nixos/tests/wpa_supplicant.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / wpa_supplicant.nix
at 23.05-pre 3.1 kB view raw
 1import ./make-test-python.nix ({ pkgs, lib, ...}:
 2{
 3  name = "wpa_supplicant";
 4  meta = with lib.maintainers; {
 5    maintainers = [ rnhmjoj ];
 6  };
 7
 8  nodes.machine = { ... }: {
 9    imports = [ ../modules/profiles/minimal.nix ];
10
11    # add a virtual wlan interface
12    boot.kernelModules = [ "mac80211_hwsim" ];
13
14    # wireless access point
15    services.hostapd = {
16      enable = true;
17      wpa = true;
18      interface = "wlan0";
19      ssid = "nixos-test";
20      wpaPassphrase = "reproducibility";
21    };
22
23    # wireless client
24    networking.wireless = {
25      # the override is needed because the wifi is
26      # disabled with mkVMOverride in qemu-vm.nix.
27      enable = lib.mkOverride 0 true;
28      userControlled.enable = true;
29      interfaces = [ "wlan1" ];
30      fallbackToWPA2 = true;
31
32      networks = {
33        # test WPA2 fallback
34        mixed-wpa = {
35          psk = "password";
36          authProtocols = [ "WPA-PSK" "SAE" ];
37        };
38        sae-only = {
39          psk = "password";
40          authProtocols = [ "SAE" ];
41        };
42
43        # test network
44        nixos-test.psk = "@PSK_NIXOS_TEST@";
45
46        # secrets substitution test cases
47        test1.psk = "@PSK_VALID@";              # should be replaced
48        test2.psk = "@PSK_SPECIAL@";            # should be replaced
49        test3.psk = "@PSK_MISSING@";            # should not be replaced
50        test4.psk = "P@ssowrdWithSome@tSymbol"; # should not be replaced
51      };
52
53      # secrets
54      environmentFile = pkgs.writeText "wpa-secrets" ''
55        PSK_NIXOS_TEST="reproducibility"
56        PSK_VALID="S0m3BadP4ssw0rd";
57        # taken from https://github.com/minimaxir/big-list-of-naughty-strings
58        PSK_SPECIAL=",./;'[]\-= <>?:\"{}|_+ !@#$%^\&*()`~";
59      '';
60    };
61
62  };
63
64  testScript =
65    ''
66      config_file = "/run/wpa_supplicant/wpa_supplicant.conf"
67
68      with subtest("Configuration file is inaccessible to other users"):
69          machine.wait_for_file(config_file)
70          machine.fail(f"sudo -u nobody ls {config_file}")
71
72      with subtest("Secrets variables have been substituted"):
73          machine.fail(f"grep -q @PSK_VALID@ {config_file}")
74          machine.fail(f"grep -q @PSK_SPECIAL@ {config_file}")
75          machine.succeed(f"grep -q @PSK_MISSING@ {config_file}")
76          machine.succeed(f"grep -q P@ssowrdWithSome@tSymbol {config_file}")
77
78      with subtest("WPA2 fallbacks have been generated"):
79          assert int(machine.succeed(f"grep -c sae-only {config_file}")) == 1
80          assert int(machine.succeed(f"grep -c mixed-wpa {config_file}")) == 2
81
82      # save file for manual inspection
83      machine.copy_from_vm(config_file)
84
85      with subtest("Daemon is running and accepting connections"):
86          machine.wait_for_unit("wpa_supplicant-wlan1.service")
87          status = machine.succeed("wpa_cli -i wlan1 status")
88          assert "Failed to connect" not in status, \
89                 "Failed to connect to the daemon"
90
91      with subtest("Daemon can connect to the access point"):
92          machine.wait_until_succeeds(
93            "wpa_cli -i wlan1 status | grep -q wpa_state=COMPLETED"
94          )
95    '';
96})