nixos/tests/oxidized.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / oxidized.nix
at master 3.2 kB view raw
  1{
  2  system ? builtins.currentSystem,
  3  pkgs ? import ../.. {
  4    inherit system;
  5    config = { };
  6  },
  7}:
  8
  9let
 10  inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest;
 11in
 12makeTest {
 13  name = "oxidized";
 14
 15  nodes.server =
 16    { config, pkgs, ... }:
 17    {
 18      security.pam.services.sshd.allowNullPassword = true; # the default `UsePam yes` makes this necessary
 19      services = {
 20        sshd.enable = true;
 21        openssh = {
 22          settings.PermitRootLogin = "yes";
 23          settings.PermitEmptyPasswords = "yes";
 24        };
 25        oxidized = {
 26          enable = true;
 27          package = pkgs.oxidized;
 28          routerDB = pkgs.writeText "oxidized-router.db" ''
 29            localhost:linuxgeneric:root
 30          '';
 31          configFile = pkgs.writeText "oxidized-config.yml" ''
 32            # vi: ft=yaml
 33            ---
 34            extensions:
 35              oxidized-web:
 36                load: true
 37                listen: 127.0.0.1
 38                port: 8888
 39                vhosts:
 40                  - localhost
 41                  - 127.0.0.1
 42                  - oxidized
 43                  - oxidized.example.com
 44            interval: 3600
 45            retries: 3
 46            model: linuxgeneric
 47            username: root
 48            source:
 49              default: csv
 50              csv:
 51                file: "/var/lib/oxidized/.config/oxidized/router.db"
 52                delimiter: !ruby/regexp /:/
 53                map:
 54                  name: 0
 55                  model: 1
 56                  username: 2
 57                  password: 3
 58                vars_map:
 59                  enable: 4
 60            input:
 61              default: ssh
 62              utf8_encoded: true
 63            output:
 64              default: git
 65              git:
 66                single_repo:  true
 67                user: oxidized
 68                email: oxidized@example.com
 69                repo: /var/lib/oxidized/git
 70          '';
 71        };
 72      };
 73      systemd.services.oxidized = {
 74        stopIfChanged = false;
 75        environment.HOME = "/var/lib/oxidized";
 76        environment.APP_ENV = "production";
 77        serviceConfig = {
 78          StateDirectory = "oxidized";
 79          MemoryDenyWriteExecute = false;
 80
 81          PrivateNetwork = false;
 82          SystemCallFilter = "@system-service";
 83        };
 84
 85        path = [ config.programs.ssh.package ];
 86      };
 87
 88    };
 89
 90  testScript =
 91    { nodes, ... }:
 92    ''
 93      start_all()
 94
 95      server.wait_for_unit("oxidized.service")
 96
 97      with subtest("Check if oxidized reports the correct version"):
 98        server.wait_until_succeeds(("curl --silent --fail --location http://127.0.0.1:8888/ | grep '${nodes.server.services.oxidized.package.version}' >&2"))
 99      with subtest("Check if oxidized can be accessed with a vhost and reports the correct version"):
100        server.wait_until_succeeds(("curl --silent --fail --resolve oxidized:8888:127.0.0.1 --location http://oxidized:8888/ | grep '${nodes.server.services.oxidized.package.version}' >&2"))
101      with subtest("Check if oxidized can connect to linuxgeneric model"):
102        server.wait_until_succeeds("journalctl -b --grep 'Oxidized::Worker -- Configuration updated for /localhost' -t oxidized")
103    '';
104}