diff options
author | tv <tv@krebsco.de> | 2018-05-09 11:11:50 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-05-09 11:43:08 +0200 |
commit | 47c0b0261eabdf230bfc7a375a3a008a04b61c4a (patch) | |
tree | 5f63540493553f877ce823c4465dd2cf561765af /krebs/0tests | |
parent | 3f3c12dcd06ba211a484aabf011880a83e5832fd (diff) |
krebs: 6tests -> 0tests
Diffstat (limited to 'krebs/0tests')
-rw-r--r-- | krebs/0tests/data/secrets/grafana_security.nix | 1 | ||||
-rw-r--r-- | krebs/0tests/data/secrets/hashedPasswords.nix | 1 | ||||
-rw-r--r-- | krebs/0tests/data/secrets/retiolum.rsa_key.priv | 0 | ||||
-rw-r--r-- | krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix | 1 | ||||
-rw-r--r-- | krebs/0tests/data/secrets/ssh.id_ed25519 | 0 | ||||
-rw-r--r-- | krebs/0tests/data/test-config.nix | 22 | ||||
-rw-r--r-- | krebs/0tests/data/test-source.nix | 12 | ||||
-rw-r--r-- | krebs/0tests/default.nix | 6 | ||||
-rw-r--r-- | krebs/0tests/deploy.nix | 106 |
9 files changed, 149 insertions, 0 deletions
diff --git a/krebs/0tests/data/secrets/grafana_security.nix b/krebs/0tests/data/secrets/grafana_security.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/krebs/0tests/data/secrets/grafana_security.nix @@ -0,0 +1 @@ +{} diff --git a/krebs/0tests/data/secrets/hashedPasswords.nix b/krebs/0tests/data/secrets/hashedPasswords.nix new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/krebs/0tests/data/secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/krebs/0tests/data/secrets/retiolum.rsa_key.priv b/krebs/0tests/data/secrets/retiolum.rsa_key.priv new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/retiolum.rsa_key.priv diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix new file mode 100644 index 000000000..963e6db8b --- /dev/null +++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix @@ -0,0 +1 @@ +"lol" diff --git a/krebs/0tests/data/secrets/ssh.id_ed25519 b/krebs/0tests/data/secrets/ssh.id_ed25519 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/krebs/0tests/data/secrets/ssh.id_ed25519 diff --git a/krebs/0tests/data/test-config.nix b/krebs/0tests/data/test-config.nix new file mode 100644 index 000000000..f0927ddd9 --- /dev/null +++ b/krebs/0tests/data/test-config.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/krebs> + <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> + <nixpkgs/nixos/modules/testing/test-instrumentation.nix> + ]; + + krebs.hosts.minimal = { + cores = 1; + secure = false; + }; + + boot.loader.grub.enable = false; + boot.loader.systemd-boot.enable = true; + + krebs.build = { + host = config.krebs.hosts.minimal; + user = config.krebs.users.krebs; + }; +} diff --git a/krebs/0tests/data/test-source.nix b/krebs/0tests/data/test-source.nix new file mode 100644 index 000000000..dfc6b3297 --- /dev/null +++ b/krebs/0tests/data/test-source.nix @@ -0,0 +1,12 @@ +with import <stockholm/lib>; +evalSource "" [{ + nixos-config = { + symlink.target = toString ./test-config; + }; + nixpkgs = { + symlink.target = toString <nixpkgs>; + }; + stockholm = { + symlink.target = toString <stockholm>; + }; +}] diff --git a/krebs/0tests/default.nix b/krebs/0tests/default.nix new file mode 100644 index 000000000..c0ca00296 --- /dev/null +++ b/krebs/0tests/default.nix @@ -0,0 +1,6 @@ +with import <stockholm/lib>; +{ ... }: + +{ + deploy = import ./deploy.nix; +} diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix new file mode 100644 index 000000000..d96963500 --- /dev/null +++ b/krebs/0tests/deploy.nix @@ -0,0 +1,106 @@ +with import <stockholm/lib>; +import <nixpkgs/nixos/tests/make-test.nix> ({ ... }: + +let + pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; }; + test-config = <stockholm/krebs/0tests/data/test-config.nix>; + privKey = '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy + ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ + AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz + eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ= + -----END OPENSSH PRIVATE KEY----- + ''; + pubKey = '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1 + ''; + + ssh-config = pkgs.writeText "ssh-config" '' + Host server + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null + ''; + + populate-source = { + nixos-config = { + symlink.target = test-config; + type = "symlink"; + }; + nixpkgs = { + symlink.target = <nixpkgs>; + type = "symlink"; + }; + stockholm = { + symlink.target = <stockholm>; + type = "symlink"; + }; + }; + + test-deploy = pkgs.writeDash "test-deploy" '' + cd ${<stockholm>} + export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH + exec >&2 + source=${pkgs.writeJSON "source.json" populate-source} + LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" + # TODO: make deploy work + #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ + # --force-populate \ + # --source=${./data/test-source.nix} \ + # --system=server \ + ''; + minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> { + modules = [ + test-config + ]; + }).config.system.build.toplevel; + +in { + name = "deploy"; + + nodes = { + + server = + { config, pkgs, ... }: + + { + imports = [ test-config ]; + environment.variables = { + NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}"; + }; + services.openssh.enable = true; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + pubKey + ]; + virtualisation.pathsInNixDB = [ + minimalSystem + ]; + environment.systemPackages = [ pkgs.git ]; + }; + + client = + { config, pkgs, ... }: + { }; + }; + + testScript = '' + startAll; + + $server->waitForUnit("sshd"); + + $client->succeed("mkdir -p -m 700 /root/.ssh"); + $client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519"); + $client->succeed("cp ${ssh-config} /root/.ssh/config"); + $client->succeed("chmod 600 /root/.ssh/id_ed25519"); + + $server->waitForUnit("network.target"); + $server->succeed("ip route show 1>&2"); + $client->waitForUnit("network.target"); + $client->succeed("${test-deploy}"); + $server->succeed("nixos-rebuild -I /var/src switch"); + + $client->shutdown; + $server->shutdown; + ''; +}) |