Compare commits
3 commits
73e2b8c5fe
...
48b807d6b5
| Author | SHA1 | Date | |
|---|---|---|---|
48b807d6b5
|
|||
2e8d20f89d
|
|||
|
ec27e31336
|
2 changed files with 123 additions and 4 deletions
|
|
@ -4,15 +4,30 @@ jobs:
|
|||
runs-on: nixos
|
||||
steps:
|
||||
- uses: https://git.salame.cl/actions/checkout@v4
|
||||
- run: nix --version
|
||||
- run: nix build --print-build-logs .#
|
||||
- name: Build Package
|
||||
run: |
|
||||
nix --version
|
||||
nix build --print-build-logs .#
|
||||
check:
|
||||
needs: build # we use the built binaries in the checks
|
||||
runs-on: nixos
|
||||
strategy:
|
||||
matrix:
|
||||
check:
|
||||
- treefmt
|
||||
- clippy
|
||||
- nextest
|
||||
- module-ipv4-test
|
||||
- module-ipv6-test
|
||||
- module-nginx-test
|
||||
steps:
|
||||
- uses: https://git.salame.cl/actions/checkout@v4
|
||||
- run: nix --version
|
||||
- run: nix flake check --keep-going --verbose --print-build-logs
|
||||
- name: Check
|
||||
run: |
|
||||
set -x
|
||||
nix --version
|
||||
# shellcheck disable=SC2016
|
||||
nix build --print-build-logs '.#checks.x86_64-linux.${{ matrix.check }}'
|
||||
report-size:
|
||||
runs-on: nixos
|
||||
needs: build
|
||||
|
|
|
|||
|
|
@ -100,6 +100,27 @@
|
|||
config.services.webnsupdate.bindIp = "::1";
|
||||
};
|
||||
|
||||
webnsupdate-nginx-machine =
|
||||
{ lib, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
webnsupdate-ipv4-machine
|
||||
];
|
||||
|
||||
config.services = {
|
||||
# Use default IP Source
|
||||
webnsupdate.extraArgs = lib.mkForce [ "-vvv" ]; # debug messages
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
virtualHosts.webnsupdate.locations."/".proxyPass =
|
||||
"http://${config.services.webnsupdate.bindIp}:${builtins.toString config.services.webnsupdate.bindPort}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
machine.start(allow_reboot=True)
|
||||
machine.wait_for_unit("bind.service")
|
||||
|
|
@ -166,6 +187,89 @@
|
|||
nodes.machine = webnsupdate-ipv6-machine;
|
||||
inherit testScript;
|
||||
};
|
||||
module-nginx-test = pkgs.testers.runNixOSTest {
|
||||
name = "webnsupdate-nginx-module";
|
||||
nodes.machine = webnsupdate-nginx-machine;
|
||||
testScript = ''
|
||||
machine.start(allow_reboot=True)
|
||||
machine.wait_for_unit("bind.service")
|
||||
machine.wait_for_unit("webnsupdate.service")
|
||||
|
||||
# ensure base DNS records area available
|
||||
with subtest("query base DNS records"):
|
||||
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
||||
|
||||
# ensure webnsupdate managed records are missing
|
||||
with subtest("query webnsupdate DNS records (fail)"):
|
||||
machine.fail("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||
|
||||
with subtest("update webnsupdate DNS records (invalid auth)"):
|
||||
machine.fail("curl --fail --silent -u test1:test1 -X GET http://127.0.0.1/update")
|
||||
machine.fail("cat /var/lib/webnsupdate/last-ip") # no last-ip set yet
|
||||
|
||||
# ensure webnsupdate managed records are missing
|
||||
with subtest("query webnsupdate DNS records (fail)"):
|
||||
machine.fail("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||
|
||||
with subtest("update webnsupdate IPv4 DNS records (valid auth)"):
|
||||
machine.succeed("curl --fail --silent -u test:test -X GET http://127.0.0.1/update")
|
||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||
|
||||
# ensure webnsupdate managed IPv4 records are available
|
||||
with subtest("query webnsupdate IPv4 DNS records (succeed)"):
|
||||
machine.succeed("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}")
|
||||
|
||||
# ensure webnsupdate managed IPv6 records are missing
|
||||
with subtest("query webnsupdate IPv6 DNS records (fail)"):
|
||||
machine.fail("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||
machine.fail("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||
|
||||
with subtest("update webnsupdate IPv6 DNS records (valid auth)"):
|
||||
machine.succeed("curl --fail --silent -u test:test -X GET http://[::1]/update")
|
||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||
|
||||
# ensure webnsupdate managed IPv6 records are missing
|
||||
with subtest("query webnsupdate IPv6 DNS records (fail)"):
|
||||
machine.succeed("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||
|
||||
machine.reboot()
|
||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||
machine.wait_for_unit("webnsupdate.service")
|
||||
machine.succeed("cat /var/lib/webnsupdate/last-ip")
|
||||
|
||||
# ensure base DNS records area available after a reboot
|
||||
with subtest("query base DNS records"):
|
||||
machine.succeed("dig @127.0.0.1 ${testDomain} | grep ^${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 ns1.${testDomain} | grep ^ns1.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 nsupdate.${testDomain} | grep ^nsupdate.${testDomain}")
|
||||
|
||||
# ensure webnsupdate managed records are available after a reboot
|
||||
with subtest("query webnsupdate DNS records (succeed)"):
|
||||
machine.succeed("dig @127.0.0.1 test1.${testDomain} A | grep ^test1.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test2.${testDomain} A | grep ^test2.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test3.${testDomain} A | grep ^test3.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test1.${testDomain} AAAA | grep ^test1.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test2.${testDomain} AAAA | grep ^test2.${testDomain}")
|
||||
machine.succeed("dig @127.0.0.1 test3.${testDomain} AAAA | grep ^test3.${testDomain}")
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue