diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 7a3fb5e5ebe8..2e4b011ea1bb 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -804,7 +804,7 @@ in { nginx-globalredirect = runTest ./nginx-globalredirect.nix; nginx-http3 = handleTest ./nginx-http3.nix {}; nginx-mime = runTest ./nginx-mime.nix; - nginx-modsecurity = handleTest ./nginx-modsecurity.nix {}; + nginx-modsecurity = runTest ./nginx-modsecurity.nix; nginx-moreheaders = handleTest ./nginx-moreheaders.nix {}; nginx-njs = handleTest ./nginx-njs.nix {}; nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {}; diff --git a/nixos/tests/nginx-modsecurity.nix b/nixos/tests/nginx-modsecurity.nix index 892180f1cf73..f6aa58b79859 100644 --- a/nixos/tests/nginx-modsecurity.nix +++ b/nixos/tests/nginx-modsecurity.nix @@ -1,51 +1,49 @@ -import ./make-test-python.nix ( - { pkgs, lib, ... }: - { - name = "nginx-modsecurity"; +{ ... }: +{ + name = "nginx-modsecurity"; - nodes.machine = - { - config, - lib, - pkgs, - ... - }: - { - services.nginx = { - enable = true; - additionalModules = [ pkgs.nginxModules.modsecurity ]; - virtualHosts.localhost = - let - modsecurity_conf = pkgs.writeText "modsecurity.conf" '' - SecRuleEngine On - SecDefaultAction "phase:1,log,auditlog,deny,status:403" - SecDefaultAction "phase:2,log,auditlog,deny,status:403" - SecRule REQUEST_METHOD "HEAD" "id:100, phase:1, block" - SecRule REQUEST_FILENAME "secret.html" "id:101, phase:2, block" - ''; - testroot = pkgs.runCommand "testroot" { } '' - mkdir -p $out - echo "Hello World!" > $out/index.html - echo "s3cret" > $out/secret.html - ''; - in - { - root = testroot; - extraConfig = '' - modsecurity on; - modsecurity_rules_file ${modsecurity_conf}; - ''; - }; - }; + nodes.machine = + { + config, + lib, + pkgs, + ... + }: + { + services.nginx = { + enable = true; + additionalModules = [ pkgs.nginxModules.modsecurity ]; + virtualHosts.localhost = + let + modsecurity_conf = pkgs.writeText "modsecurity.conf" '' + SecRuleEngine On + SecDefaultAction "phase:1,log,auditlog,deny,status:403" + SecDefaultAction "phase:2,log,auditlog,deny,status:403" + SecRule REQUEST_METHOD "HEAD" "id:100, phase:1, block" + SecRule REQUEST_FILENAME "secret.html" "id:101, phase:2, block" + ''; + testroot = pkgs.runCommand "testroot" { } '' + mkdir -p $out + echo "Hello World!" > $out/index.html + echo "s3cret" > $out/secret.html + ''; + in + { + root = testroot; + extraConfig = '' + modsecurity on; + modsecurity_rules_file ${modsecurity_conf}; + ''; + }; }; - testScript = '' - machine.wait_for_unit("nginx") + }; + testScript = '' + machine.wait_for_unit("nginx") - response = machine.wait_until_succeeds("curl -fvvv -s http://127.0.0.1/") - assert "Hello World!" in response + response = machine.wait_until_succeeds("curl -fvvv -s http://127.0.0.1/") + assert "Hello World!" in response - machine.fail("curl -fvvv -X HEAD -s http://127.0.0.1/") - machine.fail("curl -fvvv -s http://127.0.0.1/secret.html") - ''; - } -) + machine.fail("curl -fvvv -X HEAD -s http://127.0.0.1/") + machine.fail("curl -fvvv -s http://127.0.0.1/secret.html") + ''; +}