Add NixOS-based systems tests

.gitignore

@@ -1,3 +1,7 @@
 .*.sw[a-z0-9]
 .sw[a-z0-9]
 *~
+
+# Nix build results
+result
+result-*

.travis.yml

@@ -1,7 +1,16 @@
 ---
-# Don't need sudo access or to install anything
-sudo: false
 install: true
+language: nix
+
+cache:
+  directories:
+    - '${HOME}/nix.store'
+
+before_install:
+  - sudo mkdir -p /etc/nix
+  - printf -- 'substituters = https://cache.nixos.org/ file://%s/nix.store\nrequire-sigs = false\nsandbox = true\n' "$HOME" | sudo tee -a /etc/nix/nix.conf 1>&2
 
 script:
   - ./run-tests
+  - result="$(make nixos-test)"
+  - nix-copy --to "file://${HOME}/nix.store" "$result"

Makefile

@@ -47,3 +47,10 @@ info:
 
 test:
 	@./run-tests
+
+nixos-test:
+	@nix-build -A update-systemd-resolved.nixosTest ./nix
+
+# Enter a console with NixOS test machines available
+nixos-test-driver:
+	@$$(nix-build --no-out-link -A update-systemd-resolved.nixosTest.driver ./nix)/bin/nixos-test-driver --keep-vm-state

nix/default.nix

@@ -0,0 +1,51 @@
+{ sources ? import ./sources.nix
+, nixpkgs ? sources.nixpkgs
+, pkgs ? null
+}:
+
+let
+  overlay = final: prev: {
+    inherit (import sources.nix { }) niv;
+    inherit (import sources."gitignore.nix" { inherit (prev) lib; }) gitignoreFilter;
+
+    update-systemd-resolved = prev.update-systemd-resolved.overrideAttrs (oldAttrs: {
+      src = let
+        filterSrc = path: let
+          ignored = final.gitignoreFilter path;
+        in
+          # ignored .gitignore'd files, and also the stuff under the ./nix
+          # subdirectory
+          path: type: ignored path type && builtins.baseNameOf path != "nix";
+      in
+        prev.lib.cleanSourceWith {
+          filter = filterSrc ../.;
+          src = ../.;
+          name = "update-systemd-resolved-source";
+        };
+
+      # Rewrite update-systemd-resolved.conf to:
+      #   1. Remove "setenv PATH ..." (setting PATH is unnecessary here, where
+      #      nixpkgs' update-systemd-resolved derivation builder replaces
+      #      update-systemd-resolved with a wrapper script that defines a PATH
+      #      that makes all of update-systemd-resolved's dependencies
+      #      available), and
+      #   2. Replace "/etc/openvpn/scripts/update-systemd-resolved" with the
+      #      Nix store path of the update-systemd-resolved script (so that
+      #      doing "config <nix-store-path-of>/update-systemd-resolved.conf"
+      #      from within an OpenVPN config file will work properly).
+      installPhase = ''
+        ${oldAttrs.installPhase}
+        sed -i -e "
+          /^setenv[[:space:]]\+PATH/d
+          s|/etc/openvpn/scripts|''${out}/libexec/openvpn|
+        " "''${out}/libexec/openvpn/update-systemd-resolved.conf"
+      '';
+
+      passthru.nixosTest = final.nixosTest ./nixos/tests/update-systemd-resolved.nix;
+    });
+  };
+
+  pkgs' = import nixpkgs { overlays = [ overlay ]; config = { }; };
+
+  pkgs'' = if builtins.isAttrs pkgs then pkgs else pkgs';
+in pkgs''

nix/nixos/tests/openvpn.key.static

@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+837007a0f24e279f3d4f1f982c49b85f
+3f49e0a1e4b9eedafe354ad3727d0a9f
+2eba6053fd580ffd525268bebfecb5b2
+32bde652b196b3ee2296b9c29d80a98b
+240f961e6c8384f45ae5648af0c0cf91
+e5695a901035a812dc203daf5bb2283e
+f382f1114c5f37c67422609f6ab95d89
+97174eb5b00f6848ac3bb7e36d7d09b3
+5b9321201a483fc1a9722f92f2d614d1
+5ec8ab69c090ed3154c7dcb2361be126
+1c61fdf572cfe5e34bdd882cd3ee0204
+2f350acc52d5e88efdfc2277145a3d02
+9ce86929e1c9aa4482c2c469e8d76c13
+100c5b5313edf48be200e9f64ca59cb6
+feb1e914edfc4bdcbbc1487dbb8aae4a
+deac011f5a4140494362f58a03ab919a
+-----END OpenVPN Static key V1-----