pyrox.dev
1{ lib, pkgs, ... }:
2let
3 gpgKeyring = (
4 pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
5 mkdir -p $out
6 export GNUPGHOME=$out
7 cat > foo <<EOF
8 %echo Generating a basic OpenPGP key
9 %no-protection
10 Key-Type: DSA
11 Key-Length: 1024
12 Subkey-Type: ELG-E
13 Subkey-Length: 1024
14 Name-Real: Foo Example
15 Name-Email: foo@example.org
16 Expire-Date: 0
17 # Do a commit here, so that we can later print "done"
18 %commit
19 %echo done
20 EOF
21 gpg --batch --generate-key foo
22 rm $out/S.gpg-agent $out/S.gpg-agent.*
23 ''
24 );
25in
26{
27 name = "hockeypuck";
28 meta.maintainers = with lib.maintainers; [ ];
29
30 nodes.machine =
31 { ... }:
32 {
33 # Used for test
34 environment.systemPackages = [ pkgs.gnupg ];
35
36 services.hockeypuck.enable = true;
37
38 services.postgresql = {
39 enable = true;
40 ensureDatabases = [ "hockeypuck" ];
41 ensureUsers = [
42 {
43 name = "hockeypuck";
44 ensureDBOwnership = true;
45 }
46 ];
47 };
48 };
49
50 testScript = ''
51 machine.wait_for_unit("hockeypuck.service")
52 machine.wait_for_open_port(11371)
53
54 response = machine.succeed("curl -vvv -s http://127.0.0.1:11371/")
55
56 assert "<title>OpenPGP Keyserver</title>" in response, "HTML title not found"
57
58 # Copy the keyring
59 machine.succeed("cp -R ${gpgKeyring} /tmp/GNUPGHOME")
60
61 # Extract our GPG key id
62 keyId = machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --list-keys | grep dsa1024 --after-context=1 | grep -v dsa1024").strip()
63
64 # Send the key to our local keyserver
65 machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --keyserver hkp://127.0.0.1:11371 --send-keys " + keyId)
66
67 # Receive the key from our local keyserver to a separate directory
68 machine.succeed("GNUPGHOME=$(mktemp -d) gpg --keyserver hkp://127.0.0.1:11371 --recv-keys " + keyId)
69 '';
70}