nixos/tests/gitolite.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / gitolite.nix
at 23.05-pre 5.2 kB view raw
  1import ./make-test-python.nix ({ pkgs, ...}:
  2
  3let
  4  adminPrivateKey = pkgs.writeText "id_ed25519" ''
  5    -----BEGIN OPENSSH PRIVATE KEY-----
  6    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
  7    QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM
  8    QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g
  9    AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3
 10    W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU=
 11    -----END OPENSSH PRIVATE KEY-----
 12  '';
 13
 14  adminPublicKey = ''
 15    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
 16  '';
 17
 18  alicePrivateKey = pkgs.writeText "id_ed25519" ''
 19    -----BEGIN OPENSSH PRIVATE KEY-----
 20    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 21    QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
 22    VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
 23    AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
 24    Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
 25    -----END OPENSSH PRIVATE KEY-----
 26  '';
 27
 28  alicePublicKey = pkgs.writeText "id_ed25519.pub" ''
 29    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client
 30  '';
 31
 32  bobPrivateKey = pkgs.writeText "id_ed25519" ''
 33    -----BEGIN OPENSSH PRIVATE KEY-----
 34    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 35    QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj
 36    VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA
 37    AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN
 38    6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU=
 39    -----END OPENSSH PRIVATE KEY-----
 40  '';
 41
 42  bobPublicKey = pkgs.writeText "id_ed25519.pub" ''
 43    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
 44  '';
 45
 46  gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" ''
 47    repo alice-project
 48        RW+     =   alice
 49  '';
 50in
 51{
 52  name = "gitolite";
 53
 54  meta = with pkgs.lib.maintainers; {
 55    maintainers = [ bjornfor ];
 56  };
 57
 58  nodes = {
 59
 60    server =
 61      { ... }:
 62      {
 63        services.gitolite = {
 64          enable = true;
 65          adminPubkey = adminPublicKey;
 66        };
 67        services.openssh.enable = true;
 68      };
 69
 70    client =
 71      { pkgs, ... }:
 72      {
 73        environment.systemPackages = [ pkgs.git ];
 74        programs.ssh.extraConfig = ''
 75          Host *
 76            UserKnownHostsFile /dev/null
 77            StrictHostKeyChecking no
 78            # there's nobody around that can input password
 79            PreferredAuthentications publickey
 80        '';
 81        users.users.alice = { isNormalUser = true; };
 82        users.users.bob = { isNormalUser = true; };
 83      };
 84
 85  };
 86
 87  testScript = ''
 88    start_all()
 89
 90    with subtest("can setup ssh keys on system"):
 91        client.succeed(
 92            "mkdir -p ~root/.ssh",
 93            "cp ${adminPrivateKey} ~root/.ssh/id_ed25519",
 94            "chmod 600 ~root/.ssh/id_ed25519",
 95        )
 96        client.succeed(
 97            "sudo -u alice mkdir -p ~alice/.ssh",
 98            "sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519",
 99            "sudo -u alice chmod 600 ~alice/.ssh/id_ed25519",
100        )
101        client.succeed(
102            "sudo -u bob mkdir -p ~bob/.ssh",
103            "sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519",
104            "sudo -u bob chmod 600 ~bob/.ssh/id_ed25519",
105        )
106
107    with subtest("gitolite server starts"):
108        server.wait_for_unit("gitolite-init.service")
109        server.wait_for_unit("sshd.service")
110        client.succeed("ssh -n gitolite@server info")
111
112    with subtest("admin can clone and configure gitolite-admin.git"):
113        client.succeed(
114            "git clone gitolite@server:gitolite-admin.git",
115            "git config --global user.name 'System Administrator'",
116            "git config --global user.email root\@domain.example",
117            "cp ${alicePublicKey} gitolite-admin/keydir/alice.pub",
118            "cp ${bobPublicKey} gitolite-admin/keydir/bob.pub",
119            "(cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push)",
120            "cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf",
121            "(cd gitolite-admin && git add . && git commit -m 'Add repo for alice' && git push)",
122        )
123
124    with subtest("non-admins cannot clone gitolite-admin.git"):
125        client.fail("sudo -i -u alice git clone gitolite@server:gitolite-admin.git")
126        client.fail("sudo -i -u bob git clone gitolite@server:gitolite-admin.git")
127
128    with subtest("non-admins can clone testing.git"):
129        client.succeed("sudo -i -u alice git clone gitolite@server:testing.git")
130        client.succeed("sudo -i -u bob git clone gitolite@server:testing.git")
131
132    with subtest("alice can clone alice-project.git"):
133        client.succeed("sudo -i -u alice git clone gitolite@server:alice-project.git")
134
135    with subtest("bob cannot clone alice-project.git"):
136        client.fail("sudo -i -u bob git clone gitolite@server:alice-project.git")
137  '';
138})