nix-bitcoin/test/test.nix
Erik Arvstedt 9b4cd7bd1c
test: simplify scenario handling
We can switch to a more sophisticated scheme later when adding more scenarios
2020-08-25 14:53:12 +02:00

63 lines
1.8 KiB
Nix

# Integration test, can be run without internet access.
{ scenario ? "default" }:
import ./make-test.nix rec {
name = "nix-bitcoin-${scenario}";
hardened = {
imports = [ <nixpkgs/nixos/modules/profiles/hardened.nix> ];
security.allowUserNamespaces = true; # re-enable disabled option
};
machine = { pkgs, lib, ... }: with lib; {
imports = [
../modules/presets/secure-node.nix
../modules/secrets/generate-secrets.nix
# using the hardened profile increases total test duration by ~50%, so disable it for now
# hardened
];
nix-bitcoin.netns-isolation.enable = (scenario == "withnetns");
services.bitcoind.extraConfig = mkForce "connect=0";
services.clightning.enable = true;
services.spark-wallet.enable = true;
services.lightning-charge.enable = true;
services.nanopos.enable = true;
services.lnd.enable = true;
services.lnd.listenPort = 9736;
services.lightning-loop.enable = true;
# needed because we must control when lightning-loop starts so it doesn't
# fail before we run commands in the nb-lightning-loop netns
systemd.services.lightning-loop.wantedBy = mkForce [];
services.electrs.enable = true;
services.liquidd = {
enable = true;
listen = mkForce false;
extraConfig = "noconnect=1";
};
services.nix-bitcoin-webindex.enable = true;
services.hardware-wallets = {
trezor = true;
ledger = true;
};
services.backups.enable = true;
# to test that unused secrets are made inaccessible by 'setup-secrets'
systemd.services.generate-secrets.postStart = ''
install -o nobody -g nogroup -m777 <(:) /secrets/dummy
'';
};
testScript =
builtins.readFile ./scenarios/lib.py + "\n\n" +
builtins.readFile "${./.}/scenarios/${scenario}.py";
}