talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

oxidized: add nixosTests

Browse Source
This commit is contained in:
Joachim Ernst 2025-07-19 00:16:19 +02:00
parent b30e0dfad5
commit 657e16aa42
No known key found for this signature in database
3 changed files with 110 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/tests/all-tests.nix
View File

@ -1121,6 +1121,7 @@ in
osquery = handleTestOn [ "x86_64-linux" ] ./osquery.nix { }; osquery = handleTestOn [ "x86_64-linux" ] ./osquery.nix { };
osrm-backend = runTest ./osrm-backend.nix; osrm-backend = runTest ./osrm-backend.nix;
overlayfs = runTest ./overlayfs.nix; overlayfs = runTest ./overlayfs.nix;
oxidized = handleTest ./oxidized.nix { };
pacemaker = runTest ./pacemaker.nix; pacemaker = runTest ./pacemaker.nix;
packagekit = runTest ./packagekit.nix; packagekit = runTest ./packagekit.nix;
paisa = runTest ./paisa.nix; paisa = runTest ./paisa.nix;

104
nixos/tests/oxidized.nix Normal file
View File

@ -0,0 +1,104 @@
{
system ? builtins.currentSystem,
pkgs ? import ../.. {
inherit system;
config = { };
},
}:
let
inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest;
in
makeTest {
name = "oxidized";
nodes.server =
{ config, pkgs, ... }:
{
security.pam.services.sshd.allowNullPassword = true; # the default `UsePam yes` makes this necessary
services = {
sshd.enable = true;
openssh = {
settings.PermitRootLogin = "yes";
settings.PermitEmptyPasswords = "yes";
};
oxidized = {
enable = true;
package = pkgs.oxidized;
routerDB = pkgs.writeText "oxidized-router.db" ''
localhost:linuxgeneric:root
'';
configFile = pkgs.writeText "oxidized-config.yml" ''
# vi: ft=yaml
---
extensions:
oxidized-web:
load: true
listen: 127.0.0.1
port: 8888
vhosts:
- localhost
- 127.0.0.1
- oxidized
- oxidized.example.com
interval: 3600
retries: 3
model: linuxgeneric
username: root
source:
default: csv
csv:
file: "/var/lib/oxidized/.config/oxidized/router.db"
delimiter: !ruby/regexp /:/
map:
name: 0
model: 1
username: 2
password: 3
vars_map:
enable: 4
input:
default: ssh
utf8_encoded: true
output:
default: git
git:
single_repo: true
user: oxidized
email: oxidized@example.com
repo: /var/lib/oxidized/git
'';
};
};
systemd.services.oxidized = {
stopIfChanged = false;
environment.HOME = "/var/lib/oxidized";
environment.APP_ENV = "production";
serviceConfig = {
StateDirectory = "oxidized";
MemoryDenyWriteExecute = false;
PrivateNetwork = false;
SystemCallFilter = "@system-service";
};
path = [ config.programs.ssh.package ];
};
};
testScript =
{ nodes, ... }:
''
start_all()
server.wait_for_unit("oxidized.service")
with subtest("Check if oxidized reports the correct version"):
server.wait_until_succeeds(("curl --silent --fail --location http://127.0.0.1:8888/ | grep '${nodes.server.services.oxidized.package.version}' >&2"))
with subtest("Check if oxidized can be accessed with a vhost and reports the correct version"):
server.wait_until_succeeds(("curl --silent --fail --resolve oxidized:8888:127.0.0.1 --location http://oxidized:8888/ | grep '${nodes.server.services.oxidized.package.version}' >&2"))
with subtest("Check if oxidized can connect to linuxgeneric model"):
server.wait_until_succeeds("journalctl -b --grep 'Oxidized::Worker -- Configuration updated for /localhost' -t oxidized")
'';
}

6
pkgs/by-name/ox/oxidized/package.nix
View File

@ -3,6 +3,7 @@
ruby, ruby,
bundlerApp, bundlerApp,
bundlerUpdateScript, bundlerUpdateScript,
nixosTests,
}: }:
bundlerApp { bundlerApp {
@ -16,7 +17,10 @@ bundlerApp {
"oxs" "oxs"
]; ];
passthru.updateScript = bundlerUpdateScript "oxidized"; passthru = {
tests = nixosTests.oxidized;
updateScript = bundlerUpdateScript "oxidized";
};
meta = with lib; { meta = with lib; {
description = "Network device configuration backup tool. It's a RANCID replacement"; description = "Network device configuration backup tool. It's a RANCID replacement";