{modules,tests}/rocie: Init

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2026-03-22 15:58:42 +0100
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2026-03-22 16:02:04 +0100
commit: c633046cdda8e7a46ad7a9d85e0749f36e5ab0a8 (patch)
tree: 8be69736262c6c4b10b91cef6ec962d269eb8bb0 /tests/by-name
parent: update.sh: Replace building and test running by the already existing scripts (diff)
download: nixos-server-c633046cdda8e7a46ad7a9d85e0749f36e5ab0a8.zip
2 files changed, 122 insertions, 0 deletions
diff --git a/tests/by-name/ro/rocie/secrets/login.age b/tests/by-name/ro/rocie/secrets/login.age
new file mode 100644
index 0000000..33d63be
--- /dev/null
+++ b/tests/by-name/ro/rocie/secrets/login.age
@@ -0,0 +1,16 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzMWE5dTBiU0hDUC9jUi93
+Y1phYllHRk9YSHBzUGQ2YmF5ZC9ydXNGV0JrClRpTjZZUHZ5MEFFa0VrYVVhTkE2
+eCtSaEU1YVlhNjFNYlRRYzNCdjhYRWMKLT4gWDI1NTE5IDUrZWdDUmpQcFBOcE0x
+UE5QRDR5NXVXUHdQOVk3UGV1S3lCc0pUQmZIZ00KUldVSVF3TzB0cHFVaDZuNlZR
+b2FoT0lVSTZydHFTNHhnQ3U0NGdSR1k1MAotPiBzc2gtZWQyNTUxOSBSc2dXcFEg
+dldGZU15UXgrRTMxRkp2MEVKUllWQ3VFdnJDMnM4OS8wc202WW9lNW5BYwpPWjV0
+cmNuaDlPZndtUVVScm5TaGlvVUhHa0JiN1MvbDhCTTUxYzNhM3RRCi0+IDxXeEhv
+cC1ncmVhc2UKM3N5OHRLNTJEY1NIeGlWYm9yR096Y1NpSlVOM1lYQk9jOHkxU3N2
+K2c3QitDYnR6QTJOOWczV0xBa2dEUE1PTQpYU2Z1elZwRzU0Tm1RVDE2VWVqekUw
+bFROLzU0c2NNTXYwL2N5QkxTaGtXUWxKVVF6SE0KLS0tIGlYMHIvUkJpZUR0SHo4
+cldLSTdnbU90SGJTcGZGaHkyOTZON0hka3BLdlEKeP4nHmKWvJfqgEXuiLBMzldi
+n1qIsnlF3IU1EA0abJg/RK1BFwWlx4wBlLmViw6UTL+VEw8lv23PuZl2t7UtXVzQ
+smXDapW8nInNmTaElBPdwJ072/dD0Ly+KF95Qr0FDDv+jlKG/D/Mw+xD4jvuJHSo
+2HQnPF6MLTjCxpyPPggleWgKrBQggHBjm/pHtOKmPC5qfp+LAjmQoJXny/0X6cA=
+-----END AGE ENCRYPTED FILE-----
diff --git a/tests/by-name/ro/rocie/test.nix b/tests/by-name/ro/rocie/test.nix
new file mode 100644
index 0000000..c2ba97a
--- /dev/null
+++ b/tests/by-name/ro/rocie/test.nix
@@ -0,0 +1,106 @@
+{
+  nixos-lib,
+  pkgsUnstable,
+  nixpkgs-unstable,
+  vhackPackages,
+  pkgs,
+  extraModules,
+  nixLib,
+  ...
+}:
+nixos-lib.runTest {
+  hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
+
+  name = "rocie";
+
+  node = {
+    specialArgs = {inherit pkgsUnstable extraModules vhackPackages nixpkgs-unstable nixLib;};
+
+    # Use the nixpkgs as constructed by the `nixpkgs.*` options
+    pkgs = null;
+  };
+
+  nodes = {
+    acme = {...}: {
+      imports = [
+        ../../../common/acme/server.nix
+        ../../../common/dns/client.nix
+      ];
+    };
+    name_server = {nodes, ...}: {
+      imports =
+        extraModules
+        ++ [
+          ../../../common/acme/client.nix
+          ../../../common/dns/server.nix
+        ];
+
+      vhack.dns.zones = {
+        "rocie.server" = {
+          SOA = {
+            nameServer = "ns";
+            adminEmail = "admin@server.com";
+            serial = 2025012301;
+          };
+          useOrigin = false;
+
+          A = [
+            nodes.server.networking.primaryIPAddress
+          ];
+          AAAA = [
+            nodes.server.networking.primaryIPv6Address
+          ];
+        };
+      };
+    };
+
+    server = {config, ...}: {
+      imports =
+        extraModules
+        ++ [
+          ../../../../modules
+          ../../../common/acme/client.nix
+          ../../../common/dns/client.nix
+        ];
+
+      age.identityPaths = ["${../../../common/email/hostKey}"];
+
+      vhack = {
+        persist.enable = true;
+        nginx.enable = true;
+        rocie = {
+          enable = true;
+          domain = "rocie.server";
+          loginSecret = ./secrets/login.age;
+        };
+      };
+    };
+
+    client = {...}: {
+      imports = [
+        ../../../common/acme/client.nix
+        ../../../common/dns/client.nix
+      ];
+    };
+  };
+
+  testScript = {nodes, ...}: let
+    acme = import ../../../common/acme {inherit pkgs;};
+  in
+    acme.prepare ["server" "client"]
+    # Python
+    ''
+      server.wait_for_unit("rocie.service")
+
+      with subtest("All services running"):
+        import json
+        def all_services_running(host):
+          (status, output) = host.systemctl("list-units --state=failed --plain --no-pager --output=json")
+          host_failed = json.loads(output)
+          assert len(host_failed) == 0, f"Expected zero failing services, but found: {json.dumps(host_failed, indent=4)}"
+        all_services_running(server)
+
+      client.wait_until_succeeds("curl --verbose https://rocie.server/api/can-be-provisioned > out.file")
+      client.copy_from_vm("out.file")
+    '';
+}
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2026-03-22 15:58:42 +0100
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2026-03-22 16:02:04 +0100
commit	c633046cdda8e7a46ad7a9d85e0749f36e5ab0a8 (patch)
tree	8be69736262c6c4b10b91cef6ec962d269eb8bb0 /tests/by-name
parent	update.sh: Replace building and test running by the already existing scripts (diff)
download	nixos-server-c633046cdda8e7a46ad7a9d85e0749f36e5ab0a8.zip