From 542336867a4d12cc59d70286af589fffecb204f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jalil=20David=20Salam=C3=A9=20Messina?= Date: Thu, 23 Jan 2025 18:01:58 +0100 Subject: [PATCH] fix(module): test both IPv4 and IPv6 This ensures both work --- flake-modules/tests.nix | 187 ++++++++++++++++++++++------------------ 1 file changed, 102 insertions(+), 85 deletions(-) diff --git a/flake-modules/tests.nix b/flake-modules/tests.nix index 4cdac8b..36fc99c 100644 --- a/flake-modules/tests.nix +++ b/flake-modules/tests.nix @@ -54,100 +54,117 @@ ''; }; - webnsupdate-machine = { - imports = [ - bindDynamicZone - self.nixosModules.webnsupdate - ]; - - config = { - environment.systemPackages = [ - pkgs.dig - pkgs.curl + webnsupdate-ipv4-machine = + { lib, ... }: + { + imports = [ + bindDynamicZone + self.nixosModules.webnsupdate ]; - services = { - bind.enable = true; + config = { + environment.systemPackages = [ + pkgs.dig + pkgs.curl + ]; - webnsupdate = { - enable = true; - bindIp = "127.0.0.1"; - keyFile = "/etc/bind/rndc.key"; - # test:test (user:password) - passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA"; - package = self'.packages.webnsupdate; - extraArgs = [ - "-vvv" # debug messages - "--ip-source=ConnectInfo" - ]; - records = '' - test1.${testDomain}. - test2.${testDomain}. - test3.${testDomain}. - ''; + services = { + bind.enable = true; + + webnsupdate = { + enable = true; + bindIp = lib.mkDefault "127.0.0.1"; + keyFile = "/etc/bind/rndc.key"; + # test:test (user:password) + passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA"; + package = self'.packages.webnsupdate; + extraArgs = [ + "-vvv" # debug messages + "--ip-source=ConnectInfo" + ]; + records = '' + test1.${testDomain}. + test2.${testDomain}. + test3.${testDomain}. + ''; + }; }; }; }; + + webnsupdate-ipv6-machine = { + imports = [ + webnsupdate-ipv4-machine + ]; + + config.services.webnsupdate.bindIp = "::1"; }; + + testScript = '' + machine.start(allow_reboot=True) + machine.wait_for_unit("bind.service") + machine.wait_for_unit("webnsupdate.service") + + # ensure base DNS records area available + with subtest("query base DNS records"): + machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") + machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") + machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") + + # ensure webnsupdate managed records are missing + with subtest("query webnsupdate DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + with subtest("update webnsupdate DNS records (invalid auth)"): + machine.fail("curl --fail --silent -u test1:test1 -X GET http://localhost:5353/update") + machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet + + # ensure webnsupdate managed records are missing + with subtest("query webnsupdate DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + with subtest("update webnsupdate DNS records (valid auth)"): + machine.succeed("curl --fail --silent -u test:test -X GET http://localhost:5353/update") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure webnsupdate managed records are available + with subtest("query webnsupdate DNS records (succeed)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + machine.reboot() + machine.succeed("cat /var/lib/webnsupdate/last-ip") + machine.wait_for_unit("webnsupdate.service") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure base DNS records area available after a reboot + with subtest("query base DNS records"): + machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") + machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") + machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") + + # ensure webnsupdate managed records are available after a reboot + with subtest("query webnsupdate DNS records (succeed)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}") + ''; in { - module-test = pkgs.testers.runNixOSTest { - name = "webnsupdate-module"; - nodes.machine = webnsupdate-machine; - testScript = '' - machine.start(allow_reboot=True) - machine.wait_for_unit("bind.service") - machine.wait_for_unit("webnsupdate.service") - - # ensure base DNS records area available - with subtest("query base DNS records"): - machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") - machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") - machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") - - # ensure webnsupdate managed records are missing - with subtest("query webnsupdate DNS records (fail)"): - machine.fail("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}") - machine.fail("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}") - machine.fail("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}") - - with subtest("update webnsupdate DNS records (invalid auth)"): - machine.fail("curl --fail --silent -u test1:test1 -X GET http://localhost:5353/update") - machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet - - # ensure webnsupdate managed records are missing - with subtest("query webnsupdate DNS records (fail)"): - machine.fail("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}") - machine.fail("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}") - machine.fail("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}") - - with subtest("update webnsupdate DNS records (valid auth)"): - machine.succeed("curl --fail --silent -u test:test -X GET http://localhost:5353/update") - machine.succeed("cat /var/lib/webnsupdate/last-ip") - - # ensure webnsupdate managed records are available - with subtest("query webnsupdate DNS records (succeed)"): - machine.succeed("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}") - machine.succeed("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}") - machine.succeed("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}") - - machine.reboot() - machine.succeed("cat /var/lib/webnsupdate/last-ip") - machine.wait_for_unit("webnsupdate.service") - machine.succeed("cat /var/lib/webnsupdate/last-ip") - - # ensure base DNS records area available after a reboot - with subtest("query base DNS records"): - machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") - machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") - machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") - - # ensure webnsupdate managed records are available after a reboot - with subtest("query webnsupdate DNS records (succeed)"): - machine.succeed("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}") - machine.succeed("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}") - machine.succeed("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}") - ''; + module-ipv4-test = pkgs.testers.runNixOSTest { + name = "webnsupdate-ipv4-module"; + nodes.machine = webnsupdate-ipv4-machine; + inherit testScript; + }; + module-ipv6-test = pkgs.testers.runNixOSTest { + name = "webnsupdate-ipv6-module"; + nodes.machine = webnsupdate-ipv6-machine; + inherit testScript; }; }; };