nixos/tests/ncdns.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / ncdns.nix
at 25.11-pre 2.9 kB view raw
 1import ./make-test-python.nix (
 2  { lib, pkgs, ... }:
 3  let
 4    fakeReply = pkgs.writeText "namecoin-reply.json" ''
 5      { "error": null,
 6        "id": 1,
 7        "result": {
 8          "address": "T31q8ucJ4dI1xzhxQ5QispfECld5c7Xw",
 9          "expired": false,
10          "expires_in": 2248,
11          "height": 438155,
12          "name": "d/test",
13          "txid": "db61c0b2540ba0c1a2c8cc92af703a37002e7566ecea4dbf8727c7191421edfb",
14          "value": "{\"ip\": \"1.2.3.4\", \"email\": \"root@test.bit\",\"info\": \"Fake record\"}",
15          "vout": 0
16        }
17      }
18    '';
19
20    # Disabled because DNSSEC does not currently validate,
21    # see https://github.com/namecoin/ncdns/issues/127
22    dnssec = false;
23
24  in
25
26  {
27    name = "ncdns";
28    meta = with pkgs.lib.maintainers; {
29      maintainers = [ rnhmjoj ];
30    };
31
32    nodes.server =
33      { ... }:
34      {
35        networking.nameservers = [ "::1" ];
36
37        services.namecoind.rpc = {
38          address = "::1";
39          user = "namecoin";
40          password = "secret";
41          port = 8332;
42        };
43
44        # Fake namecoin RPC server because we can't
45        # run a full node in a test.
46        systemd.services.namecoind = {
47          wantedBy = [ "multi-user.target" ];
48          script = ''
49            while true; do
50              echo -e "HTTP/1.1 200 OK\n\n $(<${fakeReply})\n" \
51                | ${pkgs.netcat}/bin/nc -N -l ::1 8332
52            done
53          '';
54        };
55
56        services.ncdns = {
57          enable = true;
58          dnssec.enable = dnssec;
59          identity.hostname = "example.com";
60          identity.hostmaster = "root@example.com";
61          identity.address = "1.0.0.1";
62        };
63
64        services.pdns-recursor.enable = true;
65        services.pdns-recursor.resolveNamecoin = true;
66
67        environment.systemPackages = [ pkgs.dnsutils ];
68      };
69
70    testScript =
71      (lib.optionalString dnssec ''
72        with subtest("DNSSEC keys have been generated"):
73            server.wait_for_unit("ncdns")
74            server.wait_for_file("/var/lib/ncdns/bit.key")
75            server.wait_for_file("/var/lib/ncdns/bit-zone.key")
76
77        with subtest("DNSKEY bit record is present"):
78            server.wait_for_unit("pdns-recursor")
79            server.wait_for_open_port(53)
80            server.succeed("host -t DNSKEY bit")
81      '')
82      + ''
83        with subtest("can resolve a .bit name"):
84            server.wait_for_unit("namecoind")
85            server.wait_for_unit("ncdns")
86            server.wait_for_open_port(8332)
87            assert "1.2.3.4" in server.succeed("dig @localhost -p 5333 test.bit")
88
89        with subtest("SOA record has identity information"):
90            assert "example.com" in server.succeed("dig SOA @localhost -p 5333 bit")
91
92        with subtest("bit. zone forwarding works"):
93            server.wait_for_unit("pdns-recursor")
94            assert "1.2.3.4" in server.succeed("host test.bit")
95      '';
96  }
97)