blob: 99a66dd59da2fa6e24937f130734b4e6b26285b3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
with import <stockholm/lib>;
import <nixpkgs/nixos/tests/make-test.nix> ({ ... }:
let
pkgs = import <nixpkgs> { overlays = [(import ../5pkgs)]; };
test-config = <stockholm/krebs/6tests/data/test-config.nix>;
privKey = ''
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQAAAJBTNHK6UzRy
ugAAAAtzc2gtZWQyNTUxOQAAACD1tYD8r6Fcd7bq3Z0nvo5483nXQ8c4LFh0fcw8rOCQtQ
AAAECK2ZlEIofZyGbh7rXlUq5lUsUyotamtp9QrlvoS3qgePW1gPyvoVx3turdnSe+jnjz
eddDxzgsWHR9zDys4JC1AAAACWxhc3NAbW9ycwECAwQ=
-----END OPENSSH PRIVATE KEY-----
'';
pubKey = ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPW1gPyvoVx3turdnSe+jnjzeddDxzgsWHR9zDys4JC1
'';
ssh-config = pkgs.writeText "ssh-config" ''
Host server
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
'';
populate-source = {
nixos-config = {
symlink.target = test-config;
type = "symlink";
};
nixpkgs = {
symlink.target = <nixpkgs>;
type = "symlink";
};
stockholm = {
symlink.target = <stockholm>;
type = "symlink";
};
};
test-deploy = pkgs.writeDash "test-deploy" ''
cd ${<stockholm>}
export NIX_PATH=stockholm=${<stockholm>}:nixpkgs=${<nixpkgs>}:$NIX_PATH
exec >&2
: ${minimalSystem}
source=${pkgs.writeJSON "source.json" populate-source}
cat > /tmp/derp <<EOF
builtins.fromJSON (builtins.readFile "$source")
EOF
LOGNAME=krebs ${pkgs.populate}/bin/populate --force root@server:22/var/src/ < "$source"
#LOGNAME=krebs ${pkgs.stockholm}/bin/deploy \
# --force-populate \
# --source=/tmp/derp \
# --system=server \
'';
minimalSystem = (import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [
test-config
];
}).config.system.build.toplevel;
in {
name = "deploy";
nodes = {
server =
{ config, pkgs, ... }:
{
imports = [ test-config ];
environment.variables = {
NIX_PATH = mkForce "nixpkgs=${<nixpkgs>}";
#LOL = minimalSystem;
};
services.openssh.enable = true;
users.extraUsers.root.openssh.authorizedKeys.keys = [
pubKey
];
#virtualisation.writableStore = true;
virtualisation.pathsInNixDB = [
minimalSystem
pkgs.stockholm
];
};
client =
{ config, pkgs, ... }: { };
};
testScript = ''
startAll;
$server->waitForUnit("sshd");
$client->succeed("mkdir -p -m 700 /root/.ssh");
$client->succeed("echo '${privKey}' > /root/.ssh/id_ed25519");
$client->succeed("cp ${ssh-config} /root/.ssh/config");
$client->succeed("chmod 600 /root/.ssh/id_ed25519");
$server->waitForUnit("network.target");
$server->succeed("ip route show 1>&2");
$client->waitForUnit("network.target");
$client->succeed("${test-deploy}");
$server->succeed("nixos-rebuild -I /var/src switch");
$client->shutdown;
$server->shutdown;
'';
})
|