nixos/tests/containers-bridge.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-bridge.nix
at 21.11-pre 3.0 kB view raw
  1let
  2  hostIp = "192.168.0.1";
  3  containerIp = "192.168.0.100/24";
  4  hostIp6 = "fc00::1";
  5  containerIp6 = "fc00::2/7";
  6in
  7
  8import ./make-test-python.nix ({ pkgs, lib, ... }: {
  9  name = "containers-bridge";
 10  meta = {
 11    maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
 12  };
 13
 14  machine =
 15    { pkgs, ... }:
 16    { imports = [ ../modules/installer/cd-dvd/channel.nix ];
 17      virtualisation.writableStore = true;
 18      virtualisation.memorySize = 768;
 19
 20      networking.bridges = {
 21        br0 = {
 22          interfaces = [];
 23        };
 24      };
 25      networking.interfaces = {
 26        br0 = {
 27          ipv4.addresses = [{ address = hostIp; prefixLength = 24; }];
 28          ipv6.addresses = [{ address = hostIp6; prefixLength = 7; }];
 29        };
 30      };
 31
 32      containers.webserver =
 33        {
 34          autoStart = true;
 35          privateNetwork = true;
 36          hostBridge = "br0";
 37          localAddress = containerIp;
 38          localAddress6 = containerIp6;
 39          config =
 40            { services.httpd.enable = true;
 41              services.httpd.adminAddr = "foo@example.org";
 42              networking.firewall.allowedTCPPorts = [ 80 ];
 43            };
 44        };
 45
 46      containers.web-noip =
 47        {
 48          autoStart = true;
 49          privateNetwork = true;
 50          hostBridge = "br0";
 51          config =
 52            { services.httpd.enable = true;
 53              services.httpd.adminAddr = "foo@example.org";
 54              networking.firewall.allowedTCPPorts = [ 80 ];
 55            };
 56        };
 57
 58
 59      virtualisation.pathsInNixDB = [ pkgs.stdenv ];
 60    };
 61
 62  testScript = ''
 63    machine.wait_for_unit("default.target")
 64    assert "webserver" in machine.succeed("nixos-container list")
 65
 66    with subtest("Start the webserver container"):
 67        assert "up" in machine.succeed("nixos-container status webserver")
 68
 69    with subtest("Bridges exist inside containers"):
 70        machine.succeed(
 71            "nixos-container run webserver -- ip link show eth0",
 72            "nixos-container run web-noip -- ip link show eth0",
 73        )
 74
 75    ip = "${containerIp}".split("/")[0]
 76    machine.succeed(f"ping -n -c 1 {ip}")
 77    machine.succeed(f"curl --fail http://{ip}/ > /dev/null")
 78
 79    ip6 = "${containerIp6}".split("/")[0]
 80    machine.succeed(f"ping -n -c 1 {ip6}")
 81    machine.succeed(f"curl --fail http://[{ip6}]/ > /dev/null")
 82
 83    with subtest(
 84        "nixos-container show-ip works in case of an ipv4 address "
 85        + "with subnetmask in CIDR notation."
 86    ):
 87        result = machine.succeed("nixos-container show-ip webserver").rstrip()
 88        assert result == ip
 89
 90    with subtest("Stop the container"):
 91        machine.succeed("nixos-container stop webserver")
 92        machine.fail(
 93            f"curl --fail --connect-timeout 2 http://{ip}/ > /dev/null",
 94            f"curl --fail --connect-timeout 2 http://[{ip6}]/ > /dev/null",
 95        )
 96
 97    # Destroying a declarative container should fail.
 98    machine.fail("nixos-container destroy webserver")
 99  '';
100})