diff options
Diffstat (limited to 'nixpkgs/nixos/tests')
21 files changed, 474 insertions, 93 deletions
diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index 0acded892c7..796c626f3dd 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -27,6 +27,7 @@ in atd = handleTest ./atd.nix {}; avahi = handleTest ./avahi.nix {}; babeld = handleTest ./babeld.nix {}; + bazarr = handleTest ./bazarr.nix {}; bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64 beanstalkd = handleTest ./beanstalkd.nix {}; bees = handleTest ./bees.nix {}; @@ -69,6 +70,7 @@ in deluge = handleTest ./deluge.nix {}; dhparams = handleTest ./dhparams.nix {}; dnscrypt-proxy2 = handleTestOn ["x86_64-linux"] ./dnscrypt-proxy2.nix {}; + dnscrypt-wrapper = handleTestOn ["x86_64-linux"] ./dnscrypt-wrapper {}; doas = handleTest ./doas.nix {}; docker = handleTestOn ["x86_64-linux"] ./docker.nix {}; oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {}; @@ -86,8 +88,10 @@ in ecryptfs = handleTest ./ecryptfs.nix {}; ejabberd = handleTest ./xmpp/ejabberd.nix {}; elk = handleTestOn ["x86_64-linux"] ./elk.nix {}; + engelsystem = handleTest ./engelsystem.nix {}; enlightenment = handleTest ./enlightenment.nix {}; env = handleTest ./env.nix {}; + ergo = handleTest ./ergo.nix {}; etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; etcd-cluster = handleTestOn ["x86_64-linux"] ./etcd-cluster.nix {}; fancontrol = handleTest ./fancontrol.nix {}; @@ -132,6 +136,7 @@ in hitch = handleTest ./hitch {}; hocker-fetchdocker = handleTest ./hocker-fetchdocker {}; home-assistant = handleTest ./home-assistant.nix {}; + hostname = handleTest ./hostname.nix {}; hound = handleTest ./hound.nix {}; hydra = handleTest ./hydra {}; hydra-db-migration = handleTest ./hydra/db-migration.nix {}; @@ -292,6 +297,7 @@ in slurm = handleTest ./slurm.nix {}; smokeping = handleTest ./smokeping.nix {}; snapper = handleTest ./snapper.nix {}; + sogo = handleTest ./sogo.nix {}; solr = handleTest ./solr.nix {}; spacecookie = handleTest ./spacecookie.nix {}; spike = handleTest ./spike.nix {}; @@ -335,10 +341,7 @@ in vault = handleTest ./vault.nix {}; victoriametrics = handleTest ./victoriametrics.nix {}; virtualbox = handleTestOn ["x86_64-linux"] ./virtualbox.nix {}; - wg-quick = handleTest ./wireguard/wg-quick.nix {}; wireguard = handleTest ./wireguard {}; - wireguard-generated = handleTest ./wireguard/generated.nix {}; - wireguard-namespaces = handleTest ./wireguard/namespaces.nix {}; wordpress = handleTest ./wordpress.nix {}; xandikos = handleTest ./xandikos.nix {}; xautolock = handleTest ./xautolock.nix {}; diff --git a/nixpkgs/nixos/tests/bazarr.nix b/nixpkgs/nixos/tests/bazarr.nix new file mode 100644 index 00000000000..b8cd8ef38b4 --- /dev/null +++ b/nixpkgs/nixos/tests/bazarr.nix @@ -0,0 +1,26 @@ +import ./make-test-python.nix ({ lib, ... }: + +with lib; + +let + port = 42069; +in +{ + name = "bazarr"; + meta.maintainers = with maintainers; [ xwvvvvwx ]; + + nodes.machine = + { pkgs, ... }: + { + services.bazarr = { + enable = true; + listenPort = port; + }; + }; + + testScript = '' + machine.wait_for_unit("bazarr.service") + machine.wait_for_open_port("${toString port}") + machine.succeed("curl --fail http://localhost:${toString port}/") + ''; +}) diff --git a/nixpkgs/nixos/tests/dnscrypt-wrapper/default.nix b/nixpkgs/nixos/tests/dnscrypt-wrapper/default.nix new file mode 100644 index 00000000000..1dc925f4de7 --- /dev/null +++ b/nixpkgs/nixos/tests/dnscrypt-wrapper/default.nix @@ -0,0 +1,71 @@ +import ../make-test-python.nix ({ pkgs, ... }: { + name = "dnscrypt-wrapper"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ rnhmjoj ]; + }; + + nodes = { + server = { lib, ... }: + { services.dnscrypt-wrapper = with builtins; + { enable = true; + address = "192.168.1.1"; + keys.expiration = 5; # days + keys.checkInterval = 2; # min + # The keypair was generated by the command: + # dnscrypt-wrapper --gen-provider-keypair \ + # --provider-name=2.dnscrypt-cert.server \ + # --ext-address=192.168.1.1:5353 + providerKey.public = toFile "public.key" (readFile ./public.key); + providerKey.secret = toFile "secret.key" (readFile ./secret.key); + }; + services.tinydns.enable = true; + services.tinydns.data = '' + ..:192.168.1.1:a + +it.works:1.2.3.4 + ''; + networking.firewall.allowedUDPPorts = [ 5353 ]; + networking.firewall.allowedTCPPorts = [ 5353 ]; + networking.interfaces.eth1.ipv4.addresses = lib.mkForce + [ { address = "192.168.1.1"; prefixLength = 24; } ]; + }; + + client = { lib, ... }: + { services.dnscrypt-proxy2.enable = true; + services.dnscrypt-proxy2.settings = { + server_names = [ "server" ]; + static.server.stamp = "sdns://AQAAAAAAAAAAEDE5Mi4xNjguMS4xOjUzNTMgFEHYOv0SCKSuqR5CDYa7-58cCBuXO2_5uTSVU9wNQF0WMi5kbnNjcnlwdC1jZXJ0LnNlcnZlcg"; + }; + networking.nameservers = [ "127.0.0.1" ]; + networking.interfaces.eth1.ipv4.addresses = lib.mkForce + [ { address = "192.168.1.2"; prefixLength = 24; } ]; + }; + + }; + + testScript = '' + start_all() + + with subtest("The server can generate the ephemeral keypair"): + server.wait_for_unit("dnscrypt-wrapper") + server.wait_for_file("/var/lib/dnscrypt-wrapper/2.dnscrypt-cert.server.key") + server.wait_for_file("/var/lib/dnscrypt-wrapper/2.dnscrypt-cert.server.crt") + + with subtest("The client can connect to the server"): + server.wait_for_unit("tinydns") + client.wait_for_unit("dnscrypt-proxy2") + assert "1.2.3.4" in client.succeed( + "host it.works" + ), "The IP address of 'it.works' does not match 1.2.3.4" + + with subtest("The server rotates the ephemeral keys"): + # advance time by a little less than 5 days + server.succeed("date -s \"$(date --date '4 days 6 hours')\"") + client.succeed("date -s \"$(date --date '4 days 6 hours')\"") + server.wait_for_file("/var/lib/dnscrypt-wrapper/oldkeys") + + with subtest("The client can still connect to the server"): + server.wait_for_unit("dnscrypt-wrapper") + client.succeed("host it.works") + ''; +}) + diff --git a/nixpkgs/nixos/tests/dnscrypt-wrapper/public.key b/nixpkgs/nixos/tests/dnscrypt-wrapper/public.key new file mode 100644 index 00000000000..80232b97f52 --- /dev/null +++ b/nixpkgs/nixos/tests/dnscrypt-wrapper/public.key @@ -0,0 +1 @@ +A:B
;o4S
@]
\ No newline at end of file diff --git a/nixpkgs/nixos/tests/dnscrypt-wrapper/secret.key b/nixpkgs/nixos/tests/dnscrypt-wrapper/secret.key new file mode 100644 index 00000000000..01fbf8e08b7 --- /dev/null +++ b/nixpkgs/nixos/tests/dnscrypt-wrapper/secret.key @@ -0,0 +1 @@ +G>Ʃ>(J=lA:B
;o4S
@]
\ No newline at end of file diff --git a/nixpkgs/nixos/tests/engelsystem.nix b/nixpkgs/nixos/tests/engelsystem.nix new file mode 100644 index 00000000000..39c10718093 --- /dev/null +++ b/nixpkgs/nixos/tests/engelsystem.nix @@ -0,0 +1,41 @@ +import ./make-test-python.nix ( + { pkgs, lib, ... }: + { + name = "engelsystem"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ talyz ]; + }; + + nodes.engelsystem = + { ... }: + { + services.engelsystem = { + enable = true; + domain = "engelsystem"; + createDatabase = true; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + environment.systemPackages = with pkgs; [ + xmlstarlet + libxml2 + ]; + }; + + testScript = '' + engelsystem.start() + engelsystem.wait_for_unit("phpfpm-engelsystem.service") + engelsystem.wait_until_succeeds("curl engelsystem/login -sS -f") + engelsystem.succeed( + "curl engelsystem/login -sS -f -c cookie | xmllint -html -xmlout - >login" + ) + engelsystem.succeed( + "xml sel -T -t -m \"html/head/meta[@name='csrf-token']\" -v @content login >token" + ) + engelsystem.succeed( + "curl engelsystem/login -sS -f -b cookie -F 'login=admin' -F 'password=asdfasdf' -F '_token=<token' -L | xmllint -html -xmlout - >news" + ) + engelsystem.succeed( + "test 'News - Engelsystem' = \"$(xml sel -T -t -c html/head/title news)\"" + ) + ''; + }) diff --git a/nixpkgs/nixos/tests/enlightenment.nix b/nixpkgs/nixos/tests/enlightenment.nix index 5fa8d765dd1..0132b98b1cb 100644 --- a/nixpkgs/nixos/tests/enlightenment.nix +++ b/nixpkgs/nixos/tests/enlightenment.nix @@ -41,28 +41,24 @@ import ./make-test-python.nix ({ pkgs, ...} : with subtest("First time wizard"): machine.wait_for_text("Default") # Language - machine.succeed("xdotool mousemove 512 185 click 1") # Default Language machine.screenshot("wizard1") machine.succeed("xdotool mousemove 512 740 click 1") # Next - - machine.wait_for_text("English") # Keyboard (default) machine.screenshot("wizard2") - machine.succeed("xdotool mousemove 512 740 click 1") # Next - machine.wait_for_text("Standard") # Profile (default) + machine.wait_for_text("English") # Keyboard (default) machine.screenshot("wizard3") machine.succeed("xdotool mousemove 512 740 click 1") # Next - machine.wait_for_text("Title") # Sizing (default) + machine.wait_for_text("Standard") # Profile (default) machine.screenshot("wizard4") machine.succeed("xdotool mousemove 512 740 click 1") # Next - machine.wait_for_text("clicked") # Windows Phocus - machine.succeed("xdotool mousemove 512 370 click 1") # Click + machine.wait_for_text("Title") # Sizing (default) machine.screenshot("wizard5") machine.succeed("xdotool mousemove 512 740 click 1") # Next - machine.wait_for_text("bindings") # Mouse Modifiers (default) + machine.wait_for_text("clicked") # Windows Focus + machine.succeed("xdotool mousemove 512 370 click 1") # Click machine.screenshot("wizard6") machine.succeed("xdotool mousemove 512 740 click 1") # Next @@ -74,7 +70,7 @@ import ./make-test-python.nix ({ pkgs, ...} : machine.screenshot("wizard8") machine.succeed("xdotool mousemove 512 740 click 1") # Next - machine.wait_for_text("Compositing") # Compositing (default) + machine.wait_for_text("OpenGL") # Compositing (default) machine.screenshot("wizard9") machine.succeed("xdotool mousemove 512 740 click 1") # Next diff --git a/nixpkgs/nixos/tests/ergo.nix b/nixpkgs/nixos/tests/ergo.nix new file mode 100644 index 00000000000..8cdbbf62a95 --- /dev/null +++ b/nixpkgs/nixos/tests/ergo.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "ergo"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ mmahut ]; + }; + + nodes = { + machine = { ... }: { + services.ergo.enable = true; + services.ergo.api.keyHash = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf"; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("ergo.service") + ''; +}) diff --git a/nixpkgs/nixos/tests/haproxy.nix b/nixpkgs/nixos/tests/haproxy.nix index 79f34b07faf..ffb77c052a2 100644 --- a/nixpkgs/nixos/tests/haproxy.nix +++ b/nixpkgs/nixos/tests/haproxy.nix @@ -43,5 +43,13 @@ import ./make-test-python.nix ({ pkgs, ...}: { assert "haproxy_process_pool_allocated_bytes" in machine.succeed( "curl -k http://localhost:80/metrics" ) + + with subtest("reload"): + machine.succeed("systemctl reload haproxy") + # wait some time to ensure the following request hits the reloaded haproxy + machine.sleep(5) + assert "We are all good!" in machine.succeed( + "curl -k http://localhost:80/index.txt" + ) ''; }) diff --git a/nixpkgs/nixos/tests/home-assistant.nix b/nixpkgs/nixos/tests/home-assistant.nix index 80dca43f1f3..3365e74ba83 100644 --- a/nixpkgs/nixos/tests/home-assistant.nix +++ b/nixpkgs/nixos/tests/home-assistant.nix @@ -76,7 +76,7 @@ in { hass.succeed("test -f ${configDir}/ui-lovelace.yaml") with subtest("Check that Home Assistant's web interface and API can be reached"): hass.wait_for_open_port(8123) - hass.succeed("curl --fail http://localhost:8123/states") + hass.succeed("curl --fail http://localhost:8123/lovelace") assert "API running" in hass.succeed( "curl --fail -H 'x-ha-access: ${apiPassword}' http://localhost:8123/api/" ) diff --git a/nixpkgs/nixos/tests/hostname.nix b/nixpkgs/nixos/tests/hostname.nix new file mode 100644 index 00000000000..3b87303d73e --- /dev/null +++ b/nixpkgs/nixos/tests/hostname.nix @@ -0,0 +1,66 @@ +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; + +let + makeHostNameTest = hostName: domain: + let + fqdn = hostName + (optionalString (domain != null) ".${domain}"); + in + makeTest { + name = "hostname-${fqdn}"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ primeos blitz ]; + }; + + machine = { lib, ... }: { + networking.hostName = hostName; + networking.domain = domain; + + environment.systemPackages = with pkgs; [ + inetutils + ]; + }; + + testScript = '' + start_all() + + machine = ${hostName} + + machine.wait_for_unit("network-online.target") + + # The FQDN, domain name, and hostname detection should work as expected: + assert "${fqdn}" == machine.succeed("hostname --fqdn").strip() + assert "${optionalString (domain != null) domain}" == machine.succeed("dnsdomainname").strip() + assert ( + "${hostName}" + == machine.succeed( + 'hostnamectl status | grep "Static hostname" | cut -d: -f2' + ).strip() + ) + + # 127.0.0.1 and ::1 should resolve back to "localhost": + assert ( + "localhost" == machine.succeed("getent hosts 127.0.0.1 | awk '{print $2}'").strip() + ) + assert "localhost" == machine.succeed("getent hosts ::1 | awk '{print $2}'").strip() + + # 127.0.0.2 should resolve back to the FQDN and hostname: + fqdn_and_host_name = "${optionalString (domain != null) "${hostName}.${domain} "}${hostName}" + assert ( + fqdn_and_host_name + == machine.succeed("getent hosts 127.0.0.2 | awk '{print $2,$3}'").strip() + ) + ''; + }; + +in +{ + noExplicitDomain = makeHostNameTest "ahost" null; + + explicitDomain = makeHostNameTest "ahost" "adomain"; +} diff --git a/nixpkgs/nixos/tests/nextcloud/basic.nix b/nixpkgs/nixos/tests/nextcloud/basic.nix index 92ac5c46e8f..9cbecf01f57 100644 --- a/nixpkgs/nixos/tests/nextcloud/basic.nix +++ b/nixpkgs/nixos/tests/nextcloud/basic.nix @@ -9,7 +9,22 @@ in { nodes = { # The only thing the client needs to do is download a file. - client = { ... }: {}; + client = { ... }: { + services.davfs2.enable = true; + system.activationScripts.davfs2-secrets = '' + echo "http://nextcloud/remote.php/webdav/ ${adminuser} ${adminpass}" > /tmp/davfs2-secrets + chmod 600 /tmp/davfs2-secrets + ''; + fileSystems = pkgs.lib.mkVMOverride { + "/mnt/dav" = { + device = "http://nextcloud/remote.php/webdav/"; + fsType = "davfs"; + options = let + davfs2Conf = (pkgs.writeText "davfs2.conf" "secrets /tmp/davfs2-secrets"); + in [ "conf=${davfs2Conf}" "x-systemd.automount" "noauto"]; + }; + }; + }; nextcloud = { config, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 80 ]; @@ -60,5 +75,6 @@ in { client.succeed( "${withRcloneEnv} ${diffSharedFile}" ) + assert "hi" in client.succeed("cat /mnt/dav/test-shared-file") ''; }) diff --git a/nixpkgs/nixos/tests/podman.nix b/nixpkgs/nixos/tests/podman.nix index 283db71d9a4..9134a68ff38 100644 --- a/nixpkgs/nixos/tests/podman.nix +++ b/nixpkgs/nixos/tests/podman.nix @@ -38,23 +38,45 @@ import ./make-test-python.nix ( start_all() - with subtest("Run container as root"): + with subtest("Run container as root with runc"): podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") podman.succeed( - "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" ) podman.succeed("podman ps | grep sleeping") podman.succeed("podman stop sleeping") + podman.succeed("podman rm sleeping") - with subtest("Run container rootless"): + with subtest("Run container as root with crun"): + podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") + podman.succeed( + "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + ) + podman.succeed("podman ps | grep sleeping") + podman.succeed("podman stop sleeping") + podman.succeed("podman rm sleeping") + + with subtest("Run container rootless with runc"): + podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) + podman.succeed( + su_cmd( + "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + ) + ) + podman.succeed(su_cmd("podman ps | grep sleeping")) + podman.succeed(su_cmd("podman stop sleeping")) + podman.succeed(su_cmd("podman rm sleeping")) + + with subtest("Run container rootless with crun"): podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) podman.succeed( su_cmd( - "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" ) ) podman.succeed(su_cmd("podman ps | grep sleeping")) podman.succeed(su_cmd("podman stop sleeping")) + podman.succeed(su_cmd("podman rm sleeping")) ''; } ) diff --git a/nixpkgs/nixos/tests/sogo.nix b/nixpkgs/nixos/tests/sogo.nix new file mode 100644 index 00000000000..016331a9eed --- /dev/null +++ b/nixpkgs/nixos/tests/sogo.nix @@ -0,0 +1,58 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "sogo"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ajs124 das_j ]; + }; + + nodes = { + sogo = { config, pkgs, ... }: { + services.nginx.enable = true; + + services.mysql = { + enable = true; + package = pkgs.mysql; + ensureDatabases = [ "sogo" ]; + ensureUsers = [{ + name = "sogo"; + ensurePermissions = { + "sogo.*" = "ALL PRIVILEGES"; + }; + }]; + }; + + services.sogo = { + enable = true; + timezone = "Europe/Berlin"; + extraConfig = '' + WOWorkersCount = 1; + + SOGoUserSources = ( + { + type = sql; + userPasswordAlgorithm = md5; + viewURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_users"; + canAuthenticate = YES; + id = users; + } + ); + + SOGoProfileURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_user_profile"; + OCSFolderInfoURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_folder_info"; + OCSSessionsFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_sessions_folder"; + OCSEMailAlarmsFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_alarms_folder"; + OCSStoreURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_store"; + OCSAclURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_acl"; + OCSCacheFolderURL = "mysql://sogo@%2Frun%2Fmysqld%2Fmysqld.sock/sogo/sogo_cache_folder"; + ''; + }; + }; + }; + + testScript = '' + start_all() + sogo.wait_for_unit("multi-user.target") + sogo.wait_for_open_port(20000) + sogo.wait_for_open_port(80) + sogo.succeed("curl -sSfL http://sogo/SOGo") + ''; +}) diff --git a/nixpkgs/nixos/tests/web-servers/unit-php.nix b/nixpkgs/nixos/tests/web-servers/unit-php.nix index c6327a1f825..2a0a5bdaa5d 100644 --- a/nixpkgs/nixos/tests/web-servers/unit-php.nix +++ b/nixpkgs/nixos/tests/web-servers/unit-php.nix @@ -23,7 +23,10 @@ in { "user": "testuser", "group": "testgroup", "root": "${testdir}/www", - "index": "info.php" + "index": "info.php", + "options": { + "file": "${pkgs.unit.usedPhp74}/lib/php.ini" + } } } } @@ -42,6 +45,13 @@ in { }; testScript = '' machine.wait_for_unit("unit.service") - assert "PHP Version ${pkgs.php74.version}" in machine.succeed("curl -vvv -s http://127.0.0.1:9074/") + + # Check so we get an evaluated PHP back + response = machine.succeed("curl -vvv -s http://127.0.0.1:9074/") + assert "PHP Version ${pkgs.unit.usedPhp74.version}" in response, "PHP version not detected" + + # Check so we have database and some other extensions loaded + for ext in ["json", "opcache", "pdo_mysql", "pdo_pgsql", "pdo_sqlite"]: + assert ext in response, f"Missing {ext} extension" ''; }) diff --git a/nixpkgs/nixos/tests/wireguard/basic.nix b/nixpkgs/nixos/tests/wireguard/basic.nix new file mode 100644 index 00000000000..25d706ae2e5 --- /dev/null +++ b/nixpkgs/nixos/tests/wireguard/basic.nix @@ -0,0 +1,74 @@ +{ kernelPackages ? null }: +import ../make-test-python.nix ({ pkgs, lib, ...} : + let + wg-snakeoil-keys = import ./snakeoil-keys.nix; + peer = (import ./make-peer.nix) { inherit lib; }; + in + { + name = "wireguard"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ ma27 ]; + }; + + nodes = { + peer0 = peer { + ip4 = "192.168.0.1"; + ip6 = "fd00::1"; + extraConfig = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; + networking.firewall.allowedUDPPorts = [ 23542 ]; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.1/32" "fc00::1/128" ]; + listenPort = 23542; + + inherit (wg-snakeoil-keys.peer0) privateKey; + + peers = lib.singleton { + allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; + + inherit (wg-snakeoil-keys.peer1) publicKey; + }; + }; + }; + }; + + peer1 = peer { + ip4 = "192.168.0.2"; + ip6 = "fd00::2"; + extraConfig = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; + networking.wireguard.interfaces.wg0 = { + ips = [ "10.23.42.2/32" "fc00::2/128" ]; + listenPort = 23542; + allowedIPsAsRoutes = false; + + inherit (wg-snakeoil-keys.peer1) privateKey; + + peers = lib.singleton { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "192.168.0.1:23542"; + persistentKeepalive = 25; + + inherit (wg-snakeoil-keys.peer0) publicKey; + }; + + postSetup = let inherit (pkgs) iproute; in '' + ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 + ${iproute}/bin/ip route replace fc00::1/128 dev wg0 + ''; + }; + }; + }; + }; + + testScript = '' + start_all() + + peer0.wait_for_unit("wireguard-wg0.service") + peer1.wait_for_unit("wireguard-wg0.service") + + peer1.succeed("ping -c5 fc00::1") + peer1.succeed("ping -c5 10.23.42.1") + ''; + } +) diff --git a/nixpkgs/nixos/tests/wireguard/default.nix b/nixpkgs/nixos/tests/wireguard/default.nix index e3bc31c600f..dedb321ff2e 100644 --- a/nixpkgs/nixos/tests/wireguard/default.nix +++ b/nixpkgs/nixos/tests/wireguard/default.nix @@ -1,71 +1,27 @@ -import ../make-test-python.nix ({ pkgs, lib, ...} : - let - wg-snakeoil-keys = import ./snakeoil-keys.nix; - peer = (import ./make-peer.nix) { inherit lib; }; - in - { - name = "wireguard"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ ma27 ]; - }; - - nodes = { - peer0 = peer { - ip4 = "192.168.0.1"; - ip6 = "fd00::1"; - extraConfig = { - networking.firewall.allowedUDPPorts = [ 23542 ]; - networking.wireguard.interfaces.wg0 = { - ips = [ "10.23.42.1/32" "fc00::1/128" ]; - listenPort = 23542; - - inherit (wg-snakeoil-keys.peer0) privateKey; - - peers = lib.singleton { - allowedIPs = [ "10.23.42.2/32" "fc00::2/128" ]; - - inherit (wg-snakeoil-keys.peer1) publicKey; - }; - }; - }; - }; - - peer1 = peer { - ip4 = "192.168.0.2"; - ip6 = "fd00::2"; - extraConfig = { - networking.wireguard.interfaces.wg0 = { - ips = [ "10.23.42.2/32" "fc00::2/128" ]; - listenPort = 23542; - allowedIPsAsRoutes = false; - - inherit (wg-snakeoil-keys.peer1) privateKey; - - peers = lib.singleton { - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "192.168.0.1:23542"; - persistentKeepalive = 25; - - inherit (wg-snakeoil-keys.peer0) publicKey; - }; - - postSetup = let inherit (pkgs) iproute; in '' - ${iproute}/bin/ip route replace 10.23.42.1/32 dev wg0 - ${iproute}/bin/ip route replace fc00::1/128 dev wg0 - ''; - }; - }; - }; - }; - - testScript = '' - start_all() - - peer0.wait_for_unit("wireguard-wg0.service") - peer1.wait_for_unit("wireguard-wg0.service") - - peer1.succeed("ping -c5 fc00::1") - peer1.succeed("ping -c5 10.23.42.1") - ''; - } +{ system ? builtins.currentSystem +, config ? { } +, pkgs ? import ../../.. { inherit system config; } +, kernelVersionsToTest ? [ "5.4" "latest" ] +}: + +with pkgs.lib; + +let + tests = let callTest = p: flip (import p) { inherit system pkgs; }; in { + basic = callTest ./basic.nix; + namespaces = callTest ./namespaces.nix; + wg-quick = callTest ./wg-quick.nix; + generated = callTest ./generated.nix; + }; +in + +listToAttrs ( + flip concatMap kernelVersionsToTest (version: + let + v' = replaceStrings [ "." ] [ "_" ] version; + in + flip mapAttrsToList tests (name: test: + nameValuePair "wireguard-${name}-linux-${v'}" (test { kernelPackages = pkgs."linuxPackages_${v'}"; }) + ) + ) ) diff --git a/nixpkgs/nixos/tests/wireguard/generated.nix b/nixpkgs/nixos/tests/wireguard/generated.nix index a29afd2d466..cdf15483265 100644 --- a/nixpkgs/nixos/tests/wireguard/generated.nix +++ b/nixpkgs/nixos/tests/wireguard/generated.nix @@ -1,4 +1,5 @@ -import ../make-test-python.nix ({ pkgs, ...} : { +{ kernelPackages ? null }: +import ../make-test-python.nix ({ pkgs, lib, ... } : { name = "wireguard-generated"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ ma27 grahamc ]; @@ -6,6 +7,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { nodes = { peer1 = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.firewall.allowedUDPPorts = [ 12345 ]; networking.wireguard.interfaces.wg0 = { ips = [ "10.10.10.1/24" ]; @@ -17,6 +19,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { }; peer2 = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.firewall.allowedUDPPorts = [ 12345 ]; networking.wireguard.interfaces.wg0 = { ips = [ "10.10.10.2/24" ]; diff --git a/nixpkgs/nixos/tests/wireguard/namespaces.nix b/nixpkgs/nixos/tests/wireguard/namespaces.nix index c8a4e3bb52a..c47175ceafc 100644 --- a/nixpkgs/nixos/tests/wireguard/namespaces.nix +++ b/nixpkgs/nixos/tests/wireguard/namespaces.nix @@ -1,3 +1,5 @@ +{ kernelPackages ? null }: + let listenPort = 12345; socketNamespace = "foo"; @@ -13,7 +15,7 @@ let in -import ../make-test-python.nix ({ pkgs, ...} : { +import ../make-test-python.nix ({ pkgs, lib, ... } : { name = "wireguard-with-namespaces"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ asymmetric ]; @@ -23,6 +25,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { # interface should be created in the socketNamespace # and not moved from there peer0 = pkgs.lib.attrsets.recursiveUpdate node { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wireguard.interfaces.wg0 = { preSetup = '' ip netns add ${socketNamespace} @@ -33,6 +36,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { # interface should be created in the init namespace # and moved to the interfaceNamespace peer1 = pkgs.lib.attrsets.recursiveUpdate node { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wireguard.interfaces.wg0 = { preSetup = '' ip netns add ${interfaceNamespace} @@ -43,6 +47,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { # interface should be created in the socketNamespace # and moved to the interfaceNamespace peer2 = pkgs.lib.attrsets.recursiveUpdate node { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wireguard.interfaces.wg0 = { preSetup = '' ip netns add ${socketNamespace} @@ -54,6 +59,7 @@ import ../make-test-python.nix ({ pkgs, ...} : { # interface should be created in the socketNamespace # and moved to the init namespace peer3 = pkgs.lib.attrsets.recursiveUpdate node { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wireguard.interfaces.wg0 = { preSetup = '' ip netns add ${socketNamespace} diff --git a/nixpkgs/nixos/tests/wireguard/wg-quick.nix b/nixpkgs/nixos/tests/wireguard/wg-quick.nix index 7354dd01a34..5472d21cd1e 100644 --- a/nixpkgs/nixos/tests/wireguard/wg-quick.nix +++ b/nixpkgs/nixos/tests/wireguard/wg-quick.nix @@ -1,3 +1,5 @@ +{ kernelPackages ? null }: + import ../make-test-python.nix ({ pkgs, lib, ... }: let wg-snakeoil-keys = import ./snakeoil-keys.nix; @@ -14,6 +16,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: ip4 = "192.168.0.1"; ip6 = "fd00::1"; extraConfig = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.firewall.allowedUDPPorts = [ 23542 ]; networking.wg-quick.interfaces.wg0 = { address = [ "10.23.42.1/32" "fc00::1/128" ]; @@ -34,6 +37,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: ip4 = "192.168.0.2"; ip6 = "fd00::2"; extraConfig = { + boot = lib.mkIf (kernelPackages != null) { inherit kernelPackages; }; networking.wg-quick.interfaces.wg0 = { address = [ "10.23.42.2/32" "fc00::2/128" ]; inherit (wg-snakeoil-keys.peer1) privateKey; diff --git a/nixpkgs/nixos/tests/yggdrasil.nix b/nixpkgs/nixos/tests/yggdrasil.nix index 468fcf67127..9ceb7974733 100644 --- a/nixpkgs/nixos/tests/yggdrasil.nix +++ b/nixpkgs/nixos/tests/yggdrasil.nix @@ -85,6 +85,7 @@ in import ./make-test-python.nix ({ pkgs, ...} : { MulticastInterfaces = [ "eth1" ]; LinkLocalTCPPort = 43210; }; + persistentKeys = true; }; }; }; |