initial commit

10 files changed, 113 insertions, 0 deletions

diff --git a/test/simple.nix b/test/simple.nix
new file mode 100644
index 0000000..be8c65d
--- /dev/null
+++ b/test/simple.nix
@@ -0,0 +1,73 @@
+{ nixpkgs ? <nixpkgs> } @ args:
+
+let
+  check = lib: config: {
+    rootSecretExists =
+      let p = config.seacrit.secrets.root.path;
+      in lib.stringAfter [ "seacrit-root" ] ''
+        (
+          set -x;
+          [ "$(cat ${p})" = root ] && \
+            [ $(stat -c %u:%g ${p}) = 0:0 ] && \
+            [ $(stat -c %a ${p}) = 400 ] && \
+              touch /run/root-sec-succeeded
+        )
+      '';
+    users.deps = [ "rootSecretExists" ];
+    groups.deps = [ "rootSecretExists" ];
+
+    userSecretExists =
+      let p = config.seacrit.secrets."user/sec".path;
+      in lib.stringAfter [ "users" "groups" "seacrit" ] ''
+        (
+          set -x;
+          [ "$(cat ${p})" = user ] && \
+            [ $(stat -c %U:%G ${p}) = user:user ] && \
+            [ $(stat -c %a ${p}) = 204 ] && \
+              touch /run/user-sec-succeeded
+        )
+      '';
+  };
+in
+import "${nixpkgs}/nixos/tests/make-test-python.nix" ({ pkgs, ... }: rec {
+  name = "seacrit-simple";
+
+  nodes.main = { pkgs, config, lib, ... }: {
+    imports = [
+      ../modules
+    ];
+
+    seacrit = {
+      storePath = ./simple;
+      hostKeys = [ (pkgs.runCommand "" { key = ./simple/main.key; } "cp $key $out") ];
+
+      secrets = {
+        root = { };
+        "user/sec" = { owner = "user"; group = "user"; mode = "u=w,o=r"; };
+      };
+    };
+
+    users = {
+      mutableUsers = false;
+      users.user = { isNormalUser = true; };
+      groups.user = {};
+    };
+
+    system.activationScripts = check lib config;
+  };
+
+  nodes.other = args@{ pkgs, config, lib, ... }: lib.recursiveUpdate (nodes.main args) {
+    seacrit.hostID = "main";
+  };
+
+  nodes.aux = args@{ pkgs, config, lib, ... }: lib.recursiveUpdate (nodes.main args) {
+    seacrit.hostKeys = [ (pkgs.runCommand "" { key = ./simple/aux.key; } "cp $key $out") ];
+  };
+
+  testScript = ''
+    for m in [ main, other, aux ]:
+      m.wait_for_unit("multi-user.target")
+      m.succeed('[ -f /run/root-sec-succeeded ]')
+      m.succeed('[ -f /run/user-sec-succeeded ]')
+  '';
+}) args
diff --git a/test/simple/aux.key b/test/simple/aux.key
new file mode 100644
index 0000000..e969d61
--- /dev/null
+++ b/test/simple/aux.key
@@ -0,0 +1,3 @@
+# created: 2021-08-11T06:35:48+02:00
+# public key: age1xjtclyph0jfcu0pdmxnmz4yj04hjared5ue4u385whqpl79f2ydqng0x0l
+AGE-SECRET-KEY-15FC8DN38VW5HGAQA2M8PKCHQRFC5E0P73QHNFNUAGS4KXF3MP45QHU5QTM
diff --git a/test/simple/aux.key.pub b/test/simple/aux.key.pub
new file mode 100644
index 0000000..12824d5
--- /dev/null
+++ b/test/simple/aux.key.pub
@@ -0,0 +1 @@
+age1xjtclyph0jfcu0pdmxnmz4yj04hjared5ue4u385whqpl79f2ydqng0x0l
diff --git a/test/simple/main.key b/test/simple/main.key
new file mode 100644
index 0000000..9b79384
--- /dev/null
+++ b/test/simple/main.key
@@ -0,0 +1,3 @@
+# created: 2021-08-08T09:46:38+02:00
+# public key: age1kpyxel2fy7y52rc6n32zwy99gpaersn62f8uejj62vmmymnutdvqx5t258
+AGE-SECRET-KEY-1CAS0QWRWJVDZRUA0JHV6NYHCHDU37DRDNH944PXYF3HV32SQA8CQCZ69Z2
diff --git a/test/simple/main.key.pub b/test/simple/main.key.pub
new file mode 100644
index 0000000..ffbc557
--- /dev/null
+++ b/test/simple/main.key.pub
@@ -0,0 +1 @@
+age1kpyxel2fy7y52rc6n32zwy99gpaersn62f8uejj62vmmymnutdvqx5t258
diff --git a/test/simple/secrets.nix b/test/simple/secrets.nix
new file mode 100644
index 0000000..31abf74
--- /dev/null
+++ b/test/simple/secrets.nix
@@ -0,0 +1,10 @@
+rec {
+  users.user = "age16w4643wxn796n26ev9dus5a8v3zfzj74uf0vr7cakdpfaz6j2vasvjqvwg";
+  hosts.main = "age1kpyxel2fy7y52rc6n32zwy99gpaersn62f8uejj62vmmymnutdvqx5t258";
+  hosts.aux = "age1xjtclyph0jfcu0pdmxnmz4yj04hjared5ue4u385whqpl79f2ydqng0x0l";
+  default = [ users.user hosts.main ];
+  secrets = {
+    root = [ hosts.aux ];
+    "user/sec" = [ hosts.aux ];
+  };
+}
diff --git a/test/simple/store/root b/test/simple/store/root
new file mode 100644
index 0000000..855628e
--- /dev/null
+++ b/test/simple/store/root
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 gGZBkgbY8kOAHrxVYcGeYZP7i/lcyt63+doIL74MbWE
+3LOkAvcE4o8Me4XJ1gdwqZJeXgW4fM1DWpDHJuT7Fw4
+-> X25519 KTDtSaC6I3Mp5nXU2/O26U4KXl5PagMVoIT1jGRYCFw
+WzB04ZhxAEkLh+UEoyOUCbZ2hIkiwnuA/vdkgNaklIs
+-> X25519 ZAHhOjIhElqO3r6XZwrjhUvWLWPoNBUzRM8Ya2zN6GA
+94BU/DkUhbw4/S2izZe4dwitJfxDFeyotrBEt23IcJE
+--- QRBSOjAFkdB5AN+Y4z+F17MoYSwqcZn1DNWZdXHAYWs
+v7¨.Þ6½¥¸–Ðd¨d
…±‰7Öïe÷)dö5¯lR´‹
\ No newline at end of file
diff --git a/test/simple/store/user/sec b/test/simple/store/user/sec
new file mode 100644
index 0000000..e3bdca8
--- /dev/null
+++ b/test/simple/store/user/sec
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 JLJ+PrrdBKqLi02aXmOh8ijeuGat7QJxO6AGje6fMQE
+irKL96OOBHlqP6Vc/eCRUynhqwhnFRQO1xlyP8Pnkfc
+-> X25519 OYylx7vnKKpXgWY+38E1RDQ4hjBfDnSqq9HSFIrdJjo
+jOYhtLhGn3pwOtExRcJZYw5R3FwxBHNH4ez+lRMPuUE
+-> X25519 TVz2Vguw4dC+GVt+Q1dONpSEYVi6Qm8G1GaBdZNExm8
+fZCbL3Z63X6npikm0M87kkaOBhzN05dcXCwTY1FU/e0
+--- GqpfRnIS2I15Gn0ETxkVtR2zb2eBPu7Y33TRr/PWvys
+_IçL u­•råÎÓ}bJãqûp+'VƒäQ€¬ðçFô_Ä™`
\ No newline at end of file
diff --git a/test/simple/user.key b/test/simple/user.key
new file mode 100644
index 0000000..e853711
--- /dev/null
+++ b/test/simple/user.key
@@ -0,0 +1,3 @@
+# created: 2021-08-08T09:45:49+02:00
+# public key: age16w4643wxn796n26ev9dus5a8v3zfzj74uf0vr7cakdpfaz6j2vasvjqvwg
+AGE-SECRET-KEY-1702YDJ0KJ9KN9A7ARMMYVXZRZE8M9TTHD5CW22NK5X765W2LAKXQK8QN2A
diff --git a/test/simple/user.key.pub b/test/simple/user.key.pub
new file mode 100644
index 0000000..245ad08
--- /dev/null
+++ b/test/simple/user.key.pub
@@ -0,0 +1 @@
+age16w4643wxn796n26ev9dus5a8v3zfzj74uf0vr7cakdpfaz6j2vasvjqvwg