105 lines
3.2 KiB
Nix
105 lines
3.2 KiB
Nix
{
|
|
system ? builtins.currentSystem,
|
|
pkgs ? import ../.. {
|
|
inherit system;
|
|
config = { };
|
|
},
|
|
}:
|
|
|
|
let
|
|
inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest;
|
|
in
|
|
makeTest {
|
|
name = "oxidized";
|
|
|
|
nodes.server =
|
|
{ config, pkgs, ... }:
|
|
{
|
|
security.pam.services.sshd.allowNullPassword = true; # the default `UsePam yes` makes this necessary
|
|
services = {
|
|
sshd.enable = true;
|
|
openssh = {
|
|
settings.PermitRootLogin = "yes";
|
|
settings.PermitEmptyPasswords = "yes";
|
|
};
|
|
oxidized = {
|
|
enable = true;
|
|
package = pkgs.oxidized;
|
|
routerDB = pkgs.writeText "oxidized-router.db" ''
|
|
localhost:linuxgeneric:root
|
|
'';
|
|
configFile = pkgs.writeText "oxidized-config.yml" ''
|
|
# vi: ft=yaml
|
|
---
|
|
extensions:
|
|
oxidized-web:
|
|
load: true
|
|
listen: 127.0.0.1
|
|
port: 8888
|
|
vhosts:
|
|
- localhost
|
|
- 127.0.0.1
|
|
- oxidized
|
|
- oxidized.example.com
|
|
interval: 3600
|
|
retries: 3
|
|
model: linuxgeneric
|
|
username: root
|
|
source:
|
|
default: csv
|
|
csv:
|
|
file: "/var/lib/oxidized/.config/oxidized/router.db"
|
|
delimiter: !ruby/regexp /:/
|
|
map:
|
|
name: 0
|
|
model: 1
|
|
username: 2
|
|
password: 3
|
|
vars_map:
|
|
enable: 4
|
|
input:
|
|
default: ssh
|
|
utf8_encoded: true
|
|
output:
|
|
default: git
|
|
git:
|
|
single_repo: true
|
|
user: oxidized
|
|
email: oxidized@example.com
|
|
repo: /var/lib/oxidized/git
|
|
'';
|
|
};
|
|
};
|
|
systemd.services.oxidized = {
|
|
stopIfChanged = false;
|
|
environment.HOME = "/var/lib/oxidized";
|
|
environment.APP_ENV = "production";
|
|
serviceConfig = {
|
|
StateDirectory = "oxidized";
|
|
MemoryDenyWriteExecute = false;
|
|
|
|
PrivateNetwork = false;
|
|
SystemCallFilter = "@system-service";
|
|
};
|
|
|
|
path = [ config.programs.ssh.package ];
|
|
};
|
|
|
|
};
|
|
|
|
testScript =
|
|
{ nodes, ... }:
|
|
''
|
|
start_all()
|
|
|
|
server.wait_for_unit("oxidized.service")
|
|
|
|
with subtest("Check if oxidized reports the correct version"):
|
|
server.wait_until_succeeds(("curl --silent --fail --location http://127.0.0.1:8888/ | grep '${nodes.server.services.oxidized.package.version}' >&2"))
|
|
with subtest("Check if oxidized can be accessed with a vhost and reports the correct version"):
|
|
server.wait_until_succeeds(("curl --silent --fail --resolve oxidized:8888:127.0.0.1 --location http://oxidized:8888/ | grep '${nodes.server.services.oxidized.package.version}' >&2"))
|
|
with subtest("Check if oxidized can connect to linuxgeneric model"):
|
|
server.wait_until_succeeds("journalctl -b --grep 'Oxidized::Worker -- Configuration updated for /localhost' -t oxidized")
|
|
'';
|
|
}
|