Commit Graph

655 Commits

Author SHA1 Message Date
Joachim Fasting
586d04c588
nixos/tests: expand hardened tests 2017-09-16 13:14:07 +02:00
aszlig
b5fbb4f362
nixos/tests/acme: Use overridePythonAttrs
Quoting from @FRidh:

  Note overridePythonAttrs exists since 17.09. It overrides the call to
  buildPythonPackage.

While it's not strictly necessary to do this, because postPatch ends up
in drvAttrs anyway, it's probably better to use overridePythonAttrs so
we don't run into problems when the underlying implementation of
buildPythonPackage changes.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-14 23:18:52 +02:00
aszlig
01fffd94e5
nixos/tests/acme: Patch certifi with cacert
Since 67651d80bc the requests package now
depends on certifi, which in turn provides the CA root certificates that
we need to replace.

It might also be a good idea to actually patch certifi with our version
of cacert by default so that if we want to override and/or add something
we only need to do it once.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @fpletz, @k0ral, @FRidh
2017-09-13 23:16:43 +02:00
aszlig
bda38317eb
nixos/tests/letsencrypt: Fix nginx options
The enableSSL option has been deprecated in
a912a6a291, so we switch to using onlySSL.

I've also explicitly disabled enableACME, because this is the default
and we don't actually want to have ACME enabled for a host which runs an
actual ACME server.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:40 +02:00
aszlig
11b3ae74e1
nixos/tests: Add a basic test for ACME
The test here is pretty basic and only tests nginx, but it should get us
started to write tests for different webservers and different ACME
implementations.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:37 +02:00
aszlig
b3162a1074
nixos/tests: Add common modules for letsencrypt
These modules implement a way to test ACME based on a test instance of
Letsencrypt's Boulder service. The service implementation is in
letsencrypt.nix and the second module (resolver.nix) is a support-module
for the former, but can also be used for tests not involving ACME.

The second module provides a DNS server which hosts a root zone
containing all the zones and /etc/hosts entries (except loopback) in the
entire test network, so this can be very useful for other modules that
need DNS resolution.

Originally, I wrote these modules for the Headcounter deployment, but
I've refactored them a bit to be generally useful to NixOS users. The
original implementation can be found here:

https://github.com/headcounter/deployment/tree/89e7feafb/modules/testing

Quoting parts from the commit message of the initial implementation of
the Letsencrypt module in headcounter/deployment@95dfb31110:

    This module is going to be used for tests where we need to
    impersonate an ACME service such as the one from Letsencrypt within
    VM tests, which is the reason why this module is a bit ugly (I only
    care if it's working not if it's beautiful).

    While the module isn't used anywhere, it will serve as a pluggable
    module for testing whether ACME works properly to fetch certificates
    and also as a replacement for our snakeoil certificate generator.

Also quoting parts of the commit where I have refactored the same module
in headcounter/deployment@85fa481b34:

    Now we have a fully pluggable module which automatically discovers
    in which network it's used via the nodes attribute.

    The test environment of Boulder used "dns-test-srv", which is a fake
    DNS server that's resolving almost everything to 127.0.0.1. On our
    setup this is not useful, so instead we're now running a local BIND
    name server which has a fake root zone and uses the mentioned node
    attribute to automatically discover other zones in the network of
    machines and generate delegations from the root zone to the
    respective zones with the primaryIPAddress of the node.

    ...

    We want to use real letsencrypt.org FQDNs here, so we can't get away
    with the snakeoil test certificates from the upstream project but
    now roll our own.

    This not only has the benefit that we can easily pass the snakeoil
    certificate to other nodes, but we can (and do) also use it for an
    nginx proxy that's now serving HTTPS for the Boulder web front end.

The Headcounter deployment tests are simulating a production scenario
with real IPs and nameservers so it won't need to rely on
networking.extraHost. However in this implementation we don't
necessarily want to do that, so I've added auto-discovery of
networking.extraHosts in the resolver module.

Another change here is that the letsencrypt module now falls back to
using a local resolver, the Headcounter implementation on the other hand
always required to add an extra test node which serves as a resolver.

I could have squashed both modules into the final ACME test, but that
would make it not very reusable, so that's the main reason why I put
these modules in tests/common.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:33 +02:00
Tim Steinbach
84e34d4d5d
tests: xmonad less dependent on timings 2017-09-09 10:07:34 -04:00
Tim Steinbach
024b501907
tests: Fix hibernate 2017-09-06 22:01:48 -04:00
Tim Steinbach
7faad2dce8 Merge pull request #29040 from NeQuissimus/tests_sys
More basic system tests
2017-09-06 15:04:10 -04:00
Tim Steinbach
a54b2e3ba2 Merge pull request #29002 from NeQuissimus/docker_edge_module_test
docker: Package in module, tests
2017-09-06 15:03:56 -04:00
Tim Steinbach
0857e4c84d Merge pull request #28989 from NeQuissimus/tests_xmonad
Add XMonad test
2017-09-06 15:03:41 -04:00
Tim Steinbach
b4ccef2163
tests: Add environment 2017-09-05 19:05:37 -04:00
Tim Steinbach
3e2975e892
tests: Add kernelParams 2017-09-05 19:04:43 -04:00
Tim Steinbach
04b0f3255f
tests: Add sysctl 2017-09-05 19:03:54 -04:00
Franz Pletz
1bed4773f5
postgresql92: remove last references 2017-09-05 18:20:56 +02:00
Jörg Thalheim
3558ed8bfd Merge pull request #28988 from NeQuissimus/tests_kernel_basic
Add basic kernel tests
2017-09-05 16:38:50 +01:00
Tim Steinbach
656ec9de0e
Add basic kernel tests 2017-09-05 10:38:07 -04:00
Tim Steinbach
380ed98bd7
docker: Add test for docker-edge, check for proper versions in tests 2017-09-04 19:02:44 -04:00
Michele Catalano
4ea1d49643 nexus: Add module for nexus.
Add also myself as maintainer
Add simple test of the nexus service
2017-09-04 22:32:02 +02:00
Tim Steinbach
e153fa84a5
Add XMonad test 2017-09-04 14:03:20 -04:00
Philipp Steinpass
d784b83005 nixos/hydra postgresql: Fix #27314 and add test case 2017-09-02 23:07:42 +02:00
Jan Tojnar
3b9f0c6a46
gnome3 tests: fix by providing more memory
/cc #28053.
2017-09-01 07:51:05 +02:00
Vladimír Čunát
6b95cf646c
Merge: fixups to staging merge
None are large rebuilds; most are on staging already.
2017-08-30 21:17:17 +02:00
Franz Pletz
e3a8f58a21 Merge pull request #28746 from mguentner/ipfstest
tests: fix ipfs test, test actual networking functionality
2017-08-30 18:50:40 +02:00
Maximilian Güntner
a1302eab3a
tests: fix ipfs test, test actual networking functionality 2017-08-30 15:28:50 +02:00
Franz Pletz
7d1d019650 Merge pull request #27826 from Infinisil/radicale
radicale: update to version 2
2017-08-30 02:17:34 +02:00
Franz Pletz
3e18f32f68 Merge pull request #28465 from danbst/reloadable-containers
Reloadable containers
2017-08-30 02:01:46 +02:00
Vladimír Čunát
dc93744273
rogue: omit from the installation media
At least for now.  It would increase the ISO size by ~10 MB,
after the fixup in the parent commit.
2017-08-29 16:15:15 +02:00
Tuomas Tynkkynen
b471e125c2 nixos/tests/installer: Add stdenvNoCC to extraDependencies
The installer tests are failing after 505e94256e
due to `nixos-rebuild switch` in the installed system trying to build
stdenvNoCC.

Seems that previously, stdenvNoCC wasn't in the installed
system either, but all the direct dependencies for the build were
(I don't really understand why, for that matter), so the building
actually went fine and everything worked.

But now gcc is also a direct build dependency due to allowedRequisites
containing gcc (even though it doesn't become a runtime dependency)
which doesn't get to the installed system.

All in all, let's ensure stdenvNoCC actually gets to the installed
system. It's after all necessary in almost any NixOS config build.
2017-08-24 02:07:56 +03:00
danbst
63f8122cd9 nixos tests: add test for declarative containers, that container config changes
are applied on `nixos-rebuild switch` invocations.
2017-08-23 12:43:07 +03:00
Tuomas Tynkkynen
0488cb1802 tests/installer: Rename simpleUefiGummiboot -> simpleUefiSystemdBoot
It hasn't been called Gummiboot for ages.
2017-08-19 08:46:48 +02:00
Silvan Mosberger
e16a0988bc
radicale: 1.1.4 -> 2.1.2
This commit readds and updates the 1.x package from 1.1.4 to 1.1.6 which
also includes the needed command for migrating to 2.x

The module is adjusted to the version change, defaulting to radicale2 if
stateVersion >= 17.09 and radicale1 otherwise. It also now uses
ExecStart instead of the script service attribute. Some missing dots at
the end of sentences were also added.

I added a paragraph in the release notes on how to update to a newer
version.
2017-08-13 17:23:43 +02:00
Franz Pletz
59fa868b01
tests.plasma5: fix hash 2017-08-12 00:55:32 +02:00
Robin Gloster
350a6c3726
tests.plasma5: fix eval 2017-08-11 21:53:17 +02:00
Franz Pletz
9f7f85a3cd
nixos/tests/nginx: fix name 2017-08-11 17:37:14 +02:00
Robin Gloster
b18b70c74d
nixos.tests.nat: fix 2017-08-04 17:52:42 +02:00
Markus Mueller
1793c96be2
tests/nat: Use switch-to-configuration in test case 2017-08-03 21:16:14 +02:00
Linus Heckemann
a0d464033c nixos/timezone: support imperative timezone configuration (#26608)
Fixes #26469.
2017-07-31 15:55:24 +01:00
Frederik Rietdijk
29f91c107f Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-23 11:23:43 +02:00
Thomas Tuegel
4b14212914
nixos/tests/keymap: use SLIM theme from nixos/tests/slim 2017-07-22 17:43:28 -05:00
Franz Pletz
226964861f Merge pull request #27405 from rvl/postgresql-xml
postgresql: fix nixos tests and add xml support
2017-07-20 20:31:38 +02:00
Rodney Lorrimar
0b027720af nixos tests: run postgresql tests with postgres user 2017-07-19 22:13:02 +01:00
aszlig
b618843860
nixos/taskserver: Fix manual PKI management
The helper tool had a very early check whether the automatically created
CA key/cert are available and thus it would abort if the key was
unavailable even though we don't need or even want to have the CA key.

Unfortunately our NixOS test didn't catch this, because it was just
switching from a configuration with an automatically created CA to a
manual configuration without deleting the generated keys and certs.

This is done now in the tests and it's also fixed in the helper tool.

Reported-by: @jpotier
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-16 20:38:15 +02:00
Christian Kögler
e8a8f1233a snapper: add nixos module
fixes #27154
2017-07-16 10:06:42 +01:00
Rodney Lorrimar
502a272ee7 postgresql: enable XML functions
I suspect these functions aren't widely used, but they are enabled in
PostgreSQL on Ubuntu and Arch.
2017-07-15 14:58:17 +01:00
Rodney Lorrimar
39ef4d2fe9 nixos tests: fix postgresql tests
1. Needs to call makeTest or else nothing happens when you run
   `nix-build nixos/tests/postgresql.nix`.

2. Tests run as root, so there needs to be a corresponding user in
   PostgreSQL.
2017-07-15 14:54:42 +01:00
Vladimír Čunát
0be14a588f
nixos tests.misc: unblock a man-page test
I'm not sure what's wrong, but the pages look OK.  Discussion:
https://github.com/NixOS/nixpkgs/pull/27061#issuecomment-314330032
2017-07-11 08:55:55 +02:00
Pascal Bach
0fb8456b13 minio service: add additional config options
Set access and secret key and disable browser.
Tests extended to do real operations against minio.
2017-07-09 15:19:50 +02:00
Tim Steinbach
fbbf926ce9
ammonite: add test 2017-07-04 21:36:30 -04:00
Graham Christensen
b0a4c2c33f
nixos: installer.nix test: test ZFS install use case 2017-06-28 19:45:20 -04:00