nixos/tests/systemd-nspawn.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / systemd-nspawn.nix
at 23.11-beta 1.6 kB view raw
 1import ./make-test-python.nix ({pkgs, lib, ...}:
 2let
 3  gpgKeyring = import ./common/gpg-keyring.nix { inherit pkgs; };
 4
 5  nspawnImages = (pkgs.runCommand "localhost" { buildInputs = [ pkgs.coreutils pkgs.gnupg ]; } ''
 6    mkdir -p $out
 7    cd $out
 8
 9    # produce a testimage.raw
10    dd if=/dev/urandom of=$out/testimage.raw bs=$((1024*1024+7)) count=5
11
12    # produce a testimage2.tar.xz, containing the hello store path
13    tar cvJpf testimage2.tar.xz ${pkgs.hello}
14
15    # produce signature(s)
16    sha256sum testimage* > SHA256SUMS
17    export GNUPGHOME="$(mktemp -d)"
18    cp -R ${gpgKeyring}/* $GNUPGHOME
19    gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS
20  '');
21in {
22  name = "systemd-nspawn";
23
24  nodes = {
25    server = { pkgs, ... }: {
26      networking.firewall.allowedTCPPorts = [ 80 ];
27      services.nginx = {
28        enable = true;
29        virtualHosts."server".root = nspawnImages;
30      };
31    };
32    client = { pkgs, ... }: {
33      environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg";
34    };
35  };
36
37  testScript = ''
38    start_all()
39
40    server.wait_for_unit("nginx.service")
41    client.wait_for_unit("network-online.target")
42    client.succeed("machinectl pull-raw --verify=signature http://server/testimage.raw")
43    client.succeed(
44        "cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw"
45    )
46    client.succeed("machinectl pull-tar --verify=signature http://server/testimage2.tar.xz")
47    client.succeed(
48        "cmp /var/lib/machines/testimage2/${pkgs.hello}/bin/hello ${pkgs.hello}/bin/hello"
49    )
50  '';
51})