nixos/tests/h2o: use ports from the actual machines

Author: toastal

nixos/tests/web-servers/h2o/basic.nix

@@ -8,11 +8,6 @@ let
     TLS = "acme.test";
   };
 
-  port = {
-    HTTP = 8080;
-    TLS = 8443;
-  };
-
   sawatdi_chao_lok = "สวัสดีชาวโลก";
 
   hello_world_txt = hostPkgs.writeTextFile {
@@ -41,16 +36,16 @@ in
 
   nodes = {
     server =
-      { pkgs, ... }:
+      { pkgs, config, ... }:
       {
         environment.systemPackages = [
           pkgs.curl
         ];
 
         services.h2o = {
           enable = true;
-          defaultHTTPListenPort = port.HTTP;
-          defaultTLSListenPort = port.TLS;
+          defaultHTTPListenPort = 8080;
+          defaultTLSListenPort = 8443;
           hosts = {
             "${domain.HTTP}" = {
               settings = {
@@ -107,12 +102,12 @@ in
 
         networking = {
           firewall = {
-            allowedTCPPorts = with port; [
-              HTTP
-              TLS
+            allowedTCPPorts = with config.services.h2o; [
+              defaultHTTPListenPort
+              defaultTLSListenPort
             ];
-            allowedUDPPorts = with port; [
-              TLS
+            allowedUDPPorts = with config.services.h2o; [
+              defaultTLSListenPort
             ];
           };
           extraHosts = ''
@@ -123,9 +118,11 @@ in
       };
   };
   testScript =
+    { nodes, ... }:
     let
-      portStrHTTP = builtins.toString port.HTTP;
-      portStrTLS = builtins.toString port.TLS;
+      inherit (nodes) server;
+      portStrHTTP = builtins.toString server.services.h2o.defaultHTTPListenPort;
+      portStrTLS = builtins.toString server.services.h2o.defaultTLSListenPort;
     in
     # python
     ''

nixos/tests/web-servers/h2o/mruby.nix

@@ -3,8 +3,6 @@
 let
   domain = "h2o.local";
 
-  port = 8080;
-
   sawatdi_chao_lok = "สวัสดีชาวโลก";
 in
 {
@@ -22,7 +20,7 @@ in
           enable = true;
           package = pkgs.h2o.override { withMruby = true; };
           settings = {
-            listen = port;
+            listen = 8080;
             hosts = {
               "${domain}" = {
                 paths = {
@@ -50,8 +48,10 @@ in
   };
 
   testScript =
+    { nodes, ... }:
     let
-      portStr = builtins.toString port;
+      inherit (nodes) server;
+      portStr = builtins.toString server.services.h2o.settings.listen;
     in
     # python
     ''

nixos/tests/web-servers/h2o/tls-recommendations.nix

@@ -2,7 +2,6 @@
 
 let
   domain = "acme.test";
-  port = 8443;
 
   hello_txt =
     name:
@@ -13,7 +12,12 @@ let
 
   mkH2OServer =
     recommendations:
-    { pkgs, lib, ... }:
+    {
+      pkgs,
+      lib,
+      config,
+      ...
+    }:
     {
       services.h2o = {
         enable = true;
@@ -31,7 +35,8 @@ let
         hosts = {
           "${domain}" = {
             tls = {
-              inherit port recommendations;
+              inherit recommendations;
+              port = 8443;
               policy = "force";
               identity = [
                 {
@@ -59,7 +64,9 @@ let
       ];
 
       networking = {
-        firewall.allowedTCPPorts = [ port ];
+        firewall.allowedTCPPorts = [
+          config.services.h2o.hosts.${domain}.tls.port
+        ];
         extraHosts = "127.0.0.1 ${domain}";
       };
     };
@@ -78,43 +85,47 @@ in
   };
 
   testScript =
+    { nodes, ... }:
     let
-      portStr = builtins.toString port;
+      inherit (nodes) server_modern server_intermediate server_old;
+      modernPortStr = builtins.toString server_modern.services.h2o.hosts.${domain}.tls.port;
+      intermediatePortStr = builtins.toString server_intermediate.services.h2o.hosts.${domain}.tls.port;
+      oldPortStr = builtins.toString server_old.services.h2o.hosts.${domain}.tls.port;
     in
     # python
     ''
-      curl_basic = "curl -v --tlsv1.3 --http2 'https://${domain}:${portStr}/'"
-      curl_head = "curl -v --head 'https://${domain}:${portStr}/'"
-      curl_max_tls1_2 ="curl -v --tlsv1.0 --tls-max 1.2 'https://${domain}:${portStr}/'"
-      curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:${portStr}/'"
-      curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:${portStr}/'"
+      curl_basic = "curl -v --tlsv1.3 --http2 'https://${domain}:{port}/'"
+      curl_head = "curl -v --head 'https://${domain}:{port}/'"
+      curl_max_tls1_2 ="curl -v --tlsv1.0 --tls-max 1.2 'https://${domain}:{port}/'"
+      curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:{port}/'"
+      curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:{port}/'"
 
       server_modern.wait_for_unit("h2o.service")
-      server_modern.wait_for_open_port(${portStr})
-      modern_response = server_modern.succeed(curl_basic)
+      server_modern.wait_for_open_port(${modernPortStr})
+      modern_response = server_modern.succeed(curl_basic.format(port="${modernPortStr}"))
       assert "Hello, modern!" in modern_response
-      modern_head = server_modern.succeed(curl_head)
+      modern_head = server_modern.succeed(curl_head.format(port="${modernPortStr}"))
       assert "strict-transport-security" in modern_head
-      server_modern.fail(curl_max_tls1_2)
+      server_modern.fail(curl_max_tls1_2.format(port="${modernPortStr}"))
 
       server_intermediate.wait_for_unit("h2o.service")
-      server_intermediate.wait_for_open_port(${portStr})
-      intermediate_response = server_intermediate.succeed(curl_basic)
+      server_intermediate.wait_for_open_port(${intermediatePortStr})
+      intermediate_response = server_intermediate.succeed(curl_basic.format(port="${intermediatePortStr}"))
       assert "Hello, intermediate!" in intermediate_response
-      intermediate_head = server_modern.succeed(curl_head)
+      intermediate_head = server_modern.succeed(curl_head.format(port="${intermediatePortStr}"))
       assert "strict-transport-security" in intermediate_head
-      server_intermediate.succeed(curl_max_tls1_2)
-      server_intermediate.succeed(curl_max_tls1_2_intermediate_cipher)
-      server_intermediate.fail(curl_max_tls1_2_old_cipher)
+      server_intermediate.succeed(curl_max_tls1_2.format(port="${intermediatePortStr}"))
+      server_intermediate.succeed(curl_max_tls1_2_intermediate_cipher.format(port="${intermediatePortStr}"))
+      server_intermediate.fail(curl_max_tls1_2_old_cipher.format(port="${intermediatePortStr}"))
 
       server_old.wait_for_unit("h2o.service")
-      server_old.wait_for_open_port(${portStr})
-      old_response = server_old.succeed(curl_basic)
+      server_old.wait_for_open_port(${oldPortStr})
+      old_response = server_old.succeed(curl_basic.format(port="${oldPortStr}"))
       assert "Hello, old!" in old_response
-      old_head = server_modern.succeed(curl_head)
+      old_head = server_modern.succeed(curl_head.format(port="${oldPortStr}"))
       assert "strict-transport-security" in old_head
-      server_old.succeed(curl_max_tls1_2)
-      server_old.succeed(curl_max_tls1_2_intermediate_cipher)
-      server_old.succeed(curl_max_tls1_2_old_cipher)
+      server_old.succeed(curl_max_tls1_2.format(port="${oldPortStr}"))
+      server_old.succeed(curl_max_tls1_2_intermediate_cipher.format(port="${oldPortStr}"))
+      server_old.succeed(curl_max_tls1_2_old_cipher.format(port="${oldPortStr}"))
     '';
 }