Move nixos tests

.github/PULL_REQUEST_TEMPLATE.md

@@ -21,7 +21,7 @@ Maintainers: tick if completed or explain if not relevant
  - [ ] tests, as appropriate
    - functional tests - `tests/**.sh`
    - unit tests - `src/*/tests`
-   - integration tests
+   - integration tests - `tests/nixos/*`
  - [ ] documentation in the manual
  - [ ] code and comments are self-explanatory
  - [ ] commit message explains why the change was made

flake.nix

@@ -401,6 +401,18 @@
           };
         };
 
+      nixos-lib = import (nixpkgs + "/nixos/lib") { };
+
+      # https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests
+      runNixOSTestFor = system: test: nixos-lib.runTest {
+        imports = [ test ];
+        hostPkgs = nixpkgsFor.${system};
+        defaults = {
+          nixpkgs.pkgs = nixpkgsFor.${system};
+        };
+        _module.args.nixpkgs = nixpkgs;
+      };
+
     in {
 
       # A Nixpkgs overlay that overrides the 'nix' and
@@ -475,49 +487,22 @@
           };
 
         # System tests.
-        tests.remoteBuilds = import ./tests/remote-builds.nix {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
-        };
+        tests.remoteBuilds = runNixOSTestFor "x86_64-linux" ./tests/nixos/remote-builds.nix;
 
-        tests.nix-copy-closure = import ./tests/nix-copy-closure.nix {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
-        };
+        tests.nix-copy-closure = runNixOSTestFor "x86_64-linux" ./tests/nixos/nix-copy-closure.nix;
 
-        tests.nssPreload = (import ./tests/nss-preload.nix rec {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
-        });
+        tests.nssPreload = runNixOSTestFor "x86_64-linux" ./tests/nixos/nss-preload.nix;
 
-        tests.githubFlakes = (import ./tests/github-flakes.nix rec {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
-        });
+        tests.githubFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/github-flakes.nix;
 
-        tests.sourcehutFlakes = (import ./tests/sourcehut-flakes.nix rec {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
-        });
+        tests.sourcehutFlakes = runNixOSTestFor "x86_64-linux" ./tests/nixos/sourcehut-flakes.nix;
 
-        tests.containers = (import ./tests/containers.nix rec {
-          system = "x86_64-linux";
-          inherit nixpkgs;
-          overlay = self.overlays.default;
-        });
+        tests.containers = runNixOSTestFor "x86_64-linux" ./tests/nixos/containers/containers.nix;
 
         tests.setuid = nixpkgs.lib.genAttrs
           ["i686-linux" "x86_64-linux"]
-          (system:
-            import ./tests/setuid.nix rec {
-              inherit nixpkgs system;
-              overlay = self.overlays.default;
-            });
+          (system: runNixOSTestFor system ./tests/nixos/setuid.nix);
+
 
         # Make sure that nix-env still produces the exact same result
         # on a particular version of Nixpkgs.

tests/containers.nix → tests/nixos/containers/containers.nix

@@ -1,12 +1,7 @@
 # Test whether we can run a NixOS container inside a Nix build using systemd-nspawn.
-{ nixpkgs, system, overlay }:
+{ lib, nixpkgs, ... }:
 
-with import (nixpkgs + "/nixos/lib/testing-python.nix") {
-  inherit system;
-  extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
-};
-
-makeTest ({
+{
   name = "containers";
 
   nodes =
@@ -65,4 +60,4 @@ makeTest ({
     host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")
   '';
 
-})
+}

tests/github-flakes.nix → tests/nixos/github-flakes.nix

@@ -1,14 +1,9 @@
-{ nixpkgs, system, overlay }:
-
-with import (nixpkgs + "/nixos/lib/testing-python.nix") {
-  inherit system;
-  extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
-};
-
+{ lib, config, nixpkgs, ... }:
 let
+  pkgs = config.nodes.client.nixpkgs.pkgs;
 
   # Generate a fake root CA and a fake api.github.com / github.com / channels.nixos.org certificate.
-  cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
+  cert = pkgs.runCommand "cert" { nativeBuildInputs = [ pkgs.openssl ]; }
     ''
       mkdir -p $out
 
@@ -92,8 +87,6 @@ let
     '';
 in
 
-makeTest (
-
 {
   name = "github-flakes";
 
@@ -207,4 +200,4 @@ makeTest (
     client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
   '';
 
-})
+}

tests/nix-copy-closure.nix → tests/nixos/nix-copy-closure.nix

@@ -1,13 +1,16 @@
 # Test ‘nix-copy-closure’.
 
-{ nixpkgs, system, overlay }:
+{ lib, config, nixpkgs, hostPkgs, ... }:
 
-with import (nixpkgs + "/nixos/lib/testing-python.nix") {
-  inherit system;
-  extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
-};
+let
+  pkgs = config.nodes.client.nixpkgs.pkgs;
 
-makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pkgs.tmux; in {
+  pkgA = pkgs.cowsay;
+  pkgB = pkgs.wget;
+  pkgC = pkgs.hello;
+  pkgD = pkgs.tmux;
+
+in {
   name = "nix-copy-closure";
 
   nodes =
@@ -74,4 +77,4 @@ makeTest (let pkgA = pkgs.cowsay; pkgB = pkgs.wget; pkgC = pkgs.hello; pkgD = pk
     # )
     # client.succeed("nix-store --check-validity ${pkgC}")
   '';
-})
+}

tests/nss-preload.nix → tests/nixos/nss-preload.nix

@@ -1,11 +1,9 @@
-{ nixpkgs, system, overlay }:
-
-with import (nixpkgs + "/nixos/lib/testing-python.nix") {
-  inherit system;
-  extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
-};
+{ lib, config, nixpkgs, ... }:
 
 let
+
+  pkgs = config.nodes.client.nixpkgs.pkgs;
+
   nix-fetch = pkgs.writeText "fetch.nix" ''
     derivation {
         # This derivation is an copy from what is available over at
@@ -41,9 +39,7 @@ let
   '';
 in
 
-makeTest (
-
-rec {
+{
   name = "nss-preload";
 
   nodes = {
@@ -122,4 +118,4 @@ rec {
           nix-build ${nix-fetch} >&2
           """)
   '';
-})
+}

tests/remote-builds.nix → tests/nixos/remote-builds.nix

@@ -1,15 +1,9 @@
 # Test Nix's remote build feature.
 
-{ nixpkgs, system, overlay }:
-
-with import (nixpkgs + "/nixos/lib/testing-python.nix") {
-  inherit system;
-  extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
-};
-
-makeTest (
+{ config, lib, hostPkgs, ... }:
 
 let
+  pkgs = config.nodes.client.nixpkgs.pkgs;
 
   # The configuration of the remote builders.
   builder =
@@ -75,7 +69,7 @@ in
 
     # Create an SSH key on the client.
     subprocess.run([
-      "${pkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
+      "${hostPkgs.openssh}/bin/ssh-keygen", "-t", "ed25519", "-f", "key", "-N", ""
     ], capture_output=True, check=True)
     client.succeed("mkdir -p -m 700 /root/.ssh")
     client.copy_from_host("key", "/root/.ssh/id_ed25519")
@@ -109,4 +103,4 @@ in
     builder1.block()
     client.succeed("nix-build ${expr nodes.client.config 4}")
   '';
-})
+}

tests/setuid.nix → tests/nixos/setuid.nix

@@ -1,13 +1,12 @@
 # Verify that Linux builds cannot create setuid or setgid binaries.
 
-{ nixpkgs, system, overlay }:
+{ lib, config, nixpkgs, ... }:
 
-with import (nixpkgs + "/nixos/lib/testing-python.nix") {
-  inherit system;
-  extraConfigurations = [ { nixpkgs.overlays = [ overlay ]; } ];
-};
+let
+  pkgs = config.nodes.machine.nixpkgs.pkgs;
 
-makeTest {
+in
+{
   name = "setuid";
 
   nodes.machine =

tests/sourcehut-flakes.nix → tests/nixos/sourcehut-flakes.nix

@@ -1,12 +1,8 @@
-{ nixpkgs, system, overlay }:
-
-with import (nixpkgs + "/nixos/lib/testing-python.nix")
-{
-  inherit system;
-  extraConfigurations = [{ nixpkgs.overlays = [ overlay ]; }];
-};
+{ lib, config, hostPkgs, nixpkgs, ... }:
 
 let
+  pkgs = config.nodes.sourcehut.nixpkgs.pkgs;
+
   # Generate a fake root CA and a fake git.sr.ht certificate.
   cert = pkgs.runCommand "cert" { buildInputs = [ pkgs.openssl ]; }
     ''
@@ -64,8 +60,6 @@ let
 
 in
 
-makeTest (
-
   {
     name = "sourcehut-flakes";
 
@@ -164,4 +158,4 @@ makeTest (
       client.succeed("nix build nixpkgs#fuse --tarball-ttl 0")
     '';
 
-  })
+}