vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / traefik.nix
blobf26b79a0fa4d6faf866d59f111921ac7075c3516
1 # Test Traefik as a reverse proxy of a local web service
2 # and a Docker container.
3 import ./make-test-python.nix ({ pkgs, ... }: {
4   name = "traefik";
5   meta = with pkgs.lib.maintainers; {
6     maintainers = [ joko ];
7   };
9   nodes = {
10     client = { config, pkgs, ... }: {
11       environment.systemPackages = [ pkgs.curl ];
12     };
13     traefik = { config, pkgs, ... }: {
14       virtualisation.oci-containers = {
15         backend = "docker";
16         containers.nginx = {
17           extraOptions = [
18             "-l"
19             "traefik.enable=true"
20             "-l"
21             "traefik.http.routers.nginx.entrypoints=web"
22             "-l"
23             "traefik.http.routers.nginx.rule=Host(`nginx.traefik.test`)"
24           ];
25           image = "nginx-container";
26           imageStream = pkgs.dockerTools.examples.nginxStream;
27         };
28       };
30       networking.firewall.allowedTCPPorts = [ 80 ];
32       services.traefik = {
33         enable = true;
35         dynamicConfigOptions = {
36           http.routers.simplehttp = {
37             rule = "Host(`simplehttp.traefik.test`)";
38             entryPoints = [ "web" ];
39             service = "simplehttp";
40           };
42           http.services.simplehttp = {
43             loadBalancer.servers = [{
44               url = "http://127.0.0.1:8000";
45             }];
46           };
47         };
49         staticConfigOptions = {
50           global = {
51             checkNewVersion = false;
52             sendAnonymousUsage = false;
53           };
55           entryPoints.web.address = ":\${HTTP_PORT}";
57           providers.docker.exposedByDefault = false;
58         };
59         environmentFiles = [(pkgs.writeText "traefik.env" ''
60           HTTP_PORT=80
61         '')];
62       };
64       systemd.services.simplehttp = {
65         script = "${pkgs.python3}/bin/python -m http.server 8000";
66         serviceConfig.Type = "simple";
67         wantedBy = [ "multi-user.target" ];
68       };
70       users.users.traefik.extraGroups = [ "docker" ];
71     };
72   };
74   testScript = ''
75     start_all()
77     traefik.wait_for_unit("docker-nginx.service")
78     traefik.wait_until_succeeds("docker ps | grep nginx-container")
79     traefik.wait_for_unit("simplehttp.service")
80     traefik.wait_for_unit("traefik.service")
81     traefik.wait_for_open_port(80)
82     traefik.wait_for_unit("multi-user.target")
84     client.wait_for_unit("multi-user.target")
86     client.wait_until_succeeds("curl -sSf -H Host:nginx.traefik.test http://traefik/")
88     with subtest("Check that a container can be reached via Traefik"):
89         assert "Hello from NGINX" in client.succeed(
90             "curl -sSf -H Host:nginx.traefik.test http://traefik/"
91         )
93     with subtest("Check that dynamic configuration works"):
94         assert "Directory listing for " in client.succeed(
95             "curl -sSf -H Host:simplehttp.traefik.test http://traefik/"
96         )
97   '';