nixos/tests/containers-bridge.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-bridge.nix
at 23.11-pre 3.0 kB view raw
 1let
 2  hostIp = "192.168.0.1";
 3  containerIp = "192.168.0.100/24";
 4  hostIp6 = "fc00::1";
 5  containerIp6 = "fc00::2/7";
 6in
 7
 8import ./make-test-python.nix ({ pkgs, lib, ... }: {
 9  name = "containers-bridge";
10  meta = {
11    maintainers = with lib.maintainers; [ aristid aszlig eelco kampfschlaefer ];
12  };
13
14  nodes.machine =
15    { pkgs, ... }:
16    { imports = [ ../modules/installer/cd-dvd/channel.nix ];
17      virtualisation.writableStore = true;
18
19      networking.bridges = {
20        br0 = {
21          interfaces = [];
22        };
23      };
24      networking.interfaces = {
25        br0 = {
26          ipv4.addresses = [{ address = hostIp; prefixLength = 24; }];
27          ipv6.addresses = [{ address = hostIp6; prefixLength = 7; }];
28        };
29      };
30
31      containers.webserver =
32        {
33          autoStart = true;
34          privateNetwork = true;
35          hostBridge = "br0";
36          localAddress = containerIp;
37          localAddress6 = containerIp6;
38          config =
39            { services.httpd.enable = true;
40              services.httpd.adminAddr = "foo@example.org";
41              networking.firewall.allowedTCPPorts = [ 80 ];
42            };
43        };
44
45      containers.web-noip =
46        {
47          autoStart = true;
48          privateNetwork = true;
49          hostBridge = "br0";
50          config =
51            { services.httpd.enable = true;
52              services.httpd.adminAddr = "foo@example.org";
53              networking.firewall.allowedTCPPorts = [ 80 ];
54            };
55        };
56
57
58      virtualisation.additionalPaths = [ pkgs.stdenv ];
59    };
60
61  testScript = ''
62    machine.wait_for_unit("default.target")
63    assert "webserver" in machine.succeed("nixos-container list")
64
65    with subtest("Start the webserver container"):
66        assert "up" in machine.succeed("nixos-container status webserver")
67
68    with subtest("Bridges exist inside containers"):
69        machine.succeed(
70            "nixos-container run webserver -- ip link show eth0",
71            "nixos-container run web-noip -- ip link show eth0",
72        )
73
74    ip = "${containerIp}".split("/")[0]
75    machine.succeed(f"ping -n -c 1 {ip}")
76    machine.succeed(f"curl --fail http://{ip}/ > /dev/null")
77
78    ip6 = "${containerIp6}".split("/")[0]
79    machine.succeed(f"ping -n -c 1 {ip6}")
80    machine.succeed(f"curl --fail http://[{ip6}]/ > /dev/null")
81
82    with subtest(
83        "nixos-container show-ip works in case of an ipv4 address "
84        + "with subnetmask in CIDR notation."
85    ):
86        result = machine.succeed("nixos-container show-ip webserver").rstrip()
87        assert result == ip
88
89    with subtest("Stop the container"):
90        machine.succeed("nixos-container stop webserver")
91        machine.fail(
92            f"curl --fail --connect-timeout 2 http://{ip}/ > /dev/null",
93            f"curl --fail --connect-timeout 2 http://[{ip6}]/ > /dev/null",
94        )
95
96    # Destroying a declarative container should fail.
97    machine.fail("nixos-container destroy webserver")
98  '';
99})