# This test runs docker and checks if simple container starts import ./make-test-python.nix ( { pkgs, ... }: { name = "docker"; meta = with pkgs.lib.maintainers; { maintainers = [ nequissimus offline ]; }; nodes = { docker = { pkgs, ... }: { virtualisation.docker.enable = true; virtualisation.docker.autoPrune.enable = true; virtualisation.docker.package = pkgs.docker; users.users = { noprivs = { isNormalUser = true; description = "Can't access the docker daemon"; password = "foobar"; }; hasprivs = { isNormalUser = true; description = "Can access the docker daemon"; password = "foobar"; extraGroups = [ "docker" ]; }; }; }; }; testScript = '' start_all() docker.wait_for_unit("sockets.target") docker.succeed("tar cv --files-from /dev/null | docker import - scratchimg") docker.succeed( "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" ) docker.succeed("docker ps | grep sleeping") docker.succeed("sudo -u hasprivs docker ps") docker.fail("sudo -u noprivs docker ps") docker.succeed("docker stop sleeping") # Must match version 4 times to ensure client and server git commits and versions are correct docker.succeed('[ $(docker version | grep ${pkgs.docker.version} | wc -l) = "4" ]') docker.succeed("systemctl restart systemd-sysctl") docker.succeed("grep 1 /proc/sys/net/ipv4/conf/all/forwarding") docker.succeed("grep 1 /proc/sys/net/ipv4/conf/default/forwarding") ''; } )