{ pkgs }: let #hello = pkgs.hello.overrideAttrs { pname = "custom-hello"; }; inherit (pkgs) hello; in pkgs.testers.runNixOSTest (_: { name = "cache signature upload test"; nodes = { cache = { config, ... }: { imports = [ ./common ../modules ]; system.extraDependencies = [ hello ]; services.tvix-binary-cache = { enable = true; caches = { cache.port = 8000; }; }; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts.cache = { default = true; locations = { "/cache".return = "302 /cache/"; "/cache/" = { proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cache.port}/"; }; }; extraConfig = "client_max_body_size 1G;"; }; }; networking.firewall.allowedTCPPorts = [ 80 ]; }; client = { lib, ... }: { imports = [ ./common ]; nix.settings = { substituters = lib.mkForce [ "http://cache/cache" ]; trusted-public-keys = lib.mkForce [ (builtins.readFile ./cache-keys/pubkey) ]; }; }; }; testScript = '' import sys import time start_all() cache.wait_for_unit("nginx.service") cache.wait_for_unit("nar-bridge-cache.service") time.sleep(1) with subtest("Nar bridge home"): out = cache.succeed("curl -L http://127.0.0.1/cache") if out != "nar-bridge": sys.exit(1) with subtest("Path signature and copy"): # Sign cache.succeed("nix store sign -k ${./cache-keys/privkey} ${hello}") cache.succeed("nix copy --to 'http://127.0.0.1/cache/?compression=none' ${hello}") with subtest("Substitution"): client.succeed("nix-store --delete ${hello}") client.fail("stat ${hello}") client.succeed("nix-store -r ${hello}") client.succeed("stat ${hello}") ''; })