nixos/tests/containers-bridge.nix at 18.03-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-bridge.nix
at 18.03-beta 2.6 kB view raw
 1# Test for NixOS' container support.
 2
 3let
 4  hostIp = "192.168.0.1";
 5  containerIp = "192.168.0.100/24";
 6  hostIp6 = "fc00::1";
 7  containerIp6 = "fc00::2/7";
 8in
 9
10import ./make-test.nix ({ pkgs, ...} : {
11  name = "containers-bridge";
12  meta = with pkgs.stdenv.lib.maintainers; {
13    maintainers = [ aristid aszlig eelco chaoflow kampfschlaefer ];
14  };
15
16  machine =
17    { config, pkgs, ... }:
18    { imports = [ ../modules/installer/cd-dvd/channel.nix ];
19      virtualisation.writableStore = true;
20      virtualisation.memorySize = 768;
21
22      networking.bridges = {
23        br0 = {
24          interfaces = [];
25        };
26      };
27      networking.interfaces = {
28        br0 = {
29          ipv4.addresses = [{ address = hostIp; prefixLength = 24; }];
30          ipv6.addresses = [{ address = hostIp6; prefixLength = 7; }];
31        };
32      };
33
34      containers.webserver =
35        {
36          autoStart = true;
37          privateNetwork = true;
38          hostBridge = "br0";
39          localAddress = containerIp;
40          localAddress6 = containerIp6;
41          config =
42            { services.httpd.enable = true;
43              services.httpd.adminAddr = "foo@example.org";
44              networking.firewall.allowedTCPPorts = [ 80 ];
45              networking.firewall.allowPing = true;
46            };
47        };
48
49      virtualisation.pathsInNixDB = [ pkgs.stdenv ];
50    };
51
52  testScript =
53    ''
54      $machine->waitForUnit("default.target");
55      $machine->succeed("nixos-container list") =~ /webserver/ or die;
56
57      # Start the webserver container.
58      $machine->succeed("nixos-container status webserver") =~ /up/ or die;
59
60      "${containerIp}" =~ /([^\/]+)\/([0-9+])/;
61      my $ip = $1;
62      chomp $ip;
63      $machine->succeed("ping -n -c 1 $ip");
64      $machine->succeed("curl --fail http://$ip/ > /dev/null");
65
66      "${containerIp6}" =~ /([^\/]+)\/([0-9+])/;
67      my $ip6 = $1;
68      chomp $ip6;
69      $machine->succeed("ping -n -c 1 $ip6");
70      $machine->succeed("curl --fail http://[$ip6]/ > /dev/null");
71
72      # Check that nixos-container show-ip works in case of an ipv4 address with
73      # subnetmask in CIDR notation.
74      my $result = $machine->succeed("nixos-container show-ip webserver");
75      chomp $result;
76      $result eq $ip or die;
77
78      # Stop the container.
79      $machine->succeed("nixos-container stop webserver");
80      $machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
81      $machine->fail("curl --fail --connect-timeout 2 http://[$ip6]/ > /dev/null");
82
83      # Destroying a declarative container should fail.
84      $machine->fail("nixos-container destroy webserver");
85    '';
86
87})