pyrox.dev / nixpkgs
lol
fork atom

nixos/tests/systemd-sysupdate: init

nikstur e6862fae 9b4d3b84

+67
+1
nixos/tests/all-tests.nix
··· 772 772 systemd-portabled = handleTest ./systemd-portabled.nix {}; 773 773 systemd-repart = handleTest ./systemd-repart.nix {}; 774 774 systemd-shutdown = handleTest ./systemd-shutdown.nix {}; 775 + systemd-sysupdate = runTest ./systemd-sysupdate.nix; 775 776 systemd-timesyncd = handleTest ./systemd-timesyncd.nix {}; 776 777 systemd-user-tmpfiles-rules = handleTest ./systemd-user-tmpfiles-rules.nix {}; 777 778 systemd-misc = handleTest ./systemd-misc.nix {};
+66
nixos/tests/systemd-sysupdate.nix
··· 1 + # Tests downloading a signed update aritfact from a server to a target machine. 2 + # This test does not rely on the `systemd.timer` units provided by the 3 + # `systemd-sysupdate` module but triggers the `systemd-sysupdate` service 4 + # manually to make the test more robust. 5 + 6 + { lib, pkgs, ... }: 7 + 8 + let 9 + gpgKeyring = import ./common/gpg-keyring.nix { inherit pkgs; }; 10 + in 11 + { 12 + name = "systemd-sysupdate"; 13 + 14 + meta.maintainers = with lib.maintainers; [ nikstur ]; 15 + 16 + nodes = { 17 + server = { pkgs, ... }: { 18 + networking.firewall.enable = false; 19 + services.nginx = { 20 + enable = true; 21 + virtualHosts."server" = { 22 + root = pkgs.runCommand "sysupdate-artifacts" { buildInputs = [ pkgs.gnupg ]; } '' 23 + mkdir -p $out 24 + cd $out 25 + 26 + echo "nixos" > nixos_1.efi 27 + sha256sum nixos_1.efi > SHA256SUMS 28 + 29 + export GNUPGHOME="$(mktemp -d)" 30 + cp -R ${gpgKeyring}/* $GNUPGHOME 31 + 32 + gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS 33 + ''; 34 + }; 35 + }; 36 + }; 37 + 38 + target = { 39 + systemd.sysupdate = { 40 + enable = true; 41 + transfers = { 42 + "uki" = { 43 + Source = { 44 + Type = "url-file"; 45 + Path = "http://server/"; 46 + MatchPattern = "nixos_@v.efi"; 47 + }; 48 + Target = { 49 + Path = "/boot/EFI/Linux"; 50 + MatchPattern = "nixos_@v.efi"; 51 + }; 52 + }; 53 + }; 54 + }; 55 + 56 + environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg"; 57 + }; 58 + }; 59 + 60 + testScript = '' 61 + server.wait_for_unit("nginx.service") 62 + 63 + target.succeed("systemctl start systemd-sysupdate") 64 + assert "nixos" in target.wait_until_succeeds("cat /boot/EFI/Linux/nixos_1.efi", timeout=5) 65 + ''; 66 + }