krebs: 6tests -> 0tests

9 files changed, 149 insertions, 0 deletions

diff --git a/krebs/0tests/data/secrets/grafana_security.nix b/krebs/0tests/data/secrets/grafana_security.nix
new file mode 100644
index 00000000..0967ef42
--- /dev/null
+++ b/krebs/0tests/data/secrets/grafana_security.nix
@@ -0,0 +1 @@
+{}
diff --git a/krebs/0tests/data/secrets/hashedPasswords.nix b/krebs/0tests/data/secrets/hashedPasswords.nix
new file mode 100644
index 00000000..0967ef42
--- /dev/null
+++ b/krebs/0tests/data/secrets/hashedPasswords.nix
@@ -0,0 +1 @@
+{}
diff --git a/krebs/0tests/data/secrets/retiolum.rsa_key.priv b/krebs/0tests/data/secrets/retiolum.rsa_key.priv
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/krebs/0tests/data/secrets/retiolum.rsa_key.priv
diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix
new file mode 100644
index 00000000..963e6db8
--- /dev/null
+++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix
@@ -0,0 +1 @@
+"lol"
diff --git a/krebs/0tests/data/secrets/ssh.id_ed25519 b/krebs/0tests/data/secrets/ssh.id_ed25519
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/krebs/0tests/data/secrets/ssh.id_ed25519
diff --git a/krebs/0tests/data/test-config.nix b/krebs/0tests/data/test-config.nix
new file mode 100644
index 00000000..f0927ddd
--- /dev/null
+++ b/krebs/0tests/data/test-config.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    <stockholm/krebs>
+    <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
+    <nixpkgs/nixos/modules/testing/test-instrumentation.nix>
+  ];
+
+  krebs.hosts.minimal = {
+    cores = 1;
+    secure = false;
+  };
+
+  boot.loader.grub.enable = false;
+  boot.loader.systemd-boot.enable = true;
+
+  krebs.build = {
+    host = config.krebs.hosts.minimal;
+    user = config.krebs.users.krebs;
+  };
+}
diff --git a/krebs/0tests/data/test-source.nix b/krebs/0tests/data/test-source.nix
new file mode 100644
index 00000000..dfc6b329
--- /dev/null
+++ b/krebs/0tests/data/test-source.nix
@@ -0,0 +1,12 @@
+with import <stockholm/lib>;
+evalSource "" [{
+  nixos-config = {
+    symlink.target = toString ./test-config;
+  };
+  nixpkgs = {
+    symlink.target = toString <nixpkgs>;
+  };
+  stockholm = {
+    symlink.target = toString <stockholm>;
+  };
+}]
diff --git a/krebs/0tests/default.nix b/krebs/0tests/default.nix
new file mode 100644
index 00000000..c0ca0029
--- /dev/null
+++ b/krebs/0tests/default.nix
@@ -0,0 +1,6 @@
+with import <stockholm/lib>;
+{ ... }:
+
+{
+  deploy = import ./deploy.nix;
+}
diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix
new file mode 100644
index 00000000..d9696350
--- /dev/null
+++ b/krebs/0tests/deploy.nix
@@ -0,0 +1,106 @@
+with import <stockholm/lib>;
+import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
+
+let
+  pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
+  test-config = <stockholm/krebs/0tests/data/test-config.nix>;
+  privKey = ''
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy
+    ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ
+    AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz
+    eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ=
+    -----END OPENSSH PRIVATE KEY-----
+  '';
+  pubKey = ''
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1
+  '';
+
+  ssh-config = pkgs.writeText "ssh-config" ''
+    Host server
+        StrictHostKeyChecking no
+        UserKnownHostsFile=/dev/null
+  '';
+
+  populate-source = {
+    nixos-config = {
+      symlink.target = test-config;
+      type = "symlink";
+    };
+    nixpkgs = {
+      symlink.target = <nixpkgs>;
+      type = "symlink";
+    };
+    stockholm = {
+      symlink.target = <stockholm>;
+      type = "symlink";
+    };
+  };
+
+  test-deploy = pkgs.writeDash "test-deploy" ''
+    cd ${<stockholm>}
+    export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH
+    exec >&2
+    source=${pkgs.writeJSON "source.json" populate-source}
+    LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
+    # TODO: make deploy work
+    #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
+    #    --force-populate \
+    #    --source=${./data/test-source.nix} \
+    #    --system=server \
+  '';
+  minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
+    modules = [
+      test-config
+    ];
+  }).config.system.build.toplevel;
+
+in {
+  name = "deploy";
+
+  nodes = {
+
+    server =
+      { config, pkgs, ... }:
+
+      {
+        imports = [ test-config ];
+        environment.variables = {
+          NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}";
+        };
+        services.openssh.enable = true;
+        users.extraUsers.root.openssh.authorizedKeys.keys = [
+          pubKey
+        ];
+        virtualisation.pathsInNixDB = [
+          minimalSystem
+        ];
+        environment.systemPackages = [ pkgs.git ];
+      };
+
+    client =
+      { config, pkgs, ... }:
+      { };
+  };
+
+  testScript = ''
+    startAll;
+
+    $server->waitForUnit("sshd");
+
+    $client->succeed("mkdir -p -m 700 /root/.ssh");
+    $client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519");
+    $client->succeed("cp ${ssh-config} /root/.ssh/config");
+    $client->succeed("chmod 600 /root/.ssh/id_ed25519");
+
+    $server->waitForUnit("network.target");
+    $server->succeed("ip route show 1>&2");
+    $client->waitForUnit("network.target");
+    $client->succeed("${test-deploy}");
+    $server->succeed("nixos-rebuild -I /var/src switch");
+
+    $client->shutdown;
+    $server->shutdown;
+  '';
+})