summary refs log tree commit diff stats
path: root/tests/nixos/vhack
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-12-20 13:58:21 +0100
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-12-20 13:58:21 +0100
commit33639143ea50404a04bc4c454435aff1bd79dd4b (patch)
treeede4b6832bb86ac30281fc22700ae1fe40658f37 /tests/nixos/vhack
parentfix(treewide): Update to nixos release 24.11 (diff)
downloadnixos-server-33639143ea50404a04bc4c454435aff1bd79dd4b.zip
refactor({modules,test}): Migrate to a `by-name` structure
Diffstat (limited to 'tests/nixos/vhack')
-rw-r--r--tests/nixos/vhack/git-server/ssh_keys.nix49
-rw-r--r--tests/nixos/vhack/git-server/test.nix244
2 files changed, 0 insertions, 293 deletions
diff --git a/tests/nixos/vhack/git-server/ssh_keys.nix b/tests/nixos/vhack/git-server/ssh_keys.nix
deleted file mode 100644
index 07f0b88..0000000
--- a/tests/nixos/vhack/git-server/ssh_keys.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{pkgs}: {
-  admin = {
-    priv = pkgs.writeText "id_ed25519" ''
-      -----BEGIN OPENSSH PRIVATE KEY-----
-      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-      QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM
-      QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g
-      AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3
-      W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU=
-      -----END OPENSSH PRIVATE KEY-----
-    '';
-
-    pub = ''
-      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
-    '';
-  };
-
-  alice = {
-    priv = pkgs.writeText "id_ed25519" ''
-      -----BEGIN OPENSSH PRIVATE KEY-----
-      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-      QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
-      VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
-      AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
-      Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
-      -----END OPENSSH PRIVATE KEY-----
-    '';
-
-    pub = pkgs.writeText "id_ed25519.pub" ''
-      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client
-    '';
-  };
-
-  bob = {
-    priv = pkgs.writeText "id_ed25519" ''
-      -----BEGIN OPENSSH PRIVATE KEY-----
-      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-      QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj
-      VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA
-      AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN
-      6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU=
-      -----END OPENSSH PRIVATE KEY-----
-    '';
-
-    pub = pkgs.writeText "id_ed25519.pub" ''
-      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
-    '';
-  };
-}
diff --git a/tests/nixos/vhack/git-server/test.nix b/tests/nixos/vhack/git-server/test.nix
deleted file mode 100644
index 6d5edda..0000000
--- a/tests/nixos/vhack/git-server/test.nix
+++ /dev/null
@@ -1,244 +0,0 @@
-{
-  nixos-lib,
-  pkgsUnstable,
-  nixpkgs-unstable,
-  pkgs,
-  extraModules,
-  ...
-}: let
-  sshKeys =
-    import ./ssh_keys.nix {inherit pkgs;};
-
-  gitServerDomain = "server";
-
-  gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" ''
-    repo CREATOR/[a-zA-Z0-9].*
-      C     = @all
-      RW+   = CREATOR
-      RW    = WRITERS
-      R     = READERS
-      option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage
-  '';
-
-  expectedGitoliteConf = pkgs.writeText "expected-gitolite-conf" ''
-    repo gitolite-admin
-     RW+ = gitolite-admin
-
-    repo testing
-     RW+ = @all
-    repo CREATOR/[a-zA-Z0-9].*
-     C = @all
-     RW+ = CREATOR
-     RW = WRITERS
-     R = READERS
-     option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage
-  '';
-
-  expectedHtmlReadme = pkgs.writeText "expectedHtmlReadme" ''
-    <h1>Alice's Repo</h1>
-  '';
-  expectedMdReadme = pkgs.writeText "expectedMdReadme" ''
-    # Alice's Repo
-  '';
-in
-  nixos-lib.runTest {
-    hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs
-
-    name = "git-server";
-
-    node = {
-      specialArgs = {inherit pkgsUnstable nixpkgs-unstable;};
-
-      # Use the nixpkgs as constructed by the `nixpkgs.*` options
-      pkgs = null;
-    };
-
-    nodes = {
-      server = {config, ...}: {
-        imports =
-          extraModules
-          ++ [
-            ../../../../modules/nixos
-          ];
-
-        system.activationScripts = {
-          gitolite = {
-            text = ''
-              if ! [ -d /srv/gitolite ]; then
-                mkdir --parents /srv/gitolite
-                chown -R git:git /srv/gitolite
-              fi
-            '';
-          };
-        };
-
-        vhack = {
-          openssh.enable = true;
-          nginx = {
-            enable = true;
-            selfsign = true;
-          };
-          git-server = {
-            enable = true;
-            domain = gitServerDomain;
-            gitolite.adminPubkey = sshKeys.admin.pub;
-          };
-        };
-      };
-
-      client = {...}: {
-        environment.systemPackages = [pkgs.git];
-        programs.ssh.extraConfig = ''
-          Host *
-            UserKnownHostsFile /dev/null
-            StrictHostKeyChecking no
-            # there's nobody around that can input password
-            PreferredAuthentications publickey
-        '';
-        users.users.alice = {isNormalUser = true;};
-        users.users.bob = {isNormalUser = true;};
-      };
-    };
-
-    testScript = {nodes, ...}:
-    /*
-    python
-    */
-    ''
-      start_all()
-
-      with subtest("can setup ssh keys on client"):
-        client.succeed(
-            "mkdir -p ~root/.ssh",
-            "cp ${sshKeys.admin.priv} ~root/.ssh/id_ed25519",
-            "chmod 600 ~root/.ssh/id_ed25519",
-        )
-        client.succeed(
-            "sudo -u alice mkdir -p ~alice/.ssh",
-            "sudo -u alice cp ${sshKeys.alice.priv} ~alice/.ssh/id_ed25519",
-            "sudo -u alice chmod 600 ~alice/.ssh/id_ed25519",
-        )
-        client.succeed(
-            "sudo -u bob mkdir -p ~bob/.ssh",
-            "sudo -u bob cp ${sshKeys.bob.priv} ~bob/.ssh/id_ed25519",
-            "sudo -u bob chmod 600 ~bob/.ssh/id_ed25519",
-        )
-
-      with subtest("gitolite server starts"):
-        server.wait_for_unit("gitolite-init.service")
-        server.wait_for_unit("sshd.service")
-        client.succeed("ssh -n git@server info")
-
-
-      with subtest("admin can clone and configure gitolite-admin.git"):
-        client.succeed("${pkgs.writeShellScript "setup-gitolite-admin.git" ''
-        set -xe
-
-        git clone git@server:gitolite-admin.git
-        git config --global user.name 'System Administrator'
-        git config --global user.email root\@domain.example
-
-        cp ${sshKeys.alice.pub} gitolite-admin/keydir/alice.pub
-        cp ${sshKeys.bob.pub} gitolite-admin/keydir/bob.pub
-
-        (cd gitolite-admin && git switch -c master && git branch -D main)
-
-        (cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push -u origin master)
-        cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf
-        (cd gitolite-admin && git add . && git commit -m 'Add support for wild repos' && git push)
-        (cd gitolite-admin && git push -d origin main)
-      ''}")
-
-        server.succeed("${pkgs.writeShellScript "verify gitolite-admin.conf" ''
-        set -xe
-
-        testFile=~git/.gitolite/conf/gitolite.conf.test
-
-        cp ~git/.gitolite/conf/gitolite.conf "$testFile"
-
-        # Normalize the white space
-        sed -i 's/\t/ /g' "$testFile"
-        sed -i 's/\s\+/ /g' "$testFile"
-
-        diff "$testFile" ${expectedGitoliteConf}
-      ''}")
-
-
-      with subtest("non-admins cannot clone gitolite-admin.git"):
-        client.fail("sudo -i -u alice git clone git@server:gitolite-admin.git")
-        client.fail("sudo -i -u bob git clone git@server:gitolite-admin.git")
-
-      with subtest("non-admins can clone testing.git"):
-        client.succeed("sudo -i -u alice git clone git@server:testing.git")
-        client.succeed("sudo -i -u bob git clone git@server:testing.git")
-
-
-      with subtest("alice can create a repo"):
-        client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-create-repo" ''
-        set -xe
-
-        mkdir alice-repo && cd alice-repo;
-
-        git init --initial-branch main
-        echo "# Alice's Repo" > README.md
-        git add README.md
-        git -c user.name=Alice -c user.email=alice@domain.example commit -m 'Add readme'
-
-        git remote add origin git@server:alice/alice-project.git
-        git push --set-upstream origin main
-      ''}")
-
-      with subtest("alice can clone alice-project.git"):
-        client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-clone-repo" ''
-        set -xe
-
-        git clone git@server:alice/alice-project.git
-        diff --side-by-side ${expectedMdReadme}  ./alice-project/README.md
-      ''}")
-
-      with subtest("bob cannot clone alice-project.git"):
-        client.fail("sudo -i -u bob git clone git@server:alice/alice-project.git")
-
-      with subtest("Alice can make her repo public"):
-        client.succeed(
-            "sudo -u alice ssh git@server perms alice/alice-project + READERS @all",
-            "sudo -u alice ssh git@server desc alice/alice-project 'My nice project.'"
-        )
-
-      with subtest("Bob can see alice config on cgit"):
-        client.succeed("sudo -u bob ${pkgs.writeShellScript "bob-clone-repo" ''
-        set -xe
-
-        cd ~bob
-        # Disable ssl verification, as the certs are self-signed
-        git -c http.sslVerify=false clone https://server/alice/alice-project.git
-      ''}")
-
-      with subtest("Alice can change settings in her repo"):
-        client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-change-settings" ''
-        set -xe
-
-        echo 'Hi! You want to work with alice' | ssh git@server motd alice/alice-project set
-        ssh git@server config alice/alice-project --add 'cgit.owner' 'alice'
-        ssh git@server config alice/alice-project --add 'cgit.section' 'alice'
-        ssh git@server config alice/alice-project --add 'cgit.homepage' 'alice'
-
-        owner="$(ssh git@server config alice/alice-project --get-all 'cgit.owner')"
-        [ "$owner" = "alice" ] || {
-          echo "owner should be alice but is '$owner'!"
-          exit 1
-        }
-      ''}")
-
-
-      # He can't see the readme (FIXME:  find out why this does not work. <2024-08-13> )
-      # with subtest("Bob can see alice's README"):
-      #   client.succeed("sudo -u bob ${pkgs.writeShellScript "bob-alice-readme" ''
-      #   set -xe
-      #
-      #   curl --insecure --silent --fail --show-error 'https://server/alice/alice-project/about' > readme.html
-      #   cat readme.html
-      #   diff --side-by-side ${expectedHtmlReadme}  readme.html
-      # ''}")
-    '';
-  }