nixos/tests/ncdns.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / ncdns.nix
at 23.05-pre 2.7 kB view raw
 1import ./make-test-python.nix ({ lib, pkgs, ... }:
 2let
 3  fakeReply = pkgs.writeText "namecoin-reply.json" ''
 4  { "error": null,
 5    "id": 1,
 6    "result": {
 7      "address": "T31q8ucJ4dI1xzhxQ5QispfECld5c7Xw",
 8      "expired": false,
 9      "expires_in": 2248,
10      "height": 438155,
11      "name": "d/test",
12      "txid": "db61c0b2540ba0c1a2c8cc92af703a37002e7566ecea4dbf8727c7191421edfb",
13      "value": "{\"ip\": \"1.2.3.4\", \"email\": \"root@test.bit\",\"info\": \"Fake record\"}",
14      "vout": 0
15    }
16  }
17  '';
18
19  # Disabled because DNSSEC does not currently validate,
20  # see https://github.com/namecoin/ncdns/issues/127
21  dnssec = false;
22
23in
24
25{
26  name = "ncdns";
27  meta = with pkgs.lib.maintainers; {
28    maintainers = [ rnhmjoj ];
29  };
30
31  nodes.server = { ... }: {
32    networking.nameservers = [ "::1" ];
33
34    services.namecoind.rpc = {
35      address = "::1";
36      user = "namecoin";
37      password = "secret";
38      port = 8332;
39    };
40
41    # Fake namecoin RPC server because we can't
42    # run a full node in a test.
43    systemd.services.namecoind = {
44      wantedBy = [ "multi-user.target" ];
45      script = ''
46        while true; do
47          echo -e "HTTP/1.1 200 OK\n\n $(<${fakeReply})\n" \
48            | ${pkgs.netcat}/bin/nc -N -l ::1 8332
49        done
50      '';
51    };
52
53    services.ncdns = {
54      enable = true;
55      dnssec.enable = dnssec;
56      identity.hostname   = "example.com";
57      identity.hostmaster = "root@example.com";
58      identity.address    = "1.0.0.1";
59    };
60
61    services.pdns-recursor.enable = true;
62    services.pdns-recursor.resolveNamecoin = true;
63
64    environment.systemPackages = [ pkgs.dnsutils ];
65  };
66
67  testScript =
68    (lib.optionalString dnssec ''
69      with subtest("DNSSEC keys have been generated"):
70          server.wait_for_unit("ncdns")
71          server.wait_for_file("/var/lib/ncdns/bit.key")
72          server.wait_for_file("/var/lib/ncdns/bit-zone.key")
73
74      with subtest("DNSKEY bit record is present"):
75          server.wait_for_unit("pdns-recursor")
76          server.wait_for_open_port(53)
77          server.succeed("host -t DNSKEY bit")
78    '') +
79    ''
80      with subtest("can resolve a .bit name"):
81          server.wait_for_unit("namecoind")
82          server.wait_for_unit("ncdns")
83          server.wait_for_open_port(8332)
84          assert "1.2.3.4" in server.succeed("dig @localhost -p 5333 test.bit")
85
86      with subtest("SOA record has identity information"):
87          assert "example.com" in server.succeed("dig SOA @localhost -p 5333 bit")
88
89      with subtest("bit. zone forwarding works"):
90          server.wait_for_unit("pdns-recursor")
91          assert "1.2.3.4" in server.succeed("host test.bit")
92    '';
93})