nixos/tests/containers-bridge.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-bridge.nix
at 25.11-pre 3.3 kB view raw
  1let
  2  hostIp = "192.168.0.1";
  3  containerIp = "192.168.0.100/24";
  4  hostIp6 = "fc00::1";
  5  containerIp6 = "fc00::2/7";
  6in
  7
  8import ./make-test-python.nix (
  9  { pkgs, lib, ... }:
 10  {
 11    name = "containers-bridge";
 12    meta = {
 13      maintainers = with lib.maintainers; [
 14        aristid
 15        aszlig
 16        kampfschlaefer
 17      ];
 18    };
 19
 20    nodes.machine =
 21      { pkgs, ... }:
 22      {
 23        imports = [ ../modules/installer/cd-dvd/channel.nix ];
 24        virtualisation.writableStore = true;
 25
 26        networking.bridges = {
 27          br0 = {
 28            interfaces = [ ];
 29          };
 30        };
 31        networking.interfaces = {
 32          br0 = {
 33            ipv4.addresses = [
 34              {
 35                address = hostIp;
 36                prefixLength = 24;
 37              }
 38            ];
 39            ipv6.addresses = [
 40              {
 41                address = hostIp6;
 42                prefixLength = 7;
 43              }
 44            ];
 45          };
 46        };
 47
 48        containers.webserver = {
 49          autoStart = true;
 50          privateNetwork = true;
 51          hostBridge = "br0";
 52          localAddress = containerIp;
 53          localAddress6 = containerIp6;
 54          config = {
 55            services.httpd.enable = true;
 56            services.httpd.adminAddr = "foo@example.org";
 57            networking.firewall.allowedTCPPorts = [ 80 ];
 58          };
 59        };
 60
 61        containers.web-noip = {
 62          autoStart = true;
 63          privateNetwork = true;
 64          hostBridge = "br0";
 65          config = {
 66            services.httpd.enable = true;
 67            services.httpd.adminAddr = "foo@example.org";
 68            networking.firewall.allowedTCPPorts = [ 80 ];
 69          };
 70        };
 71
 72        virtualisation.additionalPaths = [ pkgs.stdenv ];
 73      };
 74
 75    testScript = ''
 76      machine.wait_for_unit("default.target")
 77      assert "webserver" in machine.succeed("nixos-container list")
 78
 79      with subtest("Start the webserver container"):
 80          assert "up" in machine.succeed("nixos-container status webserver")
 81
 82      with subtest("Bridges exist inside containers"):
 83          machine.succeed(
 84              "nixos-container run webserver -- ip link show eth0",
 85              "nixos-container run web-noip -- ip link show eth0",
 86          )
 87
 88      ip = "${containerIp}".split("/")[0]
 89      machine.succeed(f"ping -n -c 1 {ip}")
 90      machine.succeed(f"curl --fail http://{ip}/ > /dev/null")
 91
 92      ip6 = "${containerIp6}".split("/")[0]
 93      machine.succeed(f"ping -n -c 1 {ip6}")
 94      machine.succeed(f"curl --fail http://[{ip6}]/ > /dev/null")
 95
 96      with subtest(
 97          "nixos-container show-ip works in case of an ipv4 address "
 98          + "with subnetmask in CIDR notation."
 99      ):
100          result = machine.succeed("nixos-container show-ip webserver").rstrip()
101          assert result == ip
102
103      with subtest("Stop the container"):
104          machine.succeed("nixos-container stop webserver")
105          machine.fail(
106              f"curl --fail --connect-timeout 2 http://{ip}/ > /dev/null",
107              f"curl --fail --connect-timeout 2 http://[{ip6}]/ > /dev/null",
108          )
109
110      # Destroying a declarative container should fail.
111      machine.fail("nixos-container destroy webserver")
112    '';
113  }
114)