diff --git a/Cargo.lock b/Cargo.lock index 3177b18..859dee6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -78,9 +78,9 @@ dependencies = [ [[package]] name = "axum" -version = "0.8.1" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d6fd624c75e18b3b4c6b9caf42b1afe24437daaee904069137d8bab077be8b8" +checksum = "efea76243612a2436fb4074ba0cf3ba9ea29efdeb72645d8fc63f116462be1de" dependencies = [ "axum-core", "bytes", @@ -123,12 +123,12 @@ dependencies = [ [[package]] name = "axum-core" -version = "0.5.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df1362f362fd16024ae199c1970ce98f9661bf5ef94b9808fee734bc3698b733" +checksum = "eab1b0df7cded837c40dacaa2e1c33aa17c84fc3356ae67b5645f1e83190753e" dependencies = [ "bytes", - "futures-util", + "futures-core", "http", "http-body", "http-body-util", @@ -728,9 +728,9 @@ checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustix" -version = "0.38.44" +version = "0.38.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" +checksum = "a78891ee6bf2340288408954ac787aa063d8e8817e9f53abb37c695c6d834ef6" dependencies = [ "bitflags", "errno", @@ -1086,9 +1086,9 @@ dependencies = [ [[package]] name = "unicode-ident" -version = "1.0.15" +version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11cd88e12b17c6494200a9c1b683a04fcac9573ed74cd1b62aeb2727c5592243" +checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83" [[package]] name = "unicode-linebreak" diff --git a/flake-modules/tests.nix b/flake-modules/tests.nix index 36fc99c..4cdac8b 100644 --- a/flake-modules/tests.nix +++ b/flake-modules/tests.nix @@ -54,117 +54,100 @@ ''; }; - webnsupdate-ipv4-machine = - { lib, ... }: - { - imports = [ - bindDynamicZone - self.nixosModules.webnsupdate + webnsupdate-machine = { + imports = [ + bindDynamicZone + self.nixosModules.webnsupdate + ]; + + config = { + environment.systemPackages = [ + pkgs.dig + pkgs.curl ]; - config = { - environment.systemPackages = [ - pkgs.dig - pkgs.curl - ]; + services = { + bind.enable = true; - services = { - bind.enable = true; - - webnsupdate = { - enable = true; - bindIp = lib.mkDefault "127.0.0.1"; - keyFile = "/etc/bind/rndc.key"; - # test:test (user:password) - passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA"; - package = self'.packages.webnsupdate; - extraArgs = [ - "-vvv" # debug messages - "--ip-source=ConnectInfo" - ]; - records = '' - test1.${testDomain}. - test2.${testDomain}. - test3.${testDomain}. - ''; - }; + webnsupdate = { + enable = true; + bindIp = "127.0.0.1"; + keyFile = "/etc/bind/rndc.key"; + # test:test (user:password) + passwordFile = pkgs.writeText "webnsupdate.pass" "FQoNmuU1BKfg8qsU96F6bK5ykp2b0SLe3ZpB3nbtfZA"; + package = self'.packages.webnsupdate; + extraArgs = [ + "-vvv" # debug messages + "--ip-source=ConnectInfo" + ]; + records = '' + test1.${testDomain}. + test2.${testDomain}. + test3.${testDomain}. + ''; }; }; }; - - webnsupdate-ipv6-machine = { - imports = [ - webnsupdate-ipv4-machine - ]; - - config.services.webnsupdate.bindIp = "::1"; }; - - testScript = '' - machine.start(allow_reboot=True) - machine.wait_for_unit("bind.service") - machine.wait_for_unit("webnsupdate.service") - - # ensure base DNS records area available - with subtest("query base DNS records"): - machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") - machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") - machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") - - # ensure webnsupdate managed records are missing - with subtest("query webnsupdate DNS records (fail)"): - machine.fail("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}") - machine.fail("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}") - machine.fail("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}") - - with subtest("update webnsupdate DNS records (invalid auth)"): - machine.fail("curl --fail --silent -u test1:test1 -X GET http://localhost:5353/update") - machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet - - # ensure webnsupdate managed records are missing - with subtest("query webnsupdate DNS records (fail)"): - machine.fail("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}") - machine.fail("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}") - machine.fail("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}") - - with subtest("update webnsupdate DNS records (valid auth)"): - machine.succeed("curl --fail --silent -u test:test -X GET http://localhost:5353/update") - machine.succeed("cat /var/lib/webnsupdate/last-ip") - - # ensure webnsupdate managed records are available - with subtest("query webnsupdate DNS records (succeed)"): - machine.succeed("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}") - machine.succeed("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}") - machine.succeed("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}") - - machine.reboot() - machine.succeed("cat /var/lib/webnsupdate/last-ip") - machine.wait_for_unit("webnsupdate.service") - machine.succeed("cat /var/lib/webnsupdate/last-ip") - - # ensure base DNS records area available after a reboot - with subtest("query base DNS records"): - machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") - machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") - machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") - - # ensure webnsupdate managed records are available after a reboot - with subtest("query webnsupdate DNS records (succeed)"): - machine.succeed("dig @127.0.0.1 test1.${testDomain} A test1.${testDomain} AAAA | grep ^test1.${testDomain}") - machine.succeed("dig @127.0.0.1 test2.${testDomain} A test2.${testDomain} AAAA | grep ^test2.${testDomain}") - machine.succeed("dig @127.0.0.1 test3.${testDomain} A test3.${testDomain} AAAA | grep ^test3.${testDomain}") - ''; in { - module-ipv4-test = pkgs.testers.runNixOSTest { - name = "webnsupdate-ipv4-module"; - nodes.machine = webnsupdate-ipv4-machine; - inherit testScript; - }; - module-ipv6-test = pkgs.testers.runNixOSTest { - name = "webnsupdate-ipv6-module"; - nodes.machine = webnsupdate-ipv6-machine; - inherit testScript; + module-test = pkgs.testers.runNixOSTest { + name = "webnsupdate-module"; + nodes.machine = webnsupdate-machine; + testScript = '' + machine.start(allow_reboot=True) + machine.wait_for_unit("bind.service") + machine.wait_for_unit("webnsupdate.service") + + # ensure base DNS records area available + with subtest("query base DNS records"): + machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") + machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") + machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") + + # ensure webnsupdate managed records are missing + with subtest("query webnsupdate DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}") + + with subtest("update webnsupdate DNS records (invalid auth)"): + machine.fail("curl --fail --silent -u test1:test1 -X GET http://localhost:5353/update") + machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet + + # ensure webnsupdate managed records are missing + with subtest("query webnsupdate DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}") + + with subtest("update webnsupdate DNS records (valid auth)"): + machine.succeed("curl --fail --silent -u test:test -X GET http://localhost:5353/update") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure webnsupdate managed records are available + with subtest("query webnsupdate DNS records (succeed)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}") + + machine.reboot() + machine.succeed("cat /var/lib/webnsupdate/last-ip") + machine.wait_for_unit("webnsupdate.service") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure base DNS records area available after a reboot + with subtest("query base DNS records"): + machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") + machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") + machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") + + # ensure webnsupdate managed records are available after a reboot + with subtest("query webnsupdate DNS records (succeed)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} | grep ^test3.${testDomain}") + ''; }; }; }; diff --git a/flake.lock b/flake.lock index 38a7fc1..b9894b0 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "crane": { "locked": { - "lastModified": 1737563566, - "narHash": "sha256-GLJvkOG29XCynQm8XWPyykMRqIhxKcBARVu7Ydrz02M=", + "lastModified": 1737250794, + "narHash": "sha256-bdIPhvsAKyYQzqAIeay4kOxTHGwLGkhM+IlBIsmMYFI=", "owner": "ipetkov", "repo": "crane", - "rev": "849376434956794ebc7a6b487d31aace395392ba", + "rev": "c5b7075f4a6d523fe8204618aa9754e56478c0e0", "type": "github" }, "original": { @@ -37,11 +37,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737469691, - "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", + "lastModified": 1737062831, + "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", + "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", "type": "github" }, "original": {