nixos/tests/ncdns.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / ncdns.nix
at master 2.7 kB view raw
 1{ lib, pkgs, ... }:
 2let
 3  fakeReply = pkgs.writeText "namecoin-reply.json" ''
 4    { "error": null,
 5      "id": 1,
 6      "result": {
 7        "address": "T31q8ucJ4dI1xzhxQ5QispfECld5c7Xw",
 8        "expired": false,
 9        "expires_in": 2248,
10        "height": 438155,
11        "name": "d/test",
12        "txid": "db61c0b2540ba0c1a2c8cc92af703a37002e7566ecea4dbf8727c7191421edfb",
13        "value": "{\"ip\": \"1.2.3.4\", \"email\": \"root@test.bit\",\"info\": \"Fake record\"}",
14        "vout": 0
15      }
16    }
17  '';
18
19  # Disabled because DNSSEC does not currently validate,
20  # see https://github.com/namecoin/ncdns/issues/127
21  dnssec = false;
22
23in
24
25{
26  name = "ncdns";
27  meta = with pkgs.lib.maintainers; {
28    maintainers = [ rnhmjoj ];
29  };
30
31  nodes.server =
32    { ... }:
33    {
34      networking.nameservers = [ "::1" ];
35
36      services.namecoind.rpc = {
37        address = "::1";
38        user = "namecoin";
39        password = "secret";
40        port = 8332;
41      };
42
43      # Fake namecoin RPC server because we can't
44      # run a full node in a test.
45      systemd.services.namecoind = {
46        wantedBy = [ "multi-user.target" ];
47        script = ''
48          while true; do
49            echo -e "HTTP/1.1 200 OK\n\n $(<${fakeReply})\n" \
50              | ${pkgs.netcat}/bin/nc -N -l ::1 8332
51          done
52        '';
53      };
54
55      services.ncdns = {
56        enable = true;
57        dnssec.enable = dnssec;
58        identity.hostname = "example.com";
59        identity.hostmaster = "root@example.com";
60        identity.address = "1.0.0.1";
61      };
62
63      services.pdns-recursor.enable = true;
64      services.pdns-recursor.resolveNamecoin = true;
65
66      environment.systemPackages = [ pkgs.dnsutils ];
67    };
68
69  testScript =
70    (lib.optionalString dnssec ''
71      with subtest("DNSSEC keys have been generated"):
72          server.wait_for_unit("ncdns")
73          server.wait_for_file("/var/lib/ncdns/bit.key")
74          server.wait_for_file("/var/lib/ncdns/bit-zone.key")
75
76      with subtest("DNSKEY bit record is present"):
77          server.wait_for_unit("pdns-recursor")
78          server.wait_for_open_port(53)
79          server.succeed("host -t DNSKEY bit")
80    '')
81    + ''
82      with subtest("can resolve a .bit name"):
83          server.wait_for_unit("namecoind")
84          server.wait_for_unit("ncdns")
85          server.wait_for_open_port(8332)
86          assert "1.2.3.4" in server.succeed("dig @localhost -p 5333 test.bit")
87
88      with subtest("SOA record has identity information"):
89          assert "example.com" in server.succeed("dig SOA @localhost -p 5333 bit")
90
91      with subtest("bit. zone forwarding works"):
92          server.wait_for_unit("pdns-recursor")
93          assert "1.2.3.4" in server.succeed("host test.bit")
94    '';
95}