{ nixos-lib, pkgsUnstable, nixpkgs-unstable, vhackPackages, pkgs, extraModules, nixLib, ... }: let domain = "server"; sshKeys = import ../../gi/git-server/ssh_keys.nix {inherit pkgs;}; gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" '' repo CREATOR/[a-zA-Z0-9].* C = @all RW+ = CREATOR RW = WRITERS R = READERS option user-configs = cgit\.owner cgit\.desc cgit\.section cgit\.homepage ''; in nixos-lib.runTest { hostPkgs = pkgs; # the Nixpkgs package set used outside the VMs name = "back"; node = { specialArgs = {inherit pkgsUnstable vhackPackages nixpkgs-unstable nixLib;}; # Use the nixpkgs as constructed by the `nixpkgs.*` options pkgs = null; }; nodes = { server = {config, ...}: { environment.systemPackages = [pkgs.git]; imports = extraModules ++ [ ../../../../modules ]; vhack = { persist.enable = true; openssh.enable = true; nginx = { enable = true; selfsign = true; }; git-server = { enable = true; domain = "git.${domain}"; gitolite.adminPubkey = sshKeys.admin.pub; }; back = { enable = true; domain = "issues.${domain}"; settings = { scan_path = "${config.services.gitolite.dataDir}/repositories"; project_list = "${config.services.gitolite.dataDir}/projects.list"; }; }; }; }; client = {nodes, ...}: { environment.systemPackages = [pkgs.git pkgs.curl pkgs.git-bug pkgs.gawk]; programs.ssh.extraConfig = '' Host * UserKnownHostsFile /dev/null StrictHostKeyChecking no # there's nobody around that can input password PreferredAuthentications publickey ''; users.users.alice = {isNormalUser = true;}; networking.hosts = { "${nodes.server.networking.primaryIPAddress}" = [ "git.${domain}" "issues.${domain}" "${domain}" ]; }; }; }; testScript = {nodes, ...}: /* python */ '' start_all() with subtest("can setup ssh keys on client"): client.succeed( "mkdir -p ~root/.ssh", "cp ${sshKeys.admin.priv} ~root/.ssh/id_ed25519", "chmod 600 ~root/.ssh/id_ed25519", ) client.succeed( "sudo -u alice mkdir -p ~alice/.ssh", "sudo -u alice cp ${sshKeys.alice.priv} ~alice/.ssh/id_ed25519", "sudo -u alice chmod 600 ~alice/.ssh/id_ed25519", ) with subtest("gitolite server starts"): server.wait_for_unit("gitolite-init.service") server.wait_for_unit("sshd.service") client.succeed("ssh -n git@git.${domain} info") with subtest("admin can clone and configure gitolite-admin.git"): client.succeed("${pkgs.writeShellScript "setup-gitolite-admin.git" '' set -xe git clone git@git.${domain}:gitolite-admin.git git config --global user.name 'System Administrator' git config --global user.email root\@domain.example cp ${sshKeys.alice.pub} gitolite-admin/keydir/alice.pub (cd gitolite-admin && git switch -c master && git branch -D main) (cd gitolite-admin && git add . && git commit -m 'Add keys for alice' && git push -u origin master) cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf (cd gitolite-admin && git add . && git commit -m 'Add support for wild repos' && git push) (cd gitolite-admin && git push -d origin main) ''}") with subtest("alice can create a repo"): client.succeed("sudo -u alice ${pkgs.writeShellScript "alice-create-repo" '' set -xe mkdir --parents ./alice/repo1 && cd alice/repo1; git init --initial-branch main echo "# Alice's Repo" > README.md git add README.md git -c user.name=Alice -c user.email=alice@domain.example commit -m 'Add readme' git remote add origin git@git.${domain}:alice/repo1.git git push --set-upstream origin main ''}") with subtest("can setup git-bug issues in alice/repo1"): client.succeed("sudo -u alice ${pkgs.writeShellScript "setup-git-repo" '' set -ex cd alice/repo1 git bug user create --avatar "" --email "alice@server.org" --name "alice" --non-interactive git bug add \ --title "Some bug title" \ --message "A long description of the bug. Probably has some code segments, maybe even *markdown* mark_up_ or other things" \ --non-interactive git bug add \ --title "Second bug title" \ --message "" \ --non-interactive git bug add \ --title "Third bug title" \ --message "" \ --non-interactive git bug select "$(git bug ls --format plain | awk '{print $1}' | head -n 1)" git bug comment add --message "Some comment message" --non-interactive git bug comment add --message "Second comment message" --non-interactive # TODO: This should use `git bug push`, but their ssh implementation is just # too special to work in a VM test <2025-03-08> git push origin +refs/bugs/* git push origin +refs/identities/* ssh git@${domain} -- config alice/repo1 --add cgit.owner Alice ssh git@${domain} -- perms alice/repo1 + READERS @all ''}") with subtest("back server starts"): server.wait_for_unit("back.service") with subtest("client can access the server"): client.succeed("${pkgs.writeShellScript "curl-back" '' set -xe curl --insecure --fail --show-error "https://issues.${domain}/alice/repo1.git/issues/open" --output /root/issues.html grep -- 'Second bug title' /root/issues.html curl --insecure --fail --show-error "https://issues.${domain}/" --output /root/repos.html grep -- 'repo' /root/repos.html grep -- "<No description>" /root/repos.html grep -- 'Alice' /root/repos.html ''} >&2") client.copy_from_vm("/root/issues.html", ""); client.copy_from_vm("/root/repos.html", ""); ''; }