diff options
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/all-tests.nix | 7 | ||||
| -rw-r--r-- | nixos/tests/codimd.nix | 60 | ||||
| -rw-r--r-- | nixos/tests/docker-tools.nix | 7 | ||||
| -rw-r--r-- | nixos/tests/dovecot.nix | 7 | ||||
| -rw-r--r-- | nixos/tests/git/hub.nix | 17 | ||||
| -rw-r--r-- | nixos/tests/grafana.nix | 14 | ||||
| -rw-r--r-- | nixos/tests/hedgedoc.nix | 60 | ||||
| -rw-r--r-- | nixos/tests/image-contents.nix | 51 | ||||
| -rw-r--r-- | nixos/tests/kafka.nix | 9 | ||||
| -rw-r--r-- | nixos/tests/login.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/loki.nix | 4 | ||||
| -rw-r--r-- | nixos/tests/opentabletdriver.nix | 27 | ||||
| -rw-r--r-- | nixos/tests/postgresql-wal-receiver.nix | 16 | ||||
| -rw-r--r-- | nixos/tests/prometheus-exporters.nix | 122 | ||||
| -rw-r--r-- | nixos/tests/prometheus.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/ripgrep.nix | 13 | ||||
| -rw-r--r-- | nixos/tests/shadow.nix | 116 | ||||
| -rw-r--r-- | nixos/tests/systemd-boot.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/tor.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/uwsgi.nix | 18 |
20 files changed, 467 insertions, 88 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index f1ca1dfe02ed..d53c6f6511e3 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -63,7 +63,6 @@ in clickhouse = handleTest ./clickhouse.nix {}; cloud-init = handleTest ./cloud-init.nix {}; cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {}; - codimd = handleTest ./codimd.nix {}; consul = handleTest ./consul.nix {}; containers-bridge = handleTest ./containers-bridge.nix {}; containers-custom-pkgs.nix = handleTest ./containers-custom-pkgs.nix {}; @@ -147,6 +146,7 @@ in handbrake = handleTestOn ["x86_64-linux"] ./handbrake.nix {}; haproxy = handleTest ./haproxy.nix {}; hardened = handleTest ./hardened.nix {}; + hedgedoc = handleTest ./hedgedoc.nix {}; installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {}); oci-containers = handleTestOn ["x86_64-linux"] ./oci-containers.nix {}; # 9pnet_virtio used to mount /nix partition doesn't support @@ -158,6 +158,7 @@ in home-assistant = handleTest ./home-assistant.nix {}; hostname = handleTest ./hostname.nix {}; hound = handleTest ./hound.nix {}; + hub = handleTest ./git/hub.nix {}; hydra = handleTest ./hydra {}; i3wm = handleTest ./i3wm.nix {}; icingaweb2 = handleTest ./icingaweb2.nix {}; @@ -281,6 +282,8 @@ in openssh = handleTest ./openssh.nix {}; openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {}; openstack-image-userdata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).userdata or {}; + opentabletdriver = handleTest ./opentabletdriver.nix {}; + image-contents = handleTest ./image-contents.nix {}; orangefs = handleTest ./orangefs.nix {}; os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {}; osrm-backend = handleTest ./osrm-backend.nix {}; @@ -324,6 +327,7 @@ in redis = handleTest ./redis.nix {}; redmine = handleTest ./redmine.nix {}; restic = handleTest ./restic.nix {}; + ripgrep = handleTest ./ripgrep.nix {}; robustirc-bridge = handleTest ./robustirc-bridge.nix {}; roundcube = handleTest ./roundcube.nix {}; rspamd = handleTest ./rspamd.nix {}; @@ -339,6 +343,7 @@ in scala = handleTest ./scala.nix {}; sddm = handleTest ./sddm.nix {}; service-runner = handleTest ./service-runner.nix {}; + shadow = handleTest ./shadow.nix {}; shadowsocks = handleTest ./shadowsocks {}; shattered-pixel-dungeon = handleTest ./shattered-pixel-dungeon.nix {}; shiori = handleTest ./shiori.nix {}; diff --git a/nixos/tests/codimd.nix b/nixos/tests/codimd.nix deleted file mode 100644 index aa581dfeb584..000000000000 --- a/nixos/tests/codimd.nix +++ /dev/null @@ -1,60 +0,0 @@ -import ./make-test-python.nix ({ pkgs, lib, ... }: -{ - name = "codimd"; - - meta = with lib.maintainers; { - maintainers = [ willibutz ]; - }; - - nodes = { - codimdSqlite = { ... }: { - services = { - codimd = { - enable = true; - configuration.dbURL = "sqlite:///var/lib/codimd/codimd.db"; - }; - }; - }; - - codimdPostgres = { ... }: { - systemd.services.codimd.after = [ "postgresql.service" ]; - services = { - codimd = { - enable = true; - configuration.dbURL = "postgres://codimd:\${DB_PASSWORD}@localhost:5432/codimddb"; - - /* - * Do not use pkgs.writeText for secrets as - * they will end up in the world-readable Nix store. - */ - environmentFile = pkgs.writeText "codimd-env" '' - DB_PASSWORD=snakeoilpassword - ''; - }; - postgresql = { - enable = true; - initialScript = pkgs.writeText "pg-init-script.sql" '' - CREATE ROLE codimd LOGIN PASSWORD 'snakeoilpassword'; - CREATE DATABASE codimddb OWNER codimd; - ''; - }; - }; - }; - }; - - testScript = '' - start_all() - - with subtest("CodiMD sqlite"): - codimdSqlite.wait_for_unit("codimd.service") - codimdSqlite.wait_for_open_port(3000) - codimdSqlite.wait_until_succeeds("curl -sSf http://localhost:3000/new") - - with subtest("CodiMD postgres"): - codimdPostgres.wait_for_unit("postgresql.service") - codimdPostgres.wait_for_unit("codimd.service") - codimdPostgres.wait_for_open_port(5432) - codimdPostgres.wait_for_open_port(3000) - codimdPostgres.wait_until_succeeds("curl -sSf http://localhost:3000/new") - ''; -}) diff --git a/nixos/tests/docker-tools.nix b/nixos/tests/docker-tools.nix index 8402ba68b720..369ef94f9fad 100644 --- a/nixos/tests/docker-tools.nix +++ b/nixos/tests/docker-tools.nix @@ -247,5 +247,12 @@ import ./make-test-python.nix ({ pkgs, ... }: { ).strip() == "${if pkgs.system == "aarch64-linux" then "amd64" else "arm64"}" ) + + with subtest("buildLayeredImage doesn't dereference /nix/store symlink layers"): + docker.succeed( + "docker load --input='${examples.layeredStoreSymlink}'", + "docker run --rm ${examples.layeredStoreSymlink.imageName} bash -c 'test -L ${examples.layeredStoreSymlink.passthru.symlink}'", + "docker rmi ${examples.layeredStoreSymlink.imageName}", + ) ''; }) diff --git a/nixos/tests/dovecot.nix b/nixos/tests/dovecot.nix index bcbe234fd805..1129e3b45d9d 100644 --- a/nixos/tests/dovecot.nix +++ b/nixos/tests/dovecot.nix @@ -4,8 +4,11 @@ import ./make-test-python.nix { machine = { pkgs, ... }: { imports = [ common/user-account.nix ]; services.postfix.enable = true; - services.dovecot2.enable = true; - services.dovecot2.protocols = [ "imap" "pop3" ]; + services.dovecot2 = { + enable = true; + protocols = [ "imap" "pop3" ]; + modules = [ pkgs.dovecot_pigeonhole ]; + }; environment.systemPackages = let sendTestMail = pkgs.writeScriptBin "send-testmail" '' #!${pkgs.runtimeShell} diff --git a/nixos/tests/git/hub.nix b/nixos/tests/git/hub.nix new file mode 100644 index 000000000000..e2359e887efb --- /dev/null +++ b/nixos/tests/git/hub.nix @@ -0,0 +1,17 @@ +import ../make-test-python.nix ({ pkgs, ...} : { + name = "hub"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + nodes.hub = { pkgs, ... }: + { + environment.systemPackages = [ pkgs.gitAndTools.hub ]; + }; + + testScript = + '' + assert "git version ${pkgs.git.version}\nhub version ${pkgs.gitAndTools.hub.version}\n" in hub.succeed("hub version") + assert "These GitHub commands are provided by hub" in hub.succeed("hub help") + ''; +}) diff --git a/nixos/tests/grafana.nix b/nixos/tests/grafana.nix index 4b453ece7f1e..4ba091b893f4 100644 --- a/nixos/tests/grafana.nix +++ b/nixos/tests/grafana.nix @@ -17,6 +17,10 @@ let }; extraNodeConfs = { + declarativePlugins = { + services.grafana.declarativePlugins = [ pkgs.grafanaPlugins.grafana-clock-panel ]; + }; + postgresql = { services.grafana.database = { host = "127.0.0.1:5432"; @@ -52,7 +56,7 @@ let nameValuePair dbName (mkMerge [ baseGrafanaConf (extraNodeConfs.${dbName} or {}) - ])) [ "sqlite" "postgresql" "mysql" ]); + ])) [ "sqlite" "declarativePlugins" "postgresql" "mysql" ]); in { name = "grafana"; @@ -66,6 +70,14 @@ in { testScript = '' start_all() + with subtest("Declarative plugins installed"): + declarativePlugins.wait_for_unit("grafana.service") + declarativePlugins.wait_for_open_port(3000) + declarativePlugins.succeed( + "curl -sSfN -u testadmin:snakeoilpwd http://127.0.0.1:3000/api/plugins | grep -q grafana-clock-panel" + ) + declarativePlugins.shutdown() + with subtest("Successful API query as admin user with sqlite db"): sqlite.wait_for_unit("grafana.service") sqlite.wait_for_open_port(3000) diff --git a/nixos/tests/hedgedoc.nix b/nixos/tests/hedgedoc.nix new file mode 100644 index 000000000000..657d49c555e9 --- /dev/null +++ b/nixos/tests/hedgedoc.nix @@ -0,0 +1,60 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: +{ + name = "hedgedoc"; + + meta = with lib.maintainers; { + maintainers = [ willibutz ]; + }; + + nodes = { + hedgedocSqlite = { ... }: { + services = { + hedgedoc = { + enable = true; + configuration.dbURL = "sqlite:///var/lib/hedgedoc/hedgedoc.db"; + }; + }; + }; + + hedgedocPostgres = { ... }: { + systemd.services.hedgedoc.after = [ "postgresql.service" ]; + services = { + hedgedoc = { + enable = true; + configuration.dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@localhost:5432/hedgedocdb"; + + /* + * Do not use pkgs.writeText for secrets as + * they will end up in the world-readable Nix store. + */ + environmentFile = pkgs.writeText "hedgedoc-env" '' + DB_PASSWORD=snakeoilpassword + ''; + }; + postgresql = { + enable = true; + initialScript = pkgs.writeText "pg-init-script.sql" '' + CREATE ROLE hedgedoc LOGIN PASSWORD 'snakeoilpassword'; + CREATE DATABASE hedgedocdb OWNER hedgedoc; + ''; + }; + }; + }; + }; + + testScript = '' + start_all() + + with subtest("HedgeDoc sqlite"): + hedgedocSqlite.wait_for_unit("hedgedoc.service") + hedgedocSqlite.wait_for_open_port(3000) + hedgedocSqlite.wait_until_succeeds("curl -sSf http://localhost:3000/new") + + with subtest("HedgeDoc postgres"): + hedgedocPostgres.wait_for_unit("postgresql.service") + hedgedocPostgres.wait_for_unit("hedgedoc.service") + hedgedocPostgres.wait_for_open_port(5432) + hedgedocPostgres.wait_for_open_port(3000) + hedgedocPostgres.wait_until_succeeds("curl -sSf http://localhost:3000/new") + ''; +}) diff --git a/nixos/tests/image-contents.nix b/nixos/tests/image-contents.nix new file mode 100644 index 000000000000..90908968a7e2 --- /dev/null +++ b/nixos/tests/image-contents.nix @@ -0,0 +1,51 @@ +# Tests the contents attribute of nixos/lib/make-disk-image.nix +# including its user, group, and mode attributes. +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing-python.nix { inherit system pkgs; }; +with pkgs.lib; + +with import common/ec2.nix { inherit makeTest pkgs; }; + +let + config = (import ../lib/eval-config.nix { + inherit system; + modules = [ + ../modules/testing/test-instrumentation.nix + ../modules/profiles/qemu-guest.nix + { + fileSystems."/".device = "/dev/disk/by-label/nixos"; + boot.loader.grub.device = "/dev/vda"; + boot.loader.timeout = 0; + } + ]; + }).config; + image = (import ../lib/make-disk-image.nix { + inherit pkgs config; + lib = pkgs.lib; + format = "qcow2"; + contents = [{ + source = pkgs.writeText "testFile" "contents"; + target = "/testFile"; + user = "1234"; + group = "5678"; + mode = "755"; + }]; + }) + "/nixos.qcow2"; + +in makeEc2Test { + name = "image-contents"; + inherit image; + userData = null; + script = '' + machine.start() + assert "content" in machine.succeed("cat /testFile") + fileDetails = machine.succeed("ls -l /testFile") + assert "1234" in fileDetails + assert "5678" in fileDetails + assert "rwxr-xr-x" in fileDetails + ''; +} diff --git a/nixos/tests/kafka.nix b/nixos/tests/kafka.nix index 88e30b62baa2..373e939c00d0 100644 --- a/nixos/tests/kafka.nix +++ b/nixos/tests/kafka.nix @@ -80,15 +80,6 @@ let }) { inherit system; }); in with pkgs; { - kafka_0_9 = makeKafkaTest "kafka_0_9" apacheKafka_0_9; - kafka_0_10 = makeKafkaTest "kafka_0_10" apacheKafka_0_10; - kafka_0_11 = makeKafkaTest "kafka_0_11" apacheKafka_0_11; - kafka_1_0 = makeKafkaTest "kafka_1_0" apacheKafka_1_0; - kafka_1_1 = makeKafkaTest "kafka_1_1" apacheKafka_1_1; - kafka_2_0 = makeKafkaTest "kafka_2_0" apacheKafka_2_0; - kafka_2_1 = makeKafkaTest "kafka_2_1" apacheKafka_2_1; - kafka_2_2 = makeKafkaTest "kafka_2_2" apacheKafka_2_2; - kafka_2_3 = makeKafkaTest "kafka_2_3" apacheKafka_2_3; kafka_2_4 = makeKafkaTest "kafka_2_4" apacheKafka_2_4; kafka_2_5 = makeKafkaTest "kafka_2_5" apacheKafka_2_5; } diff --git a/nixos/tests/login.nix b/nixos/tests/login.nix index d36c1a91be43..ce11e1f942ab 100644 --- a/nixos/tests/login.nix +++ b/nixos/tests/login.nix @@ -50,7 +50,7 @@ import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... }: with subtest("Virtual console logout"): machine.send_chars("exit\n") machine.wait_until_fails("pgrep -u alice bash") - machine.screenshot("mingetty") + machine.screenshot("getty") with subtest("Check whether ctrl-alt-delete works"): machine.send_key("ctrl-alt-delete") diff --git a/nixos/tests/loki.nix b/nixos/tests/loki.nix index bede775b7d3c..0c6dff3fdf13 100644 --- a/nixos/tests/loki.nix +++ b/nixos/tests/loki.nix @@ -46,7 +46,9 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: machine.wait_for_open_port(9080) machine.succeed("echo 'Loki Ingestion Test' > /var/log/testlog") # should not have access to journal unless specified - machine.fail("systemctl show --property=SupplementaryGroups promtail | grep -q systemd-journal") + machine.fail( + "systemctl show --property=SupplementaryGroups promtail | grep -q systemd-journal" + ) machine.wait_until_succeeds( "${pkgs.grafana-loki}/bin/logcli --addr='http://localhost:3100' query --no-labels '{job=\"varlogs\",filename=\"/var/log/testlog\"}' | grep -q 'Loki Ingestion Test'" ) diff --git a/nixos/tests/opentabletdriver.nix b/nixos/tests/opentabletdriver.nix new file mode 100644 index 000000000000..2cadfae6b263 --- /dev/null +++ b/nixos/tests/opentabletdriver.nix @@ -0,0 +1,27 @@ +import ./make-test-python.nix ( { pkgs, ... }: { + name = "opentabletdriver"; + meta = { + maintainers = with pkgs.stdenv.lib.maintainers; [ thiagokokada ]; + }; + + machine = { pkgs, ... }: + { + imports = [ + ./common/user-account.nix + ./common/x11.nix + ]; + test-support.displayManager.auto.user = "alice"; + hardware.opentabletdriver.enable = true; + }; + + testScript = + '' + machine.start() + machine.wait_for_x() + machine.wait_for_unit("opentabletdriver.service", "alice") + + machine.succeed("cat /etc/udev/rules.d/30-opentabletdriver.rules") + # Will fail if service is not running + machine.succeed("otd detect") + ''; +}) diff --git a/nixos/tests/postgresql-wal-receiver.nix b/nixos/tests/postgresql-wal-receiver.nix index 432b46234f9c..0e8b3bfd6c34 100644 --- a/nixos/tests/postgresql-wal-receiver.nix +++ b/nixos/tests/postgresql-wal-receiver.nix @@ -1,11 +1,19 @@ +{ system ? builtins.currentSystem, + config ? {}, + pkgs ? import ../.. { inherit system config; } +}: + +with import ../lib/testing-python.nix { inherit system pkgs; }; + let + lib = pkgs.lib; + # Makes a test for a PostgreSQL package, given by name and looked up from `pkgs`. makePostgresqlWalReceiverTest = postgresqlPackage: { name = postgresqlPackage; value = - import ./make-test-python.nix ({ pkgs, lib, ... }: let - + let pkg = pkgs."${postgresqlPackage}"; postgresqlDataDir = "/var/lib/postgresql/${pkg.psqlSchema}"; replicationUser = "wal_receiver_user"; @@ -19,7 +27,7 @@ let then pkgs.writeTextDir "recovery.signal" "" else pkgs.writeTextDir "recovery.conf" "restore_command = 'cp ${walBackupDir}/%f %p'"; - in { + in makeTest { name = "postgresql-wal-receiver-${postgresqlPackage}"; meta.maintainers = with lib.maintainers; [ pacien ]; @@ -104,7 +112,7 @@ let "test $(sudo -u postgres psql --pset='pager=off' --tuples-only --command='select count(distinct val) from dummy;') -eq 100" ) ''; - }); + }; }; # Maps the generic function over all attributes of PostgreSQL packages diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix index 3eb4341e39cb..8fcb0a7aa2c3 100644 --- a/nixos/tests/prometheus-exporters.nix +++ b/nixos/tests/prometheus-exporters.nix @@ -96,6 +96,31 @@ let ''; }; + bird = { + exporterConfig = { + enable = true; + }; + metricProvider = { + services.bird2.enable = true; + services.bird2.config = '' + protocol kernel MyObviousTestString { + ipv4 { + import all; + export none; + }; + } + + protocol device { + } + ''; + }; + exporterTest = '' + wait_for_unit("prometheus-bird-exporter.service") + wait_for_open_port(9324) + succeed("curl -sSf http://localhost:9324/metrics | grep -q 'MyObviousTestString'") + ''; + }; + blackbox = { exporterConfig = { enable = true; @@ -197,10 +222,11 @@ let exporterConfig = { enable = true; url = "http://localhost"; - configFile = pkgs.writeText "json-exporter-conf.json" (builtins.toJSON [{ - name = "json_test_metric"; - path = "$.test"; - }]); + configFile = pkgs.writeText "json-exporter-conf.json" (builtins.toJSON { + metrics = [ + { name = "json_test_metric"; path = "$.test"; } + ]; + }); }; metricProvider = { systemd.services.prometheus-json-exporter.after = [ "nginx.service" ]; @@ -216,7 +242,9 @@ let wait_for_open_port(80) wait_for_unit("prometheus-json-exporter.service") wait_for_open_port(7979) - succeed("curl -sSf localhost:7979/metrics | grep -q 'json_test_metric 1'") + succeed( + "curl -sSf 'localhost:7979/probe?target=http://localhost' | grep -q 'json_test_metric 1'" + ) ''; }; @@ -444,6 +472,67 @@ let ''; }; + nginxlog = { + exporterConfig = { + enable = true; + group = "nginx"; + settings = { + namespaces = [ + { + name = "filelogger"; + source = { + files = [ "/var/log/nginx/filelogger.access.log" ]; + }; + } + { + name = "syslogger"; + source = { + syslog = { + listen_address = "udp://127.0.0.1:10000"; + format = "rfc3164"; + tags = ["nginx"]; + }; + }; + } + ]; + }; + }; + metricProvider = { + services.nginx = { + enable = true; + httpConfig = '' + server { + listen 80; + server_name filelogger.local; + access_log /var/log/nginx/filelogger.access.log; + } + server { + listen 81; + server_name syslogger.local; + access_log syslog:server=127.0.0.1:10000,tag=nginx,severity=info; + } + ''; + }; + }; + exporterTest = '' + wait_for_unit("nginx.service") + wait_for_unit("prometheus-nginxlog-exporter.service") + wait_for_open_port(9117) + wait_for_open_port(80) + wait_for_open_port(81) + succeed("curl http://localhost") + execute("sleep 1") + succeed( + "curl -sSf http://localhost:9117/metrics | grep 'filelogger_http_response_count_total' | grep -q 1" + ) + succeed("curl http://localhost:81") + execute("sleep 1") + succeed( + "curl -sSf http://localhost:9117/metrics | grep 'syslogger_http_response_count_total' | grep -q 1" + ) + ''; + }; + node = { exporterConfig = { enable = true; @@ -573,7 +662,7 @@ let wait_for_open_port(11334) wait_for_open_port(7980) wait_until_succeeds( - "curl -sSf localhost:7980/metrics | grep -q 'rspamd_scanned{host=\"rspamd\"} 0'" + "curl -sSf 'localhost:7980/probe?target=http://localhost:11334/stat' | grep -q 'rspamd_scanned{host=\"rspamd\"} 0'" ) ''; }; @@ -609,6 +698,27 @@ let ''; }; + smokeping = { + exporterConfig = { + enable = true; + hosts = ["127.0.0.1"]; + }; + exporterTest = '' + wait_for_unit("prometheus-smokeping-exporter.service") + wait_for_open_port(9374) + wait_until_succeeds( + "curl -sSf localhost:9374/metrics | grep '{}' | grep -qv ' 0$'".format( + 'smokeping_requests_total{host="127.0.0.1",ip="127.0.0.1"} ' + ) + ) + wait_until_succeeds( + "curl -sSf localhost:9374/metrics | grep -q '{}'".format( + 'smokeping_response_ttl{host="127.0.0.1",ip="127.0.0.1"}' + ) + ) + ''; + }; + snmp = { exporterConfig = { enable = true; diff --git a/nixos/tests/prometheus.nix b/nixos/tests/prometheus.nix index 6881c659e6d0..70ac78a4a468 100644 --- a/nixos/tests/prometheus.nix +++ b/nixos/tests/prometheus.nix @@ -36,6 +36,7 @@ in import ./make-test-python.nix { nodes = { prometheus = { pkgs, ... }: { virtualisation.diskSize = 2 * 1024; + virtualisation.memorySize = 2048; environment.systemPackages = [ pkgs.jq ]; networking.firewall.allowedTCPPorts = [ grpcPort ]; services.prometheus = { @@ -132,6 +133,7 @@ in import ./make-test-python.nix { store = { pkgs, ... }: { virtualisation.diskSize = 2 * 1024; + virtualisation.memorySize = 2048; environment.systemPackages = with pkgs; [ jq thanos ]; services.thanos.store = { enable = true; diff --git a/nixos/tests/ripgrep.nix b/nixos/tests/ripgrep.nix new file mode 100644 index 000000000000..9f76290488fa --- /dev/null +++ b/nixos/tests/ripgrep.nix @@ -0,0 +1,13 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "ripgrep"; + meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; }; + + nodes.ripgrep = { pkgs, ... }: { environment.systemPackages = [ pkgs.ripgrep ]; }; + + testScript = '' + ripgrep.succeed('echo "abc\nbcd\ncde" > /tmp/foo') + assert "bcd" in ripgrep.succeed("rg -N 'bcd' /tmp/foo") + assert "bcd\ncde" in ripgrep.succeed("rg -N 'cd' /tmp/foo") + assert "ripgrep ${pkgs.ripgrep.version}" in ripgrep.succeed("rg --version | head -1") + ''; +}) diff --git a/nixos/tests/shadow.nix b/nixos/tests/shadow.nix new file mode 100644 index 000000000000..8f8cdef7ef9d --- /dev/null +++ b/nixos/tests/shadow.nix @@ -0,0 +1,116 @@ +let + password1 = "foobar"; + password2 = "helloworld"; + password3 = "bazqux"; + password4 = "asdf123"; +in import ./make-test-python.nix ({ pkgs, ... }: { + name = "shadow"; + meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; }; + + nodes.shadow = { pkgs, ... }: { + environment.systemPackages = [ pkgs.shadow ]; + + users = { + mutableUsers = true; + users.emma = { + password = password1; + shell = pkgs.bash; + }; + users.layla = { + password = password2; + shell = pkgs.shadow; + }; + users.ash = { + password = password4; + shell = pkgs.bash; + }; + }; + }; + + testScript = '' + shadow.wait_for_unit("multi-user.target") + shadow.wait_until_succeeds("pgrep -f 'agetty.*tty1'") + + with subtest("Normal login"): + shadow.send_key("alt-f2") + shadow.wait_until_succeeds(f"[ $(fgconsole) = 2 ]") + shadow.wait_for_unit(f"getty@tty2.service") + shadow.wait_until_succeeds(f"pgrep -f 'agetty.*tty2'") + shadow.wait_until_tty_matches(2, "login: ") + shadow.send_chars("emma\n") + shadow.wait_until_tty_matches(2, "login: emma") + shadow.wait_until_succeeds("pgrep login") + shadow.sleep(2) + shadow.send_chars("${password1}\n") + shadow.send_chars("whoami > /tmp/1\n") + shadow.wait_for_file("/tmp/1") + assert "emma" in shadow.succeed("cat /tmp/1") + + with subtest("Switch user"): + shadow.send_chars("su - ash\n") + shadow.sleep(2) + shadow.send_chars("${password4}\n") + shadow.sleep(2) + shadow.send_chars("whoami > /tmp/3\n") + shadow.wait_for_file("/tmp/3") + assert "ash" in shadow.succeed("cat /tmp/3") + + with subtest("Change password"): + shadow.send_key("alt-f3") + shadow.wait_until_succeeds(f"[ $(fgconsole) = 3 ]") + shadow.wait_for_unit(f"getty@tty3.service") + shadow.wait_until_succeeds(f"pgrep -f 'agetty.*tty3'") + shadow.wait_until_tty_matches(3, "login: ") + shadow.send_chars("emma\n") + shadow.wait_until_tty_matches(3, "login: emma") + shadow.wait_until_succeeds("pgrep login") + shadow.sleep(2) + shadow.send_chars("${password1}\n") + shadow.send_chars("passwd\n") + shadow.sleep(2) + shadow.send_chars("${password1}\n") + shadow.sleep(2) + shadow.send_chars("${password3}\n") + shadow.sleep(2) + shadow.send_chars("${password3}\n") + shadow.sleep(2) + shadow.send_key("alt-f4") + shadow.wait_until_succeeds(f"[ $(fgconsole) = 4 ]") + shadow.wait_for_unit(f"getty@tty4.service") + shadow.wait_until_succeeds(f"pgrep -f 'agetty.*tty4'") + shadow.wait_until_tty_matches(4, "login: ") + shadow.send_chars("emma\n") + shadow.wait_until_tty_matches(4, "login: emma") + shadow.wait_until_succeeds("pgrep login") + shadow.sleep(2) + shadow.send_chars("${password1}\n") + shadow.wait_until_tty_matches(4, "Login incorrect") + shadow.wait_until_tty_matches(4, "login:") + shadow.send_chars("emma\n") + shadow.wait_until_tty_matches(4, "login: emma") + shadow.wait_until_succeeds("pgrep login") + shadow.sleep(2) + shadow.send_chars("${password3}\n") + shadow.send_chars("whoami > /tmp/2\n") + shadow.wait_for_file("/tmp/2") + assert "emma" in shadow.succeed("cat /tmp/2") + + with subtest("Groups"): + assert "foobar" not in shadow.succeed("groups emma") + shadow.succeed("groupadd foobar") + shadow.succeed("usermod -a -G foobar emma") + assert "foobar" in shadow.succeed("groups emma") + + with subtest("nologin shell"): + shadow.send_key("alt-f5") + shadow.wait_until_succeeds(f"[ $(fgconsole) = 5 ]") + shadow.wait_for_unit(f"getty@tty5.service") + shadow.wait_until_succeeds(f"pgrep -f 'agetty.*tty5'") + shadow.wait_until_tty_matches(5, "login: ") + shadow.send_chars("layla\n") + shadow.wait_until_tty_matches(5, "login: layla") + shadow.wait_until_succeeds("pgrep login") + shadow.send_chars("${password2}\n") |