nixos/tests/systemd-nspawn.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / systemd-nspawn.nix
at 22.05-pre 1.8 kB view raw
 1import ./make-test-python.nix ({pkgs, lib, ...}:
 2let
 3  gpgKeyring = (pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
 4    mkdir -p $out
 5    export GNUPGHOME=$out
 6    cat > foo <<EOF
 7      %echo Generating a basic OpenPGP key
 8      %no-protection
 9      Key-Type: DSA
10      Key-Length: 1024
11      Subkey-Type: ELG-E
12      Subkey-Length: 1024
13      Name-Real: Joe Tester
14      Name-Email: joe@foo.bar
15      Expire-Date: 0
16      # Do a commit here, so that we can later print "done"
17      %commit
18      %echo done
19    EOF
20    gpg --batch --generate-key foo
21    rm $out/S.gpg-agent $out/S.gpg-agent.*
22    gpg --export joe@foo.bar -a > $out/pubkey.gpg
23  '');
24
25  nspawnImages = (pkgs.runCommand "localhost" { buildInputs = [ pkgs.coreutils pkgs.gnupg ]; } ''
26    mkdir -p $out
27    cd $out
28    dd if=/dev/urandom of=$out/testimage.raw bs=$((1024*1024+7)) count=5
29    sha256sum testimage.raw > SHA256SUMS
30    export GNUPGHOME="$(mktemp -d)"
31    cp -R ${gpgKeyring}/* $GNUPGHOME
32    gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS
33  '');
34in {
35  name = "systemd-nspawn";
36
37  nodes = {
38    server = { pkgs, ... }: {
39      networking.firewall.allowedTCPPorts = [ 80 ];
40      services.nginx = {
41        enable = true;
42        virtualHosts."server".root = nspawnImages;
43      };
44    };
45    client = { pkgs, ... }: {
46      environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg";
47    };
48  };
49
50  testScript = ''
51    start_all()
52
53    server.wait_for_unit("nginx.service")
54    client.wait_for_unit("network-online.target")
55    client.succeed("machinectl pull-raw --verify=signature http://server/testimage.raw")
56    client.succeed(
57        "cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw"
58    )
59  '';
60})