about summary refs log tree commit diff stats
path: root/tests/by-name/sh
diff options
context:
space:
mode:
Diffstat (limited to 'tests/by-name/sh')
-rw-r--r--tests/by-name/sh/sharkey-cpu/test.nix81
-rw-r--r--tests/by-name/sh/sharkey/test.nix102
2 files changed, 183 insertions, 0 deletions
diff --git a/tests/by-name/sh/sharkey-cpu/test.nix b/tests/by-name/sh/sharkey-cpu/test.nix
new file mode 100644
index 0000000..438cfb3
--- /dev/null
+++ b/tests/by-name/sh/sharkey-cpu/test.nix
@@ -0,0 +1,81 @@
+{
+  nixos-lib,
+  pkgsUnstable,
+  nixpkgs-unstable,
+  vhackPackages,
+  pkgs,
+  extraModules,
+  nixLib,
+  ...
+}:
+nixos-lib.runTest {
+  hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
+
+  name = "sharkey-cpu";
+
+  node = {
+    specialArgs = {inherit pkgsUnstable extraModules vhackPackages nixpkgs-unstable nixLib;};
+
+    # Use the nixpkgs as constructed by the `nixpkgs.*` options
+    pkgs = null;
+  };
+
+  nodes = {
+    server = {config, ...}: {
+      imports =
+        extraModules
+        ++ [
+          ../../../../modules
+        ];
+
+      vhack = {
+        persist.enable = true;
+        nginx.enable = true;
+        sharkey = {
+          enable = true;
+          fqdn = "sharkey.server";
+        };
+      };
+      systemd.services = {
+        # Avoid an error from this service.
+        "acme-sharkey.server".serviceConfig.ExecStart = pkgs.lib.mkForce "${pkgs.lib.getExe' pkgs.coreutils "true"}";
+
+        # Test that sharkey's hardening still allows access to the CPUs.
+        sharkey.serviceConfig.ExecStart = let
+          nodejs = pkgs.lib.getExe pkgsUnstable.nodejs;
+          script = pkgs.writeTextFile {
+            name = "script.js";
+            text = ''
+              import * as os from 'node:os';
+
+              console.log(os.cpus()[0].model)
+              console.log(os.cpus().length)
+            '';
+          };
+        in
+          pkgs.lib.mkForce "${nodejs} ${script}";
+      };
+    };
+  };
+
+  testScript = {nodes, ...}:
+  /*
+  python
+  */
+  ''
+    from time import sleep
+
+    start_all()
+
+    # Give the service time to run.
+    sleep(3)
+
+    with subtest("All services running"):
+      import json
+      def all_services_running(host):
+        (status, output) = host.systemctl("list-units --state=failed --plain --no-pager --output=json")
+        host_failed = json.loads(output)
+        assert len(host_failed) == 0, f"Expected zero failing services, but found: {json.dumps(host_failed, indent=4)}"
+      all_services_running(server)
+  '';
+}
diff --git a/tests/by-name/sh/sharkey/test.nix b/tests/by-name/sh/sharkey/test.nix
new file mode 100644
index 0000000..0d79cd2
--- /dev/null
+++ b/tests/by-name/sh/sharkey/test.nix
@@ -0,0 +1,102 @@
+{
+  nixos-lib,
+  pkgsUnstable,
+  nixpkgs-unstable,
+  vhackPackages,
+  pkgs,
+  extraModules,
+  nixLib,
+  ...
+}:
+nixos-lib.runTest {
+  hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
+
+  name = "sharkey";
+
+  node = {
+    specialArgs = {inherit pkgsUnstable extraModules vhackPackages nixpkgs-unstable nixLib;};
+
+    # Use the nixpkgs as constructed by the `nixpkgs.*` options
+    pkgs = null;
+  };
+
+  nodes = {
+    acme = {...}: {
+      imports = [
+        ../../../common/acme/server.nix
+        ../../../common/dns/client.nix
+      ];
+    };
+    name_server = {nodes, ...}: {
+      imports =
+        extraModules
+        ++ [
+          ../../../common/acme/client.nix
+          ../../../common/dns/server.nix
+        ];
+
+      vhack.dns.zones = {
+        "sharkey.server" = {
+          SOA = {
+            nameServer = "ns";
+            adminEmail = "admin@server.com";
+            serial = 2025012301;
+          };
+          useOrigin = false;
+
+          A = [
+            nodes.server.networking.primaryIPAddress
+          ];
+          AAAA = [
+            nodes.server.networking.primaryIPv6Address
+          ];
+        };
+      };
+    };
+
+    server = {config, ...}: {
+      imports =
+        extraModules
+        ++ [
+          ../../../../modules
+          ../../../common/acme/client.nix
+          ../../../common/dns/client.nix
+        ];
+
+      vhack = {
+        persist.enable = true;
+        nginx.enable = true;
+        sharkey = {
+          enable = true;
+          fqdn = "sharkey.server";
+        };
+      };
+    };
+
+    client = {...}: {
+      imports = [
+        ../../../common/acme/client.nix
+        ../../../common/dns/client.nix
+      ];
+    };
+  };
+
+  testScript = {nodes, ...}: let
+    acme = import ../../../common/acme {inherit pkgs;};
+  in
+    acme.prepare ["server" "client"]
+    # Python
+    ''
+      server.wait_for_unit("sharkey.service")
+
+      with subtest("All services running"):
+        import json
+        def all_services_running(host):
+          (status, output) = host.systemctl("list-units --state=failed --plain --no-pager --output=json")
+          host_failed = json.loads(output)
+          assert len(host_failed) == 0, f"Expected zero failing services, but found: {json.dumps(host_failed, indent=4)}"
+        all_services_running(server)
+
+      client.wait_until_succeeds("curl --silent https://sharkey.server | grep 'Thank you for using Sharkey!'")
+    '';
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-07-01 14:21:55 +0000