···
13
+
idC = genNodeId "c";
14
+
testPasswordFile = pkgs.writeText "syncthing-test-password" "it's a secret";
···
cert = "${idA}/cert.pem";
27
-
id = lib.fileContents "${idB}/id";
28
+
devices.b.id = lib.fileContents "${idB}/id";
29
+
devices.c.id = lib.fileContents "${idC}/id";
path = "/var/lib/syncthing/foo";
35
+
path = "/var/lib/syncthing/bar";
36
+
devices.c.encryptionPassword = "${testPasswordFile}";
···
cert = "${idB}/cert.pem";
44
-
id = lib.fileContents "${idA}/id";
48
+
devices.a.id = lib.fileContents "${idA}/id";
49
+
devices.c.id = lib.fileContents "${idC}/id";
path = "/var/lib/syncthing/foo";
55
+
path = "/var/lib/syncthing/bar";
56
+
devices.c.encryptionPassword = "${testPasswordFile}";
62
+
services.syncthing = {
64
+
openDefaultPorts = true;
65
+
cert = "${idC}/cert.pem";
66
+
key = "${idC}/key.pem";
68
+
devices.a.id = lib.fileContents "${idA}/id";
69
+
devices.b.id = lib.fileContents "${idB}/id";
71
+
path = "/var/lib/syncthing/bar";
76
+
type = "receiveencrypted";
···
a.wait_for_unit("syncthing.service")
b.wait_for_unit("syncthing.service")
88
+
c.wait_for_unit("syncthing.service")
a.wait_for_open_port(22000)
b.wait_for_open_port(22000)
91
+
c.wait_for_open_port(22000)
a.wait_for_file("/var/lib/syncthing/foo")
b.wait_for_file("/var/lib/syncthing/foo")
a.succeed("echo a2b > /var/lib/syncthing/foo/a2b")
b.succeed("echo b2a > /var/lib/syncthing/foo/b2a")
a.wait_for_file("/var/lib/syncthing/foo/b2a")
b.wait_for_file("/var/lib/syncthing/foo/a2b")
106
+
a.wait_for_file("/var/lib/syncthing/bar")
107
+
b.wait_for_file("/var/lib/syncthing/bar")
108
+
c.wait_for_file("/var/lib/syncthing/bar")
110
+
a.succeed("echo plaincontent > /var/lib/syncthing/bar/plainname")
112
+
# B should be able to decrypt, check that content of file matches
113
+
b.wait_for_file("/var/lib/syncthing/bar/plainname")
114
+
b.succeed("grep plaincontent /var/lib/syncthing/bar/plainname")
116
+
# Bar on C is untrusted, check that content is not in cleartext
117
+
c.fail("grep -R plaincontent /var/lib/syncthing/bar")
pyrox.dev