diff options
Diffstat (limited to 'tests/by-name')
| -rw-r--r-- | tests/by-name/at/atuin-sync/test.nix | 191 | ||||
| -rw-r--r-- | tests/by-name/ba/back/test.nix | 29 | ||||
| -rw-r--r-- | tests/by-name/em/email-dns/nodes/name_server.nix | 2 | ||||
| -rw-r--r-- | tests/by-name/em/email-dns/test.nix | 20 | ||||
| -rw-r--r-- | tests/by-name/em/email-http/test.nix | 21 | ||||
| -rw-r--r-- | tests/by-name/ru/rust-motd/test.nix | 62 | ||||
| -rw-r--r-- | tests/by-name/sh/sharkey-cpu/test.nix | 7 | ||||
| -rw-r--r-- | tests/by-name/sh/sharkey/test.nix | 22 | ||||
| -rw-r--r-- | tests/by-name/ta/taskchampion-sync/test.nix | 83 |
9 files changed, 347 insertions, 90 deletions
diff --git a/tests/by-name/at/atuin-sync/test.nix b/tests/by-name/at/atuin-sync/test.nix new file mode 100644 index 0000000..d29c031 --- /dev/null +++ b/tests/by-name/at/atuin-sync/test.nix @@ -0,0 +1,191 @@ +{ + nixos-lib, + pkgsUnstable, + nixpkgs-unstable, + vhackPackages, + pkgs, + extraModules, + nixLib, + ... +}: +nixos-lib.runTest { + hostPkgs = pkgs; + name = "atuin-sync"; + + node = { + specialArgs = {inherit pkgsUnstable vhackPackages nixpkgs-unstable nixLib;}; + + # Use the nixpkgs as constructed by the `nixpkgs.*` options + pkgs = null; + }; + + nodes = let + atuinSession = "01969ec6b8d07e30a9d2df0911fbfe2a"; + in { + acme = { + imports = [ + ../../../common/acme/server.nix + ../../../common/dns/client.nix + ]; + }; + name_server = {nodes, ...}: { + imports = + extraModules + ++ [ + ../../../common/acme/client.nix + ../../../common/dns/server.nix + ]; + + vhack.dns.zones = { + "atuin-sync.server" = { + SOA = { + nameServer = "ns"; + adminEmail = "admin@server.com"; + serial = 2025012301; + }; + useOrigin = false; + + A = [ + nodes.server.networking.primaryIPAddress + ]; + AAAA = [ + nodes.server.networking.primaryIPv6Address + ]; + }; + }; + }; + + server = {config, ...}: { + imports = + extraModules + ++ [ + ../../../../modules + ../../../common/acme/client.nix + ../../../common/dns/client.nix + ]; + + vhack = { + persist.enable = true; + nginx.enable = true; + atuin-sync = { + enable = true; + fqdn = "atuin-sync.server"; + }; + }; + }; + + client1 = {config, ...}: { + imports = [ + ../../../common/acme/client.nix + ../../../common/dns/client.nix + ]; + + environment.sessionVariables.ATUIN_SESSION = atuinSession; + + environment.systemPackages = [ + pkgs.atuin + pkgs.sqlite-interactive + ]; + }; + client2 = {config, ...}: { + imports = [ + ../../../common/acme/client.nix + ../../../common/dns/client.nix + ]; + + environment.sessionVariables.ATUIN_SESSION = atuinSession; + + environment.systemPackages = [ + pkgs.atuin + pkgs.sqlite-interactive + ]; + }; + }; + + testScript = {nodes, ...}: let + syncLogin = pkgs.writeShellScript "login-atuin-sync-account" '' + atuin login --username syncy --password password1234 --key "$1" + ''; + + syncRegister = pkgs.writeShellScript "register-atuin-sync-account" '' + atuin register --username syncy --email syncy@email.com --password password1234 + ''; + + mkSyncConfig = pkgs.writeShellScript "register-atuin-sync-account" '' + mkdir --parents ~/.config/atuin/ + cat << EOF > ~/.config/atuin/config.toml + sync_address = "https://atuin-sync.server" + + # Use the v2 sync + [sync] + records = true + EOF + ''; + + runCommandAndRecordInAtuin = pkgs.writeShellScript "run-command-and-record-in-atuin" '' + # SPDX-SnippetBegin + # SPDX-SnippetCopyrightText: 2023 mentalisttraceur (https://github.com/mentalisttraceur) + # Source: https://github.com/atuinsh/atuin/issues/1188#issuecomment-1698354107 + run_and_record_in_atuin() + { + local id + local status + local escaped_command="$(printf '%q ' "$@")" + id="$(atuin history start -- "$escaped_command")" + "$@" + status=$? + atuin history end --exit $status "$id" + return $status + } + # SPDX-SnippetEnd + + run_and_record_in_atuin "$@" + ''; + + acme = import ../../../common/acme {inherit pkgs;}; + in + acme.prepare ["server" "client1" "client2"] + # Python + '' + server.wait_for_unit("atuin.service") + server.wait_for_open_port(443) + + # Wait for the server to acquire the acme certificate + client1.wait_until_succeeds("curl https://atuin-sync.server") + + with subtest("Setup client syncing"): + for client in [client1, client2]: + client.succeed("${mkSyncConfig}") + + client1.succeed("${syncRegister}") + + for client in [client1, client2]: + # See https://docs.atuin.sh/guide/sync/ + client.succeed(f"${syncLogin} '{client1.succeed("atuin key")}'") + + with subtest("Can import shell history"): + client1.succeed("${runCommandAndRecordInAtuin} echo hi - client 1") + client2.succeed("${runCommandAndRecordInAtuin} echo hi - client 2") + + with subtest("Can sync tasks"): + for client in [client1, client2]: + client.succeed("atuin sync --force") + client1.succeed("atuin sync --force") + + + with subtest("Have correct tasks"): + hist1 = client1.succeed("atuin history list --session --format '{command}'").strip().split('\n') + hist2 = client2.succeed("atuin history list --session --format '{command}'").strip().split('\n') + + hist1.sort() + hist2.sort() + + canonicalHistory = [ + "echo hi - client 1", + "echo hi - client 2" + ] + + assert hist1 == hist2, f"The clients don't have the same amount of history items, client1: '{hist1}', client2: '{hist2}'" + assert hist1 == canonicalHistory, f"The history is not correct: '{hist1}' vs. '{canonicalHistory}'" + ''; +} diff --git a/tests/by-name/ba/back/test.nix b/tests/by-name/ba/back/test.nix index 85cb611..cce5ede 100644 --- a/tests/by-name/ba/back/test.nix +++ b/tests/by-name/ba/back/test.nix @@ -56,14 +56,9 @@ in domain = "git.${domain}"; gitolite.adminPubkey = sshKeys.admin.pub; }; - back = { + git-back = { enable = true; domain = "issues.${domain}"; - - settings = { - scan_path = "${config.services.gitolite.dataDir}/repositories"; - project_list = "${config.services.gitolite.dataDir}/projects.list"; - }; }; }; }; @@ -152,35 +147,35 @@ in cd alice/repo1 - git bug user create --avatar "" --email "alice@server.org" --name "alice" --non-interactive + git bug user new --avatar "" --email "alice@server.org" --name "alice" --non-interactive - git bug add \ + git bug bug new \ --title "Some bug title" \ --message "A long description of the bug. Probably has some code segments, maybe even *markdown* mark_up_ or other things" \ --non-interactive - git bug add \ + git bug bug new \ --title "Second bug title" \ --message "" \ --non-interactive - git bug add \ + git bug bug new \ --title "Third bug title" \ --message "" \ --non-interactive - git bug select "$(git bug ls --format plain | awk '{print $1}' | head -n 1)" + git bug bug select "$(git bug bug --format plain | awk '{print $1}' | head -n 1)" - git bug comment add --message "Some comment message" --non-interactive - git bug comment add --message "Second comment message" --non-interactive + git bug bug comment new --message "Some comment message" --non-interactive + git bug bug comment new --message "Second comment message" --non-interactive # TODO: This should use `git bug push`, but their ssh implementation is just # too special to work in a VM test <2025-03-08> git push origin +refs/bugs/* git push origin +refs/identities/* - ssh git@${domain} -- config alice/repo1 --add cgit.owner Alice - ssh git@${domain} -- perms alice/repo1 + READERS @all + ssh git@git.${domain} -- config alice/repo1 --add cgit.owner Alice + ssh git@git.${domain} -- perms alice/repo1 + READERS @all ''}") with subtest("back server starts"): @@ -190,12 +185,12 @@ in client.succeed("${pkgs.writeShellScript "curl-back" '' set -xe - curl --insecure --fail --show-error "https://issues.${domain}/alice/repo1.git/issues/open" --output /root/issues.html + curl --insecure --fail --show-error "https://issues.${domain}/alice/repo1/issues/?query=status:open" --output /root/issues.html grep -- 'Second bug title' /root/issues.html curl --insecure --fail --show-error "https://issues.${domain}/" --output /root/repos.html grep -- 'repo' /root/repos.html - grep -- "<No description>" /root/repos.html + grep -- "<No description>" /root/repos.html grep -- '<span class="user-name">Alice</span>' /root/repos.html ''} >&2") diff --git a/tests/by-name/em/email-dns/nodes/name_server.nix b/tests/by-name/em/email-dns/nodes/name_server.nix index d9d3617..bde1a16 100644 --- a/tests/by-name/em/email-dns/nodes/name_server.nix +++ b/tests/by-name/em/email-dns/nodes/name_server.nix @@ -63,7 +63,7 @@ adkim = "strict"; aspf = "strict"; fo = ["0" "1" "d" "s"]; - p = "quarantine"; + p = "reject"; rua = cfg.admin; ruf = [cfg.admin]; } diff --git a/tests/by-name/em/email-dns/test.nix b/tests/by-name/em/email-dns/test.nix index f0399a5..c7ba3b3 100644 --- a/tests/by-name/em/email-dns/test.nix +++ b/tests/by-name/em/email-dns/test.nix @@ -90,23 +90,13 @@ in } ''; - acme_scripts = import ../../../common/acme/scripts.nix {inherit pkgs;}; + acme = import ../../../common/acme {inherit pkgs;}; in - /* - python - */ + acme.prepare ["mail1_server" "mail2_server" "alice" "bob"] + # Python '' from time import sleep - # Start dependencies for the other services - acme.start() - acme.wait_for_unit("pebble.service") - name_server.start() - name_server.wait_for_unit("nsd.service") - - # Start the actual testing machines - start_all() - mail1_server.wait_for_unit("stalwart-mail.service") mail1_server.wait_for_open_port(993) # imap mail1_server.wait_for_open_port(465) # smtp @@ -120,10 +110,6 @@ in name_server.wait_until_succeeds("stat /var/lib/acme/mta-sts.alice.com/cert.pem") name_server.wait_until_succeeds("stat /var/lib/acme/mta-sts.bob.com/cert.pem") - with subtest("Add pebble ca key to all services"): - for node in [name_server, mail1_server, mail2_server, alice, bob]: - node.succeed("${acme_scripts.add_pebble_acme_ca}") - with subtest("Both mailserver successfully started all services"): import json def all_services_running(host): diff --git a/tests/by-name/em/email-http/test.nix b/tests/by-name/em/email-http/test.nix index f508b9f..82b4c45 100644 --- a/tests/by-name/em/email-http/test.nix +++ b/tests/by-name/em/email-http/test.nix @@ -71,32 +71,17 @@ in # TODO(@bpeetz): This test should also test the http JMAP features of stalwart-mail. <2025-04-12> testScript = _: let - acme_scripts = import ../../../common/acme/scripts.nix {inherit pkgs;}; + acme = import ../../../common/acme {inherit pkgs;}; in - /* - python - */ + acme.prepare ["mail_server" "bob"] + # Python '' - # Start dependencies for the other services - acme.start() - acme.wait_for_unit("pebble.service") - name_server.start() - name_server.wait_for_unit("nsd.service") - - # Start the actual testing machines - start_all() - mail_server.wait_for_unit("stalwart-mail.service") mail_server.wait_for_open_port(993) # imap mail_server.wait_for_open_port(465) # smtp bob.wait_for_unit("multi-user.target") - with subtest("Add pebble ca key to all services"): - for node in [name_server, mail_server, bob]: - node.wait_for_unit("network-online.target") - node.succeed("${acme_scripts.add_pebble_acme_ca}") - with subtest("The mailserver successfully started all services"): import json def all_services_running(host): diff --git a/tests/by-name/ru/rust-motd/test.nix b/tests/by-name/ru/rust-motd/test.nix new file mode 100644 index 0000000..fef1df8 --- /dev/null +++ b/tests/by-name/ru/rust-motd/test.nix @@ -0,0 +1,62 @@ +{ + nixos-lib, + pkgsUnstable, + nixpkgs-unstable, + vhackPackages, + pkgs, + extraModules, + nixLib, + ... +}: +nixos-lib.runTest { + hostPkgs = pkgs; + + name = "rust-motd"; + + node = { + specialArgs = {inherit pkgsUnstable extraModules vhackPackages nixpkgs-unstable nixLib;}; + + # Use the nixpkgs as constructed by the `nixpkgs.*` options + pkgs = null; + }; + + nodes = { + server = {config, ...}: { + imports = + extraModules + ++ [ + ../../../../modules + ]; + + vhack = { + rust-motd.enable = true; + }; + }; + }; + + testScript = {nodes, ...}: + /* + python + */ + '' + from time import sleep + + start_all() + + # Give the service time to run. + sleep(3) + + with subtest("All services running"): + import json + def all_services_running(host): + (status, output) = host.systemctl("list-units --state=failed --plain --no-pager --output=json") + host_failed = json.loads(output) + assert len(host_failed) == 0, f"Expected zero failing services, but found: {json.dumps(host_failed, indent=4)}" + all_services_running(server) + + with subtest("Motd generated"): + server.succeed("cat /var/lib/rust-motd/motd | tee /dev/stderr | grep --invert-match Error") + + server.copy_from_vm("/var/lib/rust-motd/motd") + ''; +} diff --git a/tests/by-name/sh/sharkey-cpu/test.nix b/tests/by-name/sh/sharkey-cpu/test.nix index d4f9332..438cfb3 100644 --- a/tests/by-name/sh/sharkey-cpu/test.nix +++ b/tests/by-name/sh/sharkey-cpu/test.nix @@ -11,7 +11,7 @@ nixos-lib.runTest { hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs - name = "sharkey-images"; + name = "sharkey-cpu"; node = { specialArgs = {inherit pkgsUnstable extraModules vhackPackages nixpkgs-unstable nixLib;}; @@ -40,7 +40,7 @@ nixos-lib.runTest { # Avoid an error from this service. "acme-sharkey.server".serviceConfig.ExecStart = pkgs.lib.mkForce "${pkgs.lib.getExe' pkgs.coreutils "true"}"; - # Test, that sharkey's hardening still allows access to the CPUs. + # Test that sharkey's hardening still allows access to the CPUs. sharkey.serviceConfig.ExecStart = let nodejs = pkgs.lib.getExe pkgsUnstable.nodejs; script = pkgs.writeTextFile { @@ -66,9 +66,8 @@ nixos-lib.runTest { from time import sleep start_all() - server.wait_for_unit("sharkey.service") - # Give the service time to start. + # Give the service time to run. sleep(3) with subtest("All services running"): diff --git a/tests/by-name/sh/sharkey/test.nix b/tests/by-name/sh/sharkey/test.nix index 40efe17..0d79cd2 100644 --- a/tests/by-name/sh/sharkey/test.nix +++ b/tests/by-name/sh/sharkey/test.nix @@ -82,27 +82,11 @@ nixos-lib.runTest { }; testScript = {nodes, ...}: let - acme_scripts = import ../../../common/acme/scripts.nix {inherit pkgs;}; + acme = import ../../../common/acme {inherit pkgs;}; in - /* - python - */ + acme.prepare ["server" "client"] + # Python '' - # Start dependencies for the other services - acme.start() - acme.wait_for_unit("pebble.service") - name_server.start() - name_server.wait_for_unit("nsd.service") - - # Start the actual testing machines - start_all() - - - with subtest("Add pebble ca key to all services"): - for node in [name_server, server, client]: - node.wait_for_unit("network-online.target") - node.succeed("${acme_scripts.add_pebble_acme_ca}") - server.wait_for_unit("sharkey.service") with subtest("All services running"): diff --git a/tests/by-name/ta/taskchampion-sync/test.nix b/tests/by-name/ta/taskchampion-sync/test.nix index 4dd273b..cdbe062 100644 --- a/tests/by-name/ta/taskchampion-sync/test.nix +++ b/tests/by-name/ta/taskchampion-sync/test.nix @@ -19,35 +19,87 @@ nixos-lib.runTest { pkgs = null; }; - nodes = { + nodes = let + # The feature flag is only in version 3.2 and upwards. Stable is still on 3.1 + taskwarriorPackage = pkgsUnstable.taskwarrior3.overrideAttrs (final: prev: { + cmakeFlags = (prev.cmakeFlags or []) ++ ["-DENABLE_TLS_NATIVE_ROOTS=true"]; + }); + in { + acme = { + imports = [ + ../../../common/acme/server.nix + ../../../common/dns/client.nix + ]; + }; + name_server = {nodes, ...}: { + imports = + extraModules + ++ [ + ../../../common/acme/client.nix + ../../../common/dns/server.nix + ]; + + vhack.dns.zones = { + "taskchampion.server" = { + SOA = { + nameServer = "ns"; + adminEmail = "admin@server.com"; + serial = 2025012301; + }; + useOrigin = false; + + A = [ + nodes.server.networking.primaryIPAddress + ]; + AAAA = [ + nodes.server.networking.primaryIPv6Address + ]; + }; + }; + }; + server = {config, ...}: { imports = extraModules ++ [ ../../../../modules + ../../../common/acme/client.nix + ../../../common/dns/client.nix ]; vhack = { - taskchampion-sync.enable = true; + persist.enable = true; + nginx.enable = true; + taskchampion-sync = { + enable = true; + fqdn = "taskchampion.server"; + }; }; }; task_client1 = {config, ...}: { + imports = [ + ../../../common/acme/client.nix + ../../../common/dns/client.nix + ]; + environment.systemPackages = [ - pkgs.taskwarrior3 + taskwarriorPackage ]; }; task_client2 = {config, ...}: { + imports = [ + ../../../common/acme/client.nix + ../../../common/dns/client.nix + ]; + environment.systemPackages = [ - pkgs.taskwarrior3 + taskwarriorPackage ]; }; }; testScript = {nodes, ...}: let - cfg = nodes.server.services.taskchampion-sync-server; - port = builtins.toString cfg.port; - # Generated with uuidgen uuid = "bf01376e-04a4-435a-9263-608567531af3"; password = "nixos-test"; @@ -57,19 +109,18 @@ nixos-lib.runTest { set -xe mkdir --parents "$(dirname "${path}")" - echo 'sync.server.origin=http://server:${port}' >> "${path}" + echo 'sync.server.url=https://taskchampion.server' >> "${path}" echo 'sync.server.client_id=${uuid}' >> "${path}" echo 'sync.encryption_secret=${password}' >> "${path}" ''; + + acme = import ../../../common/acme {inherit pkgs;}; in - /* - python - */ + acme.prepare ["server" "task_client1" "task_client2"] + # Python '' - start_all() - server.wait_for_unit("taskchampion-sync-server.service") - server.wait_for_open_port(${port}) + server.wait_for_open_port(443) with subtest("Setup task syncing"): for task in [task_client1, task_client2]: @@ -81,11 +132,15 @@ nixos-lib.runTest { task_client1.succeed("task add 'First task -- task_client1'") task_client2.succeed("task add 'First task -- task_client2'") + # Wait for the server to acquire the acme certificate + task_client1.wait_until_succeeds("curl https://taskchampion.server") + with subtest("Can sync tasks"): for task in [task_client1, task_client2]: task.succeed("task sync") task_client1.succeed("task sync") + with subtest("Have correct tasks"): count1 = task_client1.succeed("task count") count2 = task_client2.succeed("task count") |