diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index f4e299e..b61a4dc 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -4,15 +4,30 @@ jobs: runs-on: nixos steps: - uses: https://git.salame.cl/actions/checkout@v4 - - run: nix --version - - run: nix build --print-build-logs .# + - name: Build Package + run: | + nix --version + nix build --print-build-logs .# check: needs: build # we use the built binaries in the checks runs-on: nixos + strategy: + matrix: + check: + - treefmt + - clippy + - nextest + - module-ipv4-test + - module-ipv6-test + - module-nginx-test steps: - uses: https://git.salame.cl/actions/checkout@v4 - - run: nix --version - - run: nix flake check --keep-going --verbose --print-build-logs + - name: Check + run: | + set -x + nix --version + # shellcheck disable=SC2016 + nix build --print-build-logs '.#checks.x86_64-linux.${{ matrix.check }}' report-size: runs-on: nixos needs: build diff --git a/Cargo.lock b/Cargo.lock index a6267f2..338efab 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -78,9 +78,9 @@ dependencies = [ [[package]] name = "axum" -version = "0.8.2" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efea76243612a2436fb4074ba0cf3ba9ea29efdeb72645d8fc63f116462be1de" +checksum = "6d6fd624c75e18b3b4c6b9caf42b1afe24437daaee904069137d8bab077be8b8" dependencies = [ "axum-core", "bytes", @@ -123,12 +123,12 @@ dependencies = [ [[package]] name = "axum-core" -version = "0.5.1" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eab1b0df7cded837c40dacaa2e1c33aa17c84fc3356ae67b5645f1e83190753e" +checksum = "df1362f362fd16024ae199c1970ce98f9661bf5ef94b9808fee734bc3698b733" dependencies = [ "bytes", - "futures-core", + "futures-util", "http", "http-body", "http-body-util", @@ -728,9 +728,9 @@ checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" [[package]] name = "rustix" -version = "0.38.43" +version = "0.38.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a78891ee6bf2340288408954ac787aa063d8e8817e9f53abb37c695c6d834ef6" +checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" dependencies = [ "bitflags", "errno", @@ -1086,9 +1086,9 @@ dependencies = [ [[package]] name = "unicode-ident" -version = "1.0.14" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83" +checksum = "11cd88e12b17c6494200a9c1b683a04fcac9573ed74cd1b62aeb2727c5592243" [[package]] name = "unicode-linebreak" diff --git a/flake-modules/tests.nix b/flake-modules/tests.nix index 36fc99c..8c8a7d3 100644 --- a/flake-modules/tests.nix +++ b/flake-modules/tests.nix @@ -100,6 +100,27 @@ config.services.webnsupdate.bindIp = "::1"; }; + webnsupdate-nginx-machine = + { lib, config, ... }: + { + imports = [ + webnsupdate-ipv4-machine + ]; + + config.services = { + # Use default IP Source + webnsupdate.extraArgs = lib.mkForce [ "-vvv" ]; # debug messages + + nginx = { + enable = true; + recommendedProxySettings = true; + + virtualHosts.webnsupdate.locations."/".proxyPass = + "http://${config.services.webnsupdate.bindIp}:${builtins.toString config.services.webnsupdate.bindPort}"; + }; + }; + }; + testScript = '' machine.start(allow_reboot=True) machine.wait_for_unit("bind.service") @@ -166,6 +187,89 @@ nodes.machine = webnsupdate-ipv6-machine; inherit testScript; }; + module-nginx-test = pkgs.testers.runNixOSTest { + name = "webnsupdate-nginx-module"; + nodes.machine = webnsupdate-nginx-machine; + testScript = '' + machine.start(allow_reboot=True) + machine.wait_for_unit("bind.service") + machine.wait_for_unit("webnsupdate.service") + + # ensure base DNS records area available + with subtest("query base DNS records"): + machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") + machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") + machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") + + # ensure webnsupdate managed records are missing + with subtest("query webnsupdate DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}") + machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + with subtest("update webnsupdate DNS records (invalid auth)"): + machine.fail("curl --fail --silent -u test1:test1 -X GET http://127.0.0.1/update") + machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet + + # ensure webnsupdate managed records are missing + with subtest("query webnsupdate DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}") + machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + with subtest("update webnsupdate IPv4 DNS records (valid auth)"): + machine.succeed("curl --fail --silent -u test:test -X GET http://127.0.0.1/update") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure webnsupdate managed IPv4 records are available + with subtest("query webnsupdate IPv4 DNS records (succeed)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}") + + # ensure webnsupdate managed IPv6 records are missing + with subtest("query webnsupdate IPv6 DNS records (fail)"): + machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + with subtest("update webnsupdate IPv6 DNS records (valid auth)"): + machine.succeed("curl --fail --silent -u test:test -X GET http://[::1]/update") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure webnsupdate managed IPv6 records are missing + with subtest("query webnsupdate IPv6 DNS records (fail)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + + machine.reboot() + machine.succeed("cat /var/lib/webnsupdate/last-ip") + machine.wait_for_unit("webnsupdate.service") + machine.succeed("cat /var/lib/webnsupdate/last-ip") + + # ensure base DNS records area available after a reboot + with subtest("query base DNS records"): + machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}") + machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}") + machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}") + + # ensure webnsupdate managed records are available after a reboot + with subtest("query webnsupdate DNS records (succeed)"): + machine.succeed("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}") + machine.succeed("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}") + machine.succeed("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}") + machine.succeed("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}") + ''; + }; }; }; } diff --git a/flake.lock b/flake.lock index b9894b0..38a7fc1 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "crane": { "locked": { - "lastModified": 1737250794, - "narHash": "sha256-bdIPhvsAKyYQzqAIeay4kOxTHGwLGkhM+IlBIsmMYFI=", + "lastModified": 1737563566, + "narHash": "sha256-GLJvkOG29XCynQm8XWPyykMRqIhxKcBARVu7Ydrz02M=", "owner": "ipetkov", "repo": "crane", - "rev": "c5b7075f4a6d523fe8204618aa9754e56478c0e0", + "rev": "849376434956794ebc7a6b487d31aace395392ba", "type": "github" }, "original": { @@ -37,11 +37,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737062831, - "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "lastModified": 1737469691, + "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", "type": "github" }, "original": {