From 47c0b0261eabdf230bfc7a375a3a008a04b61c4a Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 9 May 2018 11:11:50 +0200 Subject: krebs: 6tests -> 0tests --- krebs/0tests/data/secrets/grafana_security.nix | 1 + krebs/0tests/data/secrets/hashedPasswords.nix | 1 + krebs/0tests/data/secrets/retiolum.rsa_key.priv | 0 .../data/secrets/shackspace-gitlab-ci-token.nix | 1 + krebs/0tests/data/secrets/ssh.id_ed25519 | 0 krebs/0tests/data/test-config.nix | 22 +++++ krebs/0tests/data/test-source.nix | 12 +++ krebs/0tests/default.nix | 6 ++ krebs/0tests/deploy.nix | 106 +++++++++++++++++++++ krebs/3modules/ci.nix | 2 +- krebs/6tests/data/secrets/grafana_security.nix | 1 - krebs/6tests/data/secrets/hashedPasswords.nix | 1 - krebs/6tests/data/secrets/retiolum.rsa_key.priv | 0 .../data/secrets/shackspace-gitlab-ci-token.nix | 1 - krebs/6tests/data/secrets/ssh.id_ed25519 | 0 krebs/6tests/data/test-config.nix | 22 ----- krebs/6tests/data/test-source.nix | 12 --- krebs/6tests/default.nix | 6 -- krebs/6tests/deploy.nix | 106 --------------------- krebs/kops.nix | 2 +- krebs/source.nix | 2 +- makefu/0tests/data/secrets/auth.nix | 3 + makefu/0tests/data/secrets/bepasty-secret.nix | 1 + .../secrets/bgt_cyberwar_hidden_service/hostname | 1 + makefu/0tests/data/secrets/daemon-pw | 1 + .../data/secrets/dl.euer.krebsco.de-auth.nix | 1 + makefu/0tests/data/secrets/extra-hosts.nix | 1 + makefu/0tests/data/secrets/grafana_security.nix | 5 + makefu/0tests/data/secrets/hashedPasswords.nix | 1 + makefu/0tests/data/secrets/iodinepw.nix | 1 + makefu/0tests/data/secrets/kibana-auth.nix | 4 + makefu/0tests/data/secrets/nsupdate-data.nix | 1 + makefu/0tests/data/secrets/nsupdate-search.nix | 3 + .../0tests/data/secrets/retiolum-ci.rsa_key.priv | 0 makefu/0tests/data/secrets/retiolum.rsa_key.priv | 0 makefu/0tests/data/secrets/retiolum.rsa_key.pub | 0 makefu/0tests/data/secrets/sambacred | 0 .../data/secrets/shackspace-gitlab-ci-token.nix | 1 + makefu/0tests/data/secrets/ssh.id_ed25519 | 0 makefu/0tests/data/secrets/ssh.makefu.id_rsa | 0 makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub | 0 makefu/0tests/data/secrets/ssh_host_ed25519_key | 0 makefu/0tests/data/secrets/ssh_host_rsa_key | 0 makefu/0tests/data/secrets/tinc.krebsco.de.crt | 0 makefu/0tests/data/secrets/tinc.krebsco.de.key | 0 makefu/0tests/data/secrets/tw-pass.ini | 0 makefu/0tests/data/secrets/wildcard.krebsco.de.crt | 0 makefu/0tests/data/secrets/wildcard.krebsco.de.key | 0 makefu/6tests/data/secrets/auth.nix | 3 - makefu/6tests/data/secrets/bepasty-secret.nix | 1 - .../secrets/bgt_cyberwar_hidden_service/hostname | 1 - makefu/6tests/data/secrets/daemon-pw | 1 - .../data/secrets/dl.euer.krebsco.de-auth.nix | 1 - makefu/6tests/data/secrets/extra-hosts.nix | 1 - makefu/6tests/data/secrets/grafana_security.nix | 5 - makefu/6tests/data/secrets/hashedPasswords.nix | 1 - makefu/6tests/data/secrets/iodinepw.nix | 1 - makefu/6tests/data/secrets/kibana-auth.nix | 4 - makefu/6tests/data/secrets/nsupdate-data.nix | 1 - makefu/6tests/data/secrets/nsupdate-search.nix | 3 - .../6tests/data/secrets/retiolum-ci.rsa_key.priv | 0 makefu/6tests/data/secrets/retiolum.rsa_key.priv | 0 makefu/6tests/data/secrets/retiolum.rsa_key.pub | 0 makefu/6tests/data/secrets/sambacred | 0 .../data/secrets/shackspace-gitlab-ci-token.nix | 1 - makefu/6tests/data/secrets/ssh.id_ed25519 | 0 makefu/6tests/data/secrets/ssh.makefu.id_rsa | 0 makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub | 0 makefu/6tests/data/secrets/ssh_host_ed25519_key | 0 makefu/6tests/data/secrets/ssh_host_rsa_key | 0 makefu/6tests/data/secrets/tinc.krebsco.de.crt | 0 makefu/6tests/data/secrets/tinc.krebsco.de.key | 0 makefu/6tests/data/secrets/tw-pass.ini | 0 makefu/6tests/data/secrets/wildcard.krebsco.de.crt | 0 makefu/6tests/data/secrets/wildcard.krebsco.de.key | 0 makefu/source.nix | 4 +- nin/0tests/dummysecrets/hashedPasswords.nix | 1 + nin/0tests/dummysecrets/ssh.id_ed25519 | 0 nin/6tests/dummysecrets/hashedPasswords.nix | 1 - nin/6tests/dummysecrets/ssh.id_ed25519 | 0 nin/source.nix | 2 +- 81 files changed, 180 insertions(+), 180 deletions(-) create mode 100644 krebs/0tests/data/secrets/grafana_security.nix create mode 100644 krebs/0tests/data/secrets/hashedPasswords.nix create mode 100644 krebs/0tests/data/secrets/retiolum.rsa_key.priv create mode 100644 krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix create mode 100644 krebs/0tests/data/secrets/ssh.id_ed25519 create mode 100644 krebs/0tests/data/test-config.nix create mode 100644 krebs/0tests/data/test-source.nix create mode 100644 krebs/0tests/default.nix create mode 100644 krebs/0tests/deploy.nix delete mode 100644 krebs/6tests/data/secrets/grafana_security.nix delete mode 100644 krebs/6tests/data/secrets/hashedPasswords.nix delete mode 100644 krebs/6tests/data/secrets/retiolum.rsa_key.priv delete mode 100644 krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix delete mode 100644 krebs/6tests/data/secrets/ssh.id_ed25519 delete mode 100644 krebs/6tests/data/test-config.nix delete mode 100644 krebs/6tests/data/test-source.nix delete mode 100644 krebs/6tests/default.nix delete mode 100644 krebs/6tests/deploy.nix create mode 100644 makefu/0tests/data/secrets/auth.nix create mode 100644 makefu/0tests/data/secrets/bepasty-secret.nix create mode 100644 makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname create mode 100644 makefu/0tests/data/secrets/daemon-pw create mode 100644 makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix create mode 100644 makefu/0tests/data/secrets/extra-hosts.nix create mode 100644 makefu/0tests/data/secrets/grafana_security.nix create mode 100644 makefu/0tests/data/secrets/hashedPasswords.nix create mode 100644 makefu/0tests/data/secrets/iodinepw.nix create mode 100644 makefu/0tests/data/secrets/kibana-auth.nix create mode 100644 makefu/0tests/data/secrets/nsupdate-data.nix create mode 100644 makefu/0tests/data/secrets/nsupdate-search.nix create mode 100644 makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv create mode 100644 makefu/0tests/data/secrets/retiolum.rsa_key.priv create mode 100644 makefu/0tests/data/secrets/retiolum.rsa_key.pub create mode 100644 makefu/0tests/data/secrets/sambacred create mode 100644 makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix create mode 100644 makefu/0tests/data/secrets/ssh.id_ed25519 create mode 100644 makefu/0tests/data/secrets/ssh.makefu.id_rsa create mode 100644 makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub create mode 100644 makefu/0tests/data/secrets/ssh_host_ed25519_key create mode 100644 makefu/0tests/data/secrets/ssh_host_rsa_key create mode 100644 makefu/0tests/data/secrets/tinc.krebsco.de.crt create mode 100644 makefu/0tests/data/secrets/tinc.krebsco.de.key create mode 100644 makefu/0tests/data/secrets/tw-pass.ini create mode 100644 makefu/0tests/data/secrets/wildcard.krebsco.de.crt create mode 100644 makefu/0tests/data/secrets/wildcard.krebsco.de.key delete mode 100644 makefu/6tests/data/secrets/auth.nix delete mode 100644 makefu/6tests/data/secrets/bepasty-secret.nix delete mode 100644 makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname delete mode 100644 makefu/6tests/data/secrets/daemon-pw delete mode 100644 makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix delete mode 100644 makefu/6tests/data/secrets/extra-hosts.nix delete mode 100644 makefu/6tests/data/secrets/grafana_security.nix delete mode 100644 makefu/6tests/data/secrets/hashedPasswords.nix delete mode 100644 makefu/6tests/data/secrets/iodinepw.nix delete mode 100644 makefu/6tests/data/secrets/kibana-auth.nix delete mode 100644 makefu/6tests/data/secrets/nsupdate-data.nix delete mode 100644 makefu/6tests/data/secrets/nsupdate-search.nix delete mode 100644 makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv delete mode 100644 makefu/6tests/data/secrets/retiolum.rsa_key.priv delete mode 100644 makefu/6tests/data/secrets/retiolum.rsa_key.pub delete mode 100644 makefu/6tests/data/secrets/sambacred delete mode 100644 makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix delete mode 100644 makefu/6tests/data/secrets/ssh.id_ed25519 delete mode 100644 makefu/6tests/data/secrets/ssh.makefu.id_rsa delete mode 100644 makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub delete mode 100644 makefu/6tests/data/secrets/ssh_host_ed25519_key delete mode 100644 makefu/6tests/data/secrets/ssh_host_rsa_key delete mode 100644 makefu/6tests/data/secrets/tinc.krebsco.de.crt delete mode 100644 makefu/6tests/data/secrets/tinc.krebsco.de.key delete mode 100644 makefu/6tests/data/secrets/tw-pass.ini delete mode 100644 makefu/6tests/data/secrets/wildcard.krebsco.de.crt delete mode 100644 makefu/6tests/data/secrets/wildcard.krebsco.de.key create mode 100644 nin/0tests/dummysecrets/hashedPasswords.nix create mode 100644 nin/0tests/dummysecrets/ssh.id_ed25519 delete mode 100644 nin/6tests/dummysecrets/hashedPasswords.nix delete mode 100644 nin/6tests/dummysecrets/ssh.id_ed25519 diff --git a/krebs/0tests/data/secrets/grafana_security.nix b/krebs/0tests/data/secrets/grafana_security.nix new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/krebs/0tests/data/secrets/grafana_security.nix @@ -0,0 +1 @@ +{} diff --git a/krebs/0tests/data/secrets/hashedPasswords.nix b/krebs/0tests/data/secrets/hashedPasswords.nix new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/krebs/0tests/data/secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/krebs/0tests/data/secrets/retiolum.rsa_key.priv b/krebs/0tests/data/secrets/retiolum.rsa_key.priv new file mode 100644 index 00000000..e69de29b diff --git a/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix new file mode 100644 index 00000000..963e6db8 --- /dev/null +++ b/krebs/0tests/data/secrets/shackspace-gitlab-ci-token.nix @@ -0,0 +1 @@ +"lol" diff --git a/krebs/0tests/data/secrets/ssh.id_ed25519 b/krebs/0tests/data/secrets/ssh.id_ed25519 new file mode 100644 index 00000000..e69de29b diff --git a/krebs/0tests/data/test-config.nix b/krebs/0tests/data/test-config.nix new file mode 100644 index 00000000..f0927ddd --- /dev/null +++ b/krebs/0tests/data/test-config.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + ]; + + krebs.hosts.minimal = { + cores = 1; + secure = false; + }; + + boot.loader.grub.enable = false; + boot.loader.systemd-boot.enable = true; + + krebs.build = { + host = config.krebs.hosts.minimal; + user = config.krebs.users.krebs; + }; +} diff --git a/krebs/0tests/data/test-source.nix b/krebs/0tests/data/test-source.nix new file mode 100644 index 00000000..dfc6b329 --- /dev/null +++ b/krebs/0tests/data/test-source.nix @@ -0,0 +1,12 @@ +with import ; +evalSource "" [{ + nixos-config = { + symlink.target = toString ./test-config; + }; + nixpkgs = { + symlink.target = toString ; + }; + stockholm = { + symlink.target = toString ; + }; +}] diff --git a/krebs/0tests/default.nix b/krebs/0tests/default.nix new file mode 100644 index 00000000..c0ca0029 --- /dev/null +++ b/krebs/0tests/default.nix @@ -0,0 +1,6 @@ +with import ; +{ ... }: + +{ + deploy = import ./deploy.nix; +} diff --git a/krebs/0tests/deploy.nix b/krebs/0tests/deploy.nix new file mode 100644 index 00000000..d9696350 --- /dev/null +++ b/krebs/0tests/deploy.nix @@ -0,0 +1,106 @@ +with import ; +import ({ ... }: + +let + pkgs = import { overlays = [(import ../5pkgs)]; }; + test-config = ; + privKey = '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy + ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ + AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz + eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ= + -----END OPENSSH PRIVATE KEY----- + ''; + pubKey = '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1 + ''; + + ssh-config = pkgs.writeText "ssh-config" '' + Host server + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null + ''; + + populate-source = { + nixos-config = { + symlink.target = test-config; + type = "symlink"; + }; + nixpkgs = { + symlink.target = ; + type = "symlink"; + }; + stockholm = { + symlink.target = ; + type = "symlink"; + }; + }; + + test-deploy = pkgs.writeDash "test-deploy" '' + cd ${} + export NIX_PATH=stockholm=${}:nixpkgs=${}:$NIX_PATH + exec >&2 + source=${pkgs.writeJSON "source.json" populate-source} + LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" + # TODO: make deploy work + #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ + # --force-populate \ + # --source=${./data/test-source.nix} \ + # --system=server \ + ''; + minimalSystem = (import { + modules = [ + test-config + ]; + }).config.system.build.toplevel; + +in { + name = "deploy"; + + nodes = { + + server = + { config, pkgs, ... }: + + { + imports = [ test-config ]; + environment.variables = { + NIX_PATH = mkForce "nixpkgs=${}"; + }; + services.openssh.enable = true; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + pubKey + ]; + virtualisation.pathsInNixDB = [ + minimalSystem + ]; + environment.systemPackages = [ pkgs.git ]; + }; + + client = + { config, pkgs, ... }: + { }; + }; + + testScript = '' + startAll; + + $server->waitForUnit("sshd"); + + $client->succeed("mkdir -p -m 700 /root/.ssh"); + $client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519"); + $client->succeed("cp ${ssh-config} /root/.ssh/config"); + $client->succeed("chmod 600 /root/.ssh/id_ed25519"); + + $server->waitForUnit("network.target"); + $server->succeed("ip route show 1>&2"); + $client->waitForUnit("network.target"); + $client->succeed("${test-deploy}"); + $server->succeed("nixos-rebuild -I /var/src switch"); + + $client->shutdown; + $server->shutdown; + ''; +}) diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index bb19f060..e97aa16e 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -147,7 +147,7 @@ in "dummy_secrets": "true", }, command=[ - "nix-build", "-I", "stockholm=.", "krebs/6tests", + "nix-build", "-I", "stockholm=.", "krebs/0tests", "-A", "{}".format(test) ], timeout=90001 diff --git a/krebs/6tests/data/secrets/grafana_security.nix b/krebs/6tests/data/secrets/grafana_security.nix deleted file mode 100644 index 0967ef42..00000000 --- a/krebs/6tests/data/secrets/grafana_security.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/krebs/6tests/data/secrets/hashedPasswords.nix b/krebs/6tests/data/secrets/hashedPasswords.nix deleted file mode 100644 index 0967ef42..00000000 --- a/krebs/6tests/data/secrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/krebs/6tests/data/secrets/retiolum.rsa_key.priv b/krebs/6tests/data/secrets/retiolum.rsa_key.priv deleted file mode 100644 index e69de29b..00000000 diff --git a/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix deleted file mode 100644 index 963e6db8..00000000 --- a/krebs/6tests/data/secrets/shackspace-gitlab-ci-token.nix +++ /dev/null @@ -1 +0,0 @@ -"lol" diff --git a/krebs/6tests/data/secrets/ssh.id_ed25519 b/krebs/6tests/data/secrets/ssh.id_ed25519 deleted file mode 100644 index e69de29b..00000000 diff --git a/krebs/6tests/data/test-config.nix b/krebs/6tests/data/test-config.nix deleted file mode 100644 index f0927ddd..00000000 --- a/krebs/6tests/data/test-config.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - - - - ]; - - krebs.hosts.minimal = { - cores = 1; - secure = false; - }; - - boot.loader.grub.enable = false; - boot.loader.systemd-boot.enable = true; - - krebs.build = { - host = config.krebs.hosts.minimal; - user = config.krebs.users.krebs; - }; -} diff --git a/krebs/6tests/data/test-source.nix b/krebs/6tests/data/test-source.nix deleted file mode 100644 index dfc6b329..00000000 --- a/krebs/6tests/data/test-source.nix +++ /dev/null @@ -1,12 +0,0 @@ -with import ; -evalSource "" [{ - nixos-config = { - symlink.target = toString ./test-config; - }; - nixpkgs = { - symlink.target = toString ; - }; - stockholm = { - symlink.target = toString ; - }; -}] diff --git a/krebs/6tests/default.nix b/krebs/6tests/default.nix deleted file mode 100644 index c0ca0029..00000000 --- a/krebs/6tests/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -with import ; -{ ... }: - -{ - deploy = import ./deploy.nix; -} diff --git a/krebs/6tests/deploy.nix b/krebs/6tests/deploy.nix deleted file mode 100644 index 156e9239..00000000 --- a/krebs/6tests/deploy.nix +++ /dev/null @@ -1,106 +0,0 @@ -with import ; -import ({ ... }: - -let - pkgs = import { overlays = [(import ../5pkgs)]; }; - test-config = ; - privKey = '' - -----BEGIN OPENSSH PRIVATE KEY----- - b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW - QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy - ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ - AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz - eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ= - -----END OPENSSH PRIVATE KEY----- - ''; - pubKey = '' - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1 - ''; - - ssh-config = pkgs.writeText "ssh-config" '' - Host server - StrictHostKeyChecking no - UserKnownHostsFile=/dev/null - ''; - - populate-source = { - nixos-config = { - symlink.target = test-config; - type = "symlink"; - }; - nixpkgs = { - symlink.target = ; - type = "symlink"; - }; - stockholm = { - symlink.target = ; - type = "symlink"; - }; - }; - - test-deploy = pkgs.writeDash "test-deploy" '' - cd ${} - export NIX_PATH=stockholm=${}:nixpkgs=${}:$NIX_PATH - exec >&2 - source=${pkgs.writeJSON "source.json" populate-source} - LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source" - # TODO: make deploy work - #LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \ - # --force-populate \ - # --source=${./data/test-source.nix} \ - # --system=server \ - ''; - minimalSystem = (import { - modules = [ - test-config - ]; - }).config.system.build.toplevel; - -in { - name = "deploy"; - - nodes = { - - server = - { config, pkgs, ... }: - - { - imports = [ test-config ]; - environment.variables = { - NIX_PATH = mkForce "nixpkgs=${}"; - }; - services.openssh.enable = true; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - pubKey - ]; - virtualisation.pathsInNixDB = [ - minimalSystem - ]; - environment.systemPackages = [ pkgs.git ]; - }; - - client = - { config, pkgs, ... }: - { }; - }; - - testScript = '' - startAll; - - $server->waitForUnit("sshd"); - - $client->succeed("mkdir -p -m 700 /root/.ssh"); - $client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519"); - $client->succeed("cp ${ssh-config} /root/.ssh/config"); - $client->succeed("chmod 600 /root/.ssh/id_ed25519"); - - $server->waitForUnit("network.target"); - $server->succeed("ip route show 1>&2"); - $client->waitForUnit("network.target"); - $client->succeed("${test-deploy}"); - $server->succeed("nixos-rebuild -I /var/src switch"); - - $client->shutdown; - $server->shutdown; - ''; -}) diff --git a/krebs/kops.nix b/krebs/kops.nix index abd60ee5..561b017b 100644 --- a/krebs/kops.nix +++ b/krebs/kops.nix @@ -38,7 +38,7 @@ secrets = if test then { - file = toString ; + file = toString ; } else { pass = { diff --git a/krebs/source.nix b/krebs/source.nix index 3ee12b37..49f464f6 100644 --- a/krebs/source.nix +++ b/krebs/source.nix @@ -14,7 +14,7 @@ in { nixos-config.symlink = "stockholm/krebs/1systems/${name}/config.nix"; secrets = getAttr builder { - buildbot.file = toString ; + buildbot.file = toString ; krebs.pass = { dir = "${getEnv "HOME"}/brain"; name = "krebs-secrets/${name}"; diff --git a/makefu/0tests/data/secrets/auth.nix b/makefu/0tests/data/secrets/auth.nix new file mode 100644 index 00000000..92d5c34a --- /dev/null +++ b/makefu/0tests/data/secrets/auth.nix @@ -0,0 +1,3 @@ +{ + user = "password"; +} diff --git a/makefu/0tests/data/secrets/bepasty-secret.nix b/makefu/0tests/data/secrets/bepasty-secret.nix new file mode 100644 index 00000000..f5e70470 --- /dev/null +++ b/makefu/0tests/data/secrets/bepasty-secret.nix @@ -0,0 +1 @@ +"derp" diff --git a/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname new file mode 100644 index 00000000..2ae3807f --- /dev/null +++ b/makefu/0tests/data/secrets/bgt_cyberwar_hidden_service/hostname @@ -0,0 +1 @@ +dickbutt2342.onion diff --git a/makefu/0tests/data/secrets/daemon-pw b/makefu/0tests/data/secrets/daemon-pw new file mode 100644 index 00000000..e16c76df --- /dev/null +++ b/makefu/0tests/data/secrets/daemon-pw @@ -0,0 +1 @@ +"" diff --git a/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix b/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/makefu/0tests/data/secrets/dl.euer.krebsco.de-auth.nix @@ -0,0 +1 @@ +{} diff --git a/makefu/0tests/data/secrets/extra-hosts.nix b/makefu/0tests/data/secrets/extra-hosts.nix new file mode 100644 index 00000000..e16c76df --- /dev/null +++ b/makefu/0tests/data/secrets/extra-hosts.nix @@ -0,0 +1 @@ +"" diff --git a/makefu/0tests/data/secrets/grafana_security.nix b/makefu/0tests/data/secrets/grafana_security.nix new file mode 100644 index 00000000..f9096b7c --- /dev/null +++ b/makefu/0tests/data/secrets/grafana_security.nix @@ -0,0 +1,5 @@ +{ + adminUser = "dick"; + adminPassword = "butt"; +} + diff --git a/makefu/0tests/data/secrets/hashedPasswords.nix b/makefu/0tests/data/secrets/hashedPasswords.nix new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/makefu/0tests/data/secrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/makefu/0tests/data/secrets/iodinepw.nix b/makefu/0tests/data/secrets/iodinepw.nix new file mode 100644 index 00000000..f5e70470 --- /dev/null +++ b/makefu/0tests/data/secrets/iodinepw.nix @@ -0,0 +1 @@ +"derp" diff --git a/makefu/0tests/data/secrets/kibana-auth.nix b/makefu/0tests/data/secrets/kibana-auth.nix new file mode 100644 index 00000000..80e8f44c --- /dev/null +++ b/makefu/0tests/data/secrets/kibana-auth.nix @@ -0,0 +1,4 @@ +{ + "dick" = "butt"; +} + diff --git a/makefu/0tests/data/secrets/nsupdate-data.nix b/makefu/0tests/data/secrets/nsupdate-data.nix new file mode 100644 index 00000000..e76c0e87 --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-data.nix @@ -0,0 +1 @@ +{ "lol" = "wut"; } diff --git a/makefu/0tests/data/secrets/nsupdate-search.nix b/makefu/0tests/data/secrets/nsupdate-search.nix new file mode 100644 index 00000000..a9646aeb --- /dev/null +++ b/makefu/0tests/data/secrets/nsupdate-search.nix @@ -0,0 +1,3 @@ +{ + "dick.nsupdate.info" = "butt"; +} diff --git a/makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv b/makefu/0tests/data/secrets/retiolum-ci.rsa_key.priv new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/retiolum.rsa_key.priv b/makefu/0tests/data/secrets/retiolum.rsa_key.priv new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/retiolum.rsa_key.pub b/makefu/0tests/data/secrets/retiolum.rsa_key.pub new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/sambacred b/makefu/0tests/data/secrets/sambacred new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix b/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix new file mode 100644 index 00000000..963e6db8 --- /dev/null +++ b/makefu/0tests/data/secrets/shackspace-gitlab-ci-token.nix @@ -0,0 +1 @@ +"lol" diff --git a/makefu/0tests/data/secrets/ssh.id_ed25519 b/makefu/0tests/data/secrets/ssh.id_ed25519 new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/ssh.makefu.id_rsa b/makefu/0tests/data/secrets/ssh.makefu.id_rsa new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub b/makefu/0tests/data/secrets/ssh.makefu.id_rsa.pub new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/ssh_host_ed25519_key b/makefu/0tests/data/secrets/ssh_host_ed25519_key new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/ssh_host_rsa_key b/makefu/0tests/data/secrets/ssh_host_rsa_key new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/tinc.krebsco.de.crt b/makefu/0tests/data/secrets/tinc.krebsco.de.crt new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/tinc.krebsco.de.key b/makefu/0tests/data/secrets/tinc.krebsco.de.key new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/tw-pass.ini b/makefu/0tests/data/secrets/tw-pass.ini new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/wildcard.krebsco.de.crt b/makefu/0tests/data/secrets/wildcard.krebsco.de.crt new file mode 100644 index 00000000..e69de29b diff --git a/makefu/0tests/data/secrets/wildcard.krebsco.de.key b/makefu/0tests/data/secrets/wildcard.krebsco.de.key new file mode 100644 index 00000000..e69de29b diff --git a/makefu/6tests/data/secrets/auth.nix b/makefu/6tests/data/secrets/auth.nix deleted file mode 100644 index 92d5c34a..00000000 --- a/makefu/6tests/data/secrets/auth.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - user = "password"; -} diff --git a/makefu/6tests/data/secrets/bepasty-secret.nix b/makefu/6tests/data/secrets/bepasty-secret.nix deleted file mode 100644 index f5e70470..00000000 --- a/makefu/6tests/data/secrets/bepasty-secret.nix +++ /dev/null @@ -1 +0,0 @@ -"derp" diff --git a/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname b/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname deleted file mode 100644 index 2ae3807f..00000000 --- a/makefu/6tests/data/secrets/bgt_cyberwar_hidden_service/hostname +++ /dev/null @@ -1 +0,0 @@ -dickbutt2342.onion diff --git a/makefu/6tests/data/secrets/daemon-pw b/makefu/6tests/data/secrets/daemon-pw deleted file mode 100644 index e16c76df..00000000 --- a/makefu/6tests/data/secrets/daemon-pw +++ /dev/null @@ -1 +0,0 @@ -"" diff --git a/makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix b/makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix deleted file mode 100644 index 0967ef42..00000000 --- a/makefu/6tests/data/secrets/dl.euer.krebsco.de-auth.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/makefu/6tests/data/secrets/extra-hosts.nix b/makefu/6tests/data/secrets/extra-hosts.nix deleted file mode 100644 index e16c76df..00000000 --- a/makefu/6tests/data/secrets/extra-hosts.nix +++ /dev/null @@ -1 +0,0 @@ -"" diff --git a/makefu/6tests/data/secrets/grafana_security.nix b/makefu/6tests/data/secrets/grafana_security.nix deleted file mode 100644 index f9096b7c..00000000 --- a/makefu/6tests/data/secrets/grafana_security.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - adminUser = "dick"; - adminPassword = "butt"; -} - diff --git a/makefu/6tests/data/secrets/hashedPasswords.nix b/makefu/6tests/data/secrets/hashedPasswords.nix deleted file mode 100644 index 0967ef42..00000000 --- a/makefu/6tests/data/secrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/makefu/6tests/data/secrets/iodinepw.nix b/makefu/6tests/data/secrets/iodinepw.nix deleted file mode 100644 index f5e70470..00000000 --- a/makefu/6tests/data/secrets/iodinepw.nix +++ /dev/null @@ -1 +0,0 @@ -"derp" diff --git a/makefu/6tests/data/secrets/kibana-auth.nix b/makefu/6tests/data/secrets/kibana-auth.nix deleted file mode 100644 index 80e8f44c..00000000 --- a/makefu/6tests/data/secrets/kibana-auth.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - "dick" = "butt"; -} - diff --git a/makefu/6tests/data/secrets/nsupdate-data.nix b/makefu/6tests/data/secrets/nsupdate-data.nix deleted file mode 100644 index e76c0e87..00000000 --- a/makefu/6tests/data/secrets/nsupdate-data.nix +++ /dev/null @@ -1 +0,0 @@ -{ "lol" = "wut"; } diff --git a/makefu/6tests/data/secrets/nsupdate-search.nix b/makefu/6tests/data/secrets/nsupdate-search.nix deleted file mode 100644 index a9646aeb..00000000 --- a/makefu/6tests/data/secrets/nsupdate-search.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - "dick.nsupdate.info" = "butt"; -} diff --git a/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv b/makefu/6tests/data/secrets/retiolum-ci.rsa_key.priv deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.priv b/makefu/6tests/data/secrets/retiolum.rsa_key.priv deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/retiolum.rsa_key.pub b/makefu/6tests/data/secrets/retiolum.rsa_key.pub deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/sambacred b/makefu/6tests/data/secrets/sambacred deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix b/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix deleted file mode 100644 index 963e6db8..00000000 --- a/makefu/6tests/data/secrets/shackspace-gitlab-ci-token.nix +++ /dev/null @@ -1 +0,0 @@ -"lol" diff --git a/makefu/6tests/data/secrets/ssh.id_ed25519 b/makefu/6tests/data/secrets/ssh.id_ed25519 deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa b/makefu/6tests/data/secrets/ssh.makefu.id_rsa deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub b/makefu/6tests/data/secrets/ssh.makefu.id_rsa.pub deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/ssh_host_ed25519_key b/makefu/6tests/data/secrets/ssh_host_ed25519_key deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/ssh_host_rsa_key b/makefu/6tests/data/secrets/ssh_host_rsa_key deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.crt b/makefu/6tests/data/secrets/tinc.krebsco.de.crt deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/tinc.krebsco.de.key b/makefu/6tests/data/secrets/tinc.krebsco.de.key deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/tw-pass.ini b/makefu/6tests/data/secrets/tw-pass.ini deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.crt b/makefu/6tests/data/secrets/wildcard.krebsco.de.crt deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/6tests/data/secrets/wildcard.krebsco.de.key b/makefu/6tests/data/secrets/wildcard.krebsco.de.key deleted file mode 100644 index e69de29b..00000000 diff --git a/makefu/source.nix b/makefu/source.nix index 40aeac8b..1039ba65 100644 --- a/makefu/source.nix +++ b/makefu/source.nix @@ -45,7 +45,7 @@ in }; secrets = getAttr builder { - buildbot.file = toString ; + buildbot.file = toString ; makefu.pass = { inherit name; dir = "${getEnv "HOME"}/.secrets-pass"; @@ -79,7 +79,7 @@ in (mkIf ( torrent ) { torrent-secrets = getAttr builder { - buildbot.file = toString ; + buildbot.file = toString ; makefu.pass = { name = "torrent"; dir = "${getEnv "HOME"}/.secrets-pass"; diff --git a/nin/0tests/dummysecrets/hashedPasswords.nix b/nin/0tests/dummysecrets/hashedPasswords.nix new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/nin/0tests/dummysecrets/hashedPasswords.nix @@ -0,0 +1 @@ +{} diff --git a/nin/0tests/dummysecrets/ssh.id_ed25519 b/nin/0tests/dummysecrets/ssh.id_ed25519 new file mode 100644 index 00000000..e69de29b diff --git a/nin/6tests/dummysecrets/hashedPasswords.nix b/nin/6tests/dummysecrets/hashedPasswords.nix deleted file mode 100644 index 0967ef42..00000000 --- a/nin/6tests/dummysecrets/hashedPasswords.nix +++ /dev/null @@ -1 +0,0 @@ -{} diff --git a/nin/6tests/dummysecrets/ssh.id_ed25519 b/nin/6tests/dummysecrets/ssh.id_ed25519 deleted file mode 100644 index e69de29b..00000000 diff --git a/nin/source.nix b/nin/source.nix index 9fb2cb39..ae13c558 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -13,7 +13,7 @@ in evalSource (toString _file) { nixos-config.symlink = "stockholm/nin/1systems/${name}/config.nix"; secrets.file = getAttr builder { - buildbot = toString ; + buildbot = toString ; nin = "/home/nin/secrets/${name}"; }; stockholm.file = toString ; -- cgit v1.2.3