pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / systemd-nspawn.nix
at master 1.8 kB view raw
1{ pkgs, lib, ... }: 2let 3 gpgKeyring = import ./common/gpg-keyring.nix { inherit pkgs; }; 4 5 nspawnImages = ( 6 pkgs.runCommand "localhost" 7 { 8 buildInputs = [ 9 pkgs.coreutils 10 pkgs.gnupg 11 ]; 12 } 13 '' 14 mkdir -p $out 15 cd $out 16 17 # produce a testimage.raw 18 dd if=/dev/urandom of=$out/testimage.raw bs=$((1024*1024+7)) count=5 19 20 # produce a testimage2.tar.xz, containing the hello store path 21 tar cvJpf testimage2.tar.xz ${pkgs.hello} 22 23 # produce signature(s) 24 sha256sum testimage* > SHA256SUMS 25 export GNUPGHOME="$(mktemp -d)" 26 cp -R ${gpgKeyring}/* $GNUPGHOME 27 gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS 28 '' 29 ); 30in 31{ 32 name = "systemd-nspawn"; 33 34 nodes = { 35 server = 36 { pkgs, ... }: 37 { 38 networking.firewall.allowedTCPPorts = [ 80 ]; 39 services.nginx = { 40 enable = true; 41 virtualHosts."server".root = nspawnImages; 42 }; 43 }; 44 client = 45 { pkgs, ... }: 46 { 47 environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg"; 48 }; 49 }; 50 51 testScript = '' 52 start_all() 53 54 server.wait_for_unit("nginx.service") 55 client.systemctl("start network-online.target") 56 client.wait_for_unit("network-online.target") 57 client.succeed("machinectl pull-raw --verify=signature http://server/testimage.raw") 58 client.succeed( 59 "cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw" 60 ) 61 client.succeed("machinectl pull-tar --verify=signature http://server/testimage2.tar.xz") 62 client.succeed( 63 "cmp /var/lib/machines/testimage2/${pkgs.hello}/bin/hello ${pkgs.hello}/bin/hello" 64 ) 65 ''; 66}