nixos/tests/docker.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / docker.nix
at 22.05-pre 1.7 kB view raw
 1# This test runs docker and checks if simple container starts
 2
 3import ./make-test-python.nix ({ pkgs, ...} : {
 4  name = "docker";
 5  meta = with pkgs.lib.maintainers; {
 6    maintainers = [ nequissimus offline ];
 7  };
 8
 9  nodes = {
10    docker =
11      { pkgs, ... }:
12        {
13          virtualisation.docker.enable = true;
14          virtualisation.docker.package = pkgs.docker;
15
16          users.users = {
17            noprivs = {
18              isNormalUser = true;
19              description = "Can't access the docker daemon";
20              password = "foobar";
21            };
22
23            hasprivs = {
24              isNormalUser = true;
25              description = "Can access the docker daemon";
26              password = "foobar";
27              extraGroups = [ "docker" ];
28            };
29          };
30        };
31    };
32
33  testScript = ''
34    start_all()
35
36    docker.wait_for_unit("sockets.target")
37    docker.succeed("tar cv --files-from /dev/null | docker import - scratchimg")
38    docker.succeed(
39        "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
40    )
41    docker.succeed("docker ps | grep sleeping")
42    docker.succeed("sudo -u hasprivs docker ps")
43    docker.fail("sudo -u noprivs docker ps")
44    docker.succeed("docker stop sleeping")
45
46    # Must match version 4 times to ensure client and server git commits and versions are correct
47    docker.succeed('[ $(docker version | grep ${pkgs.docker.version} | wc -l) = "4" ]')
48    docker.succeed("systemctl restart systemd-sysctl")
49    docker.succeed("grep 1 /proc/sys/net/ipv4/conf/all/forwarding")
50    docker.succeed("grep 1 /proc/sys/net/ipv4/conf/default/forwarding")
51  '';
52})