pyrox.dev
1import ./make-test-python.nix ({ lib, pkgs, ... }:
2let
3 gpgKeyring = (pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
4 mkdir -p $out
5 export GNUPGHOME=$out
6 cat > foo <<EOF
7 %echo Generating a basic OpenPGP key
8 %no-protection
9 Key-Type: DSA
10 Key-Length: 1024
11 Subkey-Type: ELG-E
12 Subkey-Length: 1024
13 Name-Real: Foo Example
14 Name-Email: foo@example.org
15 Expire-Date: 0
16 # Do a commit here, so that we can later print "done"
17 %commit
18 %echo done
19 EOF
20 gpg --batch --generate-key foo
21 rm $out/S.gpg-agent $out/S.gpg-agent.*
22 '');
23in {
24 name = "hockeypuck";
25 meta.maintainers = with lib.maintainers; [ etu ];
26
27 nodes.machine = { ... }: {
28 # Used for test
29 environment.systemPackages = [ pkgs.gnupg ];
30
31 services.hockeypuck.enable = true;
32
33 services.postgresql = {
34 enable = true;
35 ensureDatabases = [ "hockeypuck" ];
36 ensureUsers = [{
37 name = "hockeypuck";
38 ensureDBOwnership = true;
39 }];
40 };
41 };
42
43 testScript = ''
44 machine.wait_for_unit("hockeypuck.service")
45 machine.wait_for_open_port(11371)
46
47 response = machine.succeed("curl -vvv -s http://127.0.0.1:11371/")
48
49 assert "<title>OpenPGP Keyserver</title>" in response, "HTML title not found"
50
51 # Copy the keyring
52 machine.succeed("cp -R ${gpgKeyring} /tmp/GNUPGHOME")
53
54 # Extract our GPG key id
55 keyId = machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --list-keys | grep dsa1024 --after-context=1 | grep -v dsa1024").strip()
56
57 # Send the key to our local keyserver
58 machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --keyserver hkp://127.0.0.1:11371 --send-keys " + keyId)
59
60 # Receive the key from our local keyserver to a separate directory
61 machine.succeed("GNUPGHOME=$(mktemp -d) gpg --keyserver hkp://127.0.0.1:11371 --recv-keys " + keyId)
62 '';
63})