nixos/tests/initrd-secrets.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / tests / initrd-secrets.nix

at 23.11-pre 1.3 kB view raw

 1{ system ? builtins.currentSystem
 2, config ? {}
 3, pkgs ? import ../.. { inherit system config; }
 4, lib ? pkgs.lib
 5, testing ? import ../lib/testing-python.nix { inherit system pkgs; }
 6}:
 7let
 8  secretInStore = pkgs.writeText "topsecret" "iamasecret";
 9  testWithCompressor = compressor: testing.makeTest {
10    name = "initrd-secrets-${compressor}";
11
12    meta.maintainers = [ lib.maintainers.lheckemann ];
13
14    nodes.machine = { ... }: {
15      virtualisation.useBootLoader = true;
16      boot.initrd.secrets = {
17        "/test" = secretInStore;
18
19        # This should *not* need to be copied in postMountCommands
20        "/run/keys/test" = secretInStore;
21      };
22      boot.initrd.postMountCommands = ''
23        cp /test /mnt-root/secret-from-initramfs
24      '';
25      boot.initrd.compressor = compressor;
26      # zstd compression is only supported from 5.9 onwards. Remove when 5.10 becomes default.
27      boot.kernelPackages = pkgs.linuxPackages_latest;
28    };
29
30    testScript = ''
31      start_all()
32      machine.wait_for_unit("multi-user.target")
33      machine.succeed(
34          "cmp ${secretInStore} /secret-from-initramfs",
35          "cmp ${secretInStore} /run/keys/test",
36      )
37    '';
38  };
39in lib.flip lib.genAttrs testWithCompressor [
40  "cat" "gzip" "bzip2" "xz" "lzma" "lzop" "pigz" "pixz" "zstd"
41]