2021-10-18 00:38:58 +02:00
|
|
|
{ pkgs, ... }:
|
|
|
|
let
|
|
|
|
inherit (pkgs) lib;
|
|
|
|
|
|
|
|
tests = {
|
|
|
|
# TODO: uncomment stable
|
|
|
|
# - Blocked on https://github.com/NixOS/nixpkgs/issues/138584 which has a
|
|
|
|
# PR in staging: https://github.com/NixOS/nixpkgs/pull/139986
|
|
|
|
# - Alternatively, blocked on a NixOps 2 release
|
|
|
|
# https://github.com/NixOS/nixops/issues/1242
|
|
|
|
# stable = testsLegacyNetwork { nixopsPkg = pkgs.nixops; };
|
|
|
|
unstable = testsForPackage { nixopsPkg = pkgs.nixopsUnstable; };
|
|
|
|
|
|
|
|
# inherit testsForPackage;
|
|
|
|
};
|
|
|
|
|
|
|
|
testsForPackage = lib.makeOverridable (args: lib.recurseIntoAttrs {
|
|
|
|
legacyNetwork = testLegacyNetwork args;
|
|
|
|
});
|
|
|
|
|
|
|
|
testLegacyNetwork = { nixopsPkg }: pkgs.nixosTest ({
|
|
|
|
nodes = {
|
|
|
|
deployer = { config, lib, nodes, pkgs, ... }: {
|
|
|
|
imports = [ ../../modules/installer/cd-dvd/channel.nix ];
|
|
|
|
environment.systemPackages = [ nixopsPkg ];
|
2021-11-19 23:36:26 +01:00
|
|
|
nix.settings.substituters = lib.mkForce [ ];
|
2021-10-18 00:38:58 +02:00
|
|
|
users.users.person.isNormalUser = true;
|
|
|
|
virtualisation.writableStore = true;
|
2021-10-31 13:36:04 +01:00
|
|
|
virtualisation.additionalPaths = [
|
2021-10-18 00:38:58 +02:00
|
|
|
pkgs.hello
|
|
|
|
pkgs.figlet
|
|
|
|
|
|
|
|
# This includes build dependencies all the way down. Not efficient,
|
|
|
|
# but we do need build deps to an *arbitrary* depth, which is hard to
|
|
|
|
# determine.
|
|
|
|
(allDrvOutputs nodes.server.config.system.build.toplevel)
|
|
|
|
];
|
|
|
|
};
|
|
|
|
server = { lib, ... }: {
|
|
|
|
imports = [ ./legacy/base-configuration.nix ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
testScript = { nodes }:
|
|
|
|
let
|
|
|
|
deployerSetup = pkgs.writeScript "deployerSetup" ''
|
|
|
|
#!${pkgs.runtimeShell}
|
|
|
|
set -eux -o pipefail
|
|
|
|
cp --no-preserve=mode -r ${./legacy} unicorn
|
|
|
|
cp --no-preserve=mode ${../ssh-keys.nix} unicorn/ssh-keys.nix
|
|
|
|
mkdir -p ~/.ssh
|
|
|
|
cp ${snakeOilPrivateKey} ~/.ssh/id_ed25519
|
|
|
|
chmod 0400 ~/.ssh/id_ed25519
|
|
|
|
'';
|
|
|
|
serverNetworkJSON = pkgs.writeText "server-network.json"
|
|
|
|
(builtins.toJSON nodes.server.config.system.build.networkConfig);
|
|
|
|
in
|
|
|
|
''
|
|
|
|
import shlex
|
|
|
|
|
|
|
|
def deployer_do(cmd):
|
|
|
|
cmd = shlex.quote(cmd)
|
|
|
|
return deployer.succeed(f"su person -l -c {cmd} &>/dev/console")
|
|
|
|
|
|
|
|
start_all()
|
|
|
|
|
|
|
|
deployer_do("cat /etc/hosts")
|
|
|
|
|
|
|
|
deployer_do("${deployerSetup}")
|
|
|
|
deployer_do("cp ${serverNetworkJSON} unicorn/server-network.json")
|
|
|
|
|
|
|
|
# Establish that ssh works, regardless of nixops
|
|
|
|
# Easy way to accept the server host key too.
|
|
|
|
server.wait_for_open_port(22)
|
|
|
|
deployer.wait_for_unit("network.target")
|
|
|
|
|
|
|
|
# Put newlines on console, to flush the console reader's line buffer
|
|
|
|
# in case nixops' last output did not end in a newline, as is the case
|
|
|
|
# with a status line (if implemented?)
|
2021-11-05 01:43:22 +01:00
|
|
|
deployer.succeed("while sleep 60s; do echo [60s passed]; done >&2 &")
|
2021-10-18 00:38:58 +02:00
|
|
|
|
|
|
|
deployer_do("cd ~/unicorn; ssh -oStrictHostKeyChecking=accept-new root@server echo hi")
|
|
|
|
|
|
|
|
# Create and deploy
|
|
|
|
deployer_do("cd ~/unicorn; nixops create")
|
|
|
|
|
|
|
|
deployer_do("cd ~/unicorn; nixops deploy --confirm")
|
|
|
|
|
|
|
|
deployer_do("cd ~/unicorn; nixops ssh server 'hello | figlet'")
|
|
|
|
'';
|
|
|
|
});
|
|
|
|
|
|
|
|
inherit (import ../ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
|
|
|
|
|
|
|
|
/*
|
|
|
|
Return a store path with a closure containing everything including
|
|
|
|
derivations and all build dependency outputs, all the way down.
|
|
|
|
*/
|
|
|
|
allDrvOutputs = pkg:
|
|
|
|
let name = lib.strings.sanitizeDerivationName "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}";
|
|
|
|
in
|
|
|
|
pkgs.runCommand name { refs = pkgs.writeReferencesToFile pkg.drvPath; } ''
|
|
|
|
touch $out
|
|
|
|
while read ref; do
|
|
|
|
case $ref in
|
|
|
|
*.drv)
|
|
|
|
cat $ref >>$out
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done <$refs
|
|
|
|
'';
|
|
|
|
|
|
|
|
in
|
|
|
|
tests
|