nixos/tests/docker.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / docker.nix
at master 1.7 kB view raw
 1# This test runs docker and checks if simple container starts
 2{ pkgs, ... }:
 3{
 4  name = "docker";
 5  meta = with pkgs.lib.maintainers; {
 6    maintainers = [
 7      nequissimus
 8      offline
 9    ];
10  };
11
12  nodes = {
13    docker =
14      { pkgs, ... }:
15      {
16        virtualisation.docker.enable = true;
17        virtualisation.docker.autoPrune.enable = true;
18        virtualisation.docker.package = pkgs.docker;
19
20        users.users = {
21          noprivs = {
22            isNormalUser = true;
23            description = "Can't access the docker daemon";
24            password = "foobar";
25          };
26
27          hasprivs = {
28            isNormalUser = true;
29            description = "Can access the docker daemon";
30            password = "foobar";
31            extraGroups = [ "docker" ];
32          };
33        };
34      };
35  };
36
37  testScript = ''
38    start_all()
39
40    docker.wait_for_unit("sockets.target")
41    docker.succeed("tar cv --files-from /dev/null | docker import - scratchimg")
42    docker.succeed(
43        "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
44    )
45    docker.succeed("docker ps | grep sleeping")
46    docker.succeed("sudo -u hasprivs docker ps")
47    docker.fail("sudo -u noprivs docker ps")
48    docker.succeed("docker stop sleeping")
49
50    # Must match version 4 times to ensure client and server git commits and versions are correct
51    docker.succeed('[ $(docker version | grep ${pkgs.docker.version} | wc -l) = "4" ]')
52    docker.succeed("systemctl restart systemd-sysctl")
53    docker.succeed("grep 1 /proc/sys/net/ipv4/conf/all/forwarding")
54    docker.succeed("grep 1 /proc/sys/net/ipv4/conf/default/forwarding")
55  '';
56}