nixos/tests/google-oslogin/server.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / tests / google-oslogin / server.nix

at 21.11-pre 802 B view raw

 1{ pkgs, ... }:
 2let
 3  inherit (import ./../ssh-keys.nix pkgs)
 4    snakeOilPrivateKey snakeOilPublicKey;
 5in {
 6  networking.firewall.allowedTCPPorts = [ 80 ];
 7
 8  systemd.services.mock-google-metadata = {
 9    description = "Mock Google metadata service";
10    serviceConfig.Type = "simple";
11    serviceConfig.ExecStart = "${pkgs.python3}/bin/python ${./server.py}";
12    environment = {
13      SNAKEOIL_PUBLIC_KEY = snakeOilPublicKey;
14    };
15    wantedBy = [ "multi-user.target" ];
16    after = [ "network.target" ];
17  };
18
19  services.openssh.enable = true;
20  services.openssh.challengeResponseAuthentication = false;
21  services.openssh.passwordAuthentication = false;
22
23  security.googleOsLogin.enable = true;
24
25  # Mock google service
26  networking.extraHosts = ''
27    127.0.0.1 metadata.google.internal
28  '';
29}