pyrox.dev / nixpkgs
lol
fork atom

nixos/tests/netbox-upgrade: don't require NIXPKGS_ALLOW_INSECURE

Before this change, this NetBox test required NIXPKGS_ALLOW_INSECURE=1,
because of its use of the end-of-line NetBox version.
This meant that the GitHub CI failed to evaluate the tests,
and so didn't run them.

Minijackson e152cef1 2d0fdeb0

options
unified split
Changed files
+19 -16
nixos
tests
web-apps
netbox-upgrade.nix
+19 -16
nixos/tests/web-apps/netbox-upgrade.nix 
···

       
1

       
1

       
 

       
import ../make-test-python.nix (


     

       
2

       
2

       
 

       
  { lib, pkgs, ... }:


     

       
3

       
3

       
 

       
  let


     

       
4

       

       
-

       
    oldNetbox = pkgs.netbox_4_1;


     

       
5

       

       
-

       
    newNetbox = pkgs.netbox_4_2;


     

       

       
4

       
+

       
    oldNetbox = "netbox_4_1";


     

       

       
5

       
+

       
    newNetbox = "netbox_4_2";


     

       

       
6

       
+

       



     

       

       
7

       
+

       
    apiVersion =


     

       

       
8

       
+

       
      version:


     

       

       
9

       
+

       
      lib.pipe version [


     

       

       
10

       
+

       
        (lib.splitString ".")


     

       

       
11

       
+

       
        (lib.take 2)


     

       

       
12

       
+

       
        (lib.concatStringsSep ".")


     

       

       
13

       
+

       
      ];


     

       

       
14

       
+

       
    oldApiVersion = apiVersion pkgs."${oldNetbox}".version;


     

       

       
15

       
+

       
    newApiVersion = apiVersion pkgs."${newNetbox}".version;


     

       
6

       
16

       
 

       
  in


     

       
7

       
17

       
 

       
  {


     

       
8

       
18

       
 

       
    name = "netbox-upgrade";


     
···

       
15

       
25

       
 

       
    };


     

       
16

       
26

       
 

       



     

       
17

       
27

       
 

       
    nodes.machine =


     

       
18

       

       
-

       
      { config, ... }:


     

       

       
28

       
+

       
      { config, pkgs, ... }:


     

       
19

       
29

       
 

       
      {


     

       
20

       
30

       
 

       
        virtualisation.memorySize = 2048;


     

       
21

       
31

       
 

       
        services.netbox = {


     

       
22

       
32

       
 

       
          enable = true;


     

       
23

       

       
-

       
          package = oldNetbox;


     

       

       
33

       
+

       
          # Pick the NetBox package from this config's "pkgs" argument,


     

       

       
34

       
+

       
          # so that `nixpkgs.config.permittedInsecurePackages` works


     

       

       
35

       
+

       
          package = pkgs."${oldNetbox}";


     

       
24

       
36

       
 

       
          secretKeyFile = pkgs.writeText "secret" ''


     

       
25

       
37

       
 

       
            abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789


     

       
26

       
38

       
 

       
          '';


     
···

       
42

       
54

       
 

       



     

       
43

       
55

       
 

       
        networking.firewall.allowedTCPPorts = [ 80 ];


     

       
44

       
56

       
 

       



     

       
45

       

       
-

       
        specialisation.upgrade.configuration.services.netbox.package = lib.mkForce newNetbox;


     

       

       
57

       
+

       
        nixpkgs.config.permittedInsecurePackages = [ pkgs."${oldNetbox}".name ];


     

       

       
58

       
+

       



     

       

       
59

       
+

       
        specialisation.upgrade.configuration.services.netbox.package = lib.mkForce pkgs."${newNetbox}";


     

       
46

       
60

       
 

       
      };


     

       
47

       
61

       
 

       



     

       
48

       
62

       
 

       
    testScript =


     

       
49

       
63

       
 

       
      { nodes, ... }:


     

       
50

       

       
-

       
      let


     

       
51

       

       
-

       
        apiVersion =


     

       
52

       

       
-

       
          version:


     

       
53

       

       
-

       
          lib.pipe version [


     

       
54

       

       
-

       
            (lib.splitString ".")


     

       
55

       

       
-

       
            (lib.take 2)


     

       
56

       

       
-

       
            (lib.concatStringsSep ".")


     

       
57

       

       
-

       
          ];


     

       
58

       

       
-

       
        oldApiVersion = apiVersion oldNetbox.version;


     

       
59

       

       
-

       
        newApiVersion = apiVersion newNetbox.version;


     

       
60

       

       
-

       
      in


     

       
61

       
64

       
 

       
      ''


     

       
62

       
65

       
 

       
        start_all()


     

       
63

       
66

       
 

       
        machine.wait_for_unit("netbox.target")