~swflint/nixos-blocking-router

1

Testing and Invariants in NixOS

Jared Soundy <jared@soundyfam.com>
Details
Message ID
<452220227.3142627.1631102692623@privateemail.com>
DKIM signature
missing
Download raw message
3 years ago 
Good morning,

#Testing
NixOS has an integration/functional testing feature documented [1], [2], and [3]. These tests setup virtual machines that execute python/perl/command-line-arguments. For example, we could have a tests where a VM tries to access a "fake porn" website. Tests where we try to access whitelisted websites. You get the picture. We will need to enable internet access for the VMs as documented [4].

#Invariants
What I do not currently know how to do is implement invariants in Nix. For example the APU2 I'm using as 4 interfaces {"ens1s0", "ens2s0", "ens3s0", "ens4s0"}. We will define one of these as the wan-interface and the other three in a list called lan-interfaces. We should be able to create two invariants here:
(1) lan-interfaces does not contain wan-interface
(2) all elements of lan-interface are unique

Thoughts?

Footnotes:
[1] https://nix.dev/tutorials/integration-testing-using-virtual-machines
[2] https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests
[3] https://nixos.mayflower.consulting/blog/2019/07/11/leveraging-nixos-tests-in-your-project/
[4] https://discourse.nixos.org/t/actually-having-internet-access-in-nixos-test/14280/3

In Christ,
Jared
Samuel W. Flint <swflint@flintfam.org>
Details
Message ID
<875yvb9q88.fsf@flintfam.org>
In-Reply-To
<452220227.3142627.1631102692623@privateemail.com> (view parent)
DKIM signature
missing
Download raw message
3 years ago 
>>>>> Jared Soundy writes:

    JS> Good morning,

[...]

    JS> #Invariants

    JS> What I do not currently know how to do is implement invariants
    JS> in Nix. For example the APU2 I'm using as 4 interfaces
    JS> {"ens1s0", "ens2s0", "ens3s0", "ens4s0"}. We will define one of
    JS> these as the wan-interface and the other three in a list called
    JS> lan-interfaces. We should be able to create two invariants here:
    JS> (1) lan-interfaces does not contain wan-interface (2) all
    JS> elements of lan-interface are unique

To handle this, we'd use a NixOS *module* [1], in which we can present
assertions to a user.  They just work a bit different than assertions
work in other languages, and must be defined when you define the option
[2], being evaluated when the option is *set*.  They're also imported
separately from, for instance, a file containing variables imported
using a `let` or `with` (because modules can exist on a channel served
up by a binary cache, and not in the existing file system).

    JS> Thoughts?

HTH,

Sam

[...]

Footnotes:
[1]  https://nixos.org/manual/nixos/stable/#sec-writing-modules

[2]  https://nixos.org/manual/nixos/stable/index.html#sec-assertions

-- 
Samuel W. Flint
4096R/FA13D704
      (F50D 862B 4F65 5943 A8C2  EF0E 86C9 3E7A FA13 D704)
λs.(s s) λs.(s s)
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
Reply to thread Export thread (mbox)