commit b41cbee0fd2531b00369c787b20f5b20f94cfc15 · pyrox.dev/nixpkgs

+13 -39
nixos/tests/systemd-initrd-networkd-ssh.nix
···

       4
       4
        
       

     

       5
       5
        
         nodes = {

     

       6
       6
        
           server = { config, pkgs, ... }: {

     

       7
       7
       -
             environment.systemPackages = [ pkgs.cryptsetup ];

     

       8
       8
       -
             boot.loader.systemd-boot.enable = true;

     

       9
       9
       -
             boot.loader.timeout = 0;

     

       10
       10
       -
             virtualisation = {

     

       11
       11
       -
               emptyDiskImages = [ 4096 ];

     

       12
       12
       -
               useBootLoader = true;

     

       13
       13
       -
               # Booting off the encrypted disk requires an available init script from

     

       14
       14
       -
               # the Nix store

     

       15
       15
       -
               mountHostNixStore = true;

     

       16
       16
       -
               useEFIBoot = true;

     

       17
       17
       -
             };

     

       18
       18
       -
       

     

       19
       19
       -
             specialisation.encrypted-root.configuration = {

     

       20
       20
       -
               virtualisation.rootDevice = "/dev/mapper/root";

     

       21
       21
       -
               virtualisation.fileSystems."/".autoFormat = true;

     

       22
       22
       -
               boot.initrd.luks.devices = lib.mkVMOverride {

     

       23
       23
       -
                 root.device = "/dev/vdb";

     

       24
       24
       -
               };

     

       25
       25
       -
               boot.initrd.systemd.enable = true;

     

       26
       26
       -
               boot.initrd.network = {

     

       7
       7
       +
             testing.initrdBackdoor = true;

     

       8
       8
       +
             boot.initrd.systemd.enable = true;

     

       9
       9
       +
             boot.initrd.systemd.contents."/etc/msg".text = "foo";

     

       10
       10
       +
             boot.initrd.network = {

     

       11
       11
       +
               enable = true;

     

       12
       12
       +
               ssh = {

     

       27
       13
        
                 enable = true;

     

       28
       28
       -
                 ssh = {

     

       29
       29
       -
                   enable = true;

     

       30
       30
       -
                   authorizedKeys = [ (lib.readFile ./initrd-network-ssh/id_ed25519.pub) ];

     

       31
       31
       -
                   port = 22;

     

       32
       32
       -
                   # Terrible hack so it works with useBootLoader

     

       33
       33
       -
                   hostKeys = [ { outPath = "${./initrd-network-ssh/ssh_host_ed25519_key}"; } ];

     

       34
       34
       -
                 };

     

       14
       14
       +
                 authorizedKeys = [ (lib.readFile ./initrd-network-ssh/id_ed25519.pub) ];

     

       15
       15
       +
                 port = 22;

     

       16
       16
       +
                 hostKeys = [ ./initrd-network-ssh/ssh_host_ed25519_key ];

     

       35
       17
        
               };

     

       36
       18
        
             };

     

       37
       19
        
           };

     
···

       63
       45
        
               status, _ = client.execute("nc -z server 22")

     

       64
       46
        
               return status == 0

     

       65
       47
        
       

     

       66
       66
       -
           server.wait_for_unit("multi-user.target")

     

       67
       67
       -
           server.succeed(

     

       68
       68
       -
               "echo somepass | cryptsetup luksFormat --type=luks2 /dev/vdb",

     

       69
       69
       -
               "bootctl set-default nixos-generation-1-specialisation-encrypted-root.conf",

     

       70
       70
       -
               "sync",

     

       71
       71
       -
           )

     

       72
       72
       -
           server.shutdown()

     

       73
       73
       -
           server.start()

     

       74
       74
       -
       

     

       75
       48
        
           client.wait_for_unit("network.target")

     

       76
       49
        
           with client.nested("waiting for SSH server to come up"):

     

       77
       50
        
               retry(ssh_is_up)

     

       78
       51
        
       

     

       79
       79
       -
           client.succeed(

     

       80
       80
       -
               "echo somepass | ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'systemd-tty-ask-password-agent' & exit"

     

       52
       52
       +
           msg = client.succeed(

     

       53
       53
       +
               "ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'cat /etc/msg'"

     

       81
       54
        
           )

     

       55
       55
       +
           assert "foo" in msg

     

       82
       56
        
       

     

       57
       57
       +
           server.switch_root()

     

       83
       58
        
           server.wait_for_unit("multi-user.target")

     

       84
       84
       -
           server.succeed("mount | grep '/dev/mapper/root on /'")

     

       85
       59
        
         '';

     

       86
       60
        
       })