nixos/tests/initrd-secrets.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / initrd-secrets.nix
at master 1.4 kB view raw
 1{
 2  system ? builtins.currentSystem,
 3  config ? { },
 4  pkgs ? import ../.. { inherit system config; },
 5  lib ? pkgs.lib,
 6  testing ? import ../lib/testing-python.nix { inherit system pkgs; },
 7}:
 8let
 9  secretInStore = pkgs.writeText "topsecret" "iamasecret";
10  testWithCompressor =
11    compressor:
12    testing.makeTest {
13      name = "initrd-secrets-${compressor}";
14
15      meta.maintainers = [ ];
16
17      nodes.machine =
18        { ... }:
19        {
20          virtualisation.useBootLoader = true;
21          boot.initrd.secrets = {
22            "/test" = secretInStore;
23
24            # This should *not* need to be copied in postMountCommands
25            "/run/keys/test" = secretInStore;
26          };
27          boot.initrd.postMountCommands = ''
28            cp /test /mnt-root/secret-from-initramfs
29          '';
30          boot.initrd.compressor = compressor;
31          # zstd compression is only supported from 5.9 onwards. Remove when 5.10 becomes default.
32          boot.kernelPackages = pkgs.linuxPackages_latest;
33        };
34
35      testScript = ''
36        start_all()
37        machine.wait_for_unit("multi-user.target")
38        machine.succeed(
39            "cmp ${secretInStore} /secret-from-initramfs",
40            "cmp ${secretInStore} /run/keys/test",
41        )
42      '';
43    };
44in
45lib.flip lib.genAttrs testWithCompressor [
46  "cat"
47  "gzip"
48  "bzip2"
49  "xz"
50  "lzma"
51  "lzop"
52  "pigz"
53  "pixz"
54  "zstd"
55]