gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge master into staging-nixos

Browse Source
This commit is contained in:
nixpkgs-ci[bot]
2025-11-13 23:49:30 +00:00
committed by GitHub
parent 36d8aacc04 aaee25c15a
commit b961e97446
1474 changed files with 32132 additions and 24705 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/tests/all-tests.nix
View File

@@ -642,7 +642,6 @@ in
gnome = runTest ./gnome.nix;
gnome-extensions = runTest ./gnome-extensions.nix;
gnome-flashback = runTest ./gnome-flashback.nix;
gnome-xorg = runTest ./gnome-xorg.nix;
gns3-server = runTest ./gns3-server.nix;
gnupg = runTest ./gnupg.nix;
go-camo = runTest ./go-camo.nix;
@@ -889,7 +888,7 @@ in
lorri = handleTest ./lorri/default.nix { };
luks = runTest ./luks.nix;
lvm2 = handleTest ./lvm2 { };
lxc = handleTest ./lxc { };
lxc = runTestOn [ "x86_64-linux" "aarch64-linux" ] ./lxc;
lxd-image-server = runTest ./lxd-image-server.nix;
lxqt = runTest ./lxqt.nix;
ly = runTest ./ly.nix;
@@ -1011,12 +1010,15 @@ in
defaults.services.ncps.cache.dataPath = "/path/to/ncps";
};
ndppd = runTest ./ndppd.nix;
nebula = runTest ./nebula.nix;
nebula-lighthouse-service = runTest ./nebula-lighthouse-service.nix;
nebula.connectivity = runTest ./nebula/connectivity.nix;
nebula.reload = runTest ./nebula/reload.nix;
neo4j = runTest ./neo4j.nix;
netbird = runTest ./netbird.nix;
netbox-upgrade = runTest ./web-apps/netbox-upgrade.nix;
netbox_4_2 = handleTest ./web-apps/netbox/default.nix { netbox = pkgs.netbox_4_2; };
netbox_4_3 = handleTest ./web-apps/netbox/default.nix { netbox = pkgs.netbox_4_3; };
netbox_4_4 = handleTest ./web-apps/netbox/default.nix { netbox = pkgs.netbox_4_4; };
netdata = runTest ./netdata.nix;
networking.networkd = handleTest ./networking/networkd-and-scripted.nix { networkd = true; };
networking.networkmanager = handleTest ./networking/networkmanager.nix { };
@@ -1555,6 +1557,7 @@ in
tor = runTest ./tor.nix;
tpm-ek = handleTest ./tpm-ek { };
tpm2 = runTest ./tpm2.nix;
traccar = runTest ./traccar.nix;
# tracee requires bpf
tracee = handleTestOn [ "x86_64-linux" ] ./tracee.nix { };
traefik = runTestOn [ "aarch64-linux" "x86_64-linux" ] ./traefik.nix;

15
nixos/tests/budgie.nix
View File

@@ -42,13 +42,7 @@
in
''
with subtest("Wait for login"):
# wait_for_x() checks graphical-session.target, which is expected to be
# inactive on Budgie before Budgie manages user session with systemd.
# https://github.com/BuddiesOfBudgie/budgie-desktop/blob/39e9f0895c978f76/src/session/budgie-desktop.in#L16
#
# Previously this was unconditionally touched by xsessionWrapper but was
# changed in #233981 (we have Budgie:GNOME in XDG_CURRENT_DESKTOP).
# machine.wait_for_x()
machine.wait_for_x()
machine.wait_until_succeeds('journalctl -t budgie-session-binary --grep "Entering running state"')
machine.wait_for_file("${user.home}/.Xauthority")
machine.succeed("xauth merge ${user.home}/.Xauthority")
@@ -58,8 +52,9 @@
machine.succeed("getfacl -p /dev/dri/card0 | grep -q ${user.name}")
with subtest("Check if Budgie session components actually start"):
for i in ["budgie-daemon", "budgie-panel", "budgie-wm", "budgie-desktop-view", "gsd-media-keys"]:
machine.wait_until_succeeds(f"pgrep -f {i}")
for i in ["budgie-daemon", "budgie-panel", "budgie-wm", "bsd-media-keys", "gsd-xsettings"]:
machine.wait_until_succeeds(f"pgrep {i}")
machine.wait_until_succeeds("pgrep -xf /run/current-system/sw/bin/org.buddiesofbudgie.budgie-desktop-view")
# We don't check xwininfo for budgie-wm.
# See https://github.com/NixOS/nixpkgs/pull/216737#discussion_r1155312754
machine.wait_for_window("budgie-daemon")
@@ -67,7 +62,7 @@
with subtest("Check if various environment variables are set"):
cmd = "xargs --null --max-args=1 echo < /proc/$(pgrep -xf /run/current-system/sw/bin/budgie-wm)/environ"
machine.succeed(f"{cmd} | grep 'XDG_CURRENT_DESKTOP' | grep 'Budgie:GNOME'")
machine.succeed(f"{cmd} | grep 'XDG_CURRENT_DESKTOP' | grep 'Budgie'")
machine.succeed(f"{cmd} | grep 'BUDGIE_PLUGIN_DATADIR' | grep '${pkgs.budgie-desktop-with-plugins.pname}'")
# From the nixos/budgie module
machine.succeed(f"{cmd} | grep 'SSH_AUTH_SOCK' | grep 'gcr'")

4
nixos/tests/fish.nix
View File

@@ -22,7 +22,9 @@
machine.wait_for_file("/etc/fish/generated_completions/coreutils.fish")
machine.wait_for_file("/etc/fish/generated_completions/kill.fish")
machine.succeed(
"fish -ic 'echo $fish_complete_path' | grep -q '/share/fish/completions /etc/fish/generated_completions /root/.cache/fish/generated_completions$'"
"fish -ic 'echo $fish_complete_path' | grep -q '/share/fish/vendor_completions.d /etc/fish/generated_completions /root/.cache/fish/generated_completions$'"
)
machine.wait_for_file("/etc/fish/config.fish")
config = machine.succeed("fish_indent -c /etc/fish/config.fish")
'';
}

15
nixos/tests/gnome-flashback.nix
View File

@@ -26,8 +26,17 @@
services.desktopManager.gnome.enable = true;
services.desktopManager.gnome.debug = true;
services.desktopManager.gnome.flashback.enableMetacity = true;
services.displayManager.defaultSession = "gnome-flashback-metacity";
services.desktopManager.gnome.flashback.customSessions = [
{
# Intentionally a different name to test mkSystemdTargetForWm.
wmName = "metacitytest";
wmLabel = "Metacity";
wmCommand = "${pkgs.metacity}/bin/metacity";
enableGnomePanel = true;
}
];
services.displayManager.defaultSession = "gnome-flashback-metacitytest";
};
testScript =
@@ -40,7 +49,7 @@
''
with subtest("Login to GNOME Flashback with GDM"):
machine.wait_for_x()
machine.wait_until_succeeds('journalctl -t gnome-session-binary --grep "Entering running state"')
machine.wait_until_succeeds('journalctl -t gnome-session-service --grep "Entering running state"')
# Wait for alice to be logged in"
machine.wait_for_unit("default.target", "${user.name}")
machine.wait_for_file("${xauthority}")

110
nixos/tests/gnome-xorg.nix
View File

@@ -1,110 +0,0 @@
{ pkgs, lib, ... }:
{
name = "gnome-xorg";
meta = {
maintainers = lib.teams.gnome.members;
};
nodes.machine =
{ nodes, ... }:
let
user = nodes.machine.users.users.alice;
in
{
imports = [ ./common/user-account.nix ];
services.xserver.enable = true;
services.displayManager.gdm = {
enable = true;
debug = true;
};
services.displayManager.autoLogin = {
enable = true;
user = user.name;
};
services.desktopManager.gnome.enable = true;
services.desktopManager.gnome.debug = true;
services.displayManager.defaultSession = "gnome-xorg";
systemd.user.services = {
"org.gnome.Shell@x11" = {
serviceConfig = {
ExecStart = [
# Clear the list before overriding it.
""
# Eval API is now internal so Shell needs to run in unsafe mode.
# TODO: improve test driver so that it supports openqa-like manipulation
# that would allow us to drop this mess.
"${pkgs.gnome-shell}/bin/gnome-shell --unsafe-mode"
];
};
};
};
};
testScript =
{ nodes, ... }:
let
user = nodes.machine.users.users.alice;
uid = toString user.uid;
bus = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/${uid}/bus";
xauthority = "/run/user/${uid}/gdm/Xauthority";
display = "DISPLAY=:0.0";
env = "${bus} XAUTHORITY=${xauthority} ${display}";
# Run a command in the appropriate user environment
run = command: "su - ${user.name} -c '${bus} ${command}'";
# Call javascript in gnome shell, returns a tuple (success, output), where
# `success` is true if the dbus call was successful and output is what the
# javascript evaluates to.
eval =
command:
run "gdbus call --session -d org.gnome.Shell -o /org/gnome/Shell -m org.gnome.Shell.Eval ${command}";
# False when startup is done
startingUp = eval "Main.layoutManager._startingUp";
# Start Console
launchConsole = run "gapplication launch org.gnome.Console";
# Hopefully Console's wm class
wmClass = eval "global.display.focus_window.wm_class";
in
''
with subtest("Login to GNOME Xorg with GDM"):
machine.wait_for_x()
# Wait for alice to be logged in"
machine.wait_for_unit("default.target", "${user.name}")
machine.wait_for_file("${xauthority}")
machine.succeed("xauth merge ${xauthority}")
# Check that logging in has given the user ownership of devices
# Change back to /dev/snd/timer after systemd-258.1
assert "alice" in machine.succeed("getfacl -p /dev/dri/card0")
with subtest("Wait for GNOME Shell"):
# correct output should be (true, 'false')
machine.wait_until_succeeds(
"${startingUp} | grep -q 'true,..false'"
)
with subtest("Open Console"):
# Close the Activities view so that Shell can correctly track the focused window.
machine.send_key("esc")
machine.succeed(
"${launchConsole}"
)
# correct output should be (true, '"kgx"')
# For some reason, this deviates from Wayland.
machine.wait_until_succeeds(
"${wmClass} | grep -q 'true,...kgx'"
)
machine.sleep(20)
machine.screenshot("screen")
'';
}

11
nixos/tests/headscale.nix
View File

@@ -38,10 +38,13 @@ in
settings = {
server_url = "https://headscale";
ip_prefixes = [ "100.64.0.0/10" ];
derp.server = {
enabled = true;
region_id = 999;
stun_listen_addr = "0.0.0.0:${toString stunPort}";
derp = {
server = {
enabled = true;
region_id = 999;
stun_listen_addr = "0.0.0.0:${toString stunPort}";
};
urls = [ ];
};
dns = {
base_domain = "tailnet";

7
nixos/tests/login.nix
View File

@@ -48,13 +48,12 @@
machine.wait_for_file("/home/alice/done")
with subtest("Systemd gives and removes device ownership as needed"):
# Change back to /dev/snd/timer after systemd-258.1
machine.succeed("getfacl /dev/dri/card0 | grep -q alice")
machine.succeed("getfacl /dev/snd/timer | grep -q alice")
machine.send_key("alt-f1")
machine.wait_until_succeeds("[ $(fgconsole) = 1 ]")
machine.fail("getfacl /dev/dri/card0 | grep -q alice")
machine.fail("getfacl /dev/snd/timer | grep -q alice")
machine.succeed("chvt 2")
machine.wait_until_succeeds("getfacl /dev/dri/card0 | grep -q alice")
machine.wait_until_succeeds("getfacl /dev/snd/timer | grep -q alice")
with subtest("Virtual console logout"):
machine.send_chars("exit\n")

228
nixos/tests/lxc/default.nix
View File

@@ -1,124 +1,128 @@
import ../make-test-python.nix (
{ pkgs, lib, ... }:
{ pkgs, lib, ... }:
let
releases = import ../../release.nix {
configuration = {
# Building documentation makes the test unnecessarily take a longer time:
documentation.enable = lib.mkForce false;
let
releases = import ../../release.nix {
configuration = {
# Building documentation makes the test unnecessarily take a longer time:
documentation.enable = lib.mkForce false;
documentation.nixos.enable = lib.mkForce false;
# including a channel forces images to be rebuilt on any changes
system.installer.channel.enable = lib.mkForce false;
};
};
lxc-image-metadata =
releases.incusContainerMeta.${pkgs.stdenv.hostPlatform.system}
+ "/tarball/nixos-image-lxc-*-${pkgs.stdenv.hostPlatform.system}.tar.xz";
# the incus container rootfs is in squashfs, but lxc requires tar.xz so use containerTarball
lxc-image-rootfs =
releases.containerTarball.${pkgs.stdenv.hostPlatform.system}
+ "/tarball/nixos-image-lxc-*-${pkgs.stdenv.hostPlatform.system}.tar.xz";
in
{
name = "lxc-container-unprivileged";
meta = {
maintainers = lib.teams.lxc.members;
};
nodes.machine = {
virtualisation = {
diskSize = 6144;
cores = 2;
memorySize = 512;
writableStore = true;
lxc = {
enable = true;
unprivilegedContainers = true;
systemConfig = ''
lxc.lxcpath = /tmp/lxc
'';
defaultConfig = ''
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
'';
# Permit user alice to connect to bridge
usernetConfig = ''
@lxc-user veth lxcbr0 10
'';
bridgeConfig = ''
LXC_IPV6_ADDR=""
LXC_IPV6_MASK=""
LXC_IPV6_NETWORK=""
LXC_IPV6_NAT="false"
'';
};
};
lxc-image-metadata = releases.incusContainerMeta.${pkgs.stdenv.hostPlatform.system};
lxc-image-rootfs = releases.incusContainerImage.${pkgs.stdenv.hostPlatform.system};
# Needed for lxc
environment.systemPackages = [
pkgs.wget
pkgs.dnsmasq
];
in
{
name = "lxc-container-unprivileged";
meta = {
maintainers = lib.teams.lxc.members;
# Create user for test
users.users.alice = {
isNormalUser = true;
password = "test";
description = "Lxc unprivileged user with access to lxcbr0";
extraGroups = [ "lxc-user" ];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
};
nodes.machine =
{ lib, pkgs, ... }:
{
virtualisation = {
diskSize = 6144;
cores = 2;
memorySize = 512;
writableStore = true;
users.users.bob = {
isNormalUser = true;
password = "test";
description = "Lxc unprivileged user without access to lxcbr0";
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
};
};
lxc = {
enable = true;
unprivilegedContainers = true;
systemConfig = ''
lxc.lxcpath = /tmp/lxc
'';
defaultConfig = ''
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
'';
# Permit user alice to connect to bridge
usernetConfig = ''
@lxc-user veth lxcbr0 10
'';
bridgeConfig = ''
LXC_IPV6_ADDR=""
LXC_IPV6_MASK=""
LXC_IPV6_NETWORK=""
LXC_IPV6_NAT="false"
'';
};
};
testScript = ''
machine.wait_for_unit("lxc-net.service")
# Needed for lxc
environment.systemPackages = [
pkgs.wget
pkgs.dnsmasq
];
# Copy config files for alice
machine.execute("su -- alice -c 'mkdir -p ~/.config/lxc'")
machine.execute("su -- alice -c 'cp /etc/lxc/default.conf ~/.config/lxc/'")
machine.execute("su -- alice -c 'cp /etc/lxc/lxc.conf ~/.config/lxc/'")
# Create user for test
users.users.alice = {
isNormalUser = true;
password = "test";
description = "Lxc unprivileged user with access to lxcbr0";
extraGroups = [ "lxc-user" ];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
};
machine.succeed("su -- alice -c 'lxc-create -t local -n test -- --metadata ${lxc-image-metadata} --fstree ${lxc-image-rootfs}'")
machine.succeed("su -- alice -c 'lxc-start test'")
machine.succeed("su -- alice -c 'lxc-stop test'")
users.users.bob = {
isNormalUser = true;
password = "test";
description = "Lxc unprivileged user without access to lxcbr0";
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
};
};
# Copy config files for bob
machine.execute("su -- bob -c 'mkdir -p ~/.config/lxc'")
machine.execute("su -- bob -c 'cp /etc/lxc/default.conf ~/.config/lxc/'")
machine.execute("su -- bob -c 'cp /etc/lxc/lxc.conf ~/.config/lxc/'")
testScript = ''
machine.wait_for_unit("lxc-net.service")
# Copy config files for alice
machine.execute("su -- alice -c 'mkdir -p ~/.config/lxc'")
machine.execute("su -- alice -c 'cp /etc/lxc/default.conf ~/.config/lxc/'")
machine.execute("su -- alice -c 'cp /etc/lxc/lxc.conf ~/.config/lxc/'")
machine.succeed("su -- alice -c 'lxc-create -t local -n test -- --metadata ${lxc-image-metadata}/*/*.tar.xz --fstree ${lxc-image-rootfs}/*/*.tar.xz'")
machine.succeed("su -- alice -c 'lxc-start test'")
machine.succeed("su -- alice -c 'lxc-stop test'")
# Copy config files for bob
machine.execute("su -- bob -c 'mkdir -p ~/.config/lxc'")
machine.execute("su -- bob -c 'cp /etc/lxc/default.conf ~/.config/lxc/'")
machine.execute("su -- bob -c 'cp /etc/lxc/lxc.conf ~/.config/lxc/'")
machine.fail("su -- bob -c 'lxc-start test'")
'';
}
)
machine.fail("su -- bob -c 'lxc-start test'")
'';
}

30
nixos/tests/molly-brown.nix
View File

@@ -14,6 +14,7 @@ in
let
inherit (config.networking) hostName;
cfg = config.services.molly-brown;
openssl = pkgs.lib.getExe pkgs.openssl;
in
{
@@ -47,22 +48,25 @@ in
services.molly-brown = {
enable = true;
docBase = "/tmp/docs";
certPath = "/tmp/cert.pem";
keyPath = "/tmp/key.pem";
docBase = "/var/lib/molly-brown/docs";
certPath = "/var/lib/molly-brown/cert.pem";
keyPath = "/var/lib/molly-brown/key.pem";
};
systemd.services.molly-brown.preStart = ''
${pkgs.openssl}/bin/openssl genrsa -out "/tmp/key.pem"
${pkgs.openssl}/bin/openssl req -new \
-subj "/CN=${config.networking.hostName}" \
-key "/tmp/key.pem" -out /tmp/request.pem
${pkgs.openssl}/bin/openssl x509 -req -days 3650 \
-in /tmp/request.pem -signkey "/tmp/key.pem" -out "/tmp/cert.pem"
systemd.services.molly-brown = {
serviceConfig.StateDirectory = "molly-brown";
preStart = ''
${openssl} genrsa -out "$STATE_DIRECTORY/key.pem"
${openssl} req -new \
-subj "/CN=${hostName}" \
-key "$STATE_DIRECTORY/key.pem" -out "$STATE_DIRECTORY/request.pem"
${openssl} x509 -req -days 3650 \
-in "$STATE_DIRECTORY/request.pem" -signkey "$STATE_DIRECTORY/key.pem" -out "$STATE_DIRECTORY/cert.pem"
mkdir -p "${cfg.settings.DocBase}"
echo "${testString}" > "${cfg.settings.DocBase}/test.gmi"
'';
mkdir -p "${cfg.settings.DocBase}"
echo "${testString}" > "${cfg.settings.DocBase}/test.gmi"
'';
};
};
};
testScript = ''

5
nixos/tests/n8n.nix
View File

@@ -5,10 +5,7 @@ let
in
{
name = "n8n";
meta.maintainers = with lib.maintainers; [
freezeboy
k900
];
meta.maintainers = with lib.maintainers; [ k900 ];
node.pkgsReadOnly = false;

33
nixos/tests/nebula-lighthouse-service.nix Normal file
View File

@@ -0,0 +1,33 @@
{ pkgs, lib, ... }:
{
name = "nebula-lighthouse-service";
meta.maintainers = with lib.maintainers; [
bloominstrong
];
nodes.machine =
{ ... }:
{
environment.systemPackages = with pkgs; [
nebula
];
services.nebula-lighthouse-service.enable = true;
};
testScript = ''
start_all()
machine.succeed(
'nebula-cert ca -duration $((10*365*24*60))m -name "NLS Test" -out-crt ca.crt -out-key ca.key',
'nebula-cert sign -duration $((365*24*60))m -ca-crt ca.crt -ca-key ca.key -name "lighthouse" -groups "lighthouse" -ip "10.0.100.1/24" -out-crt lighthouse.crt -out-key lighthouse.key'
)
machine.wait_for_unit("nebula-lighthouse-service.service")
machine.wait_for_open_port(8080)
machine.succeed(
'curl -X POST "http://127.0.0.1:8080/lighthouse/" -F ca_crt=@./ca.crt -F host_crt=@./lighthouse.crt -F host_key=@./lighthouse.key',
'curl -X GET "http://127.0.0.1:8080/lighthouse/" -F ca_crt=@./ca.crt -F host_crt=@./lighthouse.crt -F host_key=@./lighthouse.key',
'pgrep -x nebula'
)
'';
}

2
nixos/tests/nebula.nix → nixos/tests/nebula/connectivity.nix
View File

@@ -2,7 +2,7 @@
let
# We'll need to be able to trade cert files between nodes via scp.
inherit (import ./ssh-keys.nix pkgs)
inherit (import ../ssh-keys.nix pkgs)
snakeOilPrivateKey
snakeOilPublicKey
;

92
nixos/tests/nebula/reload.nix Normal file
View File

@@ -0,0 +1,92 @@
{ pkgs, lib, ... }:
let
inherit (import ../ssh-keys.nix pkgs)
snakeOilPrivateKey
snakeOilPublicKey
;
in
{
name = "nebula";
nodes = {
lighthouse =
{
pkgs,
lib,
config,
...
}:
{
environment.systemPackages = [ pkgs.nebula ];
environment.etc."nebula-key" = {
user = "nebula-smoke";
group = "nebula-smoke";
source = snakeOilPrivateKey;
mode = "0600";
};
services.nebula.networks.smoke = {
# Note that these paths won't exist when the machine is first booted.
ca = "/etc/nebula/ca.crt";
cert = "/etc/nebula/lighthouse.crt";
key = "/etc/nebula/lighthouse.key";
isLighthouse = true;
listen = {
host = "0.0.0.0";
port = 4242;
};
enableReload = true;
settings.sshd = {
enabled = true;
listen = "127.0.0.1:2222";
host_key = "/etc/nebula-key";
};
};
# We will test that nebula is reloaded by switching specialisations.
specialisation.sshd-off.configuration = {
services.nebula.networks.smoke.settings.sshd.enabled = lib.mkForce false;
};
specialisation.sshd-on.configuration = {
services.nebula.networks.smoke.settings.sshd.enabled = lib.mkForce true;
};
};
};
testScript =
{ nodes, ... }:
let
sshd-on = "${nodes.lighthouse.system.build.toplevel}/specialisation/sshd-on";
sshd-off = "${nodes.lighthouse.system.build.toplevel}/specialisation/sshd-off";
in
''
# Create the certificate and sign the lighthouse's keys.
lighthouse.succeed(
"mkdir -p /etc/nebula",
'nebula-cert ca -duration $((10*365*24*60))m -name "Smoke Test" -out-crt /etc/nebula/ca.crt -out-key /etc/nebula/ca.key',
'nebula-cert sign -duration $((365*24*60))m -ca-crt /etc/nebula/ca.crt -ca-key /etc/nebula/ca.key -name "lighthouse" -groups "lighthouse" -ip "10.0.100.1/24" -out-crt /etc/nebula/lighthouse.crt -out-key /etc/nebula/lighthouse.key',
'chown -R nebula-smoke:nebula-smoke /etc/nebula'
)
# Restart nebula to pick up the keys.
lighthouse.systemctl("restart nebula@smoke.service")
lighthouse.succeed("ping -c5 10.0.100.1")
# Verify that nebula's ssh interface is up.
lighthouse.succeed("${pkgs.nmap}/bin/nmap 127.0.0.1 | grep 2222/tcp")
# Switch configuration, verify nebula was reloaded and not restarted.
lighthouse.succeed("${sshd-off}/bin/switch-to-configuration test 2>&1 | grep 'nebula' | grep 'reload'")
# Verify that nebula's ssh interface is no longer up.
lighthouse.fail("${pkgs.nmap}/bin/nmap 127.0.0.1 | grep 2222/tcp")
# Switch configuration, verify reload again.
lighthouse.succeed("${sshd-on}/bin/switch-to-configuration test 2>&1 | grep 'nebula' | grep 'reload'")
# Verify that ssh is back.
lighthouse.succeed("${pkgs.nmap}/bin/nmap 127.0.0.1 | grep 2222/tcp")
'';
}

2
nixos/tests/pantheon.nix
View File

@@ -66,7 +66,7 @@
with subtest("Login with elementary-greeter"):
machine.send_chars("${user.password}\n")
machine.wait_until_succeeds('journalctl -t gnome-session-binary --grep "Entering running state"')
machine.wait_until_succeeds('journalctl -t gnome-session-service --grep "Entering running state"')
with subtest("Wait for wayland server"):
machine.wait_for_file("/run/user/${toString user.uid}/wayland-0")

15
nixos/tests/password-option-override-ordering.nix
View File

@@ -103,18 +103,17 @@ in
};
testScript = ''
import crypt
def assert_password_match(machine, username, password):
def assert_password_sha512crypt_match(machine, username, password):
shadow_entry = machine.succeed(f"getent shadow {username}")
print(shadow_entry)
hash = shadow_entry.split(":")[1]
seed = "$".join(hash.split("$")[:-1])
assert crypt.crypt(password, seed) == hash, f"{username} user password does not match"
stored_hash = shadow_entry.split(":")[1]
salt = stored_hash.split("$")[2]
pass_hash = machine.succeed(f"mkpasswd -m sha512crypt {password} {salt}").strip()
assert stored_hash == pass_hash, f"{username} user password does not match"
with subtest("alice user has correct password"):
for machine in machines:
assert_password_match(machine, "alice", "${password1}")
assert_password_sha512crypt_match(machine, "alice", "${password1}")
assert "${hashed_sha512crypt}" not in machine.succeed("getent shadow alice"), f"{machine}: alice user password is not correct"
with subtest("bob user has correct password"):
@@ -136,7 +135,7 @@ in
print(mutable.succeed("getent shadow greg"))
assert "${hashed_sha512crypt}" in mutable.succeed("getent shadow greg"), "greg user password is not correct"
assert_password_match(immutable, "greg", "${password1}")
assert_password_sha512crypt_match(immutable, "greg", "${password1}")
assert "${hashed_sha512crypt}" not in immutable.succeed("getent shadow greg"), "greg user password is not correct"
for machine in machines:

11
nixos/tests/photoprism.nix
View File

@@ -10,11 +10,14 @@
enable = true;
port = 8080;
originalsPath = "/media/photos/";
passwordFile = pkgs.writeText "password" "secret";
passwordFile = "/etc/photoprism-password";
};
environment = {
etc."photoprism-password".text = "secret";
extraInit = ''
mkdir -p /media/photos
'';
};
environment.extraInit = ''
mkdir -p /media/photos
'';
};
testScript = ''

4
nixos/tests/plikd.nix
View File

@@ -1,8 +1,8 @@
{ lib, ... }:
{
name = "plikd";
meta = with lib.maintainers; {
maintainers = [ freezeboy ];
meta = {
maintainers = [ ];
};
nodes.machine =

2
nixos/tests/redis.nix
View File

@@ -10,7 +10,7 @@ let
mkTestName =
pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}";
redisPackages = {
inherit (pkgs) redis keydb valkey;
inherit (pkgs) redis valkey;
};
makeRedisTest =
{

2
nixos/tests/sftpgo.nix
View File

@@ -362,7 +362,7 @@ in
client.wait_until_succeeds("curl -sSf http://server:${toString httpPort}/web/client/login")
# Ensure sftpgo found the static folder
client.wait_until_succeeds("curl -o /dev/null -sSf http://server:${toString httpPort}/static/favicon.ico")
client.wait_until_succeeds("curl -o /dev/null -sSf http://server:${toString httpPort}/static/favicon.png")
with subtest("Setup SSH keys"):
client.succeed("mkdir -m 700 /root/.ssh")

51
nixos/tests/traccar.nix Normal file
View File

@@ -0,0 +1,51 @@
{
pkgs,
lib,
...
}:
{
name = "traccar";
meta = {
maintainers = with lib.maintainers; [ frederictobiasc ];
};
nodes.machine = {
services.traccar = {
enable = true;
settings.mail.smtp.host = "$SMTP_HOST";
environmentFile = pkgs.writeText "traccar.env" ''
SMTP_HOST=smtp.example.com
'';
};
};
testScript = ''
machine.wait_for_unit("traccar.service")
# Check that environment variables were substituted
t.assertIn("smtp.example.com", machine.succeed("cat /var/lib/traccar/config.xml"), "environment substitution failed")
machine.wait_for_open_port(8082)
# Check that we get the traccar login page
t.assertIn("Traccar", machine.wait_until_succeeds("curl -sf http://localhost:8082/"), "Traccar frontend seems unreachable")
# Register the first admin user
register_data = """
{
"email": "admin@example.com",
"name": "admin",
"password": "admin123"
}
"""
t.assertIn(
"\"administrator\":true",
machine.succeed(
"curl -s -X POST "
"-H 'Content-Type: application/json' "
f"-d '{register_data}' "
"http://localhost:8082/api/users"
),
"Unexpected registration response"
)
'';
}

2
nixos/tests/virtualbox.nix
View File

@@ -162,7 +162,7 @@ let
cp "${cfg.system.build.kernel}/bzImage" /mnt/linux
cp "${cfg.system.build.initialRamdisk}/initrd" /mnt/initrd
${pkgs.grub2}/bin/grub-install --boot-directory=/mnt /dev/vda
${pkgs.grub2}/bin/grub-install --target=i386-pc --boot-directory=/mnt /dev/vda
cat > /mnt/grub/grub.cfg <<GRUB
set root=hd0,1

4
nixos/tests/web-apps/netbox-upgrade.nix
View File

@@ -1,7 +1,7 @@
{ lib, pkgs, ... }:
let
oldNetbox = "netbox_4_2";
newNetbox = "netbox_4_3";
oldNetbox = "netbox_4_3";
newNetbox = "netbox_4_4";
apiVersion =
version:

2
nixos/tests/web-apps/netbox/testScript.py
View File

@@ -61,7 +61,7 @@ def compare(a: str, b: str):
return 0
with subtest("Home screen loads"):
machine.succeed(
machine.wait_until_succeeds(
"curl -sSfL http://[::1]:8001 | grep '<title>Home | NetBox</title>'"
)

6
nixos/tests/wireguard/networkd.nix
View File

@@ -27,6 +27,7 @@ in
"fc00::1/128"
];
listenPort = 23542;
fwMark = "0x6e6978";
# !!! Don't do this with real keys. The /nix store is world-readable!
privateKeyFile = toString (pkgs.writeText "privateKey" wg-snakeoil-keys.peer0.privateKey);
@@ -60,6 +61,7 @@ in
"fc00::2/128"
];
listenPort = 23542;
fwMark = "30567";
# !!! Don't do this with real keys. The /nix store is world-readable!
privateKeyFile = toString (pkgs.writeText "privateKey" wg-snakeoil-keys.peer1.privateKey);
@@ -97,5 +99,9 @@ in
with subtest("Has PSK set"):
peer0.succeed("wg | grep 'preshared key'")
peer1.succeed("wg | grep 'preshared key'")
with subtest("Has FwMark set"):
peer0.succeed("wg | grep '0x6e6978'")
peer1.succeed("wg | grep '0x7767'")
'';
}