nixosTests.nginx-sandbox: remove broken test and move the sandboxing test to the openresty test

nginx lua needs resty

the enableSandbox option of nginx was removed in 535896671b

the test fails with

```
vm-test-run-nginx-sandbox> machine # [   47.753580] nginx[1142]: nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
vm-test-run-nginx-sandbox> machine # [   47.756064] nginx[1142]: nginx: [alert] failed to load the 'resty.core' module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: module 'resty.core' not found:
vm-test-run-nginx-sandbox> machine # [   57.911766] systemd[1]: Failed to start Nginx Web Server.
```

nixos/tests/all-tests.nix

@@ -556,7 +556,6 @@ in {
   nginx-njs = handleTest ./nginx-njs.nix {};
   nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {};
   nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
-  nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {};
   nginx-sso = handleTest ./nginx-sso.nix {};
   nginx-status-page = handleTest ./nginx-status-page.nix {};
   nginx-tmpdir = handleTest ./nginx-tmpdir.nix {};

nixos/tests/nginx-sandbox.nix

@@ -1,65 +0,0 @@
-import ./make-test-python.nix ({ pkgs, ... }: {
-  name = "nginx-sandbox";
-  meta = with pkgs.lib.maintainers; {
-    maintainers = [ izorkin ];
-  };
-
-  # This test checks the creation and reading of a file in sandbox mode. Used simple lua script.
-
-  nodes.machine = { pkgs, ... }: {
-    nixpkgs.overlays = [
-      (self: super: {
-        nginx-lua = super.nginx.override {
-          modules = [
-            pkgs.nginxModules.lua
-          ];
-        };
-      })
-    ];
-    services.nginx.enable = true;
-    services.nginx.package = pkgs.nginx-lua;
-    services.nginx.virtualHosts.localhost = {
-      extraConfig = ''
-        location /test1-write {
-          content_by_lua_block {
-            local create = os.execute('${pkgs.coreutils}/bin/mkdir /tmp/test1-read')
-            local create = os.execute('${pkgs.coreutils}/bin/touch /tmp/test1-read/foo.txt')
-            local echo = os.execute('${pkgs.coreutils}/bin/echo worked > /tmp/test1-read/foo.txt')
-          }
-        }
-        location /test1-read {
-          root /tmp;
-        }
-        location /test2-write {
-          content_by_lua_block {
-            local create = os.execute('${pkgs.coreutils}/bin/mkdir /var/web/test2-read')
-            local create = os.execute('${pkgs.coreutils}/bin/touch /var/web/test2-read/bar.txt')
-            local echo = os.execute('${pkgs.coreutils}/bin/echo error-worked > /var/web/test2-read/bar.txt')
-          }
-        }
-        location /test2-read {
-          root /var/web;
-        }
-      '';
-    };
-    users.users.foo.isNormalUser = true;
-  };
-
-  testScript = ''
-    machine.wait_for_unit("nginx")
-    machine.wait_for_open_port(80)
-
-    # Checking write in temporary folder
-    machine.succeed("$(curl -vvv http://localhost/test1-write)")
-    machine.succeed('test "$(curl -fvvv http://localhost/test1-read/foo.txt)" = worked')
-
-    # Checking write in protected folder. In sandbox mode for the nginx service, the folder /var/web is mounted
-    # in read-only mode.
-    machine.succeed("mkdir -p /var/web")
-    machine.succeed("chown nginx:nginx /var/web")
-    machine.succeed("$(curl -vvv http://localhost/test2-write)")
-    assert "404 Not Found" in machine.succeed(
-        "curl -vvv -s http://localhost/test2-read/bar.txt"
-    )
-  '';
-})

nixos/tests/openresty-lua.nix

@@ -16,6 +16,12 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
 
     nodes = {
       webserver = { pkgs, lib, ... }: {
+        networking = {
+          extraHosts = ''
+            127.0.0.1 default.test
+            127.0.0.1 sandbox.test
+          '';
+        };
         services.nginx = {
           enable = true;
           package = pkgs.openresty;
@@ -24,7 +30,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
             lua_package_path '${luaPath};;';
           '';
 
-          virtualHosts."default" = {
+          virtualHosts."default.test" = {
             default = true;
             locations."/" = {
               extraConfig = ''
@@ -36,6 +42,33 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
               '';
             };
           };
+
+          virtualHosts."sandbox.test" = {
+            locations."/test1-write" = {
+              extraConfig = ''
+                content_by_lua_block {
+                  local create = os.execute('${pkgs.coreutils}/bin/mkdir /tmp/test1-read')
+                  local create = os.execute('${pkgs.coreutils}/bin/touch /tmp/test1-read/foo.txt')
+                  local echo = os.execute('${pkgs.coreutils}/bin/echo worked > /tmp/test1-read/foo.txt')
+                }
+              '';
+            };
+            locations."/test1-read" = {
+              root = "/tmp";
+            };
+            locations."/test2-write" = {
+              extraConfig = ''
+                content_by_lua_block {
+                  local create = os.execute('${pkgs.coreutils}/bin/mkdir /var/web/test2-read')
+                  local create = os.execute('${pkgs.coreutils}/bin/touch /var/web/test2-read/bar.txt')
+                  local echo = os.execute('${pkgs.coreutils}/bin/echo error-worked > /var/web/test2-read/bar.txt')
+                }
+              '';
+            };
+            locations."/test2-read" = {
+              root = "/var/web";
+            };
+          };
         };
       };
     };
@@ -51,5 +84,18 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
           f"curl -w '%{{http_code}}' --head --fail {url}"
         )
         assert http_code.split("\n")[-1] == "200"
+
+        # This test checks the creation and reading of a file in sandbox mode.
+        # Checking write in temporary folder
+        webserver.succeed("$(curl -vvv http://sandbox.test/test1-write)")
+        webserver.succeed('test "$(curl -fvvv http://sandbox.test/test1-read/foo.txt)" = worked')
+        # Checking write in protected folder. In sandbox mode for the nginx service, the folder /var/web is mounted
+        # in read-only mode.
+        webserver.succeed("mkdir -p /var/web")
+        webserver.succeed("chown nginx:nginx /var/web")
+        webserver.succeed("$(curl -vvv http://sandbox.test/test2-write)")
+        assert "404 Not Found" in machine.succeed(
+            "curl -vvv -s http://sandbox.test/test2-read/bar.txt"
+        )
       '';
   })

pkgs/servers/http/nginx/generic.nix

@@ -186,7 +186,7 @@ stdenv.mkDerivation {
   passthru = {
     inherit modules;
     tests = {
-      inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sandbox nginx-sso nginx-status-page nginx-unix-socket;
+      inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sso nginx-status-page nginx-unix-socket;
       variants = lib.recurseIntoAttrs nixosTests.nginx-variants;
       acme-integration = nixosTests.acme;
     } // passthru.tests;