Overview: Implement tests for nixos-modules

fabianhauser commented

2025-03-24 21:33:28 +01:00

Owner

Create nixos Tests for all the modules! See static-page as a starting point.

Module Tests

Main End-User Services

static-page
cloud
- Make sure it runs first pick
- Check file-upload and download
- Check calendar, contacts
loadbalancer
- Check functionality first pick
- Check integration with static pages config
postgresql
- Check if it accessible as intended. first pick
outgoing-server-mail
- Check that outgoing mail can be sent manually
- Check that system mail is send outwards
vault
- Check it runs as intended

Developer Services

attic
- Create cache
- Push to cache
git
- Check that it runs
- Create, pull and push repository
git-ci-runner
- Run CI action on runner with nix and docker
renovate
- Check that it is running as intended.

System Services / OPS

backplane-net
- Create overlay net and run with traffic
backplane-net.hosts
- Check that /etc/hosts entries are properly generated.
backup-client
- Make sure folders that are listed are backed-up and restorable.
backup-server
- Make sure the server can receive backups as intended from a client.
luks-ssh
- Check DHCP works as intended
- Check static IP works as intended
- Check that remote unlock interface is exposed
nixpkgs-cache
- Check that the cache works
- Verify that content is really cached.
router
- Check that NAT works as intended with specified interfaces
router-dhcp
- Check that DHCP is distributed to clients as intended.
router-dns
- Check public DNS resolution works
- Check local DNS resolution works as intedned
system
- TODO: What should be checked here?
vpn-server
- Check availability of vpn.qo.is
- Check that a tailscale can connect and has connectivity
- Check ACLs allow/denys
- vpn-exit-node
  - Check that a exit node works in combination with VPN Server
~~meta~~
~~nginx~~ (Set sane defaults only)
~~router-wireless-ap~~ (Hardware config)
~~wwan~~ (Hardware config)

Integration Tests

E-Mail Functionality: This has been broken for services multiple times already.
- qois.vault emails (very important for emergency access functionality)
- qois.cloud emails
- qois.git emails
qois.loadbalancer and connected services (static-page, cloud etc. etc.)
Maybe run the whole infrastructure in a test? 😆

Update Tests

It would be great to have tests that check if updates work as intended. This might however require implementation of new tooling.

cloud.qo.is
vault.qo.is
git.qo.is

Create nixos Tests for all the modules! See `static-page` as a starting point. ## Module Tests ### Main End-User Services - [x] [static-page](https://git.qo.is/qo.is/infrastructure/src/branch/main/nixos-modules/static-page) - [ ] cloud - [ ] Make sure it runs first pick - [ ] Check file-upload and download - [ ] Check calendar, contacts - [ ] loadbalancer - [ ] Check functionality first pick - [ ] Check integration with static pages config - [ ] postgresql - [ ] Check if it accessible as intended. first pick - [ ] outgoing-server-mail - [ ] Check that outgoing mail can be sent manually - [ ] Check that system mail is send outwards - [ ] vault - [ ] Check it runs as intended ### Developer Services - [ ] attic - [ ] Create cache - [ ] Push to cache - [ ] git - [ ] Check that it runs - [ ] Create, pull and push repository - [ ] git-ci-runner - [ ] Run CI action on runner with nix and docker - [ ] renovate - [ ] Check that it is running as intended. ### System Services / OPS - [ ] backplane-net - [ ] Create overlay net and run with traffic - [ ] backplane-net.hosts - [ ] Check that `/etc/hosts` entries are properly generated. - [ ] backup-client - [ ] Make sure folders that are listed are backed-up and restorable. - [ ] backup-server - [ ] Make sure the server can receive backups as intended from a client. - [ ] luks-ssh - [ ] Check DHCP works as intended - [ ] Check static IP works as intended - [ ] Check that remote unlock interface is exposed - [ ] nixpkgs-cache - [ ] Check that the cache works - [ ] Verify that content is really cached. - [ ] router - [ ] Check that NAT works as intended with specified interfaces - [ ] router-dhcp - [ ] Check that DHCP is distributed to clients as intended. - [ ] router-dns - [ ] Check public DNS resolution works - [ ] Check local DNS resolution works as intedned - [ ] system - [ ] TODO: What should be checked here? - [ ] vpn-server - [ ] Check availability of `vpn.qo.is` - [ ] Check that a `tailscale` can connect and has connectivity - [ ] Check ACLs allow/denys - [ ] `vpn-exit-node` - [ ] Check that a exit node works in combination with VPN Server - [x] ~meta~ - [x] ~nginx~ (Set sane defaults only) - [x] ~router-wireless-ap~ (Hardware config) - [x] ~wwan~ (Hardware config) ## Integration Tests - [ ] E-Mail Functionality: This has been broken for services multiple times already. - [ ] `qois.vault` emails (very important for emergency access functionality) - [ ] `qois.cloud` emails - [ ] `qois.git` emails - [ ] `qois.loadbalancer` and connected services (static-page, cloud etc. etc.) - [ ] Maybe run the whole infrastructure in a test? 😆 ## Update Tests It would be great to have tests that check if updates work as intended. This might however require implementation of new tooling. - `cloud.qo.is` - `vault.qo.is` - `git.qo.is`