pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / systemd-nspawn.nix
at 25.11-pre 1.9 kB view raw
1import ./make-test-python.nix ( 2 { pkgs, lib, ... }: 3 let 4 gpgKeyring = import ./common/gpg-keyring.nix { inherit pkgs; }; 5 6 nspawnImages = ( 7 pkgs.runCommand "localhost" 8 { 9 buildInputs = [ 10 pkgs.coreutils 11 pkgs.gnupg 12 ]; 13 } 14 '' 15 mkdir -p $out 16 cd $out 17 18 # produce a testimage.raw 19 dd if=/dev/urandom of=$out/testimage.raw bs=$((1024*1024+7)) count=5 20 21 # produce a testimage2.tar.xz, containing the hello store path 22 tar cvJpf testimage2.tar.xz ${pkgs.hello} 23 24 # produce signature(s) 25 sha256sum testimage* > SHA256SUMS 26 export GNUPGHOME="$(mktemp -d)" 27 cp -R ${gpgKeyring}/* $GNUPGHOME 28 gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS 29 '' 30 ); 31 in 32 { 33 name = "systemd-nspawn"; 34 35 nodes = { 36 server = 37 { pkgs, ... }: 38 { 39 networking.firewall.allowedTCPPorts = [ 80 ]; 40 services.nginx = { 41 enable = true; 42 virtualHosts."server".root = nspawnImages; 43 }; 44 }; 45 client = 46 { pkgs, ... }: 47 { 48 environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg"; 49 }; 50 }; 51 52 testScript = '' 53 start_all() 54 55 server.wait_for_unit("nginx.service") 56 client.systemctl("start network-online.target") 57 client.wait_for_unit("network-online.target") 58 client.succeed("machinectl pull-raw --verify=signature http://server/testimage.raw") 59 client.succeed( 60 "cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw" 61 ) 62 client.succeed("machinectl pull-tar --verify=signature http://server/testimage2.tar.xz") 63 client.succeed( 64 "cmp /var/lib/machines/testimage2/${pkgs.hello}/bin/hello ${pkgs.hello}/bin/hello" 65 ) 66 ''; 67 } 68)