Compare commits
2 commits
30a5843fdf
...
197cbd9806
| Author | SHA1 | Date | |
|---|---|---|---|
197cbd9806
|
|||
|
a54a6cc9d2
|
7 changed files with 130 additions and 15 deletions
|
|
@ -6,6 +6,8 @@ let
|
|||
in
|
||||
{
|
||||
x86_64-linux = lib.mergeAttrsList [
|
||||
flake-inputs.self.nixosConfigurations.hetzner-1.config.serviceTests
|
||||
|
||||
{
|
||||
nix = checkLib.mkLint {
|
||||
name = "nix-lints";
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
flake-inputs.tlaternet-webserver.nixosModules.default
|
||||
|
||||
"${modulesPath}/profiles/minimal.nix"
|
||||
(import ../modules)
|
||||
../modules
|
||||
|
||||
./services/backups.nix
|
||||
./services/battery-manager.nix
|
||||
|
|
@ -30,8 +30,6 @@
|
|||
./nginx
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [ (_: prev: { local = import ../pkgs { pkgs = prev; }; }) ];
|
||||
|
||||
nix = {
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
|
|
|
|||
|
|
@ -1,4 +1,9 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
flake-inputs,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports = [
|
||||
./logging.nix
|
||||
|
|
@ -10,13 +15,64 @@
|
|||
description = "The base domain name to append to virtual domain names";
|
||||
};
|
||||
|
||||
config.services.nginx = {
|
||||
enable = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
clientMaxBodySize = "10G";
|
||||
statusPage = true; # For metrics, should be accessible only from localhost
|
||||
config = {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
clientMaxBodySize = "10G";
|
||||
statusPage = true; # For metrics, should be accessible only from localhost
|
||||
};
|
||||
|
||||
serviceTests =
|
||||
let
|
||||
testHostConfig =
|
||||
{ config, ... }:
|
||||
{
|
||||
_module.args = { inherit flake-inputs; };
|
||||
imports = [
|
||||
./.
|
||||
../../modules/serviceTests/mocks.nix
|
||||
flake-inputs.sops-nix.nixosModules.sops
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
domain = "testHost";
|
||||
|
||||
virtualHosts."${config.services.nginx.domain}" = {
|
||||
useACMEHost = "tlater.net";
|
||||
forceSSL = true;
|
||||
enableHSTS = true;
|
||||
locations."/".return = "200 ok";
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
hstsIsSet = pkgs.testers.runNixOSTest {
|
||||
name = "assert-hsts";
|
||||
nodes = {
|
||||
testHost = testHostConfig;
|
||||
|
||||
client =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.curl ];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
testHost.wait_for_unit("nginx")
|
||||
testHost.succeed("systemctl start network-online.target")
|
||||
testHost.wait_for_unit("network-online.target")
|
||||
|
||||
client.succeed("curl http://testHost")
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
flake-inputs,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib) concatStringsSep;
|
||||
in
|
||||
|
|
@ -11,7 +16,9 @@ in
|
|||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.local.starbound}/bin/launch-starbound ${./configs/starbound.json}";
|
||||
ExecStart = "${
|
||||
flake-inputs.self.packages.${pkgs.system}.starbound
|
||||
}/bin/launch-starbound ${./configs/starbound.json}";
|
||||
|
||||
Type = "simple";
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1,6 @@
|
|||
{ imports = [ ./crowdsec ]; }
|
||||
{
|
||||
imports = [
|
||||
./crowdsec
|
||||
./serviceTests/stub.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
27
modules/serviceTests/mocks.nix
Normal file
27
modules/serviceTests/mocks.nix
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
/**
|
||||
Module containing mock definitions for service test runners.
|
||||
*/
|
||||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../.
|
||||
../../configuration/services/backups.nix
|
||||
];
|
||||
# imports = [ flake-inputs.sops-nix.nixosModules.sops ];
|
||||
|
||||
sops.defaultSopsFile = ../../keys/staging.yaml;
|
||||
environment.etc."staging.key" = {
|
||||
mode = "0400";
|
||||
source = ../../keys/hosts/staging.key;
|
||||
};
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
hostKeys = lib.mkForce [
|
||||
{
|
||||
type = "rsa";
|
||||
bits = 4096;
|
||||
path = "/etc/staging.key";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
20
modules/serviceTests/stub.nix
Normal file
20
modules/serviceTests/stub.nix
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
/**
|
||||
Module to make writing service-specific tests easy.
|
||||
*/
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
serviceTests = mkOption {
|
||||
type = types.attrsOf types.package;
|
||||
|
||||
description = ''
|
||||
NixOS tests to run.
|
||||
'';
|
||||
|
||||
default = { };
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue