nixos/tests/gitolite.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / gitolite.nix
at 25.11-pre 5.5 kB view raw
  1import ./make-test-python.nix (
  2  { pkgs, ... }:
  3
  4  let
  5    adminPrivateKey = pkgs.writeText "id_ed25519" ''
  6      -----BEGIN OPENSSH PRIVATE KEY-----
  7      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
  8      QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM
  9      QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g
 10      AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3
 11      W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU=
 12      -----END OPENSSH PRIVATE KEY-----
 13    '';
 14
 15    adminPublicKey = ''
 16      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
 17    '';
 18
 19    alicePrivateKey = pkgs.writeText "id_ed25519" ''
 20      -----BEGIN OPENSSH PRIVATE KEY-----
 21      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 22      QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
 23      VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
 24      AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
 25      Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
 26      -----END OPENSSH PRIVATE KEY-----
 27    '';
 28
 29    alicePublicKey = pkgs.writeText "id_ed25519.pub" ''
 30      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client
 31    '';
 32
 33    bobPrivateKey = pkgs.writeText "id_ed25519" ''
 34      -----BEGIN OPENSSH PRIVATE KEY-----
 35      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
 36      QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj
 37      VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA
 38      AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN
 39      6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU=
 40      -----END OPENSSH PRIVATE KEY-----
 41    '';
 42
 43    bobPublicKey = pkgs.writeText "id_ed25519.pub" ''
 44      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
 45    '';
 46
 47    gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" ''
 48      repo alice-project
 49          RW+     =   alice
 50    '';
 51  in
 52  {
 53    name = "gitolite";
 54
 55    meta = with pkgs.lib.maintainers; {
 56      maintainers = [ bjornfor ];
 57    };
 58
 59    nodes = {
 60
 61      server =
 62        { ... }:
 63        {
 64          services.gitolite = {
 65            enable = true;
 66            adminPubkey = adminPublicKey;
 67          };
 68          services.openssh.enable = true;
 69        };
 70
 71      client =
 72        { pkgs, ... }:
 73        {
 74          environment.systemPackages = [ pkgs.git ];
 75          programs.ssh.extraConfig = ''
 76            Host *
 77              UserKnownHostsFile /dev/null
 78              StrictHostKeyChecking no
 79              # there's nobody around that can input password
 80              PreferredAuthentications publickey
 81          '';
 82          users.users.alice = {
 83            isNormalUser = true;
 84          };
 85          users.users.bob = {
 86            isNormalUser = true;
 87          };
 88        };
 89
 90    };
 91
 92    testScript = ''
 93      start_all()
 94
 95      with subtest("can setup ssh keys on system"):
 96          client.succeed(
 97              "mkdir -p ~root/.ssh",
 98              "cp ${adminPrivateKey} ~root/.ssh/id_ed25519",
 99              "chmod 600 ~root/.ssh/id_ed25519",
100          )
101          client.succeed(
102              "sudo -u alice mkdir -p ~alice/.ssh",
103              "sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519",
104              "sudo -u alice chmod 600 ~alice/.ssh/id_ed25519",
105          )
106          client.succeed(
107              "sudo -u bob mkdir -p ~bob/.ssh",
108              "sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519",
109              "sudo -u bob chmod 600 ~bob/.ssh/id_ed25519",
110          )
111
112      with subtest("gitolite server starts"):
113          server.wait_for_unit("gitolite-init.service")
114          server.wait_for_unit("sshd.service")
115          client.succeed("ssh -n gitolite@server info")
116
117      with subtest("admin can clone and configure gitolite-admin.git"):
118          client.succeed(
119              "git clone gitolite@server:gitolite-admin.git",
120              "git config --global user.name 'System Administrator'",
121              "git config --global user.email root\@domain.example",
122              "cp ${alicePublicKey} gitolite-admin/keydir/alice.pub",
123              "cp ${bobPublicKey} gitolite-admin/keydir/bob.pub",
124              "(cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push)",
125              "cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf",
126              "(cd gitolite-admin && git add . && git commit -m 'Add repo for alice' && git push)",
127          )
128
129      with subtest("non-admins cannot clone gitolite-admin.git"):
130          client.fail("sudo -i -u alice git clone gitolite@server:gitolite-admin.git")
131          client.fail("sudo -i -u bob git clone gitolite@server:gitolite-admin.git")
132
133      with subtest("non-admins can clone testing.git"):
134          client.succeed("sudo -i -u alice git clone gitolite@server:testing.git")
135          client.succeed("sudo -i -u bob git clone gitolite@server:testing.git")
136
137      with subtest("alice can clone alice-project.git"):
138          client.succeed("sudo -i -u alice git clone gitolite@server:alice-project.git")
139
140      with subtest("bob cannot clone alice-project.git"):
141          client.fail("sudo -i -u bob git clone gitolite@server:alice-project.git")
142    '';
143  }
144)