nixos/tests/containers-ip.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-ip.nix
at master 2.4 kB view raw
 1let
 2  webserverFor = hostAddress: localAddress: {
 3    inherit hostAddress localAddress;
 4    privateNetwork = true;
 5    config = {
 6      services.httpd = {
 7        enable = true;
 8        adminAddr = "foo@example.org";
 9      };
10      networking.firewall.allowedTCPPorts = [ 80 ];
11    };
12  };
13
14in
15{ pkgs, lib, ... }:
16{
17  name = "containers-ipv4-ipv6";
18  meta = {
19    maintainers = with lib.maintainers; [
20      aristid
21      aszlig
22      kampfschlaefer
23    ];
24  };
25
26  nodes.machine =
27    { pkgs, ... }:
28    {
29      virtualisation.writableStore = true;
30
31      containers.webserver4 = webserverFor "10.231.136.1" "10.231.136.2";
32      containers.webserver6 = webserverFor "fc00::2" "fc00::1";
33      virtualisation.additionalPaths = [ pkgs.stdenv ];
34    };
35
36  testScript =
37    { nodes, ... }:
38    ''
39      import time
40
41
42      def curl_host(ip):
43          # put [] around ipv6 addresses for curl
44          host = ip if ":" not in ip else f"[{ip}]"
45          return f"curl --fail --connect-timeout 2 http://{host}/ > /dev/null"
46
47
48      def get_ip(container):
49          # need to distinguish because show-ip won't work for ipv6
50          if container == "webserver4":
51              ip = machine.succeed(f"nixos-container show-ip {container}").rstrip()
52              assert ip == "${nodes.machine.config.containers.webserver4.localAddress}"
53              return ip
54          return "${nodes.machine.config.containers.webserver6.localAddress}"
55
56
57      for container in "webserver4", "webserver6":
58          assert container in machine.succeed("nixos-container list")
59
60          with subtest(f"Start container {container}"):
61              machine.succeed(f"nixos-container start {container}")
62              # wait 2s for container to start and network to be up
63              time.sleep(2)
64
65          # Since "start" returns after the container has reached
66          # multi-user.target, we should now be able to access it.
67
68          ip = get_ip(container)
69          with subtest(f"{container} reacts to pings and HTTP requests"):
70              machine.succeed(f"ping -n -c1 {ip}")
71              machine.succeed(curl_host(ip))
72
73          with subtest(f"Stop container {container}"):
74              machine.succeed(f"nixos-container stop {container}")
75              machine.fail(curl_host(ip))
76
77          # Destroying a declarative container should fail.
78          machine.fail(f"nixos-container destroy {container}")
79    '';
80}