push sheeet

2025-10-09 14:15:47 +02:00
commit 646b892680
49168 changed files with 5897842 additions and 0 deletions
--- a/nixos/tests/nixops/default.nix
+++ b/nixos/tests/nixops/default.nix
@@ -0,0 +1,113 @@
+{ pkgs, ... }:
+let
+  inherit (pkgs) lib;
+
+  tests = {
+    # TODO: uncomment stable
+    #  - Blocked on https://github.com/NixOS/nixpkgs/issues/138584 which has a
+    #    PR in staging: https://github.com/NixOS/nixpkgs/pull/139986
+    #  - Alternatively, blocked on a NixOps 2 release
+    #    https://github.com/NixOS/nixops/issues/1242
+    # stable = testsLegacyNetwork { nixopsPkg = pkgs.nixops; };
+    unstable = testsForPackage { nixopsPkg = pkgs.nixops_unstable_minimal; };
+
+    # inherit testsForPackage;
+  };
+
+  testsForPackage =
+    args:
+    lib.recurseIntoAttrs {
+      legacyNetwork = testLegacyNetwork args;
+      passthru.override = args': testsForPackage (args // args');
+    };
+
+  testLegacyNetwork =
+    { nixopsPkg, ... }:
+    pkgs.testers.nixosTest {
+      name = "nixops-legacy-network";
+      nodes = {
+        deployer =
+          {
+            config,
+            lib,
+            nodes,
+            pkgs,
+            ...
+          }:
+          {
+            imports = [ ../../modules/installer/cd-dvd/channel.nix ];
+            environment.systemPackages = [ nixopsPkg ];
+            nix.settings.substituters = lib.mkForce [ ];
+            users.users.person.isNormalUser = true;
+            virtualisation.writableStore = true;
+            virtualisation.additionalPaths = [
+              pkgs.hello
+              pkgs.figlet
+            ];
+            virtualisation.memorySize = 2048;
+
+            # TODO: make this efficient, https://github.com/NixOS/nixpkgs/issues/180529
+            system.includeBuildDependencies = true;
+          };
+        server =
+          { lib, ... }:
+          {
+            imports = [ ./legacy/base-configuration.nix ];
+          };
+      };
+
+      testScript =
+        { nodes }:
+        let
+          deployerSetup = pkgs.writeScript "deployerSetup" ''
+            #!${pkgs.runtimeShell}
+            set -eux -o pipefail
+            cp --no-preserve=mode -r ${./legacy} unicorn
+            cp --no-preserve=mode ${../ssh-keys.nix} unicorn/ssh-keys.nix
+            mkdir -p ~/.ssh
+            cp ${snakeOilPrivateKey} ~/.ssh/id_ed25519
+            chmod 0400 ~/.ssh/id_ed25519
+          '';
+          serverNetworkJSON = pkgs.writeText "server-network.json" (
+            builtins.toJSON nodes.server.system.build.networkConfig
+          );
+        in
+        ''
+          import shlex
+
+          def deployer_do(cmd):
+              cmd = shlex.quote(cmd)
+              return deployer.succeed(f"su person -l -c {cmd} &>/dev/console")
+
+          start_all()
+
+          deployer_do("cat /etc/hosts")
+
+          deployer_do("${deployerSetup}")
+          deployer_do("cp ${serverNetworkJSON} unicorn/server-network.json")
+
+          # Establish that ssh works, regardless of nixops
+          # Easy way to accept the server host key too.
+          server.wait_for_open_port(22)
+          deployer.wait_for_unit("network.target")
+
+          # Put newlines on console, to flush the console reader's line buffer
+          # in case nixops' last output did not end in a newline, as is the case
+          # with a status line (if implemented?)
+          deployer.succeed("while sleep 60s; do echo [60s passed]; done >&2 &")
+
+          deployer_do("cd ~/unicorn; ssh -oStrictHostKeyChecking=accept-new root@server echo hi")
+
+          # Create and deploy
+          deployer_do("cd ~/unicorn; nixops create")
+
+          deployer_do("cd ~/unicorn; nixops deploy --confirm")
+
+          deployer_do("cd ~/unicorn; nixops ssh server 'hello | figlet'")
+        '';
+    };
+
+  inherit (import ../ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
+
+in
+tests
--- a/nixos/tests/nixops/legacy/base-configuration.nix
+++ b/nixos/tests/nixops/legacy/base-configuration.nix
@@ -0,0 +1,44 @@
+{
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}:
+let
+  ssh-keys =
+    if builtins.pathExists ../../ssh-keys.nix then # Outside sandbox
+      ../../ssh-keys.nix
+    # In sandbox
+    else
+      ./ssh-keys.nix;
+
+  inherit (import ssh-keys pkgs)
+    snakeOilPrivateKey
+    snakeOilPublicKey
+    ;
+in
+{
+  imports = [
+    (modulesPath + "/virtualisation/qemu-vm.nix")
+    (modulesPath + "/testing/test-instrumentation.nix")
+  ];
+  virtualisation.writableStore = true;
+  nix.settings.substituters = lib.mkForce [ ];
+  virtualisation.graphics = false;
+  documentation.enable = false;
+  services.qemuGuest.enable = true;
+  boot.loader.grub.enable = false;
+
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keys = [
+    snakeOilPublicKey
+  ];
+  security.pam.services.sshd.limits = [
+    {
+      domain = "*";
+      item = "memlock";
+      type = "-";
+      value = 1024;
+    }
+  ];
+}
--- a/nixos/tests/nixops/legacy/nixops.nix
+++ b/nixos/tests/nixops/legacy/nixops.nix
@@ -0,0 +1,20 @@
+{
+  network = {
+    description = "Legacy Network using <nixpkgs> and legacy state.";
+    # NB this is not really what makes it a legacy network; lack of flakes is.
+    storage.legacy = { };
+  };
+  server =
+    { lib, pkgs, ... }:
+    {
+      deployment.targetEnv = "none";
+      imports = [
+        ./base-configuration.nix
+        (lib.modules.importJSON ./server-network.json)
+      ];
+      environment.systemPackages = [
+        pkgs.hello
+        pkgs.figlet
+      ];
+    };
+}