pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / pass-secret-service.nix
at master 2.6 kB view raw
1{ pkgs, lib, ... }: 2{ 3 name = "pass-secret-service"; 4 meta.maintainers = [ lib.maintainers.aidalgol ]; 5 6 nodes.machine = 7 { nodes, pkgs, ... }: 8 { 9 imports = [ ./common/user-account.nix ]; 10 11 services.passSecretService.enable = true; 12 13 environment.systemPackages = [ 14 # Create a script that tries to make a request to the D-Bus secrets API. 15 (pkgs.writers.writePython3Bin "secrets-dbus-init" 16 { 17 libraries = [ pkgs.python3Packages.secretstorage ]; 18 } 19 '' 20 import secretstorage 21 print("Initializing dbus connection...") 22 connection = secretstorage.dbus_init() 23 print("Requesting default collection...") 24 collection = secretstorage.get_default_collection(connection) 25 print("Done! dbus-org.freedesktop.secrets should now be active.") 26 '' 27 ) 28 pkgs.pass 29 ]; 30 31 programs.gnupg = { 32 agent.enable = true; 33 dirmngr.enable = true; 34 }; 35 }; 36 37 # Some of the commands are run via a virtual console because they need to be 38 # run under a real login session, with D-Bus running in the environment. 39 testScript = 40 { nodes, ... }: 41 let 42 user = nodes.machine.config.users.users.alice; 43 gpg-uid = "alice@example.net"; 44 gpg-pw = "foobar9000"; 45 ready-file = "/tmp/secrets-dbus-init.done"; 46 in 47 '' 48 # Initialise the pass(1) storage. 49 machine.succeed(""" 50 sudo -u alice gpg --pinentry-mode loopback --batch --passphrase ${gpg-pw} \ 51 --quick-gen-key ${gpg-uid} \ 52 """) 53 machine.succeed("sudo -u alice pass init ${gpg-uid}") 54 55 with subtest("Service is not running on login"): 56 machine.wait_until_tty_matches("1", "login: ") 57 machine.send_chars("alice\n") 58 machine.wait_until_tty_matches("1", "login: alice") 59 machine.wait_until_succeeds("pgrep login") 60 machine.wait_until_tty_matches("1", "Password: ") 61 machine.send_chars("${user.password}\n") 62 machine.wait_until_succeeds("pgrep -u alice bash") 63 64 _, output = machine.systemctl("status dbus-org.freedesktop.secrets --no-pager", "alice") 65 assert "Active: inactive (dead)" in output 66 67 with subtest("Service starts after a client tries to talk to the D-Bus API"): 68 machine.send_chars("secrets-dbus-init; touch ${ready-file}\n") 69 machine.wait_for_file("${ready-file}") 70 _, output = machine.systemctl("status dbus-org.freedesktop.secrets --no-pager", "alice") 71 assert "Active: active (running)" in output 72 ''; 73}