = "${selfSignedCertData}/ca/cert.pem"; - key = "${selfSignedCertData}/ca/key.pem"; + cert = ./ca.cert.pem; + key = ./ca.key.pem; }; "${domain}" = { - cert = "${selfSignedCertData}/${domain}/cert.pem"; - key = "${selfSignedCertData}/${domain}/key.pem"; + cert = ./. + "/${domain}.cert.pem"; + key = ./. + "/${domain}.key.pem"; }; } diff --git a/infra/libkookie/nixpkgs/nixos/tests/convos.nix b/infra/libkookie/nixpkgs/nixos/tests/convos.nix index b4ff1188fd8b..af2758c857d0 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/convos.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/convos.nix @@ -25,6 +25,6 @@ in machine.wait_for_unit("convos") machine.wait_for_open_port("${toString port}") machine.succeed("journalctl -u convos | grep -q 'Listening at.*${toString port}'") - machine.succeed("curl http://localhost:${toString port}/") + machine.succeed("curl -f http://localhost:${toString port}/") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/corerad.nix b/infra/libkookie/nixpkgs/nixos/tests/corerad.nix index 37a1e90477a8..638010f92f44 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/corerad.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/corerad.nix @@ -80,7 +80,7 @@ import ./make-test-python.nix ( ), "SLAAC temporary address was not configured on client after router advertisement" with subtest("Verify HTTP debug server is configured"): - out = router.succeed("curl localhost:9430/metrics") + out = router.succeed("curl -f localhost:9430/metrics") assert ( "corerad_build_info" in out diff --git a/infra/libkookie/nixpkgs/nixos/tests/docker-edge.nix b/infra/libkookie/nixpkgs/nixos/tests/docker-edge.nix index 96de885a554a..703179eef195 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/docker-edge.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/docker-edge.nix @@ -43,7 +43,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { docker.fail("sudo -u noprivs docker ps") docker.succeed("docker stop sleeping") - # Must match version twice to ensure client and server versions are correct - docker.succeed('[ $(docker version | grep ${pkgs.docker-edge.version} | wc -l) = "2" ]') + # Must match version 4 times to ensure client and server git commits and versions are correct + docker.succeed('[ $(docker version | grep ${pkgs.docker-edge.version} | wc -l) = "4" ]') ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/docker-tools.nix b/infra/libkookie/nixpkgs/nixos/tests/docker-tools.nix index edb9aec62db3..3d1e39a379c1 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/docker-tools.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/docker-tools.nix @@ -115,9 +115,10 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker load --input='${examples.nginx}'", "docker run --name nginx -d -p 8000:80 ${examples.nginx.imageName}", ) - docker.wait_until_succeeds("curl http://localhost:8000/") + docker.wait_until_succeeds("curl -f http://localhost:8000/") docker.succeed( - "docker rm --force nginx", "docker rmi '${examples.nginx.imageName}'", + "docker rm --force nginx", + "docker rmi '${examples.nginx.imageName}'", ) with subtest("A pulled image can be used as base image"): @@ -234,5 +235,17 @@ import ./make-test-python.nix ({ pkgs, ... }: { "docker run --rm file-in-store nix-store --verify --check-contents", "docker run --rm file-in-store |& grep 'some data'", ) + + with subtest("Ensure cross compiled image can be loaded and has correct arch."): + docker.succeed( + "docker load --input='${pkgs.dockerTools.examples.cross}'", + ) + assert ( + docker.succeed( + "docker inspect ${pkgs.dockerTools.examples.cross.imageName} " + + "| ${pkgs.jq}/bin/jq -r .[].Architecture" + ).strip() + == "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64v8"}" + ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/fcitx/config b/infra/libkookie/nixpkgs/nixos/tests/fcitx/config new file mode 100644 index 000000000000..169768994e28 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/fcitx/config @@ -0,0 +1,12 @@ +[Hotkey] +SwitchKey=Disabled +IMSwitchHotkey=ALT_SHIFT +TimeInterval=240 + +[Program] +DelayStart=5 + +[Output] + +[Appearance] + diff --git a/infra/libkookie/nixpkgs/nixos/tests/fcitx/default.nix b/infra/libkookie/nixpkgs/nixos/tests/fcitx/default.nix new file mode 100644 index 000000000000..cbeb95d33b0c --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/fcitx/default.nix @@ -0,0 +1,142 @@ +import ../make-test-python.nix ( + { + pkgs, ... + }: + # copy_from_host works only for store paths + rec { + name = "fcitx"; + machine = + { + pkgs, + ... + }: + { + virtualisation.memorySize = 1024; + + imports = [ + ../common/user-account.nix + ]; + + environment.systemPackages = [ + # To avoid clashing with xfce4-terminal + pkgs.alacritty + ]; + + + services.xserver = + { + enable = true; + + displayManager = { + lightdm.enable = true; + autoLogin = { + enable = true; + user = "alice"; + }; + }; + + desktopManager.xfce.enable = true; + }; + + i18n = { + inputMethod = { + enabled = "fcitx"; + fcitx.engines = [ + pkgs.fcitx-engines.m17n + pkgs.fcitx-engines.table-extra + ]; + }; + }; + } + ; + + testScript = { nodes, ... }: + let + user = nodes.machine.config.users.users.alice; + userName = user.name; + userHome = user.home; + xauth = "${userHome}/.Xauthority"; + fcitx_confdir = "${userHome}/.config/fcitx"; + in + '' + # We need config files before login session + # So copy first thing + + # Point and click would be expensive, + # So configure using files + machine.copy_from_host( + "${./profile}", + "${fcitx_confdir}/profile", + ) + machine.copy_from_host( + "${./config}", + "${fcitx_confdir}/config", + ) + + start_all() + + machine.wait_for_file("${xauth}") + machine.succeed("xauth merge ${xauth}") + + machine.sleep(5) + + machine.succeed("su - ${userName} -c 'alacritty&'") + machine.succeed("su - ${userName} -c 'fcitx&'") + machine.sleep(10) + + ### Type on terminal + machine.send_chars("echo ") + machine.sleep(1) + + ### Start fcitx Unicode input + machine.send_key("ctrl-alt-shift-u") + machine.sleep(5) + machine.sleep(1) + + ### Search for smiling face + machine.send_chars("smil") + machine.sleep(1) + + ### Navigate to the second one + machine.send_key("tab") + machine.sleep(1) + + ### Choose it + machine.send_key("\n") + machine.sleep(1) + + ### Start fcitx language input + machine.send_key("ctrl-spc") + machine.sleep(1) + + ### Default zhengma, enter 一下 + machine.send_chars("a2") + machine.sleep(1) + + ### Switch to Harvard Kyoto + machine.send_key("alt-shift") + machine.sleep(1) + + ### Enter क + machine.send_chars("ka ") + machine.sleep(1) + + machine.send_key("alt-shift") + machine.sleep(1) + + ### Turn off Fcitx + machine.send_key("ctrl-spc") + machine.sleep(1) + + ### Redirect typed characters to a file + machine.send_chars(" > fcitx_test.out\n") + machine.sleep(1) + machine.screenshot("terminal_chars") + + ### Verify that file contents are as expected + file_content = machine.succeed("cat ${userHome}/fcitx_test.out") + assert file_content == "☺一下क\n" + '' + ; + } +) diff --git a/infra/libkookie/nixpkgs/nixos/tests/fcitx/profile b/infra/libkookie/nixpkgs/nixos/tests/fcitx/profile new file mode 100644 index 000000000000..77497a1496bd --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/fcitx/profile @@ -0,0 +1,4 @@ +[Profile] +IMName=zhengma-large +EnabledIMList=fcitx-keyboard-us:True,zhengma-large:True,m17n_sa_harvard-kyoto:True +PreeditStringInClientWindow=False diff --git a/infra/libkookie/nixpkgs/nixos/tests/ferm.nix b/infra/libkookie/nixpkgs/nixos/tests/ferm.nix index a73c9ce739cf..112b5f19a7de 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/ferm.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/ferm.nix @@ -56,6 +56,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { start_all() client.wait_for_unit("network-online.target") + server.wait_for_unit("network-online.target") server.wait_for_unit("ferm.service") server.wait_for_unit("nginx.service") server.wait_until_succeeds("ss -ntl | grep -q 80") diff --git a/infra/libkookie/nixpkgs/nixos/tests/firefox.nix b/infra/libkookie/nixpkgs/nixos/tests/firefox.nix index 7071baceba73..07e25bd4ca72 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/firefox.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/firefox.nix @@ -11,26 +11,105 @@ import ./make-test-python.nix ({ pkgs, esr ? false, ... }: { environment.systemPackages = (if esr then [ pkgs.firefox-esr ] else [ pkgs.firefox ]) ++ [ pkgs.xdotool ]; + + # Need some more memory to record audio. + virtualisation.memorySize = "500"; + + # Create a virtual sound device, with mixing + # and all, for recording audio. + boot.kernelModules = [ "snd-aloop" ]; + sound.enable = true; + sound.extraConfig = '' + pcm.!default { + type plug + slave.pcm pcm.dmixer + } + pcm.dmixer { + type dmix + ipc_key 1 + slave { + pcm "hw:Loopback,0,0" + rate 48000 + periods 128 + period_time 0 + period_size 1024 + buffer_size 8192 + } + } + pcm.recorder { + type hw + card "Loopback" + device 1 + subdevice 0 + } + ''; + + systemd.services.audio-recorder = { + description = "Record NixOS test audio to /tmp/record.wav"; + script = "${pkgs.alsaUtils}/bin/arecord -D recorder -f S16_LE -r48000 /tmp/record.wav"; + }; + }; testScript = '' + from contextlib import contextmanager + + + @contextmanager + def audio_recording(machine: Machine) -> None: + """ + Perform actions while recording the + machine audio output. + """ + machine.systemctl("start audio-recorder") + yield + machine.systemctl("stop audio-recorder") + + + def wait_for_sound(machine: Machine) -> None: + """ + Wait until any sound has been emitted. + """ + machine.wait_for_file("/tmp/record.wav") + while True: + # Get at most 2M of the recording + machine.execute("tail -c 2M /tmp/record.wav > /tmp/last") + # Get the exact size + size = int(machine.succeed("stat -c '%s' /tmp/last").strip()) + # Compare it against /dev/zero using `cmp` (skipping 50B of WAVE header). + # If some non-NULL bytes are found it returns 1. + status, output = machine.execute( + f"cmp -i 50 -n {size - 50} /tmp/last /dev/zero 2>&1" + ) + if status == 1: + break + machine.sleep(2) + + machine.wait_for_x() - with subtest("wait until Firefox has finished loading the Valgrind docs page"): + with subtest("Wait until Firefox has finished loading the Valgrind docs page"): machine.execute( "xterm -e 'firefox file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html' &" ) machine.wait_for_window("Valgrind") machine.sleep(40) + with subtest("Check whether Firefox can play sound"): + with audio_recording(machine): + machine.succeed( + "firefox file://${pkgs.sound-theme-freedesktop}/share/sounds/freedesktop/stereo/phone-incoming-call.oga &" + ) + wait_for_sound(machine) + machine.copy_from_vm("/tmp/record.wav") + + with subtest("Close sound test tab"): + machine.execute("xdotool key ctrl+w") + with subtest("Close default browser prompt"): machine.execute("xdotool key space") - with subtest("Hide default browser window"): - machine.sleep(2) - machine.execute("xdotool key F12") - - with subtest("wait until Firefox draws the developer tool panel"): + with subtest("Wait until Firefox draws the developer tool panel"): machine.sleep(10) machine.succeed("xwininfo -root -tree | grep Valgrind") machine.screenshot("screen") diff --git a/infra/libkookie/nixpkgs/nixos/tests/firejail.nix b/infra/libkookie/nixpkgs/nixos/tests/firejail.nix index a723cb01664f..5f122c3fa94d 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/firejail.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/firejail.nix @@ -11,6 +11,10 @@ import ./make-test-python.nix ({ pkgs, ...} : { enable = true; wrappedBinaries = { bash-jailed = "${pkgs.bash}/bin/bash"; + bash-jailed2 = { + executable = "${pkgs.bash}/bin/bash"; + extraArgs = [ "--private=~/firejail-home" ]; + }; }; }; @@ -53,6 +57,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { ) machine.fail("sudo -u alice bash-jailed -c 'cat ~/my-secrets/secret' | grep -q s3cret") + # Test extraArgs + machine.succeed("sudo -u alice mkdir /home/alice/firejail-home") + machine.succeed("sudo -u alice bash-jailed2 -c 'echo test > /home/alice/foo'") + machine.fail("sudo -u alice cat /home/alice/foo") + machine.succeed("sudo -u alice cat /home/alice/firejail-home/foo | grep test") # Test path acl with firejail executable machine.succeed("sudo -u alice firejail -- bash -c 'cat ~/public' | grep -q publ1c") diff --git a/infra/libkookie/nixpkgs/nixos/tests/gitea.nix b/infra/libkookie/nixpkgs/nixos/tests/gitea.nix index aaed2486421f..1fb27593f056 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/gitea.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/gitea.nix @@ -14,6 +14,7 @@ let nodes = { server = { config, pkgs, ... }: { + virtualisation.memorySize = 2048; services.gitea = { enable = true; database = { inherit type; }; diff --git a/infra/libkookie/nixpkgs/nixos/tests/gitlab.nix b/infra/libkookie/nixpkgs/nixos/tests/gitlab.nix index 7e4e8bcef92d..1214cddd0937 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/gitlab.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/gitlab.nix @@ -33,9 +33,9 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; { initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword; smtp.enable = true; secrets = { - secretFile = pkgs.writeText "secret" "Aig5zaic"; - otpFile = pkgs.writeText "otpsecret" "Riew9mue"; - dbFile = pkgs.writeText "dbsecret" "we2quaeZ"; + secretFile = pkgs.writeText "secret" "r8X9keSKynU7p4aKlh4GO1Bo77g5a7vj"; + otpFile = pkgs.writeText "otpsecret" "Zu5hGx3YvQx40DvI8WoZJQpX2paSDOlG"; + dbFile = pkgs.writeText "dbsecret" "lsGltKWTejOf6JxCVa7nLDenzkO9wPLR"; jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out"; }; }; diff --git a/infra/libkookie/nixpkgs/nixos/tests/go-neb.nix b/infra/libkookie/nixpkgs/nixos/tests/go-neb.nix index d9e5db0b4a53..531ab5a66714 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/go-neb.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/go-neb.nix @@ -34,7 +34,7 @@ import ./make-test-python.nix ({ pkgs, ... }: start_all() server.wait_for_unit("go-neb.service") server.wait_until_succeeds( - "curl -L http://localhost:4050/services/hooks/d2lraXBlZGlhX3NlcnZpY2U" + "curl -fL http://localhost:4050/services/hooks/d2lraXBlZGlhX3NlcnZpY2U" ) server.wait_until_succeeds( "journalctl -eu go-neb -o cat | grep -q service_id=wikipedia_service" diff --git a/infra/libkookie/nixpkgs/nixos/tests/hadoop/hdfs.nix b/infra/libkookie/nixpkgs/nixos/tests/hadoop/hdfs.nix index 85aaab34b158..f1f98ed42eb3 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/hadoop/hdfs.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/hadoop/hdfs.nix @@ -48,7 +48,7 @@ import ../make-test-python.nix ({...}: { datanode.wait_for_open_port(9866) datanode.wait_for_open_port(9867) - namenode.succeed("curl http://namenode:9870") - datanode.succeed("curl http://datanode:9864") + namenode.succeed("curl -f http://namenode:9870") + datanode.succeed("curl -f http://datanode:9864") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/hadoop/yarn.nix b/infra/libkookie/nixpkgs/nixos/tests/hadoop/yarn.nix index 2264ecaff155..01077245d397 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/hadoop/yarn.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/hadoop/yarn.nix @@ -40,7 +40,7 @@ import ../make-test-python.nix ({...}: { nodemanager.wait_for_open_port(8042) nodemanager.wait_for_open_port(8041) - resourcemanager.succeed("curl http://localhost:8088") - nodemanager.succeed("curl http://localhost:8042") + resourcemanager.succeed("curl -f http://localhost:8088") + nodemanager.succeed("curl -f http://localhost:8042") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/haproxy.nix b/infra/libkookie/nixpkgs/nixos/tests/haproxy.nix index ffb77c052a24..2c3878131b68 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/haproxy.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/haproxy.nix @@ -39,9 +39,9 @@ import ./make-test-python.nix ({ pkgs, ...}: { machine.wait_for_unit("multi-user.target") machine.wait_for_unit("haproxy.service") machine.wait_for_unit("httpd.service") - assert "We are all good!" in machine.succeed("curl -k http://localhost:80/index.txt") + assert "We are all good!" in machine.succeed("curl -fk http://localhost:80/index.txt") assert "haproxy_process_pool_allocated_bytes" in machine.succeed( - "curl -k http://localhost:80/metrics" + "curl -fk http://localhost:80/metrics" ) with subtest("reload"): @@ -49,7 +49,7 @@ import ./make-test-python.nix ({ pkgs, ...}: { # wait some time to ensure the following request hits the reloaded haproxy machine.sleep(5) assert "We are all good!" in machine.succeed( - "curl -k http://localhost:80/index.txt" + "curl -fk http://localhost:80/index.txt" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/hitch/default.nix b/infra/libkookie/nixpkgs/nixos/tests/hitch/default.nix index 904d12619d70..8a2193e75f2a 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/hitch/default.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/hitch/default.nix @@ -28,6 +28,6 @@ import ../make-test-python.nix ({ pkgs, ... }: machine.wait_for_unit("multi-user.target") machine.wait_for_unit("hitch.service") machine.wait_for_open_port(443) - assert "We are all good!" in machine.succeed("curl -k https://localhost:443/index.txt") + assert "We are all good!" in machine.succeed("curl -fk https://localhost:443/index.txt") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/hound.nix b/infra/libkookie/nixpkgs/nixos/tests/hound.nix index 27c65abdf27c..b8b10022bd92 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/hound.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/hound.nix @@ -53,7 +53,7 @@ import ./make-test-python.nix ({ pkgs, ... } : { machine.wait_for_unit("hound.service") machine.wait_for_open_port(6080) machine.wait_until_succeeds( - "curl http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep 'Filename' | grep 'hello'" + "curl -f http://127.0.0.1:6080/api/v1/search\?stats\=fosho\&repos\=\*\&rng=%3A20\&q\=hi\&files\=\&i=nope | grep 'Filename' | grep 'hello'" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/hydra/db-migration.nix b/infra/libkookie/nixpkgs/nixos/tests/hydra/db-migration.nix deleted file mode 100644 index ca65e2e66aa1..000000000000 --- a/infra/libkookie/nixpkgs/nixos/tests/hydra/db-migration.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ system ? builtins.currentSystem -, pkgs ? import ../../.. { inherit system; } -, ... -}: - -let inherit (import ./common.nix { inherit system; }) baseConfig; in - -with import ../../lib/testing-python.nix { inherit system pkgs; }; -with pkgs.lib; - -{ mig = makeTest { - name = "hydra-db-migration"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ma27 ]; - }; - - nodes = { - original = { pkgs, lib, ... }: { - imports = [ baseConfig ]; - - # An older version of Hydra before the db change - # for testing purposes. - services.hydra.package = pkgs.hydra-migration.overrideAttrs (old: { - inherit (old) pname; - version = "2020-02-06"; - src = pkgs.fetchFromGitHub { - owner = "NixOS"; - repo = "hydra"; - rev = "2b4f14963b16b21ebfcd6b6bfa7832842e9b2afc"; - sha256 = "16q0cffcsfx5pqd91n9k19850c1nbh4vvbd9h8yi64ihn7v8bick"; - }; - }); - }; - - migration_phase1 = { pkgs, lib, ... }: { - imports = [ baseConfig ]; - services.hydra.package = pkgs.hydra-migration; - }; - - finished = { pkgs, lib, ... }: { - imports = [ baseConfig ]; - services.hydra.package = pkgs.hydra-unstable; - }; - }; - - testScript = { nodes, ... }: let - next = nodes.migration_phase1.config.system.build.toplevel; - finished = nodes.finished.config.system.build.toplevel; - in '' - original.start() - original.wait_for_unit("multi-user.target") - original.wait_for_unit("postgresql.service") - original.wait_for_unit("hydra-init.service") - original.require_unit_state("hydra-queue-runner.service") - original.require_unit_state("hydra-evaluator.service") - original.require_unit_state("hydra-notify.service") - original.succeed("hydra-create-user admin --role admin --password admin") - original.wait_for_open_port(3000) - original.succeed("create-trivial-project.sh") - original.wait_until_succeeds( - 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' - ) - - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") - assert "jobset_id" not in out - - original.succeed( - "${next}/bin/switch-to-configuration test >&2" - ) - original.wait_for_unit("hydra-init.service") - - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") - assert "jobset_id|integer|||" in out - - original.succeed("hydra-backfill-ids") - - original.succeed( - "${finished}/bin/switch-to-configuration test >&2" - ) - original.wait_for_unit("hydra-init.service") - - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") - assert "jobset_id|integer||not null|" in out - - original.wait_until_succeeds( - 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' - ) - - original.shutdown() - ''; - }; -} diff --git a/infra/libkookie/nixpkgs/nixos/tests/hydra/default.nix b/infra/libkookie/nixpkgs/nixos/tests/hydra/default.nix index 2336e4033d6d..e91a1cd3359d 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/hydra/default.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/hydra/default.nix @@ -11,7 +11,7 @@ let inherit (import ./common.nix { inherit system; }) baseConfig; hydraPkgs = { - inherit (pkgs) hydra-migration hydra-unstable; + inherit (pkgs) hydra-unstable; }; makeHydraTest = with pkgs.lib; name: package: makeTest { diff --git a/infra/libkookie/nixpkgs/nixos/tests/initrd-network-ssh/default.nix b/infra/libkookie/nixpkgs/nixos/tests/initrd-network-ssh/default.nix index 017de6882081..0ad0563b0ce1 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/initrd-network-ssh/default.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/initrd-network-ssh/default.nix @@ -22,6 +22,10 @@ import ../make-test-python.nix ({ lib, ... }: hostKeys = [ ./ssh_host_ed25519_key ]; }; }; + boot.initrd.extraUtilsCommands = '' + mkdir -p $out/secrets/etc/ssh + cat "${./ssh_host_ed25519_key}" > $out/secrets/etc/ssh/sh_host_ed25519_key + ''; boot.initrd.preLVMCommands = '' while true; do if [ -f fnord ]; then diff --git a/infra/libkookie/nixpkgs/nixos/tests/installed-tests/default.nix b/infra/libkookie/nixpkgs/nixos/tests/installed-tests/default.nix index 889a00d4b568..e5d7009bb7b9 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/installed-tests/default.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/installed-tests/default.nix @@ -94,6 +94,7 @@ in glib-networking = callInstalledTest ./glib-networking.nix {}; gnome-photos = callInstalledTest ./gnome-photos.nix {}; graphene = callInstalledTest ./graphene.nix {}; + gsconnect = callInstalledTest ./gsconnect.nix {}; ibus = callInstalledTest ./ibus.nix {}; libgdata = callInstalledTest ./libgdata.nix {}; glib-testing = callInstalledTest ./glib-testing.nix {}; @@ -101,5 +102,6 @@ in libxmlb = callInstalledTest ./libxmlb.nix {}; malcontent = callInstalledTest ./malcontent.nix {}; ostree = callInstalledTest ./ostree.nix {}; + pipewire = callInstalledTest ./pipewire.nix {}; xdg-desktop-portal = callInstalledTest ./xdg-desktop-portal.nix {}; } diff --git a/infra/libkookie/nixpkgs/nixos/tests/installed-tests/fwupd.nix b/infra/libkookie/nixpkgs/nixos/tests/installed-tests/fwupd.nix index 6a0ceb57dda4..a8a683a1af7b 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/installed-tests/fwupd.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/installed-tests/fwupd.nix @@ -5,7 +5,7 @@ makeInstalledTest { testConfig = { services.fwupd.enable = true; - services.fwupd.blacklistPlugins = lib.mkForce []; # don't blacklist test plugin + services.fwupd.disabledPlugins = lib.mkForce []; # don't disable test plugin services.fwupd.enableTestRemote = true; virtualisation.memorySize = 768; }; diff --git a/infra/libkookie/nixpkgs/nixos/tests/installed-tests/gsconnect.nix b/infra/libkookie/nixpkgs/nixos/tests/installed-tests/gsconnect.nix new file mode 100644 index 000000000000..ac39f7435786 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/installed-tests/gsconnect.nix @@ -0,0 +1,7 @@ +{ pkgs, makeInstalledTest, ... }: + +makeInstalledTest { + tested = pkgs.gnomeExtensions.gsconnect; + + withX11 = true; +} diff --git a/infra/libkookie/nixpkgs/nixos/tests/installed-tests/pipewire.nix b/infra/libkookie/nixpkgs/nixos/tests/installed-tests/pipewire.nix new file mode 100644 index 000000000000..f4154b5d2fd7 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/installed-tests/pipewire.nix @@ -0,0 +1,5 @@ +{ pkgs, lib, makeInstalledTest, ... }: + +makeInstalledTest { + tested = pkgs.pipewire; +} diff --git a/infra/libkookie/nixpkgs/nixos/tests/jq.nix b/infra/libkookie/nixpkgs/nixos/tests/jq.nix new file mode 100644 index 000000000000..20b67522ee6e --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/jq.nix @@ -0,0 +1,10 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "jq"; + meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; }; + + nodes.jq = { pkgs, ... }: { environment.systemPackages = [ pkgs.jq ]; }; + + testScript = '' + assert "world" in jq.succeed('echo \'{"values":["hello","world"]}\'| jq \'.values[1]\''') + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/keycloak.nix b/infra/libkookie/nixpkgs/nixos/tests/keycloak.nix new file mode 100644 index 000000000000..f448a0f7095f --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/keycloak.nix @@ -0,0 +1,144 @@ +# This tests Keycloak: it starts the service, creates a realm with an +# OIDC client and a user, and simulates the user logging in to the +# client using their Keycloak login. + +let + frontendUrl = "http://keycloak/auth"; + initialAdminPassword = "h4IhoJFnt2iQIR9"; + + keycloakTest = import ./make-test-python.nix ( + { pkgs, databaseType, ... }: + { + name = "keycloak"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ talyz ]; + }; + + nodes = { + keycloak = { ... }: { + virtualisation.memorySize = 1024; + services.keycloak = { + enable = true; + inherit frontendUrl databaseType initialAdminPassword; + databasePasswordFile = pkgs.writeText "dbPassword" "wzf6vOCbPp6cqTH"; + }; + environment.systemPackages = with pkgs; [ + xmlstarlet + libtidy + jq + ]; + }; + }; + + testScript = + let + client = { + clientId = "test-client"; + name = "test-client"; + redirectUris = [ "urn:ietf:wg:oauth:2.0:oob" ]; + }; + + user = { + firstName = "Chuck"; + lastName = "Testa"; + username = "chuck.testa"; + email = "chuck.testa@example.com"; + }; + + password = "password1234"; + + realm = { + enabled = true; + realm = "test-realm"; + clients = [ client ]; + users = [( + user // { + enabled = true; + credentials = [{ + type = "password"; + temporary = false; + value = password; + }]; + } + )]; + }; + + realmDataJson = pkgs.writeText "realm-data.json" (builtins.toJSON realm); + + jqCheckUserinfo = pkgs.writeText "check-userinfo.jq" '' + if { + "firstName": .given_name, + "lastName": .family_name, + "username": .preferred_username, + "email": .email + } != ${builtins.toJSON user} then + error("Wrong user info!") + else + empty + end + ''; + in '' + keycloak.start() + keycloak.wait_for_unit("keycloak.service") + keycloak.wait_until_succeeds("curl -sSf ${frontendUrl}") + + + ### Realm Setup ### + + # Get an admin interface access token + keycloak.succeed( + "curl -sSf -d 'client_id=admin-cli' -d 'username=admin' -d 'password=${initialAdminPassword}' -d 'grant_type=password' '${frontendUrl}/realms/master/protocol/openid-connect/token' | jq -r '\"Authorization: bearer \" + .access_token' >admin_auth_header" + ) + + # Publish the realm, including a test OIDC client and user + keycloak.succeed( + "curl -sSf -H @admin_auth_header -X POST -H 'Content-Type: application/json' -d @${realmDataJson} '${frontendUrl}/admin/realms/'" + ) + + # Generate and save the client secret. To do this we need + # Keycloak's internal id for the client. + keycloak.succeed( + "curl -sSf -H @admin_auth_header '${frontendUrl}/admin/realms/${realm.realm}/clients?clientId=${client.name}' | jq -r '.[].id' >client_id", + "curl -sSf -H @admin_auth_header -X POST '${frontendUrl}/admin/realms/${realm.realm}/clients/'$(<client_id)'/client-secret' | jq -r .value >client_secret", + ) + + + ### Authentication Testing ### + + # Start the login process by sending an initial request to the + # OIDC authentication endpoint, saving the returned page. Tidy + # up the HTML (XmlStarlet is picky) and extract the login form + # post url. + keycloak.succeed( + "curl -sSf -c cookie '${frontendUrl}/realms/${realm.realm}/protocol/openid-connect/auth?client_id=${client.name}&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=openid+email&response_type=code&response_mode=query&nonce=qw4o89g3qqm' >login_form", + "tidy -q -m login_form || true", + "xml sel -T -t -m \"_:html/_:body/_:div/_:div/_:div/_:div/_:div/_:div/_:form[@id='kc-form-login']\" -v @action login_form >form_post_url", + ) + + # Post the login form and save the response. Once again tidy up + # the HTML, then extract the authorization code. + keycloak.succeed( + "curl -sSf -L -b cookie -d 'username=${user.username}' -d 'password=${password}' -d 'credentialId=' \"$(<form_post_url)\" >auth_code_html", + "tidy -q -m auth_code_html || true", + "xml sel -T -t -m \"_:html/_:body/_:div/_:div/_:div/_:div/_:div/_:input[@id='code']\" -v @value auth_code_html >auth_code", + ) + + # Exchange the authorization code for an access token. + keycloak.succeed( + "curl -sSf -d grant_type=authorization_code -d code=$(<auth_code) -d client_id=${client.name} -d client_secret=$(<client_secret) -d redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob '${frontendUrl}/realms/${realm.realm}/protocol/openid-connect/token' | jq -r '\"Authorization: bearer \" + .access_token' >auth_header" + ) + + # Use the access token on the OIDC userinfo endpoint and check + # that the returned user info matches what we initialized the + # realm with. + keycloak.succeed( + "curl -sSf -H @auth_header '${frontendUrl}/realms/${realm.realm}/protocol/openid-connect/userinfo' | jq -f ${jqCheckUserinfo}" + ) + ''; + } + ); +in +{ + postgres = keycloakTest { databaseType = "postgresql"; }; + mysql = keycloakTest { databaseType = "mysql"; }; +} diff --git a/infra/libkookie/nixpkgs/nixos/tests/leaps.nix b/infra/libkookie/nixpkgs/nixos/tests/leaps.nix index ac0c602d4450..ec5b69a76290 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/leaps.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/leaps.nix @@ -26,7 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: server.wait_for_open_port(6666) client.wait_for_unit("network.target") assert "leaps" in client.succeed( - "${pkgs.curl}/bin/curl http://server:6666/leaps/" + "${pkgs.curl}/bin/curl -f http://server:6666/leaps/" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/limesurvey.nix b/infra/libkookie/nixpkgs/nixos/tests/limesurvey.nix index 7228fcb83315..dad807fb7330 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/limesurvey.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/limesurvey.nix @@ -20,7 +20,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.wait_for_unit("phpfpm-limesurvey.service") assert "The following surveys are available" in machine.succeed( - "curl http://example.local/" + "curl -f http://example.local/" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/loki.nix b/infra/libkookie/nixpkgs/nixos/tests/loki.nix index dbf1e8a650f5..bede775b7d3c 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/loki.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/loki.nix @@ -12,15 +12,28 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: enable = true; configFile = "${pkgs.grafana-loki.src}/cmd/loki/loki-local-config.yaml"; }; - systemd.services.promtail = { - description = "Promtail service for Loki test"; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = '' - ${pkgs.grafana-loki}/bin/promtail --config.file ${pkgs.grafana-loki.src}/cmd/promtail/promtail-local-config.yaml - ''; - DynamicUser = true; + services.promtail = { + enable = true; + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + clients = [ { url = "http://localhost:3100/loki/api/v1/push"; } ]; + scrape_configs = [ + { + job_name = "system"; + static_configs = [ + { + targets = [ "localhost" ]; + labels = { + job = "varlogs"; + __path__ = "/var/log/*log"; + }; + } + ]; + } + ]; }; }; }; @@ -32,6 +45,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: machine.wait_for_open_port(3100) machine.wait_for_open_port(9080) machine.succeed("echo 'Loki Ingestion Test' > /var/log/testlog") + # should not have access to journal unless specified + machine.fail("systemctl show --property=SupplementaryGroups promtail | grep -q systemd-journal") machine.wait_until_succeeds( "${pkgs.grafana-loki}/bin/logcli --addr='http://localhost:3100' query --no-labels '{job=\"varlogs\",filename=\"/var/log/testlog\"}' | grep -q 'Loki Ingestion Test'" ) diff --git a/infra/libkookie/nixpkgs/nixos/tests/lsd.nix b/infra/libkookie/nixpkgs/nixos/tests/lsd.nix new file mode 100644 index 000000000000..fee8e95e14ff --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/lsd.nix @@ -0,0 +1,12 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "lsd"; + meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; }; + + nodes.lsd = { pkgs, ... }: { environment.systemPackages = [ pkgs.lsd ]; }; + + testScript = '' + lsd.succeed('echo "abc" > /tmp/foo') + assert "4 B /tmp/foo" in lsd.succeed('lsd --classic --blocks "size,name" /tmp/foo') + assert "lsd ${pkgs.lsd.version}" in lsd.succeed("lsd --version") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/mailcatcher.nix b/infra/libkookie/nixpkgs/nixos/tests/mailcatcher.nix index 2ef38544fe0a..a55fba8a9950 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/mailcatcher.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/mailcatcher.nix @@ -24,7 +24,7 @@ import ./make-test-python.nix ({ lib, ... }: 'echo "this is the body of the email" | mail -s "subject" root@example.org' ) assert "this is the body of the email" in machine.succeed( - "curl http://localhost:1080/messages/1.source" + "curl -f http://localhost:1080/messages/1.source" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/matrix-synapse.nix b/infra/libkookie/nixpkgs/nixos/tests/matrix-synapse.nix index 9ca808721763..6c8f1e188d52 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/matrix-synapse.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/matrix-synapse.nix @@ -77,12 +77,12 @@ in { start_all() serverpostgres.wait_for_unit("matrix-synapse.service") serverpostgres.wait_until_succeeds( - "curl -L --cacert ${ca_pem} https://localhost:8448/" + "curl --fail -L --cacert ${ca_pem} https://localhost:8448/" ) serverpostgres.require_unit_state("postgresql.service") serversqlite.wait_for_unit("matrix-synapse.service") serversqlite.wait_until_succeeds( - "curl -L --cacert ${ca_pem} https://localhost:8448/" + "curl --fail -L --cacert ${ca_pem} https://localhost:8448/" ) serversqlite.succeed("[ -e /var/lib/matrix-synapse/homeserver.db ]") ''; diff --git a/infra/libkookie/nixpkgs/nixos/tests/mediawiki.nix b/infra/libkookie/nixpkgs/nixos/tests/mediawiki.nix index 008682310cf6..702fefefa161 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/mediawiki.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/mediawiki.nix @@ -22,7 +22,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine.wait_for_unit("phpfpm-mediawiki.service") - page = machine.succeed("curl -L http://localhost/") + page = machine.succeed("curl -fL http://localhost/") assert "MediaWiki has been installed" in page ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/metabase.nix b/infra/libkookie/nixpkgs/nixos/tests/metabase.nix index 1450a4e9086f..65619cc793a7 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/metabase.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/metabase.nix @@ -15,6 +15,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { start_all() machine.wait_for_unit("metabase.service") machine.wait_for_open_port(3000) - machine.wait_until_succeeds("curl -L http://localhost:3000/setup | grep Metabase") + machine.wait_until_succeeds("curl -fL http://localhost:3000/setup | grep Metabase") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/minecraft-server.nix b/infra/libkookie/nixpkgs/nixos/tests/minecraft-server.nix new file mode 100644 index 000000000000..53780e4636ca --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/minecraft-server.nix @@ -0,0 +1,37 @@ +let + seed = "2151901553968352745"; + rcon-pass = "foobar"; + rcon-port = 43000; +in import ./make-test-python.nix ({ pkgs, ... }: { + name = "minecraft-server"; + meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; }; + + nodes.server = { ... }: { + environment.systemPackages = [ pkgs.mcrcon ]; + + nixpkgs.config.allowUnfree = true; + + services.minecraft-server = { + declarative = true; + enable = true; + eula = true; + serverProperties = { + enable-rcon = true; + level-seed = seed; + online-mode = false; + "rcon.password" = rcon-pass; + "rcon.port" = rcon-port; + }; + }; + + virtualisation.memorySize = 2048; + }; + + testScript = '' + server.wait_for_unit("minecraft-server") + server.wait_for_open_port(${toString rcon-port}) + assert "${seed}" in server.succeed( + "mcrcon -H localhost -P ${toString rcon-port} -p '${rcon-pass}' -c 'seed'" + ) + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/minecraft.nix b/infra/libkookie/nixpkgs/nixos/tests/minecraft.nix new file mode 100644 index 000000000000..e0c35f2d2769 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/minecraft.nix @@ -0,0 +1,28 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "minecraft"; + meta = with lib.maintainers; { maintainers = [ nequissimus ]; }; + + nodes.client = { nodes, ... }: + let user = nodes.client.config.users.users.alice; + in { + imports = [ ./common/user-account.nix ./common/x11.nix ]; + + environment.systemPackages = [ pkgs.minecraft ]; + + nixpkgs.config.allowUnfree = true; + + test-support.displayManager.auto.user = user.name; + }; + + enableOCR = true; + + testScript = { nodes, ... }: + let user = nodes.client.config.users.users.alice; + in '' + client.wait_for_x() + client.execute("su - alice -c minecraft-launcher &") + client.wait_for_text("CONTINUE WITHOUT LOGIN") + client.sleep(10) + client.screenshot("launcher") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/misc.nix b/infra/libkookie/nixpkgs/nixos/tests/misc.nix index ae1505532734..40661cdca0a1 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/misc.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/misc.nix @@ -88,8 +88,8 @@ import ./make-test-python.nix ({ pkgs, ...} : rec { with subtest("whether kernel.poweroff_cmd is set"): machine.succeed('[ -x "$(cat /proc/sys/kernel/poweroff_cmd)" ]') - with subtest("whether the blkio controller is properly enabled"): - machine.succeed("[ -e /sys/fs/cgroup/blkio/blkio.reset_stats ]") + with subtest("whether the io cgroupv2 controller is properly enabled"): + machine.succeed("grep -q '\\bio\\b' /sys/fs/cgroup/cgroup.controllers") with subtest("whether we have a reboot record in wtmp"): machine.shutdown diff --git a/infra/libkookie/nixpkgs/nixos/tests/morty.nix b/infra/libkookie/nixpkgs/nixos/tests/morty.nix index 64c5a27665d6..924dce2717e3 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/morty.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/morty.nix @@ -12,9 +12,9 @@ import ./make-test-python.nix ({ pkgs, ... }: { ... }: { services.morty = { enable = true; - key = "78a9cd0cfee20c672f78427efb2a2a96036027f0"; - port = 3001; - }; + key = "78a9cd0cfee20c672f78427efb2a2a96036027f0"; + port = 3001; + }; }; }; @@ -24,7 +24,7 @@ import ./make-test-python.nix ({ pkgs, ... }: '' mortyProxyWithKey.wait_for_unit("default.target") mortyProxyWithKey.wait_for_open_port(3001) - mortyProxyWithKey.succeed("curl -L 127.0.0.1:3001 | grep MortyProxy") + mortyProxyWithKey.succeed("curl -fL 127.0.0.1:3001 | grep MortyProxy") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/n8n.nix b/infra/libkookie/nixpkgs/nixos/tests/n8n.nix new file mode 100644 index 000000000000..ed93639f2a42 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/n8n.nix @@ -0,0 +1,25 @@ +import ./make-test-python.nix ({ lib, ... }: + +with lib; + +let + port = 5678; +in +{ + name = "n8n"; + meta.maintainers = with maintainers; [ freezeboy ]; + + nodes.machine = + { pkgs, ... }: + { + services.n8n = { + enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("n8n.service") + machine.wait_for_open_port("${toString port}") + machine.succeed("curl --fail http://localhost:${toString port}/") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/nano.nix b/infra/libkookie/nixpkgs/nixos/tests/nano.nix new file mode 100644 index 000000000000..9e0a9e147f2c --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/nano.nix @@ -0,0 +1,44 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "nano"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { lib, ... }: { + environment.systemPackages = [ pkgs.nano ]; + }; + + testScript = { ... }: '' + start_all() + + with subtest("Create user and log in"): + machine.wait_for_unit("multi-user.target") + machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") + machine.succeed("useradd -m alice") + machine.succeed("(echo foobar; echo foobar) | passwd alice") + machine.wait_until_tty_matches(1, "login: ") + machine.send_chars("alice\n") + machine.wait_until_tty_matches(1, "login: alice") + machine.wait_until_succeeds("pgrep login") + machine.wait_until_tty_matches(1, "Password: ") + machine.send_chars("foobar\n") + machine.wait_until_succeeds("pgrep -u alice bash") + machine.screenshot("prompt") + + with subtest("Use nano"): + machine.send_chars("nano /tmp/foo") + machine.send_key("ret") + machine.sleep(2) + machine.send_chars("42") + machine.sleep(1) + machine.send_key("ctrl-x") + machine.sleep(1) + machine.send_key("y") + machine.sleep(1) + machine.screenshot("nano") + machine.sleep(1) + machine.send_key("ret") + machine.wait_for_file("/tmp/foo") + assert "42" in machine.succeed("cat /tmp/foo") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/nar-serve.nix b/infra/libkookie/nixpkgs/nixos/tests/nar-serve.nix new file mode 100644 index 000000000000..9ee738ffb170 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/nar-serve.nix @@ -0,0 +1,48 @@ +import ./make-test-python.nix ( + { pkgs, lib, ... }: + { + name = "nar-serve"; + meta.maintainers = [ lib.maintainers.rizary ]; + nodes = + { + server = { pkgs, ... }: { + services.nginx = { + enable = true; + virtualHosts.default.root = "/var/www"; + }; + services.nar-serve = { + enable = true; + # Connect to the localhost nginx instead of the default + # https://cache.nixos.org + cacheURL = "http://localhost/"; + }; + environment.systemPackages = [ + pkgs.hello + pkgs.curl + ]; + + networking.firewall.allowedTCPPorts = [ 8383 ]; + + # virtualisation.diskSize = 2 * 1024; + }; + }; + testScript = '' + start_all() + + # Create a fake cache with Nginx service the static files + server.succeed( + "nix copy --to file:///var/www ${pkgs.hello}" + ) + server.wait_for_unit("nginx.service") + server.wait_for_open_port(80) + + # Check that nar-serve can return the content of the derivation + drvName = os.path.basename("${pkgs.hello}") + drvHash = drvName.split("-")[0] + server.wait_for_unit("nar-serve.service") + server.succeed( + "curl -o hello -f http://localhost:8383/nix/store/{}/bin/hello".format(drvHash) + ) + ''; + } +) diff --git a/infra/libkookie/nixpkgs/nixos/tests/neo4j.nix b/infra/libkookie/nixpkgs/nixos/tests/neo4j.nix index 32ee7f501b8b..8329e5630d7a 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/neo4j.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/neo4j.nix @@ -15,6 +15,6 @@ import ./make-test-python.nix { master.wait_for_unit("neo4j") master.wait_for_open_port(7474) - master.succeed("curl http://localhost:7474/") + master.succeed("curl -f http://localhost:7474/") ''; } diff --git a/infra/libkookie/nixpkgs/nixos/tests/networking.nix b/infra/libkookie/nixpkgs/nixos/tests/networking.nix index 83d4f6465b68..4fc5d48e0e17 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/networking.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/networking.nix @@ -499,8 +499,8 @@ let list, targetList ) with subtest("Test MTU and MAC Address are configured"): - assert "mtu 1342" in machine.succeed("ip link show dev tap0") - assert "mtu 1343" in machine.succeed("ip link show dev tun0") + machine.wait_until_succeeds("ip link show dev tap0 | grep 'mtu 1342'") + machine.wait_until_succeeds("ip link show dev tun0 | grep 'mtu 1343'") assert "02:de:ad:be:ef:01" in machine.succeed("ip link show dev tap0") '' # network-addresses-* only exist in scripted networking + optionalString (!networkd) '' diff --git a/infra/libkookie/nixpkgs/nixos/tests/nginx-auth.nix b/infra/libkookie/nixpkgs/nixos/tests/nginx-auth.nix new file mode 100644 index 000000000000..c0d24a20ddbc --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/nginx-auth.nix @@ -0,0 +1,47 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "nginx-auth"; + + nodes = { + webserver = { pkgs, lib, ... }: { + services.nginx = let + root = pkgs.runCommand "testdir" {} '' + mkdir "$out" + echo hello world > "$out/index.html" + ''; + in { + enable = true; + + virtualHosts.lockedroot = { + inherit root; + basicAuth.alice = "jane"; + }; + + virtualHosts.lockedsubdir = { + inherit root; + locations."/sublocation/" = { + alias = "${root}/"; + basicAuth.bob = "john"; + }; + }; + }; + }; + }; + + testScript = '' + webserver.wait_for_unit("nginx") + webserver.wait_for_open_port(80) + + webserver.fail("curl --fail --resolve lockedroot:80:127.0.0.1 http://lockedroot") + webserver.succeed( + "curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:jane@lockedroot" + ) + + webserver.succeed("curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir") + webserver.fail( + "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir/sublocation/index.html" + ) + webserver.succeed( + "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:john@lockedsubdir/sublocation/index.html" + ) + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/nixos-generate-config.nix b/infra/libkookie/nixpkgs/nixos/tests/nixos-generate-config.nix index 6c83ccecc70a..5daa55a8abbe 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/nixos-generate-config.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/nixos-generate-config.nix @@ -7,8 +7,16 @@ import ./make-test-python.nix ({ lib, ... } : { { config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; $bootLoaderConfig + $desktopConfiguration } ''; + + system.nixos-generate-config.desktopConfiguration = '' + # DESKTOP + # services.xserver.enable = true; + # services.xserver.displayManager.gdm.enable = true; + # services.xserver.desktopManager.gnome3.enable = true; + ''; }; testScript = '' start_all() @@ -18,9 +26,17 @@ import ./make-test-python.nix ({ lib, ... } : { # Test if the configuration really is overridden machine.succeed("grep 'OVERRIDDEN' /etc/nixos/configuration.nix") + # Test if desktop configuration really is overridden + machine.succeed("grep 'DESKTOP' /etc/nixos/configuration.nix") + # Test of if the Perl variable $bootLoaderConfig is spliced correctly: machine.succeed( "grep 'boot\\.loader\\.grub\\.enable = true;' /etc/nixos/configuration.nix" ) + + # Test if the Perl variable $desktopConfiguration is spliced correctly + machine.succeed( + "grep 'services\\.xserver\\.desktopManager\\.gnome3\\.enable = true;' /etc/nixos/configuration.nix" + ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/nzbget.nix b/infra/libkookie/nixpkgs/nixos/tests/nzbget.nix index 12d8ed6ea8da..b39c9b035e61 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/nzbget.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/nzbget.nix @@ -21,7 +21,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { server.wait_for_unit("network.target") server.wait_for_open_port(6789) assert "This file is part of nzbget" in server.succeed( - "curl -s -u nzbget:tegbzn6789 http://127.0.0.1:6789" + "curl -f -s -u nzbget:tegbzn6789 http://127.0.0.1:6789" ) server.succeed( "${pkgs.nzbget}/bin/nzbget -n -o Control_iP=127.0.0.1 -o Control_port=6789 -o Control_password=tegbzn6789 -V" diff --git a/infra/libkookie/nixpkgs/nixos/tests/oci-containers.nix b/infra/libkookie/nixpkgs/nixos/tests/oci-containers.nix index bb6c019f07c9..0dfc7ffb276b 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/oci-containers.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/oci-containers.nix @@ -32,7 +32,7 @@ let start_all() ${backend}.wait_for_unit("${backend}-nginx.service") ${backend}.wait_for_open_port(8181) - ${backend}.wait_until_succeeds("curl http://localhost:8181 | grep Hello") + ${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello") ''; }; diff --git a/infra/libkookie/nixpkgs/nixos/tests/oh-my-zsh.nix b/infra/libkookie/nixpkgs/nixos/tests/oh-my-zsh.nix new file mode 100644 index 000000000000..57a073b086e8 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/oh-my-zsh.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "oh-my-zsh"; + + machine = { pkgs, ... }: + + { + programs.zsh = { + enable = true; + ohMyZsh.enable = true; + }; + }; + + testScript = '' + start_all() + machine.succeed("touch ~/.zshrc") + machine.succeed("zsh -c 'source /etc/zshrc && echo $ZSH | grep oh-my-zsh-${pkgs.oh-my-zsh.version}'") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/openldap.nix b/infra/libkookie/nixpkgs/nixos/tests/openldap.nix index f8321a2c522d..392fae243467 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/openldap.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/openldap.nix @@ -1,33 +1,125 @@ -import ./make-test-python.nix { - name = "openldap"; - - machine = { pkgs, ... }: { - services.openldap = { - enable = true; - suffix = "dc=example"; - rootdn = "cn=root,dc=example"; - rootpw = "notapassword"; - database = "bdb"; - extraDatabaseConfig = '' - directory /var/db/openldap - ''; - declarativeContents = '' - dn: dc=example - objectClass: domain - dc: example - - dn: ou=users,dc=example - objectClass: organizationalUnit - ou: users - ''; - }; - }; +{ pkgs, system ? builtins.currentSystem, ... }: let + dbContents = '' + dn: dc=example + objectClass: domain + dc: example + dn: ou=users,dc=example + objectClass: organizationalUnit + ou: users + ''; testScript = '' machine.wait_for_unit("openldap.service") machine.succeed( - "systemctl status openldap.service", 'ldapsearch -LLL -D "cn=root,dc=example" -w notapassword -b "dc=example"', ) ''; +in { + # New-style configuration + current = import ./make-test-python.nix { + inherit testScript; + name = "openldap"; + + machine = { pkgs, ... }: { + environment.etc."openldap/root_password".text = "notapassword"; + services.openldap = { + enable = true; + settings = { + children = { + "cn=schema".includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + "${pkgs.openldap}/etc/schema/nis.ldif" + ]; + "olcDatabase={1}mdb" = { + # This tests string, base64 and path values, as well as lists of string values + attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/db/openldap"; + olcSuffix = "dc=example"; + olcRootDN = { + # cn=root,dc=example + base64 = "Y249cm9vdCxkYz1leGFtcGxl"; + }; + olcRootPW = { + path = "/etc/openldap/root_password"; + }; + }; + }; + }; + }; + declarativeContents."dc=example" = dbContents; + }; + }; + }; + + # Old-style configuration + oldOptions = import ./make-test-python.nix { + inherit testScript; + name = "openldap"; + + machine = { pkgs, ... }: { + services.openldap = { + enable = true; + logLevel = "stats acl"; + defaultSchemas = true; + database = "mdb"; + suffix = "dc=example"; + rootdn = "cn=root,dc=example"; + rootpw = "notapassword"; + declarativeContents."dc=example" = dbContents; + }; + }; + }; + + # Manually managed configDir, for example if dynamic config is essential + manualConfigDir = import ./make-test-python.nix { + name = "openldap"; + + machine = { pkgs, ... }: { + services.openldap = { + enable = true; + configDir = "/var/db/slapd.d"; + }; + }; + + testScript = let + contents = pkgs.writeText "data.ldif" dbContents; + config = pkgs.writeText "config.ldif" '' + dn: cn=config + cn: config + objectClass: olcGlobal + olcLogLevel: stats + olcPidFile: /run/slapd/slapd.pid + + dn: cn=schema,cn=config + cn: schema + objectClass: olcSchemaConfig + + include: file://${pkgs.openldap}/etc/schema/core.ldif + include: file://${pkgs.openldap}/etc/schema/cosine.ldif + include: file://${pkgs.openldap}/etc/schema/inetorgperson.ldif + + dn: olcDatabase={1}mdb,cn=config + objectClass: olcDatabaseConfig + objectClass: olcMdbConfig + olcDatabase: {1}mdb + olcDbDirectory: /var/db/openldap + olcDbIndex: objectClass eq + olcSuffix: dc=example + olcRootDN: cn=root,dc=example + olcRootPW: notapassword + ''; + in '' + machine.succeed( + "mkdir -p /var/db/slapd.d /var/db/openldap", + "slapadd -F /var/db/slapd.d -n0 -l ${config}", + "slapadd -F /var/db/slapd.d -n1 -l ${contents}", + "chown -R openldap:openldap /var/db/slapd.d /var/db/openldap", + "systemctl restart openldap", + ) + '' + testScript; + }; } diff --git a/infra/libkookie/nixpkgs/nixos/tests/os-prober.nix b/infra/libkookie/nixpkgs/nixos/tests/os-prober.nix index be0235a41753..f778d30bdc06 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/os-prober.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/os-prober.nix @@ -9,7 +9,7 @@ let ${parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s mkdir /mnt ${e2fsprogs}/bin/mkfs.ext4 /dev/vda1 - ${utillinux}/bin/mount -t ext4 /dev/vda1 /mnt + ${util-linux}/bin/mount -t ext4 /dev/vda1 /mnt if test -e /mnt/.debug; then exec ${bash}/bin/sh diff --git a/infra/libkookie/nixpkgs/nixos/tests/osrm-backend.nix b/infra/libkookie/nixpkgs/nixos/tests/osrm-backend.nix index db67a5a589f9..4067d5b1a239 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/osrm-backend.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/osrm-backend.nix @@ -48,10 +48,10 @@ in { machine.wait_for_unit("osrm.service") machine.wait_for_open_port(${toString port}) assert "Boulevard Rainier III" in machine.succeed( - "curl --silent '${query}' | jq .waypoints[0].name" + "curl --fail --silent '${query}' | jq .waypoints[0].name" ) assert "Avenue de la Costa" in machine.succeed( - "curl --silent '${query}' | jq .waypoints[1].name" + "curl --fail --silent '${query}' | jq .waypoints[1].name" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/paperless.nix b/infra/libkookie/nixpkgs/nixos/tests/paperless.nix index 355e7041d3fe..fb83e6f976de 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/paperless.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/paperless.nix @@ -23,14 +23,14 @@ import ./make-test-python.nix ({ lib, ... } : { with subtest("Service gets ready"): machine.wait_for_unit("paperless-server.service") # Wait until server accepts connections - machine.wait_until_succeeds("curl -s localhost:28981") + machine.wait_until_succeeds("curl -fs localhost:28981") with subtest("Test document is consumed"): machine.wait_until_succeeds( - "(($(curl -s localhost:28981/api/documents/ | jq .count) == 1))" + "(($(curl -fs localhost:28981/api/documents/ | jq .count) == 1))" ) assert "2005-10-16" in machine.succeed( - "curl -s localhost:28981/api/documents/ | jq '.results | .[0] | .created'" + "curl -fs localhost:28981/api/documents/ | jq '.results | .[0] | .created'" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/peerflix.nix b/infra/libkookie/nixpkgs/nixos/tests/peerflix.nix index 37628604d49b..6e534dedc471 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/peerflix.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/peerflix.nix @@ -18,6 +18,6 @@ import ./make-test-python.nix ({ pkgs, ...} : { start_all() peerflix.wait_for_unit("peerflix.service") - peerflix.wait_until_succeeds("curl localhost:9000") + peerflix.wait_until_succeeds("curl -f localhost:9000") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/php/fpm.nix b/infra/libkookie/nixpkgs/nixos/tests/php/fpm.nix index 513abd943737..9ad515ebdde0 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/php/fpm.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/php/fpm.nix @@ -43,7 +43,7 @@ import ../make-test-python.nix ({pkgs, lib, ...}: { machine.wait_for_unit("phpfpm-foobar.service") # Check so we get an evaluated PHP back - response = machine.succeed("curl -vvv -s http://127.0.0.1:80/") + response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/") assert "PHP Version ${pkgs.php.version}" in response, "PHP version not detected" # Check so we have database and some other extensions loaded diff --git a/infra/libkookie/nixpkgs/nixos/tests/php/httpd.nix b/infra/libkookie/nixpkgs/nixos/tests/php/httpd.nix index 1092e0ecadd3..27ea7a24e3a9 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/php/httpd.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/php/httpd.nix @@ -21,7 +21,7 @@ import ../make-test-python.nix ({pkgs, lib, ...}: { machine.wait_for_unit("httpd.service") # Check so we get an evaluated PHP back - response = machine.succeed("curl -vvv -s http://127.0.0.1:80/") + response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/") assert "PHP Version ${pkgs.php.version}" in response, "PHP version not detected" # Check so we have database and some other extensions loaded diff --git a/infra/libkookie/nixpkgs/nixos/tests/php/pcre.nix b/infra/libkookie/nixpkgs/nixos/tests/php/pcre.nix index 3dd0964e60fb..3ea19304bffd 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/php/pcre.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/php/pcre.nix @@ -32,7 +32,7 @@ in import ../make-test-python.nix ({lib, ...}: { '' machine.wait_for_unit("httpd.service") # Ensure php evaluation by matching on the var_dump syntax - response = machine.succeed("curl -vvv -s http://127.0.0.1:80/index.php") + response = machine.succeed("curl -fvvv -s http://127.0.0.1:80/index.php") expected = 'string(${toString (builtins.stringLength testString)}) "${testString}"' assert expected in response, "Does not appear to be able to use subgroups." ''; diff --git a/infra/libkookie/nixpkgs/nixos/tests/podman.nix b/infra/libkookie/nixpkgs/nixos/tests/podman.nix index cd8c2b4308c8..dd28563dc4c1 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/podman.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/podman.nix @@ -34,7 +34,6 @@ import ./make-test-python.nix ( podman.wait_for_unit("sockets.target") start_all() - with subtest("Run container as root with runc"): podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") podman.succeed( @@ -53,22 +52,38 @@ import ./make-test-python.nix ( podman.succeed("podman stop sleeping") podman.succeed("podman rm sleeping") - with subtest("Run container rootless with runc"): + with subtest("Run container as root with the default backend"): + podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") + podman.succeed( + "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + ) + podman.succeed("podman ps | grep sleeping") + podman.succeed("podman stop sleeping") + podman.succeed("podman rm sleeping") + + + podman.succeed( + "mkdir -p /tmp/podman-run-1000/libpod && chown alice -R /tmp/podman-run-1000" + ) + + + with subtest("Run container rootless with crun"): podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) podman.succeed( su_cmd( - "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" ) ) podman.succeed(su_cmd("podman ps | grep sleeping")) podman.succeed(su_cmd("podman stop sleeping")) podman.succeed(su_cmd("podman rm sleeping")) + # As of 2020-11-20, the runc backend doesn't work with cgroupsv2 yet, so we don't run that test. - with subtest("Run container rootless with crun"): + with subtest("Run container rootless with the default backend"): podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) podman.succeed( su_cmd( - "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" ) ) podman.succeed(su_cmd("podman ps | grep sleeping")) diff --git a/infra/libkookie/nixpkgs/nixos/tests/postfix.nix b/infra/libkookie/nixpkgs/nixos/tests/postfix.nix index 37ae76afec10..6d22b4edba0a 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/postfix.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/postfix.nix @@ -11,9 +11,9 @@ import ./make-test-python.nix { enable = true; enableSubmission = true; enableSubmissions = true; - sslCACert = certs.ca.cert; - sslCert = certs.${domain}.cert; - sslKey = certs.${domain}.key; + tlsTrustedAuthorities = "${certs.ca.cert}"; + sslCert = "${certs.${domain}.cert}"; + sslKey = "${certs.${domain}.key}"; submissionsOptions = { smtpd_sasl_auth_enable = "yes"; smtpd_client_restrictions = "permit"; diff --git a/infra/libkookie/nixpkgs/nixos/tests/powerdns.nix b/infra/libkookie/nixpkgs/nixos/tests/powerdns.nix index 75d71315e644..d025934ad2b3 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/powerdns.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/powerdns.nix @@ -1,13 +1,65 @@ -import ./make-test-python.nix ({ pkgs, ... }: { +# This test runs PowerDNS authoritative server with the +# generic MySQL backend (gmysql) to connect to a +# MariaDB server using UNIX sockets authentication. + +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "powerdns"; nodes.server = { ... }: { services.powerdns.enable = true; - environment.systemPackages = [ pkgs.dnsutils ]; + services.powerdns.extraConfig = '' + launch=gmysql + gmysql-user=pdns + ''; + + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureDatabases = [ "powerdns" ]; + ensureUsers = lib.singleton + { name = "pdns"; + ensurePermissions = { "powerdns.*" = "ALL PRIVILEGES"; }; + }; + }; + + environment.systemPackages = with pkgs; + [ dnsutils powerdns mariadb ]; }; testScript = '' - server.wait_for_unit("pdns") - server.succeed("dig version.bind txt chaos \@127.0.0.1") + import re + + with subtest("PowerDNS database exists"): + server.wait_for_unit("mysql") + server.succeed("echo 'SHOW DATABASES;' | sudo -u pdns mysql -u pdns >&2") + + with subtest("Loading the MySQL schema works"): + server.succeed( + "sudo -u pdns mysql -u pdns -D powerdns <" + "${pkgs.powerdns}/share/doc/pdns/schema.mysql.sql" + ) + + with subtest("PowerDNS server starts"): + server.wait_for_unit("pdns") + server.succeed("dig version.bind txt chaos @127.0.0.1 >&2") + + with subtest("Adding an example zone works"): + # Extract configuration file needed by pdnsutil + unit = server.succeed("systemctl cat pdns") + conf = re.search("(--config-dir=[^ ]+)", unit).group(1) + pdnsutil = "sudo -u pdns pdnsutil " + conf + server.succeed(f"{pdnsutil} create-zone example.com ns1.example.com") + server.succeed(f"{pdnsutil} add-record example.com ns1 A 192.168.1.2") + + with subtest("Querying the example zone works"): + reply = server.succeed("dig +noall +answer ns1.example.com @127.0.0.1") + assert ( + "192.168.1.2" in reply + ), f"""" + The reply does not contain the expected IP address: + Expected: + ns1.example.com. 3600 IN A 192.168.1.2 + Reply: + {reply}""" ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/prometheus-exporters.nix b/infra/libkookie/nixpkgs/nixos/tests/prometheus-exporters.nix index ad2fff2b01f6..0b9957404f3b 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/prometheus-exporters.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/prometheus-exporters.nix @@ -563,6 +563,37 @@ let ''; }; + rtl_433 = { + exporterConfig = { + enable = true; + }; + metricProvider = { + # Mock rtl_433 binary to return a dummy metric stream. + nixpkgs.overlays = [ (self: super: { + rtl_433 = self.runCommand "rtl_433" {} '' + mkdir -p "$out/bin" + cat <<EOF > "$out/bin/rtl_433" + #!/bin/sh + while true; do + printf '{"time" : "2020-04-26 13:37:42", "model" : "zopieux", "id" : 55, "channel" : 3, "temperature_C" : 18.000}\n' + sleep 4 + done + EOF + chmod +x "$out/bin/rtl_433" + ''; + }) ]; + }; + exporterTest = '' + wait_for_unit("prometheus-rtl_433-exporter.service") + wait_for_open_port(9550) + wait_until_succeeds( + "curl -sSf localhost:9550/metrics | grep -q '{}'".format( + 'rtl_433_temperature_celsius{channel="3",id="55",location="",model="zopieux"} 18' + ) + ) + ''; + }; + snmp = { exporterConfig = { enable = true; @@ -578,6 +609,50 @@ let ''; }; + sql = { + exporterConfig = { + configuration.jobs.points = { + interval = "1m"; + connections = [ + "postgres://prometheus-sql-exporter@/data?host=/run/postgresql&sslmode=disable" + ]; + queries = { + points = { + labels = [ "name" ]; + help = "Amount of points accumulated per person"; + values = [ "amount" ]; + query = "SELECT SUM(amount) as amount, name FROM points GROUP BY name"; + }; + }; + }; + enable = true; + user = "prometheus-sql-exporter"; + }; + metricProvider = { + services.postgresql = { + enable = true; + initialScript = builtins.toFile "init.sql" '' + CREATE DATABASE data; + \c data; + CREATE TABLE points (amount INT, name TEXT); + INSERT INTO points(amount, name) VALUES (1, 'jack'); + INSERT INTO points(amount, name) VALUES (2, 'jill'); + INSERT INTO points(amount, name) VALUES (3, 'jack'); + + CREATE USER "prometheus-sql-exporter"; + GRANT ALL PRIVILEGES ON DATABASE data TO "prometheus-sql-exporter"; + GRANT SELECT ON points TO "prometheus-sql-exporter"; + ''; + }; + systemd.services.prometheus-sql-exporter.after = [ "postgresql.service" ]; + }; + exporterTest = '' + wait_for_unit("prometheus-sql-exporter.service") + wait_for_open_port(9237) + succeed("curl http://localhost:9237/metrics | grep -c 'sql_points{' | grep -q 2") + ''; + }; + surfboard = { exporterConfig = { enable = true; diff --git a/infra/libkookie/nixpkgs/nixos/tests/prometheus.nix b/infra/libkookie/nixpkgs/nixos/tests/prometheus.nix index af2aa66a5526..6881c659e6d0 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/prometheus.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/prometheus.nix @@ -19,7 +19,6 @@ let secret_key = s3.secretKey; insecure = true; signature_version2 = false; - encrypt_sse = false; put_user_metadata = {}; http_config = { idle_conn_timeout = "0s"; @@ -193,13 +192,13 @@ in import ./make-test-python.nix { # Check if prometheus responds to requests: prometheus.wait_for_unit("prometheus.service") prometheus.wait_for_open_port(${toString queryPort}) - prometheus.succeed("curl -s http://127.0.0.1:${toString queryPort}/metrics") + prometheus.succeed("curl -sf http://127.0.0.1:${toString queryPort}/metrics") # Let's test if pushing a metric to the pushgateway succeeds: prometheus.wait_for_unit("pushgateway.service") prometheus.succeed( "echo 'some_metric 3.14' | " - + "curl --data-binary \@- " + + "curl -f --data-binary \@- " + "http://127.0.0.1:${toString pushgwPort}/metrics/job/some_job" ) diff --git a/infra/libkookie/nixpkgs/nixos/tests/quorum.nix b/infra/libkookie/nixpkgs/nixos/tests/quorum.nix index 846d2a930188..d5906806a0a2 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/quorum.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/quorum.nix @@ -55,7 +55,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { parentHash = "0x0000000000000000000000000000000000000000000000000000000000000000"; timestamp = "0x5cffc201"; - }; + }; }; }; }; diff --git a/infra/libkookie/nixpkgs/nixos/tests/riak.nix b/infra/libkookie/nixpkgs/nixos/tests/riak.nix index 6915779e7e9c..3dd4e333d669 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/riak.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/riak.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { name = "riak"; meta = with lib.maintainers; { - maintainers = [ filalex77 ]; + maintainers = [ Br1ght0ne ]; }; machine = { diff --git a/infra/libkookie/nixpkgs/nixos/tests/rspamd.nix b/infra/libkookie/nixpkgs/nixos/tests/rspamd.nix index bf3f0de62044..7f41e1a79566 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/rspamd.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/rspamd.nix @@ -13,10 +13,12 @@ let machine.succeed("id rspamd >/dev/null") ''; checkSocket = socket: user: group: mode: '' - machine.succeed("ls ${socket} >/dev/null") - machine.succeed('[[ "$(stat -c %U ${socket})" == "${user}" ]]') - machine.succeed('[[ "$(stat -c %G ${socket})" == "${group}" ]]') - machine.succeed('[[ "$(stat -c %a ${socket})" == "${mode}" ]]') + machine.succeed( + "ls ${socket} >/dev/null", + '[[ "$(stat -c %U ${socket})" == "${user}" ]]', + '[[ "$(stat -c %G ${socket})" == "${group}" ]]', + '[[ "$(stat -c %a ${socket})" == "${mode}" ]]', + ) ''; simple = name: enableIPv6: makeTest { name = "rspamd-${name}"; @@ -54,33 +56,35 @@ in services.rspamd = { enable = true; workers.normal.bindSockets = [{ - socket = "/run/rspamd.sock"; + socket = "/run/rspamd/rspamd.sock"; mode = "0600"; - owner = "root"; - group = "root"; + owner = "rspamd"; + group = "rspamd"; }]; workers.controller.bindSockets = [{ - socket = "/run/rspamd-worker.sock"; + socket = "/run/rspamd/rspamd-worker.sock"; mode = "0666"; - owner = "root"; - group = "root"; + owner = "rspamd"; + group = "rspamd"; }]; }; }; testScript = '' ${initMachine} - machine.wait_for_file("/run/rspamd.sock") - ${checkSocket "/run/rspamd.sock" "root" "root" "600" } - ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" } + machine.wait_for_file("/run/rspamd/rspamd.sock") + ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600" } + ${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666" } machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) machine.log( machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") ) machine.log(machine.succeed("grep 'CONFDIR/worker-normal.inc' /etc/rspamd/rspamd.conf")) - machine.log(machine.succeed("rspamc -h /run/rspamd-worker.sock stat")) + machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat")) machine.log( - machine.succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping") + machine.succeed( + "curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping" + ) ) ''; }; @@ -91,16 +95,16 @@ in services.rspamd = { enable = true; workers.normal.bindSockets = [{ - socket = "/run/rspamd.sock"; + socket = "/run/rspamd/rspamd.sock"; mode = "0600"; - owner = "root"; - group = "root"; + owner = "rspamd"; + group = "rspamd"; }]; workers.controller.bindSockets = [{ - socket = "/run/rspamd-worker.sock"; + socket = "/run/rspamd/rspamd-worker.sock"; mode = "0666"; - owner = "root"; - group = "root"; + owner = "rspamd"; + group = "rspamd"; }]; workers.controller2 = { type = "controller"; @@ -116,9 +120,9 @@ in testScript = '' ${initMachine} - machine.wait_for_file("/run/rspamd.sock") - ${checkSocket "/run/rspamd.sock" "root" "root" "600" } - ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" } + machine.wait_for_file("/run/rspamd/rspamd.sock") + ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "600" } + ${checkSocket "/run/rspamd/rspamd-worker.sock" "rspamd" "rspamd" "666" } machine.log(machine.succeed("cat /etc/rspamd/rspamd.conf")) machine.log( machine.succeed("grep 'CONFDIR/worker-controller.inc' /etc/rspamd/rspamd.conf") @@ -137,9 +141,11 @@ in machine.wait_until_succeeds( "journalctl -u rspamd | grep -i 'starting controller process' >&2" ) - machine.log(machine.succeed("rspamc -h /run/rspamd-worker.sock stat")) + machine.log(machine.succeed("rspamc -h /run/rspamd/rspamd-worker.sock stat")) machine.log( - machine.succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping") + machine.succeed( + "curl --unix-socket /run/rspamd/rspamd-worker.sock http://localhost/ping" + ) ) machine.log(machine.succeed("curl http://localhost:11335/ping")) ''; @@ -209,7 +215,7 @@ in return false end, score = 5.0, - description = 'Allow no cows', + description = 'Allow no cows', group = "cows", } rspamd_logger.infox(rspamd_config, 'Work dammit!!!') diff --git a/infra/libkookie/nixpkgs/nixos/tests/samba-wsdd.nix b/infra/libkookie/nixpkgs/nixos/tests/samba-wsdd.nix new file mode 100644 index 000000000000..1edef6c0056d --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/samba-wsdd.nix @@ -0,0 +1,44 @@ +import ./make-test-python.nix ({ pkgs, ... }: + +{ + name = "samba-wsdd"; + meta.maintainers = with pkgs.stdenv.lib.maintainers; [ izorkin ]; + + nodes = { + client_wsdd = { pkgs, ... }: { + services.samba-wsdd = { + enable = true; + interface = "eth1"; + workgroup = "WORKGROUP"; + hostname = "CLIENT-WSDD"; + discovery = true; + extraOptions = [ "--no-host" ]; + }; + networking.firewall.allowedTCPPorts = [ 5357 ]; + networking.firewall.allowedUDPPorts = [ 3702 ]; + }; + + server_wsdd = { ... }: { + services.samba-wsdd = { + enable = true; + interface = "eth1"; + workgroup = "WORKGROUP"; + hostname = "SERVER-WSDD"; + }; + networking.firewall.allowedTCPPorts = [ 5357 ]; + networking.firewall.allowedUDPPorts = [ 3702 ]; + }; + }; + + testScript = '' + client_wsdd.start() + client_wsdd.wait_for_unit("samba-wsdd") + + server_wsdd.start() + server_wsdd.wait_for_unit("samba-wsdd") + + client_wsdd.wait_until_succeeds( + "echo list | ${pkgs.libressl.nc}/bin/nc -U /run/wsdd/wsdd.sock | grep -i SERVER-WSDD" + ) + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/sanoid.nix b/infra/libkookie/nixpkgs/nixos/tests/sanoid.nix index 284b38932cce..66ddaad60ea2 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/sanoid.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/sanoid.nix @@ -38,7 +38,7 @@ in { services.syncoid = { enable = true; - sshKey = "/root/.ssh/id_ecdsa"; + sshKey = "/var/lib/syncoid/id_ecdsa"; commonArgs = [ "--no-sync-snap" ]; commands."pool/test".target = "root@target:pool/test"; }; @@ -69,11 +69,12 @@ in { "udevadm settle", ) - source.succeed("mkdir -m 700 /root/.ssh") source.succeed( - "cat '${snakeOilPrivateKey}' > /root/.ssh/id_ecdsa" + "mkdir -m 700 -p /var/lib/syncoid", + "cat '${snakeOilPrivateKey}' > /var/lib/syncoid/id_ecdsa", + "chmod 600 /var/lib/syncoid/id_ecdsa", + "chown -R syncoid:syncoid /var/lib/syncoid/", ) - source.succeed("chmod 600 /root/.ssh/id_ecdsa") source.succeed("touch /tmp/mnt/test.txt") source.systemctl("start --wait sanoid.service") diff --git a/infra/libkookie/nixpkgs/nixos/tests/sbt-extras.nix b/infra/libkookie/nixpkgs/nixos/tests/sbt-extras.nix new file mode 100644 index 000000000000..d63113f943e4 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/sbt-extras.nix @@ -0,0 +1,16 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "sbt-extras"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { pkgs, ... }: + { + environment.systemPackages = [ pkgs.sbt-extras ]; + }; + + testScript = + '' + machine.succeed("(sbt -h)") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/sbt.nix b/infra/libkookie/nixpkgs/nixos/tests/sbt.nix new file mode 100644 index 000000000000..004d9c2e140a --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/sbt.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "sbt"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { pkgs, ... }: + { + environment.systemPackages = [ pkgs.sbt ]; + }; + + testScript = + '' + machine.succeed( + "(sbt --offline --version 2>&1 || true) | grep 'getting org.scala-sbt sbt ${pkgs.sbt.version} (this may take some time)'" + ) + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/scala.nix b/infra/libkookie/nixpkgs/nixos/tests/scala.nix new file mode 100644 index 000000000000..f99d9e563ffe --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/scala.nix @@ -0,0 +1,33 @@ +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../.. { inherit system config; } +}: + +with pkgs.lib; + +let + common = name: package: (import ./make-test-python.nix ({ + inherit name; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + nodes = { + scala = { ... }: { + environment.systemPackages = [ package ]; + }; + }; + + testScript = '' + start_all() + + scala.succeed("scalac -version 2>&1 | grep '^Scala compiler version ${package.version}'") + ''; + }) { inherit system; }); + +in with pkgs; { + scala_2_10 = common "scala_2_10" scala_2_10; + scala_2_11 = common "scala_2_11" scala_2_11; + scala_2_12 = common "scala_2_12" scala_2_12; + scala_2_13 = common "scala_2_13" scala_2_13; +} diff --git a/infra/libkookie/nixpkgs/nixos/tests/service-runner.nix b/infra/libkookie/nixpkgs/nixos/tests/service-runner.nix index 39ae66fe1116..55fbbb729344 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/service-runner.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/service-runner.nix @@ -29,7 +29,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { """ ) machine.wait_for_open_port(80) - machine.succeed(f"curl {url}") + machine.succeed(f"curl -f {url}") machine.succeed("kill -INT $(cat my-nginx.pid)") machine.wait_for_closed_port(80) ''; diff --git a/infra/libkookie/nixpkgs/nixos/tests/spacecookie.nix b/infra/libkookie/nixpkgs/nixos/tests/spacecookie.nix index 6eff32a2e75d..5b5022a74278 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/spacecookie.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/spacecookie.nix @@ -32,7 +32,7 @@ in ${gopherHost}.wait_for_unit("spacecookie.service") client.wait_for_unit("network.target") - fileResponse = client.succeed("curl -s gopher://${gopherHost}//${fileName}") + fileResponse = client.succeed("curl -f -s gopher://${gopherHost}//${fileName}") # the file response should return our created file exactly if not (fileResponse == "${fileContent}\n"): @@ -41,7 +41,7 @@ in # sanity check on the directory listing: we serve a directory and a file # via gopher, so the directory listing should have exactly two entries, # one with gopher file type 0 (file) and one with file type 1 (directory). - dirResponse = client.succeed("curl -s gopher://${gopherHost}") + dirResponse = client.succeed("curl -f -s gopher://${gopherHost}") dirEntries = [l[0] for l in dirResponse.split("\n") if len(l) > 0] dirEntries.sort() diff --git a/infra/libkookie/nixpkgs/nixos/tests/sslh.nix b/infra/libkookie/nixpkgs/nixos/tests/sslh.nix index 2a800aa52d0a..17094606e8e6 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/sslh.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/sslh.nix @@ -78,6 +78,6 @@ import ./make-test-python.nix { server.succeed(f"grep '{ip}' /tmp/foo{arg}") # check that http through sslh works - assert client.succeed(f"curl {arg} http://server:443").strip() == "hello world" + assert client.succeed(f"curl -f {arg} http://server:443").strip() == "hello world" ''; } diff --git a/infra/libkookie/nixpkgs/nixos/tests/sssd-ldap.nix b/infra/libkookie/nixpkgs/nixos/tests/sssd-ldap.nix index b68403a0102a..4831eaa4ba20 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/sssd-ldap.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/sssd-ldap.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ pkgs, ... }: +({ pkgs, ... }: let dbDomain = "example.org"; dbSuffix = "dc=example,dc=org"; @@ -7,8 +7,7 @@ import ./make-test-python.nix ({ pkgs, ... }: ldapRootPassword = "foobar"; testUser = "alice"; - in - { + in import ./make-test-python.nix { name = "sssd-ldap"; meta = with pkgs.stdenv.lib.maintainers; { @@ -18,34 +17,53 @@ import ./make-test-python.nix ({ pkgs, ... }: machine = { pkgs, ... }: { services.openldap = { enable = true; - rootdn = "cn=${ldapRootUser},${dbSuffix}"; - rootpw = ldapRootPassword; - suffix = dbSuffix; - declarativeContents = '' - dn: ${dbSuffix} - objectClass: top - objectClass: dcObject - objectClass: organization - o: ${dbDomain} + settings = { + children = { + "cn=schema".includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + "${pkgs.openldap}/etc/schema/nis.ldif" + ]; + "olcDatabase={1}mdb" = { + attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/db/openldap"; + olcSuffix = dbSuffix; + olcRootDN = "cn=${ldapRootUser},${dbSuffix}"; + olcRootPW = ldapRootPassword; + }; + }; + }; + }; + declarativeContents = { + ${dbSuffix} = '' + dn: ${dbSuffix} + objectClass: top + objectClass: dcObject + objectClass: organization + o: ${dbDomain} - dn: ou=posix,${dbSuffix} - objectClass: top - objectClass: organizationalUnit + dn: ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit - dn: ou=accounts,ou=posix,${dbSuffix} - objectClass: top - objectClass: organizationalUnit + dn: ou=accounts,ou=posix,${dbSuffix} + objectClass: top + objectClass: organizationalUnit - dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} - objectClass: person - objectClass: posixAccount - # userPassword: somePasswordHash - homeDirectory: /home/${testUser} - uidNumber: 1234 - gidNumber: 1234 - cn: "" - sn: "" - ''; + dn: uid=${testUser},ou=accounts,ou=posix,${dbSuffix} + objectClass: person + objectClass: posixAccount + # userPassword: somePasswordHash + homeDirectory: /home/${testUser} + uidNumber: 1234 + gidNumber: 1234 + cn: "" + sn: "" + ''; + }; }; services.sssd = { diff --git a/infra/libkookie/nixpkgs/nixos/tests/sympa.nix b/infra/libkookie/nixpkgs/nixos/tests/sympa.nix index 280691f7cb40..eb38df180a78 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/sympa.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/sympa.nix @@ -30,7 +30,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { machine.wait_for_unit("sympa.service") machine.wait_for_unit("wwsympa.service") assert "Mailing lists service" in machine.succeed( - "curl --insecure -L http://localhost/" + "curl --fail --insecure -L http://localhost/" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/syncthing-relay.nix b/infra/libkookie/nixpkgs/nixos/tests/syncthing-relay.nix index cd72ef1cbe1d..c144bf7fca37 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/syncthing-relay.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/syncthing-relay.nix @@ -19,7 +19,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { machine.wait_for_open_port(12346) out = machine.succeed( - "curl -sS http://localhost:12346/status | jq -r '.options.\"provided-by\"'" + "curl -sSf http://localhost:12346/status | jq -r '.options.\"provided-by\"'" ) assert "nixos-test" in out ''; diff --git a/infra/libkookie/nixpkgs/nixos/tests/syncthing.nix b/infra/libkookie/nixpkgs/nixos/tests/syncthing.nix index 9e2a8e01e3fb..ac9df5e50c8c 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/syncthing.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/syncthing.nix @@ -25,7 +25,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { "xmllint --xpath 'string(configuration/gui/apikey)' %s/config.xml" % confdir ).strip() oldConf = host.succeed( - "curl -Ss -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config" % APIKey + "curl -Ssf -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config" % APIKey ) conf = json.loads(oldConf) conf["devices"].append({"deviceID": deviceID, "id": name}) @@ -39,7 +39,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { ) newConf = json.dumps(conf) host.succeed( - "curl -Ss -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config -d %s" + "curl -Ssf -H 'X-API-Key: %s' 127.0.0.1:8384/rest/system/config -d %s" % (APIKey, shlex.quote(newConf)) ) diff --git a/infra/libkookie/nixpkgs/nixos/tests/systemd-journal.nix b/infra/libkookie/nixpkgs/nixos/tests/systemd-journal.nix new file mode 100644 index 000000000000..c50c151ae10d --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/systemd-journal.nix @@ -0,0 +1,20 @@ +import ./make-test-python.nix ({ pkgs, ... }: + +{ + name = "systemd-journal"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ lewo ]; + }; + + machine = { pkgs, lib, ... }: { + services.journald.enableHttpGateway = true; + }; + + testScript = '' + machine.wait_for_unit("multi-user.target") + + machine.succeed( + "${pkgs.curl}/bin/curl -s localhost:19531/machine | ${pkgs.jq}/bin/jq -e '.hostname == \"machine\"'" + ) + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/systemd.nix b/infra/libkookie/nixpkgs/nixos/tests/systemd.nix index dfa16eecfad2..f7c13a587c58 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/systemd.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/systemd.nix @@ -26,7 +26,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { systemd.shutdown.test = pkgs.writeScript "test.shutdown" '' #!${pkgs.runtimeShell} - PATH=${lib.makeBinPath (with pkgs; [ utillinux coreutils ])} + PATH=${lib.makeBinPath (with pkgs; [ util-linux coreutils ])} mount -t 9p shared -o trans=virtio,version=9p2000.L /tmp/shared touch /tmp/shared/shutdown-test umount /tmp/shared @@ -82,6 +82,10 @@ import ./make-test-python.nix ({ pkgs, ... }: { "systemd-run --pty --property=Type=oneshot --property=DynamicUser=yes --property=User=iamatest whoami" ) + with subtest("regression test for https://bugs.freedesktop.org/show_bug.cgi?id=77507"): + retcode, output = machine.execute("systemctl status testservice1.service") + assert retcode in [0, 3] # https://bugs.freedesktop.org/show_bug.cgi?id=77507 + # Regression test for https://github.com/NixOS/nixpkgs/issues/35268 with subtest("file system with x-initrd.mount is not unmounted"): machine.succeed("mountpoint -q /test-x-initrd-mount") @@ -122,17 +126,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.wait_for_unit("multi-user.target") assert "fq_codel" in machine.succeed("sysctl net.core.default_qdisc") - # Test cgroup accounting is enabled - with subtest("systemd cgroup accounting is enabled"): - machine.wait_for_unit("multi-user.target") - assert "yes" in machine.succeed( - "systemctl show testservice1.service -p IOAccounting" - ) - - retcode, output = machine.execute("systemctl status testservice1.service") - assert retcode in [0, 3] # https://bugs.freedesktop.org/show_bug.cgi?id=77507 - assert "CPU:" in output - # Test systemd is configured to manage a watchdog with subtest("systemd manages hardware watchdog"): machine.wait_for_unit("multi-user.target") @@ -168,5 +161,25 @@ import ./make-test-python.nix ({ pkgs, ... }: { machine.succeed("systemctl status systemd-cryptsetup@luks1.service") machine.succeed("mkdir -p /tmp/luks1") machine.succeed("mount /dev/mapper/luks1 /tmp/luks1") + + # Do some IP traffic + output_ping = machine.succeed( + "systemd-run --wait -- /run/wrappers/bin/ping -c 1 127.0.0.1 2>&1" + ) + + with subtest("systemd reports accounting data on system.slice"): + output = machine.succeed("systemctl status system.slice") + assert "CPU:" in output + assert "Memory:" in output + + assert "IP:" in output + assert "0B in, 0B out" not in output + + assert "IO:" in output + assert "0B read, 0B written" not in output + + with subtest("systemd per-unit accounting works"): + assert "IP traffic received: 84B" in output_ping + assert "IP traffic sent: 84B" in output_ping ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/telegraf.nix b/infra/libkookie/nixpkgs/nixos/tests/telegraf.nix index 73f741b11357..7f4b36752582 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/telegraf.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/telegraf.nix @@ -6,12 +6,15 @@ import ./make-test-python.nix ({ pkgs, ...} : { machine = { ... }: { services.telegraf.enable = true; + services.telegraf.environmentFiles = [(pkgs.writeText "secrets" '' + SECRET=example + '')]; services.telegraf.extraConfig = { agent.interval = "1s"; agent.flush_interval = "1s"; inputs.exec = { commands = [ - "${pkgs.runtimeShell} -c 'echo example,tag=a i=42i'" + "${pkgs.runtimeShell} -c 'echo $SECRET,tag=a i=42i'" ]; timeout = "5s"; data_format = "influx"; diff --git a/infra/libkookie/nixpkgs/nixos/tests/trac.nix b/infra/libkookie/nixpkgs/nixos/tests/trac.nix index 7953f8d41f77..af7182d1e185 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/trac.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/trac.nix @@ -14,6 +14,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { start_all() machine.wait_for_unit("trac.service") machine.wait_for_open_port(8000) - machine.wait_until_succeeds("curl -L http://localhost:8000/ | grep 'Trac Powered'") + machine.wait_until_succeeds("curl -fL http://localhost:8000/ | grep 'Trac Powered'") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/trezord.nix b/infra/libkookie/nixpkgs/nixos/tests/trezord.nix index b7b3dd31942b..7c8370f409ed 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/trezord.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/trezord.nix @@ -14,6 +14,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { start_all() machine.wait_for_unit("trezord.service") machine.wait_for_open_port(21325) - machine.wait_until_succeeds("curl -L http://localhost:21325/status/ | grep Version") + machine.wait_until_succeeds("curl -fL http://localhost:21325/status/ | grep Version") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/trickster.nix b/infra/libkookie/nixpkgs/nixos/tests/trickster.nix index 713ac8f0b2fa..e32f919a1ada 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/trickster.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/trickster.nix @@ -19,19 +19,19 @@ import ./make-test-python.nix ({ pkgs, ... }: { prometheus.wait_for_unit("prometheus.service") prometheus.wait_for_open_port(9090) prometheus.wait_until_succeeds( - "curl -L http://localhost:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" + "curl -fL http://localhost:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" ) trickster.wait_for_unit("trickster.service") trickster.wait_for_open_port(8082) trickster.wait_for_open_port(9090) trickster.wait_until_succeeds( - "curl -L http://localhost:8082/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" + "curl -fL http://localhost:8082/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" ) trickster.wait_until_succeeds( - "curl -L http://prometheus:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" + "curl -fL http://prometheus:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" ) trickster.wait_until_succeeds( - "curl -L http://localhost:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" + "curl -fL http://localhost:9090/metrics | grep 'promhttp_metric_handler_requests_total{code=\"500\"} 0'" ) ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/ucg.nix b/infra/libkookie/nixpkgs/nixos/tests/ucg.nix new file mode 100644 index 000000000000..47507aee07c1 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/ucg.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "ucg"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ AndersonTorres ]; + }; + + machine = { pkgs, ... }: { + environment.systemPackages = [ pkgs.ucg ]; + }; + + testScript = '' + machine.succeed("echo 'Lorem ipsum dolor sit amet\n2.7182818284590' > /tmp/foo") + assert "dolor" in machine.succeed("ucg 'dolor' /tmp/foo") + assert "Lorem" in machine.succeed("ucg --ignore-case 'lorem' /tmp/foo") + machine.fail("ucg --word-regexp '2718' /tmp/foo") + machine.fail("ucg 'pisum' /tmp/foo") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/unbound.nix b/infra/libkookie/nixpkgs/nixos/tests/unbound.nix new file mode 100644 index 000000000000..dc8e5a9d3ed8 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/unbound.nix @@ -0,0 +1,278 @@ +/* + Test that our unbound module indeed works as most users would expect. + There are a few settings that we must consider when modifying the test. The + ususal use-cases for unbound are + * running a recursive DNS resolver on the local machine + * running a recursive DNS resolver on the local machine, forwarding to a local DNS server via UDP/53 & TCP/53 + * running a recursive DNS resolver on the local machine, forwarding to a local DNS server via TCP/853 (DoT) + * running a recursive DNS resolver on a machine in the network awaiting input from clients over TCP/53 & UDP/53 + * running a recursive DNS resolver on a machine in the network awaiting input from clients over TCP/853 (DoT) + + In the below test setup we are trying to implement all of those use cases. + + Another aspect that we cover is access to the local control UNIX socket. It + can optionally be enabled and users can optionally be in a group to gain + access. Users that are not in the group (except for root) should not have + access to that socket. Also, when there is no socket configured, users + shouldn't be able to access the control socket at all. Not even root. +*/ +import ./make-test-python.nix ({ pkgs, lib, ... }: + let + # common client configuration that we can just use for the multitude of + # clients we are constructing + common = { lib, pkgs, ... }: { + config = { + environment.systemPackages = [ pkgs.knot-dns ]; + + # disable the root anchor update as we do not have internet access during + # the test execution + services.unbound.enableRootTrustAnchor = false; + }; + }; + + cert = pkgs.runCommandNoCC "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=dns.example.local' + mkdir -p $out + cp key.pem cert.pem $out + ''; + in + { + name = "unbound"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ andir ]; + }; + + nodes = { + + # The server that actually serves our zones, this tests unbounds authoriative mode + authoritative = { lib, pkgs, config, ... }: { + imports = [ common ]; + networking.interfaces.eth1.ipv4.addresses = lib.mkForce [ + { address = "192.168.0.1"; prefixLength = 24; } + ]; + networking.interfaces.eth1.ipv6.addresses = lib.mkForce [ + { address = "fd21::1"; prefixLength = 64; } + ]; + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + services.unbound = { + enable = true; + interfaces = [ "192.168.0.1" "fd21::1" "::1" "127.0.0.1" ]; + allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ]; + extraConfig = '' + server: + local-data: "example.local. IN A 1.2.3.4" + local-data: "example.local. IN AAAA abcd::eeff" + ''; + }; + }; + + # The resolver that knows that fowards (only) to the authoritative server + # and listens on UDP/53, TCP/53 & TCP/853. + resolver = { lib, nodes, ... }: { + imports = [ common ]; + networking.interfaces.eth1.ipv4.addresses = lib.mkForce [ + { address = "192.168.0.2"; prefixLength = 24; } + ]; + networking.interfaces.eth1.ipv6.addresses = lib.mkForce [ + { address = "fd21::2"; prefixLength = 64; } + ]; + networking.firewall.allowedTCPPorts = [ + 53 # regular DNS + 853 # DNS over TLS + ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + services.unbound = { + enable = true; + allowedAccess = [ "192.168.0.0/24" "fd21::/64" "::1" "127.0.0.0/8" ]; + interfaces = [ "::1" "127.0.0.1" "192.168.0.2" "fd21::2" "192.168.0.2@853" "fd21::2@853" "::1@853" "127.0.0.1@853" ]; + forwardAddresses = [ + (lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv6.addresses).address + (lib.head nodes.authoritative.config.networking.interfaces.eth1.ipv4.addresses).address + ]; + extraConfig = '' + server: + tls-service-pem: ${cert}/cert.pem + tls-service-key: ${cert}/key.pem + ''; + }; + }; + + # machine that runs a local unbound that will be reconfigured during test execution + local_resolver = { lib, nodes, config, ... }: { + imports = [ common ]; + networking.interfaces.eth1.ipv4.addresses = lib.mkForce [ + { address = "192.168.0.3"; prefixLength = 24; } + ]; + networking.interfaces.eth1.ipv6.addresses = lib.mkForce [ + { address = "fd21::3"; prefixLength = 64; } + ]; + networking.firewall.allowedTCPPorts = [ + 53 # regular DNS + ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + services.unbound = { + enable = true; + allowedAccess = [ "::1" "127.0.0.0/8" ]; + interfaces = [ "::1" "127.0.0.1" ]; + localControlSocketPath = "/run/unbound/unbound.ctl"; + extraConfig = '' + include: "/etc/unbound/extra*.conf" + ''; + }; + + users.users = { + # user that is permitted to access the unix socket + someuser.extraGroups = [ + config.users.users.unbound.group + ]; + + # user that is not permitted to access the unix socket + unauthorizeduser = {}; + }; + + environment.etc = { + "unbound-extra1.conf".text = '' + forward-zone: + name: "example.local." + forward-addr: ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address} + forward-addr: ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address} + ''; + "unbound-extra2.conf".text = '' + auth-zone: + name: something.local. + zonefile: ${pkgs.writeText "zone" '' + something.local. IN A 3.4.5.6 + ''} + ''; + }; + }; + + + # plain node that only has network access and doesn't run any part of the + # resolver software locally + client = { lib, nodes, ... }: { + imports = [ common ]; + networking.nameservers = [ + (lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address + (lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address + ]; + networking.interfaces.eth1.ipv4.addresses = [ + { address = "192.168.0.10"; prefixLength = 24; } + ]; + networking.interfaces.eth1.ipv6.addresses = [ + { address = "fd21::10"; prefixLength = 64; } + ]; + }; + }; + + testScript = { nodes, ... }: '' + import typing + import json + + zone = "example.local." + records = [("AAAA", "abcd::eeff"), ("A", "1.2.3.4")] + + + def query( + machine, + host: str, + query_type: str, + query: str, + expected: typing.Optional[str] = None, + args: typing.Optional[typing.List[str]] = None, + ): + """ + Execute a single query and compare the result with expectation + """ + text_args = "" + if args: + text_args = " ".join(args) + + out = machine.succeed( + f"kdig {text_args} {query} {query_type} @{host} +short" + ).strip() + machine.log(f"{host} replied with {out}") + if expected: + assert expected == out, f"Expected `{expected}` but got `{out}`" + + + def test(machine, remotes, /, doh=False, zone=zone, records=records, args=[]): + """ + Run queries for the given remotes on the given machine. + """ + for query_type, expected in records: + for remote in remotes: + query(machine, remote, query_type, zone, expected, args) + query(machine, remote, query_type, zone, expected, ["+tcp"] + args) + if doh: + query( + machine, + remote, + query_type, + zone, + expected, + ["+tcp", "+tls"] + args, + ) + + + client.start() + authoritative.wait_for_unit("unbound.service") + + # verify that we can resolve locally + with subtest("test the authoritative servers local responses"): + test(authoritative, ["::1", "127.0.0.1"]) + + resolver.wait_for_unit("unbound.service") + + with subtest("root is unable to use unbounc-control when the socket is not configured"): + resolver.succeed("which unbound-control") # the binary must exist + resolver.fail("unbound-control list_forwards") # the invocation must fail + + # verify that the resolver is able to resolve on all the local protocols + with subtest("test that the resolver resolves on all protocols and transports"): + test(resolver, ["::1", "127.0.0.1"], doh=True) + + resolver.wait_for_unit("multi-user.target") + + with subtest("client should be able to query the resolver"): + test(client, ["${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address}", "${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}"], doh=True) + + # discard the client we do not need anymore + client.shutdown() + + local_resolver.wait_for_unit("multi-user.target") + + # link a new config file to /etc/unbound/extra.conf + local_resolver.succeed("ln -s /etc/unbound-extra1.conf /etc/unbound/extra1.conf") + + # reload the server & ensure the forwarding works + with subtest("test that the local resolver resolves on all protocols and transports"): + local_resolver.succeed("systemctl reload unbound") + print(local_resolver.succeed("journalctl -u unbound -n 1000")) + test(local_resolver, ["::1", "127.0.0.1"], args=["+timeout=60"]) + + with subtest("test that we can use the unbound control socket"): + out = local_resolver.succeed( + "sudo -u someuser -- unbound-control list_forwards" + ).strip() + + # Thank you black! Can't really break this line into a readable version. + expected = "example.local. IN forward ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv6.addresses).address} ${(lib.head nodes.resolver.config.networking.interfaces.eth1.ipv4.addresses).address}" + assert out == expected, f"Expected `{expected}` but got `{out}` instead." + local_resolver.fail("sudo -u unauthorizeduser -- unbound-control list_forwards") + + + # link a new config file to /etc/unbound/extra.conf + local_resolver.succeed("ln -sf /etc/unbound-extra2.conf /etc/unbound/extra2.conf") + + # reload the server & ensure the new local zone works + with subtest("test that we can query the new local zone"): + local_resolver.succeed("unbound-control reload") + r = [("A", "3.4.5.6")] + test(local_resolver, ["::1", "127.0.0.1"], zone="something.local.", records=r) + ''; + }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/upnp.nix b/infra/libkookie/nixpkgs/nixos/tests/upnp.nix index a7d837ea0708..046c0a56b2a7 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/upnp.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/upnp.nix @@ -90,7 +90,7 @@ in client1.succeed("upnpc -a ${internalClient1Address} 9000 9000 TCP") client1.wait_for_unit("httpd") - client2.wait_until_succeeds("curl http://${externalRouterAddress}:9000/") + client2.wait_until_succeeds("curl -f http://${externalRouterAddress}:9000/") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/uwsgi.nix b/infra/libkookie/nixpkgs/nixos/tests/uwsgi.nix index 78a87147f55c..7f4945a88030 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/uwsgi.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/uwsgi.nix @@ -33,6 +33,6 @@ import ./make-test-python.nix ({ pkgs, ... }: machine.wait_for_unit("multi-user.target") machine.wait_for_unit("uwsgi.service") machine.wait_for_open_port(8000) - assert "Hello World" in machine.succeed("curl -v 127.0.0.1:8000") + assert "Hello World" in machine.succeed("curl -fv 127.0.0.1:8000") ''; }) diff --git a/infra/libkookie/nixpkgs/nixos/tests/vector.nix b/infra/libkookie/nixpkgs/nixos/tests/vector.nix new file mode 100644 index 000000000000..e96c3ad152f3 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/vector.nix @@ -0,0 +1,37 @@ +{ system ? builtins.currentSystem, config ? { } +, pkgs ? import ../.. { inherit system config; } }: + +with import ../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; + +{ + test1 = makeTest { + name = "vector-test1"; + meta.maintainers = [ pkgs.stdenv.lib.maintainers.happysalada ]; + + machine = { config, pkgs, ... }: { + services.vector = { + enable = true; + journaldAccess = true; + settings = { + sources.journald.type = "journald"; + + sinks = { + file = { + type = "file"; + inputs = [ "journald" ]; + path = "/var/lib/vector/logs.log"; + encoding = { codec = "ndjson"; }; + }; + }; + }; + }; + }; + + # ensure vector is forwarding the messages appropriately + testScript = '' + machine.wait_for_unit("vector.service") + machine.succeed("test -f /var/lib/vector/logs.log") + ''; + }; +} diff --git a/infra/libkookie/nixpkgs/nixos/tests/victoriametrics.nix b/infra/libkookie/nixpkgs/nixos/tests/victoriametrics.nix index 73ef8b728615..fff8d7005da1 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/victoriametrics.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/victoriametrics.nix @@ -19,9 +19,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { # write some points and run simple query out = one.succeed( - "curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'http://localhost:8428/write'" + "curl -f -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'http://localhost:8428/write'" + ) + cmd = ( + """curl -f -s -G 'http://localhost:8428/api/v1/export' -d 'match={__name__!=""}'""" ) - cmd = """curl -s -G 'http://localhost:8428/api/v1/export' -d 'match={__name__!=""}'""" # data takes a while to appear one.wait_until_succeeds(f"[[ $({cmd} | wc -l) -ne 0 ]]") out = one.succeed(cmd) diff --git a/infra/libkookie/nixpkgs/nixos/tests/virtualbox.nix b/infra/libkookie/nixpkgs/nixos/tests/virtualbox.nix index 0d9eafa4a20f..900ee610a70b 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/virtualbox.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/virtualbox.nix @@ -24,7 +24,7 @@ let miniInit = '' #!${pkgs.runtimeShell} -xe - export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.utillinux ]}" + export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.util-linux ]}" mkdir -p /run/dbus cat > /etc/passwd <<EOF @@ -72,7 +72,7 @@ let boot.initrd.extraUtilsCommands = '' copy_bin_and_libs "${guestAdditions}/bin/mount.vboxsf" - copy_bin_and_libs "${pkgs.utillinux}/bin/unshare" + copy_bin_and_libs "${pkgs.util-linux}/bin/unshare" ${(attrs.extraUtilsCommands or (const "")) pkgs} ''; @@ -122,7 +122,7 @@ let "$diskImage" "$out/disk.vdi" ''; - buildInputs = [ pkgs.utillinux pkgs.perl ]; + buildInputs = [ pkgs.util-linux pkgs.perl ]; } '' ${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos ${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s diff --git a/infra/libkookie/nixpkgs/nixos/tests/web-servers/unit-php.nix b/infra/libkookie/nixpkgs/nixos/tests/web-servers/unit-php.nix index 2a0a5bdaa5d5..033036ee7667 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/web-servers/unit-php.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/web-servers/unit-php.nix @@ -47,7 +47,7 @@ in { machine.wait_for_unit("unit.service") # Check so we get an evaluated PHP back - response = machine.succeed("curl -vvv -s http://127.0.0.1:9074/") + response = machine.succeed("curl -f -vvv -s http://127.0.0.1:9074/") assert "PHP Version ${pkgs.unit.usedPhp74.version}" in response, "PHP version not detected" # Check so we have database and some other extensions loaded diff --git a/infra/libkookie/nixpkgs/nixos/tests/wordpress.nix b/infra/libkookie/nixpkgs/nixos/tests/wordpress.nix index b7449859f7e6..5d740502bb57 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/wordpress.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/wordpress.nix @@ -40,7 +40,7 @@ import ./make-test-python.nix ({ pkgs, ... }: with subtest("website returns welcome screen"): for site_name in site_names: - assert "Welcome to the famous" in machine.succeed(f"curl -L {site_name}") + assert "Welcome to the famous" in machine.succeed(f"curl -fL {site_name}") with subtest("wordpress-init went through"): for site_name in site_names: diff --git a/infra/libkookie/nixpkgs/nixos/tests/xterm.nix b/infra/libkookie/nixpkgs/nixos/tests/xterm.nix new file mode 100644 index 000000000000..9f30543bf385 --- /dev/null +++ b/infra/libkookie/nixpkgs/nixos/tests/xterm.nix @@ -0,0 +1,23 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "xterm"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { pkgs, ... }: + { + imports = [ ./common/x11.nix ]; + services.xserver.desktopManager.xterm.enable = false; + }; + + testScript = + '' + machine.wait_for_x() + machine.succeed("DISPLAY=:0 xterm -title testterm -class testterm -fullscreen &") + machine.sleep(2) + machine.send_chars("echo $XTERM_VERSION >> /tmp/xterm_version\n") + machine.wait_for_file("/tmp/xterm_version") + assert "${pkgs.xterm.version}" in machine.succeed("cat /tmp/xterm_version") + machine.screenshot("window") + ''; +}) diff --git a/infra/libkookie/nixpkgs/nixos/tests/zfs.nix b/infra/libkookie/nixpkgs/nixos/tests/zfs.nix index 87e6c900c98e..e05cd540227a 100644 --- a/infra/libkookie/nixpkgs/nixos/tests/zfs.nix +++ b/infra/libkookie/nixpkgs/nixos/tests/zfs.nix @@ -18,7 +18,7 @@ let maintainers = [ adisbladis ]; }; - machine = { pkgs, ... }: { + machine = { pkgs, lib, ... }: { virtualisation.emptyDiskImages = [ 4096 ]; networking.hostId = "deadbeef"; boot.kernelPackages = kernelPackage; @@ -26,6 +26,24 @@ let boot.zfs.enableUnstable = enableUnstable; environment.systemPackages = [ pkgs.parted ]; + + # Setup regular fileSystems machinery to ensure forceImportAll can be + # tested via the regular service units. + fileSystems = lib.mkVMOverride { + "/forcepool" = { + device = "forcepool"; + fsType = "zfs"; + options = [ "noauto" ]; + }; + }; + + # forcepool doesn't exist at first boot, and we need to manually test + # the import after tweaking the hostId. + systemd.services.zfs-import-forcepool.wantedBy = lib.mkVMOverride []; + systemd.targets.zfs.wantedBy = lib.mkVMOverride []; + boot.zfs.forceImportAll = true; + # /dev/disk/by-id doesn't get populated in the NixOS test framework + boot.zfs.devNodes = "/dev/disk/by-uuid"; }; testScript = '' @@ -57,6 +75,21 @@ let "zpool destroy rpool", "udevadm settle", ) + + with subtest("boot.zfs.forceImportAll works"): + machine.succeed( + "rm /etc/hostid", + "zgenhostid deadcafe", + "zpool create forcepool /dev/vdb1 -O mountpoint=legacy", + ) + machine.shutdown() + machine.start() + machine.succeed("udevadm settle") + machine.fail("zpool import forcepool") + machine.succeed( + "systemctl start zfs-import-forcepool.service", + "mount -t zfs forcepool /tmp/mnt", + ) '' + extraTest; }; |