nixinate/tests/vmTest/default.nix

{ pkgs
, makeTest
, inputs
,
}:
let
  inherit (pkgs) lib;
  # Return a store path with a closure containing everything including
  # derivations and all build dependency outputs, all the way down.
  allDrvOutputs = pkg:
    let
      name = "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}";
    in
    pkgs.runCommand name { refs = pkgs.writeReferencesToFile pkg.drvPath; } ''
      touch $out
      while read ref; do
        case $ref in
          *.drv)
            cat $ref >>$out
            ;;
        esac
      done <$refs
    '';
  # Imports a flake with inputs passed in by hand, rather than
  # builtins.getFlake, which cannot be used in this way.
  callLocklessFlake = path: inputs:
    let
      r =
        { outPath = path; }
        // ((import (path + "/flake.nix")).outputs (inputs // { self = r; }));
    in
    r;
  mkNixinateTest =
    { buildOn
    , hermetic ? false
    , ...
    }:
    let
      exampleFlake = pkgs.writeTextFile {
        name = "nixinate-example-flake";
        destination = "/flake.nix";
        text = ''
          {
            outputs = { self, nixpkgs }:
              let
                makeTest = (import (nixpkgs + "/nixos/lib/testing-python.nix") { system = "${pkgs.hostPlatform.system}"; }).makeTest;
                baseConfig = ((makeTest { nodes.baseConfig = { ... }: {}; testScript = "";}).nodes).baseConfig.extendModules {
                  modules = [
                    ${builtins.readFile ./nixinateeBase.nix}
                    ${builtins.readFile ./nixinateeAdditional.nix}
                    {
                      _module.args.nixinate = {
                        host = "nixinatee";
                        sshUser = "nixinator";
                        buildOn = "${buildOn}"; # valid args are "local" or "remote"
                        hermetic = ${lib.boolToString hermetic}; # valid args are true or false
                      };
                    }
                  ];
                };
              in
              {
                nixosConfigurations = {
                  nixinatee = baseConfig;
                };
              };
          }
        '';
      };
      deployScript = inputs.self.nixinate.${pkgs.hostPlatform.system} (callLocklessFlake "${exampleFlake}" { nixpkgs = inputs.nixpkgs; });
      exampleSystem = (callLocklessFlake "${exampleFlake}" { nixpkgs = inputs.nixpkgs; }).nixosConfigurations.nixinatee.config.system.build.toplevel;
    in
    makeTest {
      nodes = {
        nixinatee = { ... }: {
          imports = [
            ./nixinateeBase.nix
            (import ./common.nix { inherit inputs; })
          ];
          virtualisation = {
            writableStore = true;
            additionalPaths =
              [ ]
              ++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem)
              ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild.drvPath)
              ++ lib.optional (hermetic == true) (pkgs.flock.drvPath);
          };
        };
        nixinator = { ... }: {
          imports = [
            (import ./common.nix { inherit inputs; })
          ];
          virtualisation = {
            additionalPaths =
              [
                (allDrvOutputs exampleSystem)
              ]
              ++ lib.optional (buildOn == "remote") exampleFlake
              ++ lib.optional (hermetic == true) pkgs.flock.drvPath;
          };
        };
      };
      testScript = ''
        start_all()
        nixinatee.wait_for_unit("sshd.service")
        nixinator.wait_for_unit("multi-user.target")
        nixinator.succeed("mkdir ~/.ssh/")
        nixinator.succeed("ssh-keyscan -H nixinatee >> ~/.ssh/known_hosts")
        nixinator.succeed("exec ${deployScript.nixinate.nixinatee.program} >&2")
        nixinatee.wait_for_unit("nginx.service")
        nixinatee.wait_for_open_port("80")
        with subtest("Check that Nginx webserver can be reached by deployer after deployment"):
            assert "<title>Welcome to nginx!</title>" in nixinator.succeed(
                "curl -sSf http:/nixinatee/ | grep title"
            )
        with subtest("Check that Nginx webserver can be reached by deployee after deployment"):
            assert "<title>Welcome to nginx!</title>" in nixinatee.succeed(
                "curl -sSf http:/127.0.0.1/ | grep title"
            )
      '';
    };
in
{
  local = mkNixinateTest { buildOn = "local"; };
  remote = mkNixinateTest { buildOn = "remote"; };
  localHermetic = mkNixinateTest {
    buildOn = "local";
    hermetic = true;
  };
  remoteHermetic = mkNixinateTest {
    buildOn = "remote";
    hermetic = true;
  };
}
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`{ pkgs`
			`, makeTest`
			`, inputs`
			`,`
			`}:`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`let`
Add support for hermetic remote builds A hermetic remote rebuild is when Nixinate sends a specific Nix binary to the remote first, then uses it when activating a system closure, rather than using the Nix that is already on the remote. This is defaulted to false for the time being, as the bandwidth usage can be high. This allows users to avoid the need to bootstrap the remote first by enabling flakes on the remote Nix binary. 2022-05-23 18:57:50 +01:00			`inherit (pkgs) lib;`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`# Return a store path with a closure containing everything including`
			`# derivations and all build dependency outputs, all the way down.`
			`allDrvOutputs = pkg:`
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`let`
			`name = "allDrvOutputs-${pkg.pname or pkg.name or "unknown"}";`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`in`
			`pkgs.runCommand name { refs = pkgs.writeReferencesToFile pkg.drvPath; } ''`
			`touch $out`
			`while read ref; do`
			`case $ref in`
			`*.drv)`
			`cat $ref >>$out`
			`;;`
			`esac`
			`done <$refs`
			`'';`
			`# Imports a flake with inputs passed in by hand, rather than`
			`# builtins.getFlake, which cannot be used in this way.`
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`callLocklessFlake = path: inputs:`
			`let`
			`r =`
			`{ outPath = path; }`
			`// ((import (path + "/flake.nix")).outputs (inputs // { self = r; }));`
			`in`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`r;`
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`mkNixinateTest =`
			`{ buildOn`
			`, hermetic ? false`
			`, ...`
			`}:`
tests/vmTest: fix and de-duplicate code Ironically, I did not properly test that I had made the local and remote tests distinct. So the exampleFlake was hardcoded to 'local' only. This meant that building local and remote tests would return the same results. This commit fixes that. Additionally, I've made tests/vmTests/common.nix to deduplicate some of the code between nodes. 2022-05-24 02:39:45 +01:00			`let`
			`exampleFlake = pkgs.writeTextFile {`
			`name = "nixinate-example-flake";`
			`destination = "/flake.nix";`
			`text = ''`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`{`
tests/vmTest: fix and de-duplicate code Ironically, I did not properly test that I had made the local and remote tests distinct. So the exampleFlake was hardcoded to 'local' only. This meant that building local and remote tests would return the same results. This commit fixes that. Additionally, I've made tests/vmTests/common.nix to deduplicate some of the code between nodes. 2022-05-24 02:39:45 +01:00			`outputs = { self, nixpkgs }:`
			`let`
			`makeTest = (import (nixpkgs + "/nixos/lib/testing-python.nix") { system = "${pkgs.hostPlatform.system}"; }).makeTest;`
tests/vmTest: remove empty argument set in baseConfig Upstream Nixpkgs changed the behavior of the makeTest function so now this is no longer required 2022-05-24 05:06:57 +01:00			`baseConfig = ((makeTest { nodes.baseConfig = { ... }: {}; testScript = "";}).nodes).baseConfig.extendModules {`
tests/vmTest: fix and de-duplicate code Ironically, I did not properly test that I had made the local and remote tests distinct. So the exampleFlake was hardcoded to 'local' only. This meant that building local and remote tests would return the same results. This commit fixes that. Additionally, I've made tests/vmTests/common.nix to deduplicate some of the code between nodes. 2022-05-24 02:39:45 +01:00			`modules = [`
			`${builtins.readFile ./nixinateeBase.nix}`
			`${builtins.readFile ./nixinateeAdditional.nix}`
			`{`
			`_module.args.nixinate = {`
			`host = "nixinatee";`
			`sshUser = "nixinator";`
			`buildOn = "${buildOn}"; # valid args are "local" or "remote"`
Add support for hermetic remote builds A hermetic remote rebuild is when Nixinate sends a specific Nix binary to the remote first, then uses it when activating a system closure, rather than using the Nix that is already on the remote. This is defaulted to false for the time being, as the bandwidth usage can be high. This allows users to avoid the need to bootstrap the remote first by enabling flakes on the remote Nix binary. 2022-05-23 18:57:50 +01:00			`hermetic = ${lib.boolToString hermetic}; # valid args are true or false`
tests/vmTest: fix and de-duplicate code Ironically, I did not properly test that I had made the local and remote tests distinct. So the exampleFlake was hardcoded to 'local' only. This meant that building local and remote tests would return the same results. This commit fixes that. Additionally, I've made tests/vmTests/common.nix to deduplicate some of the code between nodes. 2022-05-24 02:39:45 +01:00			`};`
			`}`
			`];`
			`};`
			`in`
			`{`
			`nixosConfigurations = {`
			`nixinatee = baseConfig;`
			`};`
			`};`
			`}`
			`'';`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`};`
tests/vmTest: fix and de-duplicate code Ironically, I did not properly test that I had made the local and remote tests distinct. So the exampleFlake was hardcoded to 'local' only. This meant that building local and remote tests would return the same results. This commit fixes that. Additionally, I've made tests/vmTests/common.nix to deduplicate some of the code between nodes. 2022-05-24 02:39:45 +01:00			`deployScript = inputs.self.nixinate.${pkgs.hostPlatform.system} (callLocklessFlake "${exampleFlake}" { nixpkgs = inputs.nixpkgs; });`
			`exampleSystem = (callLocklessFlake "${exampleFlake}" { nixpkgs = inputs.nixpkgs; }).nixosConfigurations.nixinatee.config.system.build.toplevel;`
			`in`
			`makeTest {`
			`nodes = {`
			`nixinatee = { ... }: {`
			`imports = [`
			`./nixinateeBase.nix`
			`(import ./common.nix { inherit inputs; })`
			`];`
			`virtualisation = {`
			`writableStore = true;`
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`additionalPaths =`
			`[ ]`
Add support for hermetic remote builds A hermetic remote rebuild is when Nixinate sends a specific Nix binary to the remote first, then uses it when activating a system closure, rather than using the Nix that is already on the remote. This is defaulted to false for the time being, as the bandwidth usage can be high. This allows users to avoid the need to bootstrap the remote first by enabling flakes on the remote Nix binary. 2022-05-23 18:57:50 +01:00			`++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem)`
Make flock usage hermetic 2022-10-28 01:31:08 +01:00			`++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild.drvPath)`
			`++ lib.optional (hermetic == true) (pkgs.flock.drvPath);`
tests/vmTest: fix and de-duplicate code Ironically, I did not properly test that I had made the local and remote tests distinct. So the exampleFlake was hardcoded to 'local' only. This meant that building local and remote tests would return the same results. This commit fixes that. Additionally, I've made tests/vmTests/common.nix to deduplicate some of the code between nodes. 2022-05-24 02:39:45 +01:00			`};`
make vmTestLocal and vmTestRemote This creates and uses a function named mkNixinateTest which takes a buildOn argument. This expects to be either "local" or "remote". This means we can make a test for both use cases of Nixinate. One where we build on the remote machine, and one where we build locally and push to the remote machine. These tests are then added to the top level of the tests folder and are imported by the flake.nix 2022-04-21 02:08:02 +01:00			`};`
tests/vmTest: fix and de-duplicate code Ironically, I did not properly test that I had made the local and remote tests distinct. So the exampleFlake was hardcoded to 'local' only. This meant that building local and remote tests would return the same results. This commit fixes that. Additionally, I've made tests/vmTests/common.nix to deduplicate some of the code between nodes. 2022-05-24 02:39:45 +01:00			`nixinator = { ... }: {`
			`imports = [`
			`(import ./common.nix { inherit inputs; })`
			`];`
			`virtualisation = {`
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`additionalPaths =`
			`[`
			`(allDrvOutputs exampleSystem)`
			`]`
Make flock usage hermetic 2022-10-28 01:31:08 +01:00			`++ lib.optional (buildOn == "remote") exampleFlake`
			`++ lib.optional (hermetic == true) pkgs.flock.drvPath;`
tests/vmTest: fix and de-duplicate code Ironically, I did not properly test that I had made the local and remote tests distinct. So the exampleFlake was hardcoded to 'local' only. This meant that building local and remote tests would return the same results. This commit fixes that. Additionally, I've made tests/vmTests/common.nix to deduplicate some of the code between nodes. 2022-05-24 02:39:45 +01:00			`};`
make vmTestLocal and vmTestRemote This creates and uses a function named mkNixinateTest which takes a buildOn argument. This expects to be either "local" or "remote". This means we can make a test for both use cases of Nixinate. One where we build on the remote machine, and one where we build locally and push to the remote machine. These tests are then added to the top level of the tests folder and are imported by the flake.nix 2022-04-21 02:08:02 +01:00			`};`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`};`
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`testScript = ''`
			`start_all()`
			`nixinatee.wait_for_unit("sshd.service")`
			`nixinator.wait_for_unit("multi-user.target")`
			`nixinator.succeed("mkdir ~/.ssh/")`
			`nixinator.succeed("ssh-keyscan -H nixinatee >> ~/.ssh/known_hosts")`
Revert "Flatten apps (nixinate-name instead nixinate.name) (#50)" This reverts commit 1efac43f15d5ab9d534e80334f9e46083bbd589d. 2023-12-11 21:13:29 +01:00			`nixinator.succeed("exec ${deployScript.nixinate.nixinatee.program} >&2")`
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`nixinatee.wait_for_unit("nginx.service")`
			`nixinatee.wait_for_open_port("80")`
			`with subtest("Check that Nginx webserver can be reached by deployer after deployment"):`
			`assert "<title>Welcome to nginx!</title>" in nixinator.succeed(`
			`"curl -sSf http:/nixinatee/ \| grep title"`
			`)`
			`with subtest("Check that Nginx webserver can be reached by deployee after deployment"):`
			`assert "<title>Welcome to nginx!</title>" in nixinatee.succeed(`
			`"curl -sSf http:/127.0.0.1/ \| grep title"`
			`)`
			`'';`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`};`
make vmTestLocal and vmTestRemote This creates and uses a function named mkNixinateTest which takes a buildOn argument. This expects to be either "local" or "remote". This means we can make a test for both use cases of Nixinate. One where we build on the remote machine, and one where we build locally and push to the remote machine. These tests are then added to the top level of the tests folder and are imported by the flake.nix 2022-04-21 02:08:02 +01:00			`in`
			`{`
Run nixpkgs-fmt 2023-12-11 20:37:06 +01:00			`local = mkNixinateTest { buildOn = "local"; };`
			`remote = mkNixinateTest { buildOn = "remote"; };`
			`localHermetic = mkNixinateTest {`
			`buildOn = "local";`
			`hermetic = true;`
			`};`
			`remoteHermetic = mkNixinateTest {`
			`buildOn = "remote";`
			`hermetic = true;`
			`};`
Add vmTest for Nixinate This initializes ./test/default.nix which is referred to by the flake.nix under the `checks` attribute. This default.nix should point to all future tests, where they can be looked up and ran like: nix build .#checks.x86_64-linux.vmTest The test included is a simple NixOS VM Test. It uses Nixinate to deploy a machine with `services.nginx.enable = true` set, and tests whether nginx.service is started and reachable after deployment. 2022-03-31 20:36:59 +01:00			`}`