ghostfox/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

push sheeet
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Details
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Details
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Details
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Details
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Details
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
Details

Browse Source
This commit is contained in:
Dark Steveneq
2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/tests/ifstate/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{ runTest }:
{
initrd = runTest ./initrd.nix;
initrd-partial-broken-config = runTest ./initrd-partial-broken-config.nix;
initrd-wireguard = runTest ./initrd-wireguard.nix;
partial-broken-config = runTest ./partial-broken-config.nix;
ping = runTest ./ping.nix;
wireguard = runTest ./wireguard.nix;
}

79
nixos/tests/ifstate/initrd-partial-broken-config.nix Normal file
View File

@@ -0,0 +1,79 @@
let
mkIfStateConfig = id: {
enable = true;
settings.interfaces.eth1 = {
addresses = [ "2001:0db8::${builtins.toString id}/64" ];
link = {
state = "up";
kind = "physical";
};
};
};
in
{
name = "ifstate-initrd-partial-broken-config";
nodes = {
server =
{ lib, ... }:
{
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
# Initrd IfState enforces stage 2 ifstate using assertion.
networking.ifstate = {
enable = true;
settings.interfaces = { };
};
boot.initrd = {
network = {
enable = true;
ifstate = lib.mkMerge [
(mkIfStateConfig 1)
{
allowIfstateToDrasticlyIncreaseInitrdSize = true;
# non-existent interface; ifstate should apply eth1 and do not distrupt the boot process
settings.interfaces.eth2 = {
addresses = [ "2001:0db8:b::dead:beef/64" ];
link = {
state = "up";
kind = "physical";
};
};
}
];
};
systemd = {
enable = true;
network.enable = false;
services.boot-blocker = {
before = [ "initrd.target" ];
wantedBy = [ "initrd.target" ];
script = "sleep infinity";
serviceConfig.Type = "oneshot";
};
};
};
};
client = {
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
networking.ifstate = mkIfStateConfig 2;
};
};
testScript = # python
''
start_all()
client.wait_for_unit("network.target")
# try to ping the server from the client
client.wait_until_succeeds("ping -c 1 2001:0db8::1")
'';
}

121
nixos/tests/ifstate/initrd-wireguard.nix Normal file
View File

@@ -0,0 +1,121 @@
let
mkNodeIfStateConfig =
{
pkgs,
id,
wgPriv,
wgPeerPubKey,
wgPeerId,
}:
{
enable = true;
settings = {
namespaces.outside.interfaces.eth1 = {
addresses = [ "2001:0db8:a::${builtins.toString id}/64" ];
link = {
state = "up";
kind = "physical";
};
};
interfaces = {
wg0 = {
addresses = [ "2001:0db8:b::${builtins.toString id}/64" ];
link = {
state = "up";
kind = "wireguard";
bind_netns = "outside";
};
wireguard = {
private_key = "!include ${pkgs.writeText "wg_priv.key" wgPriv}";
listen_port = 51820;
peers."${wgPeerPubKey}" = {
endpoint = "[2001:0db8:a::${builtins.toString wgPeerId}]:51820";
allowedips = [ "::/0" ];
};
};
};
};
routing.routes = [
{
to = "2001:0db8:b::/64";
dev = "wg0";
}
];
};
};
in
{
name = "ifstate-initrd-wireguard";
nodes = {
foo =
{ pkgs, ... }:
{
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
# Initrd IfState enforces stage 2 ifstate using assertion.
networking.ifstate = {
enable = true;
settings.interfaces = { };
};
boot.initrd = {
network = {
enable = true;
ifstate =
mkNodeIfStateConfig {
inherit pkgs;
id = 1;
wgPriv = "6KmLyTyrN9OZIOCkdpiAwoVoeSiwvyI+mtn1wooKSEU=";
wgPeerPubKey = "olFuE7u5pVwSeWLFtrXSvD8+aCDBiKNKCLjLb/dgXiA=";
wgPeerId = 2;
}
// {
package = pkgs.ifstate.override {
withConfigValidation = false;
};
allowIfstateToDrasticlyIncreaseInitrdSize = true;
};
};
systemd = {
enable = true;
network.enable = false;
services.boot-blocker = {
before = [ "initrd.target" ];
wantedBy = [ "initrd.target" ];
script = "sleep infinity";
serviceConfig.Type = "oneshot";
};
};
};
};
bar =
{ pkgs, ... }:
{
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
networking = {
ifstate = mkNodeIfStateConfig {
inherit pkgs;
id = 2;
wgPriv = "QN89cvFD0C8z1MSpUaJa1YBXt2MaIQegVkEYROi71Fg=";
wgPeerPubKey = "5qeKbAGc7wh9Xg0MoMXqXCSmp9TawmtI1bVk/vp3Cn4=";
wgPeerId = 1;
};
};
};
};
testScript = # python
''
start_all()
bar.wait_for_unit("default.target")
bar.wait_until_succeeds("ping -c 1 2001:0db8:b::1")
'';
}

65
nixos/tests/ifstate/initrd.nix Normal file
View File

@@ -0,0 +1,65 @@
let
mkIfStateConfig = id: {
enable = true;
settings.interfaces.eth1 = {
addresses = [ "2001:0db8::${builtins.toString id}/64" ];
link = {
state = "up";
kind = "physical";
};
};
};
in
{
name = "ifstate-initrd";
nodes = {
server = {
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
# Initrd IfState enforces stage 2 ifstate using assertion.
networking.ifstate = {
enable = true;
settings.interfaces = { };
};
boot.initrd = {
network = {
enable = true;
ifstate = mkIfStateConfig 1 // {
allowIfstateToDrasticlyIncreaseInitrdSize = true;
};
};
systemd = {
enable = true;
network.enable = false;
services.boot-blocker = {
before = [ "initrd.target" ];
wantedBy = [ "initrd.target" ];
script = "sleep infinity";
serviceConfig.Type = "oneshot";
};
};
};
};
client = {
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
networking.ifstate = mkIfStateConfig 2;
};
};
testScript = # python
''
start_all()
client.wait_for_unit("network.target")
# try to ping the server from the client
client.wait_until_succeeds("ping -c 1 2001:0db8::1")
'';
}

39
nixos/tests/ifstate/partial-broken-config.nix Normal file
View File

@@ -0,0 +1,39 @@
{
name = "ifstate-partial-broken-config";
nodes.machine = {
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
networking.ifstate = {
enable = true;
settings.interfaces = {
eth1 = {
addresses = [ "2001:0db8:a::1/64" ];
link = {
state = "up";
kind = "physical";
};
};
# non-existent interface; ifstate should apply eth1 and do not distrupt the boot process
eth2 = {
addresses = [ "2001:0db8:b::1/64" ];
link = {
state = "up";
kind = "physical";
};
};
};
};
};
testScript = # python
''
start_all()
machine.wait_for_unit("default.target")
machine.wait_until_succeeds("ping -c 1 2001:0db8:a::1")
'';
}

38
nixos/tests/ifstate/ping.nix Normal file
View File

@@ -0,0 +1,38 @@
let
mkNode = id: {
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
networking.ifstate = {
enable = true;
settings.interfaces.eth1 = {
addresses = [ "2001:0db8::${builtins.toString id}/64" ];
link = {
state = "up";
kind = "physical";
};
};
};
};
in
{
name = "ifstate-ping";
nodes = {
foo = mkNode 1;
bar = mkNode 2;
};
testScript = # python
''
start_all()
foo.wait_for_unit("default.target")
bar.wait_for_unit("default.target")
foo.wait_until_succeeds("ping -c 1 2001:0db8::2")
bar.wait_until_succeeds("ping -c 1 2001:0db8::1")
'';
}

88
nixos/tests/ifstate/wireguard.nix Normal file
View File

@@ -0,0 +1,88 @@
let
mkNode =
{
id,
wgPriv,
wgPeerPubKey,
wgPeerId,
}:
(
{ pkgs, ... }:
{
imports = [ ../../modules/profiles/minimal.nix ];
virtualisation.interfaces.eth1.vlan = 1;
networking = {
firewall.interfaces.eth1.allowedUDPPorts = [ 51820 ];
ifstate = {
enable = true;
settings = {
namespaces.outside.interfaces.eth1 = {
addresses = [ "2001:0db8:a::${builtins.toString id}/64" ];
link = {
state = "up";
kind = "physical";
};
};
interfaces = {
wg0 = {
addresses = [ "2001:0db8:b::${builtins.toString id}/64" ];
link = {
state = "up";
kind = "wireguard";
bind_netns = "outside";
};
wireguard = {
private_key = "!include ${pkgs.writeText "wg_priv.key" wgPriv}";
listen_port = 51820;
peers."${wgPeerPubKey}" = {
endpoint = "[2001:0db8:a::${builtins.toString wgPeerId}]:51820";
allowedips = [ "::/0" ];
};
};
};
};
routing.routes = [
{
to = "2001:0db8:b::/64";
dev = "wg0";
}
];
};
};
};
}
);
in
{
name = "ifstate-wireguard";
nodes = {
foo = mkNode {
id = 1;
wgPriv = "6KmLyTyrN9OZIOCkdpiAwoVoeSiwvyI+mtn1wooKSEU=";
wgPeerPubKey = "olFuE7u5pVwSeWLFtrXSvD8+aCDBiKNKCLjLb/dgXiA=";
wgPeerId = 2;
};
bar = mkNode {
id = 2;
wgPriv = "QN89cvFD0C8z1MSpUaJa1YBXt2MaIQegVkEYROi71Fg=";
wgPeerPubKey = "5qeKbAGc7wh9Xg0MoMXqXCSmp9TawmtI1bVk/vp3Cn4=";
wgPeerId = 1;
};
};
testScript = # python
''
start_all()
foo.wait_for_unit("default.target")
bar.wait_for_unit("default.target")
foo.wait_until_succeeds("ping -c 1 2001:0db8:b::2")
bar.wait_until_succeeds("ping -c 1 2001:0db8:b::1")
'';
}