mirror of
https://github.com/tailscale/tailscale.git
synced 2026-06-03 05:25:42 -04:00
d93a6bfb52
Adds nix/darwin/tests/ci/, a self-contained test that:
- boots Headscale on 127.0.0.1:8080 (HTTP, sqlite, ephemeral state,
embedded DERP server)
- creates two preauth keys (alpha and beta users)
- applies a darwinConfiguration via
`sudo nix run github:LnL7/nix-darwin -- switch` against
services.tailscales.{alpha,beta}
- waits for the per-instance daemon agents to load and their
sockets to answer
- runs `tailscale-<inst> up --reset --auth-key` and polls each
instance for BackendState=Running
- asserts per-instance UserID, socket, and state-file isolation
- tears down the agents and Headscale on exit
The test flake lives separately so the main flake stays free of a
nix-darwin input — users importing darwinModules.tailscales are not
forced to pull nix-darwin transitively. `nix.enable = false` lets the
config coexist with the DeterminateSystems Nix install on the runner.
Wires the test into a new .github/workflows/nix.yml: a cheap
flake-check-linux job gates `nix flake check --no-build` (catches the
existing darwin-eval and NixOS module regressions), and darwin-e2e
runs the orchestration on macos-latest only after the eval gate
passes. Failed runs upload Tailscale and Headscale log tails as
artifacts.
Updates nix/darwin/tests/README.md to document the new harness and
how to run it locally on a Mac.
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>