diff --git a/flake-modules/tests.nix b/flake-modules/tests.nix index 36fc99c..8c8a7d3 100644 --- a/flake-modules/tests.nix +++ b/flake-modules/tests.nix @@ -100,6 +100,27 @@ config.services.webnsupdate.bindIp = "::1"; }; + webnsupdate-nginx-machine = + { lib, config, ... }: + { + imports = [ + webnsupdate-ipv4-machine + ]; + + config.services = { + # Use default IP Source + webnsupdate.extraArgs = lib.mkForce [ "-vvv" ]; # debug messages + + nginx = { + enable = true; + recommendedProxySettings = true; + + virtualHosts.webnsupdate.locations."/".proxyPass = + "http://${config.services.webnsupdate.bindIp}:${builtins.toString config.services.webnsupdate.bindPort}"; + }; + }; + }; + testScript = '' machine.start(allow_reboot=True) machine.wait_for_unit("bind.service") @@ -166,6 +187,89 @@ nodes.machine = webnsupdate-ipv6-machine; inherit testScript; }; + module-nginx-test = pkgs.testers.runNixOSTest { + name = "webnsupdate-nginx-module"; + nodes.machine = webnsupdate-nginx-machine; + testScript = '' + machine.start(allow_reboot=True) + machine.wait_for_unit("bind.service") + machine.wait_for_unit("webnsupdate.service") + + # ensure base DNS records area available + with subtest("query base DNS records"): + machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") + machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") + machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") + + # ensure webnsupdate managed records are missing + with subtest("query webnsupdate DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}") + machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + with subtest("update webnsupdate DNS records (invalid auth)"): + machine.fail("curl --fail --silent -u test1:test1 -X GET http://127.0.0.1/update") + machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet + + # ensure webnsupdate managed records are missing + with subtest("query webnsupdate DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}") + machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + with subtest("update webnsupdate IPv4 DNS records (valid auth)"): + machine.succeed("curl --fail --silent -u test:test -X GET http://127.0.0.1/update") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure webnsupdate managed IPv4 records are available + with subtest("query webnsupdate IPv4 DNS records (succeed)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}") + + # ensure webnsupdate managed IPv6 records are missing + with subtest("query webnsupdate IPv6 DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + with subtest("update webnsupdate IPv6 DNS records (valid auth)"): + machine.succeed("curl --fail --silent -u test:test -X GET http://[::1]/update") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure webnsupdate managed IPv6 records are missing + with subtest("query webnsupdate IPv6 DNS records (fail)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + machine.reboot() + machine.succeed("cat /var/lib/webnsupdate/last-ip") + machine.wait_for_unit("webnsupdate.service") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure base DNS records area available after a reboot + with subtest("query base DNS records"): + machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") + machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") + machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") + + # ensure webnsupdate managed records are available after a reboot + with subtest("query webnsupdate DNS records (succeed)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}") + machine.succeed("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + ''; + }; }; }; }