1 files changed, 73 insertions, 0 deletions

diff --git a/test/simple.nix b/test/simple.nix
new file mode 100644
index 0000000..be8c65d
--- /dev/null
+++ b/test/simple.nix
@@ -0,0 +1,73 @@
+{ nixpkgs ? <nixpkgs> } @ args:
+
+let
+  check = lib: config: {
+    rootSecretExists =
+      let p = config.seacrit.secrets.root.path;
+      in lib.stringAfter [ "seacrit-root" ] ''
+        (
+          set -x;
+          [ "$(cat ${p})" = root ] && \
+            [ $(stat -c %u:%g ${p}) = 0:0 ] && \
+            [ $(stat -c %a ${p}) = 400 ] && \
+              touch /run/root-sec-succeeded
+        )
+      '';
+    users.deps = [ "rootSecretExists" ];
+    groups.deps = [ "rootSecretExists" ];
+
+    userSecretExists =
+      let p = config.seacrit.secrets."user/sec".path;
+      in lib.stringAfter [ "users" "groups" "seacrit" ] ''
+        (
+          set -x;
+          [ "$(cat ${p})" = user ] && \
+            [ $(stat -c %U:%G ${p}) = user:user ] && \
+            [ $(stat -c %a ${p}) = 204 ] && \
+              touch /run/user-sec-succeeded
+        )
+      '';
+  };
+in
+import "${nixpkgs}/nixos/tests/make-test-python.nix" ({ pkgs, ... }: rec {
+  name = "seacrit-simple";
+
+  nodes.main = { pkgs, config, lib, ... }: {
+    imports = [
+      ../modules
+    ];
+
+    seacrit = {
+      storePath = ./simple;
+      hostKeys = [ (pkgs.runCommand "" { key = ./simple/main.key; } "cp $key $out") ];
+
+      secrets = {
+        root = { };
+        "user/sec" = { owner = "user"; group = "user"; mode = "u=w,o=r"; };
+      };
+    };
+
+    users = {
+      mutableUsers = false;
+      users.user = { isNormalUser = true; };
+      groups.user = {};
+    };
+
+    system.activationScripts = check lib config;
+  };
+
+  nodes.other = args@{ pkgs, config, lib, ... }: lib.recursiveUpdate (nodes.main args) {
+    seacrit.hostID = "main";
+  };
+
+  nodes.aux = args@{ pkgs, config, lib, ... }: lib.recursiveUpdate (nodes.main args) {
+    seacrit.hostKeys = [ (pkgs.runCommand "" { key = ./simple/aux.key; } "cp $key $out") ];
+  };
+
+  testScript = ''
+    for m in [ main, other, aux ]:
+      m.wait_for_unit("multi-user.target")
+      m.succeed('[ -f /run/root-sec-succeeded ]')
+      m.succeed('[ -f /run/user-sec-succeeded ]')
+  '';
+}) args