75 lines
2 KiB
Nix
75 lines
2 KiB
Nix
{ pkgs }:
|
|
let
|
|
#hello = pkgs.hello.overrideAttrs { pname = "custom-hello"; };
|
|
inherit (pkgs) hello;
|
|
in
|
|
pkgs.testers.runNixOSTest (_: {
|
|
name = "cache signature upload test";
|
|
nodes = {
|
|
cache =
|
|
{ config, ... }:
|
|
{
|
|
imports = [
|
|
./common
|
|
../modules
|
|
];
|
|
|
|
system.extraDependencies = [ hello ];
|
|
|
|
services.tvix-binary-cache = {
|
|
enable = true;
|
|
caches = {
|
|
cache.port = 8000;
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
virtualHosts.cache = {
|
|
default = true;
|
|
locations = {
|
|
"/cache".return = "302 /cache/";
|
|
"/cache/" = {
|
|
proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cache.port}/";
|
|
};
|
|
};
|
|
extraConfig = "client_max_body_size 1G;";
|
|
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
};
|
|
client =
|
|
{ lib, ... }:
|
|
{
|
|
imports = [ ./common ];
|
|
nix.settings = {
|
|
substituters = lib.mkForce [ "http://cache/cache" ];
|
|
trusted-public-keys = lib.mkForce [ (builtins.readFile ./cache-keys/pubkey) ];
|
|
};
|
|
};
|
|
};
|
|
testScript = ''
|
|
import sys
|
|
import time
|
|
start_all()
|
|
cache.wait_for_unit("nginx.service")
|
|
cache.wait_for_unit("nar-bridge-cache.service")
|
|
time.sleep(1)
|
|
with subtest("Nar bridge home"):
|
|
out = cache.succeed("curl -L http://127.0.0.1/cache")
|
|
if out != "nar-bridge":
|
|
sys.exit(1)
|
|
with subtest("Path signature and copy"):
|
|
# Sign
|
|
cache.succeed("nix store sign -k ${./cache-keys/privkey} ${hello}")
|
|
cache.succeed("nix copy --to 'http://127.0.0.1/cache/?compression=none' ${hello}")
|
|
with subtest("Substitution"):
|
|
client.succeed("nix-store --delete ${hello}")
|
|
client.fail("stat ${hello}")
|
|
client.succeed("nix-store -r ${hello}")
|
|
client.succeed("stat ${hello}")
|
|
'';
|
|
})
|