flake.nix: run tests against pinned nixpkgs

and migrate to the new runTest, which evaluates much faster.
2025-05-10 02:36:21 +02:00 · 2025-05-10 02:36:21 +02:00 · ef1e02e555
commit ef1e02e555
parent 1feca02008
7 changed files with 80 additions and 56 deletions
--- a/tests/internal.nix
+++ b/tests/internal.nix
@ -14,7 +14,10 @@
 #  You should have received a copy of the GNU General Public License
 #  along with this program. If not, see <http://www.gnu.org/licenses/>

-{ pkgs ? import <nixpkgs> {}, ...}:
+{
+  pkgs,
+  ...
+}:

 let
  sendMail = pkgs.writeTextFile {
@ -36,10 +39,11 @@ let
  hashedPasswordFile = hashPassword "my-password";
  passwordFile = pkgs.writeText "password" "my-password";
 in
-pkgs.nixosTest {
+{
  name = "internal";
+
  nodes = {
-    machine = { config, pkgs, ... }: {
+    machine = { pkgs, ... }: {
      imports = [
        ./../default.nix
        ./lib/config.nix
@ -50,7 +54,12 @@ pkgs.nixosTest {
      environment.systemPackages = [
        (pkgs.writeScriptBin "mail-check" ''
          ${pkgs.python3}/bin/python ${../scripts/mail-check.py} $@
-        '')];
+        '')
+      ] ++ (with pkgs; [
+        curl
+        openssl
+        netcat
+      ]);

      mailserver = {
        enable = true;
@ -174,22 +183,22 @@ pkgs.nixosTest {
        machine.wait_for_open_port(25)
        # TODO put this blocking into the systemd units
        machine.wait_until_succeeds(
-            "set +e; timeout 1 ${pkgs.netcat}/bin/nc -U /run/rspamd/rspamd-milter.sock < /dev/null; [ $? -eq 124 ]"
+            "set +e; timeout 1 nc -U /run/rspamd/rspamd-milter.sock < /dev/null; [ $? -eq 124 ]"
        )
        machine.succeed(
-            "cat ${sendMail} | ${pkgs.netcat-gnu}/bin/nc localhost 25 | grep -q '554 5.5.0 Error'"
+            "cat ${sendMail} | nc localhost 25 | grep -q '554 5.5.0 Error'"
        )

    with subtest("rspamd controller serves web ui"):
        machine.succeed(
-            "set +o pipefail; ${pkgs.curl}/bin/curl --unix-socket /run/rspamd/worker-controller.sock http://localhost/ | grep -q '<body>'"
+            "set +o pipefail; curl --unix-socket /run/rspamd/worker-controller.sock http://localhost/ | grep -q '<body>'"
        )

    with subtest("imap port 143 is closed and imaps is serving SSL"):
        machine.wait_for_closed_port(143)
        machine.wait_for_open_port(993)
        machine.succeed(
-            "echo | ${pkgs.openssl}/bin/openssl s_client -connect localhost:993 | grep 'New, TLS'"
+            "echo | openssl s_client -connect localhost:993 | grep 'New, TLS'"
        )
  '';
 }