diff options
Diffstat (limited to 'tests/nixos/vhack')
| -rw-r--r-- | tests/nixos/vhack/git-server/ssh_keys.nix | 49 | ||||
| -rw-r--r-- | tests/nixos/vhack/git-server/test.nix | 244 |
2 files changed, 0 insertions, 293 deletions
diff --git a/tests/nixos/vhack/git-server/ssh_keys.nix b/tests/nixos/vhack/git-server/ssh_keys.nix deleted file mode 100644 index 07f0b88..0000000 --- a/tests/nixos/vhack/git-server/ssh_keys.nix +++ /dev/null @@ -1,49 +0,0 @@ -{pkgs}: { - admin = { - priv = pkgs.writeText "id_ed25519" '' - -----BEGIN OPENSSH PRIVATE KEY----- - b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW - QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM - QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g - AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3 - W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU= - -----END OPENSSH PRIVATE KEY----- - ''; - - pub = '' - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client - ''; - }; - - alice = { - priv = pkgs.writeText "id_ed25519" '' - -----BEGIN OPENSSH PRIVATE KEY----- - b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW - QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO - VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ - AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH - Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU= - -----END OPENSSH PRIVATE KEY----- - ''; - - pub = pkgs.writeText "id_ed25519.pub" '' - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client - ''; - }; - - bob = { - priv = pkgs.writeText "id_ed25519" '' - -----BEGIN OPENSSH PRIVATE KEY----- - b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW - QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj - VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA - AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN - 6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU= - -----END OPENSSH PRIVATE KEY----- - ''; - - pub = pkgs.writeText "id_ed25519.pub" '' - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client - ''; - }; -} diff --git a/tests/nixos/vhack/git-server/test.nix b/tests/nixos/vhack/git-server/test.nix deleted file mode 100644 index 6d5edda..0000000 --- a/tests/nixos/vhack/git-server/test.nix +++ /dev/null @@ -1,244 +0,0 @@ -{ - nixos-lib, - pkgsUnstable, - nixpkgs-unstable, - pkgs, - extraModules, - ... -}: let - sshKeys = - import ./ssh_keys.nix {inherit pkgs;}; - - gitServerDomain = "server"; - - gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" '' - repo CREATOR/[a-zA-Z0-9].* - C = @all - RW+ = CREATOR - RW = WRITERS - R = READERS - option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage - ''; - - expectedGitoliteConf = pkgs.writeText "expected-gitolite-conf" '' - repo gitolite-admin - RW+ = gitolite-admin - - repo testing - RW+ = @all - repo CREATOR/[a-zA-Z0-9].* - C = @all - RW+ = CREATOR - RW = WRITERS - R = READERS - option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage - ''; - - expectedHtmlReadme = pkgs.writeText "expectedHtmlReadme" '' - <h1>Alice's Repo</h1> - ''; - expectedMdReadme = pkgs.writeText "expectedMdReadme" '' - # Alice's Repo - ''; -in - nixos-lib.runTest { - hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs - - name = "git-server"; - - node = { - specialArgs = {inherit pkgsUnstable nixpkgs-unstable;}; - - # Use the nixpkgs as constructed by the `nixpkgs.*` options - pkgs = null; - }; - - nodes = { - server = {config, ...}: { - imports = - extraModules - ++ [ - ../../../../modules/nixos - ]; - - system.activationScripts = { - gitolite = { - text = '' - if ! [ -d /srv/gitolite ]; then - mkdir --parents /srv/gitolite - chown -R git:git /srv/gitolite - fi - ''; - }; - }; - - vhack = { - openssh.enable = true; - nginx = { - enable = true; - selfsign = true; - }; - git-server = { - enable = true; - domain = gitServerDomain; - gitolite.adminPubkey = sshKeys.admin.pub; - }; - }; - }; - - client = {...}: { - environment.systemPackages = [pkgs.git]; - programs.ssh.extraConfig = '' - Host * - UserKnownHostsFile /dev/null - StrictHostKeyChecking no - # there's nobody around that can input password - PreferredAuthentications publickey - ''; - users.users.alice = {isNormalUser = true;}; - users.users.bob = {isNormalUser = true;}; - }; - }; - - testScript = {nodes, ...}: - /* - python - */ - '' - start_all() - - with subtest("can setup ssh keys on client"): - client.succeed( - "mkdir -p ~root/.ssh", - "cp ${sshKeys.admin.priv} ~root/.ssh/id_ed25519", - "chmod 600 ~root/.ssh/id_ed25519", - ) - client.succeed( - "sudo -u alice mkdir -p ~alice/.ssh", - "sudo -u alice cp ${sshKeys.alice.priv} ~alice/.ssh/id_ed25519", - "sudo -u alice chmod 600 ~alice/.ssh/id_ed25519", - ) - client.succeed( - "sudo -u bob mkdir -p ~bob/.ssh", - "sudo -u bob cp ${sshKeys.bob.priv} ~bob/.ssh/id_ed25519", - "sudo -u bob chmod 600 ~bob/.ssh/id_ed25519", - ) - - with subtest("gitolite server starts"): - server.wait_for_unit("gitolite-init.service") - server.wait_for_unit("sshd.service") - client.succeed("ssh -n git@server info") - - - with subtest("admin can clone and configure gitolite-admin.git"): - client.succeed("${pkgs.writeShellScript "setup-gitolite-admin.git" '' - set -xe - - git clone git@server:gitolite-admin.git - git config --global user.name 'System Administrator' - git config --global user.email root\@domain.example - - cp ${sshKeys.alice.pub} gitolite-admin/keydir/alice.pub - cp ${sshKeys.bob.pub} gitolite-admin/keydir/bob.pub - - (cd gitolite-admin && git switch -c master && git branch -D main) - - (cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push -u origin master) - cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf - (cd gitolite-admin && git add . && git commit -m 'Add support for wild repos' && git push) - (cd gitolite-admin && git push -d origin main) - ''}") - - server.succeed("${pkgs.writeShellScript "verify gitolite-admin.conf" '' - set -xe - - testFile=~git/.gitolite/conf/gitolite.conf.test - - cp ~git/.gitolite/conf/gitolite.conf "$testFile" - - # Normalize the white space - sed -i 's/\t/ /g' "$testFile" - sed -i 's/\s\+/ /g' "$testFile" - - diff "$testFile" ${expectedGitoliteConf} - ''}") - - - with subtest("non-admins cannot clone gitolite-admin.git"): - client.fail("sudo -i -u alice git clone git@server:gitolite-admin.git") - client.fail("sudo -i -u bob git clone git@server:gitolite-admin.git") - - with subtest("non-admins can clone testing.git"): - client.succeed("sudo -i -u alice git clone git@server:testing.git") - client.succeed("sudo -i -u bob git clone git@server:testing.git") - - - with subtest("alice can create a repo"): - client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-create-repo" '' - set -xe - - mkdir alice-repo && cd alice-repo; - - git init --initial-branch main - echo "# Alice's Repo" > README.md - git add README.md - git -c user.name=Alice -c user.email=alice@domain.example commit -m 'Add readme' - - git remote add origin git@server:alice/alice-project.git - git push --set-upstream origin main - ''}") - - with subtest("alice can clone alice-project.git"): - client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-clone-repo" '' - set -xe - - git clone git@server:alice/alice-project.git - diff --side-by-side ${expectedMdReadme} ./alice-project/README.md - ''}") - - with subtest("bob cannot clone alice-project.git"): - client.fail("sudo -i -u bob git clone git@server:alice/alice-project.git") - - with subtest("Alice can make her repo public"): - client.succeed( - "sudo -u alice ssh git@server perms alice/alice-project + READERS @all", - "sudo -u alice ssh git@server desc alice/alice-project 'My nice project.'" - ) - - with subtest("Bob can see alice config on cgit"): - client.succeed("sudo -u bob ${pkgs.writeShellScript "bob-clone-repo" '' - set -xe - - cd ~bob - # Disable ssl verification, as the certs are self-signed - git -c http.sslVerify=false clone https://server/alice/alice-project.git - ''}") - - with subtest("Alice can change settings in her repo"): - client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-change-settings" '' - set -xe - - echo 'Hi! You want to work with alice' | ssh git@server motd alice/alice-project set - ssh git@server config alice/alice-project --add 'cgit.owner' 'alice' - ssh git@server config alice/alice-project --add 'cgit.section' 'alice' - ssh git@server config alice/alice-project --add 'cgit.homepage' 'alice' - - owner="$(ssh git@server config alice/alice-project --get-all 'cgit.owner')" - [ "$owner" = "alice" ] || { - echo "owner should be alice but is '$owner'!" - exit 1 - } - ''}") - - - # He can't see the readme (FIXME: find out why this does not work. <2024-08-13> ) - # with subtest("Bob can see alice's README"): - # client.succeed("sudo -u bob ${pkgs.writeShellScript "bob-alice-readme" '' - # set -xe - # - # curl --insecure --silent --fail --show-error 'https://server/alice/alice-project/about' > readme.html - # cat readme.html - # diff --side-by-side ${expectedHtmlReadme} readme.html - # ''}") - ''; - } |