pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / btrbk-doas.nix
at 25.11-pre 4.0 kB view raw
1import ./make-test-python.nix ( 2 { pkgs, ... }: 3 4 let 5 privateKey = '' 6 -----BEGIN OPENSSH PRIVATE KEY----- 7 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW 8 QyNTUxOQAAACBx8UB04Q6Q/fwDFjakHq904PYFzG9pU2TJ9KXpaPMcrwAAAJB+cF5HfnBe 9 RwAAAAtzc2gtZWQyNTUxOQAAACBx8UB04Q6Q/fwDFjakHq904PYFzG9pU2TJ9KXpaPMcrw 10 AAAEBN75NsJZSpt63faCuaD75Unko0JjlSDxMhYHAPJk2/xXHxQHThDpD9/AMWNqQer3Tg 11 9gXMb2lTZMn0pelo8xyvAAAADXJzY2h1ZXR6QGt1cnQ= 12 -----END OPENSSH PRIVATE KEY----- 13 ''; 14 publicKey = '' 15 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHxQHThDpD9/AMWNqQer3Tg9gXMb2lTZMn0pelo8xyv 16 ''; 17 in 18 { 19 name = "btrbk-doas"; 20 meta = with pkgs.lib; { 21 maintainers = with maintainers; [ 22 symphorien 23 tu-maurice 24 ]; 25 }; 26 27 nodes = { 28 archive = 29 { ... }: 30 { 31 security.sudo.enable = false; 32 security.doas.enable = true; 33 environment.systemPackages = with pkgs; [ btrfs-progs ]; 34 # note: this makes the privateKey world readable. 35 # don't do it with real ssh keys. 36 environment.etc."btrbk_key".text = privateKey; 37 services.btrbk = { 38 extraPackages = [ pkgs.lz4 ]; 39 instances = { 40 remote = { 41 onCalendar = "minutely"; 42 settings = { 43 ssh_identity = "/etc/btrbk_key"; 44 ssh_user = "btrbk"; 45 stream_compress = "lz4"; 46 volume = { 47 "ssh://main/mnt" = { 48 target = "/mnt"; 49 snapshot_dir = "btrbk/remote"; 50 subvolume = "to_backup"; 51 }; 52 }; 53 }; 54 }; 55 }; 56 }; 57 }; 58 59 main = 60 { ... }: 61 { 62 security.sudo.enable = false; 63 security.doas.enable = true; 64 environment.systemPackages = with pkgs; [ btrfs-progs ]; 65 services.openssh = { 66 enable = true; 67 passwordAuthentication = false; 68 kbdInteractiveAuthentication = false; 69 }; 70 services.btrbk = { 71 extraPackages = [ pkgs.lz4 ]; 72 sshAccess = [ 73 { 74 key = publicKey; 75 roles = [ 76 "source" 77 "send" 78 "info" 79 "delete" 80 ]; 81 } 82 ]; 83 instances = { 84 local = { 85 onCalendar = "minutely"; 86 settings = { 87 volume = { 88 "/mnt" = { 89 snapshot_dir = "btrbk/local"; 90 subvolume = "to_backup"; 91 }; 92 }; 93 }; 94 }; 95 }; 96 }; 97 }; 98 }; 99 100 testScript = '' 101 start_all() 102 103 # create btrfs partition at /mnt 104 for machine in (archive, main): 105 machine.succeed("dd if=/dev/zero of=/data_fs bs=120M count=1") 106 machine.succeed("mkfs.btrfs /data_fs") 107 machine.succeed("mkdir /mnt") 108 machine.succeed("mount /data_fs /mnt") 109 110 # what to backup and where 111 main.succeed("btrfs subvolume create /mnt/to_backup") 112 main.succeed("mkdir -p /mnt/btrbk/{local,remote}") 113 114 # check that local snapshots work 115 with subtest("local"): 116 main.succeed("echo foo > /mnt/to_backup/bar") 117 main.wait_until_succeeds("cat /mnt/btrbk/local/*/bar | grep foo") 118 main.succeed("echo bar > /mnt/to_backup/bar") 119 main.succeed("cat /mnt/btrbk/local/*/bar | grep foo") 120 121 # check that btrfs send/receive works and ssh access works 122 with subtest("remote"): 123 archive.wait_until_succeeds("cat /mnt/*/bar | grep bar") 124 main.succeed("echo baz > /mnt/to_backup/bar") 125 archive.succeed("cat /mnt/*/bar | grep bar") 126 ''; 127 } 128)