pyrox.dev
1import ./make-test.nix ({ pkgs, ...}:
2
3let
4 adminPrivateKey = pkgs.writeText "id_ed25519" ''
5 -----BEGIN OPENSSH PRIVATE KEY-----
6 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
7 QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM
8 QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g
9 AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3
10 W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU=
11 -----END OPENSSH PRIVATE KEY-----
12 '';
13
14 adminPublicKey = ''
15 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
16 '';
17
18 alicePrivateKey = pkgs.writeText "id_ed25519" ''
19 -----BEGIN OPENSSH PRIVATE KEY-----
20 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
21 QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
22 VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
23 AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
24 Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
25 -----END OPENSSH PRIVATE KEY-----
26 '';
27
28 alicePublicKey = pkgs.writeText "id_ed25519.pub" ''
29 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client
30 '';
31
32 bobPrivateKey = pkgs.writeText "id_ed25519" ''
33 -----BEGIN OPENSSH PRIVATE KEY-----
34 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
35 QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj
36 VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA
37 AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN
38 6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU=
39 -----END OPENSSH PRIVATE KEY-----
40 '';
41
42 bobPublicKey = pkgs.writeText "id_ed25519.pub" ''
43 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
44 '';
45
46 gitoliteAdminConfSnippet = ''
47 repo alice-project
48 RW+ = alice
49 '';
50in
51{
52 name = "gitolite";
53
54 meta = with pkgs.stdenv.lib.maintainers; {
55 maintainers = [ bjornfor ];
56 };
57
58 nodes = {
59
60 server =
61 { config, pkgs, lib, ... }:
62 {
63 services.gitolite = {
64 enable = true;
65 adminPubkey = adminPublicKey;
66 };
67 services.openssh.enable = true;
68 };
69
70 client =
71 { config, pkgs, lib, ... }:
72 {
73 environment.systemPackages = [ pkgs.git ];
74 programs.ssh.extraConfig = ''
75 Host *
76 UserKnownHostsFile /dev/null
77 StrictHostKeyChecking no
78 # there's nobody around that can input password
79 PreferredAuthentications publickey
80 '';
81 users.extraUsers.alice = { isNormalUser = true; };
82 users.extraUsers.bob = { isNormalUser = true; };
83 };
84
85 };
86
87 testScript = ''
88 startAll;
89
90 subtest "can setup ssh keys on system", sub {
91 $client->mustSucceed("mkdir -p ~root/.ssh");
92 $client->mustSucceed("cp ${adminPrivateKey} ~root/.ssh/id_ed25519");
93 $client->mustSucceed("chmod 600 ~root/.ssh/id_ed25519");
94
95 $client->mustSucceed("sudo -u alice mkdir -p ~alice/.ssh");
96 $client->mustSucceed("sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519");
97 $client->mustSucceed("sudo -u alice chmod 600 ~alice/.ssh/id_ed25519");
98
99 $client->mustSucceed("sudo -u bob mkdir -p ~bob/.ssh");
100 $client->mustSucceed("sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519");
101 $client->mustSucceed("sudo -u bob chmod 600 ~bob/.ssh/id_ed25519");
102 };
103
104 subtest "gitolite server starts", sub {
105 $server->waitForUnit("gitolite-init.service");
106 $server->waitForUnit("sshd.service");
107 $client->mustSucceed('ssh gitolite@server info');
108 };
109
110 subtest "admin can clone and configure gitolite-admin.git", sub {
111 $client->mustSucceed('git clone gitolite@server:gitolite-admin.git');
112 $client->mustSucceed("git config --global user.name 'System Administrator'");
113 $client->mustSucceed("git config --global user.email root\@domain.example");
114 $client->mustSucceed("cp ${alicePublicKey} gitolite-admin/keydir/alice.pub");
115 $client->mustSucceed("cp ${bobPublicKey} gitolite-admin/keydir/bob.pub");
116 $client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add keys for alice, bob" && git push)');
117 $client->mustSucceed("printf '${gitoliteAdminConfSnippet}' >> gitolite-admin/conf/gitolite.conf");
118 $client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add repo for alice" && git push)');
119 };
120
121 subtest "non-admins cannot clone gitolite-admin.git", sub {
122 $client->mustFail('sudo -i -u alice git clone gitolite@server:gitolite-admin.git');
123 $client->mustFail('sudo -i -u bob git clone gitolite@server:gitolite-admin.git');
124 };
125
126 subtest "non-admins can clone testing.git", sub {
127 $client->mustSucceed('sudo -i -u alice git clone gitolite@server:testing.git');
128 $client->mustSucceed('sudo -i -u bob git clone gitolite@server:testing.git');
129 };
130
131 subtest "alice can clone alice-project.git", sub {
132 $client->mustSucceed('sudo -i -u alice git clone gitolite@server:alice-project.git');
133 };
134
135 subtest "bob cannot clone alice-project.git", sub {
136 $client->mustFail('sudo -i -u bob git clone gitolite@server:alice-project.git');
137 };
138 '';
139})