From 99d575a882e00e55871db934901e3817f5daba28 Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 11 Aug 2021 07:12:26 +0200 Subject: initial commit --- test/simple.nix | 73 ++++++++++++++++++++++++++++++++++++++++++++++ test/simple/aux.key | 3 ++ test/simple/aux.key.pub | 1 + test/simple/main.key | 3 ++ test/simple/main.key.pub | 1 + test/simple/secrets.nix | 10 +++++++ test/simple/store/root | 9 ++++++ test/simple/store/user/sec | 9 ++++++ test/simple/user.key | 3 ++ test/simple/user.key.pub | 1 + 10 files changed, 113 insertions(+) create mode 100644 test/simple.nix create mode 100644 test/simple/aux.key create mode 100644 test/simple/aux.key.pub create mode 100644 test/simple/main.key create mode 100644 test/simple/main.key.pub create mode 100644 test/simple/secrets.nix create mode 100644 test/simple/store/root create mode 100644 test/simple/store/user/sec create mode 100644 test/simple/user.key create mode 100644 test/simple/user.key.pub (limited to 'test') diff --git a/test/simple.nix b/test/simple.nix new file mode 100644 index 0000000..be8c65d --- /dev/null +++ b/test/simple.nix @@ -0,0 +1,73 @@ +{ nixpkgs ? } @ args: + +let + check = lib: config: { + rootSecretExists = + let p = config.seacrit.secrets.root.path; + in lib.stringAfter [ "seacrit-root" ] '' + ( + set -x; + [ "$(cat ${p})" = root ] && \ + [ $(stat -c %u:%g ${p}) = 0:0 ] && \ + [ $(stat -c %a ${p}) = 400 ] && \ + touch /run/root-sec-succeeded + ) + ''; + users.deps = [ "rootSecretExists" ]; + groups.deps = [ "rootSecretExists" ]; + + userSecretExists = + let p = config.seacrit.secrets."user/sec".path; + in lib.stringAfter [ "users" "groups" "seacrit" ] '' + ( + set -x; + [ "$(cat ${p})" = user ] && \ + [ $(stat -c %U:%G ${p}) = user:user ] && \ + [ $(stat -c %a ${p}) = 204 ] && \ + touch /run/user-sec-succeeded + ) + ''; + }; +in +import "${nixpkgs}/nixos/tests/make-test-python.nix" ({ pkgs, ... }: rec { + name = "seacrit-simple"; + + nodes.main = { pkgs, config, lib, ... }: { + imports = [ + ../modules + ]; + + seacrit = { + storePath = ./simple; + hostKeys = [ (pkgs.runCommand "" { key = ./simple/main.key; } "cp $key $out") ]; + + secrets = { + root = { }; + "user/sec" = { owner = "user"; group = "user"; mode = "u=w,o=r"; }; + }; + }; + + users = { + mutableUsers = false; + users.user = { isNormalUser = true; }; + groups.user = {}; + }; + + system.activationScripts = check lib config; + }; + + nodes.other = args@{ pkgs, config, lib, ... }: lib.recursiveUpdate (nodes.main args) { + seacrit.hostID = "main"; + }; + + nodes.aux = args@{ pkgs, config, lib, ... }: lib.recursiveUpdate (nodes.main args) { + seacrit.hostKeys = [ (pkgs.runCommand "" { key = ./simple/aux.key; } "cp $key $out") ]; + }; + + testScript = '' + for m in [ main, other, aux ]: + m.wait_for_unit("multi-user.target") + m.succeed('[ -f /run/root-sec-succeeded ]') + m.succeed('[ -f /run/user-sec-succeeded ]') + ''; +}) args diff --git a/test/simple/aux.key b/test/simple/aux.key new file mode 100644 index 0000000..e969d61 --- /dev/null +++ b/test/simple/aux.key @@ -0,0 +1,3 @@ +# created: 2021-08-11T06:35:48+02:00 +# public key: age1xjtclyph0jfcu0pdmxnmz4yj04hjared5ue4u385whqpl79f2ydqng0x0l +AGE-SECRET-KEY-15FC8DN38VW5HGAQA2M8PKCHQRFC5E0P73QHNFNUAGS4KXF3MP45QHU5QTM diff --git a/test/simple/aux.key.pub b/test/simple/aux.key.pub new file mode 100644 index 0000000..12824d5 --- /dev/null +++ b/test/simple/aux.key.pub @@ -0,0 +1 @@ +age1xjtclyph0jfcu0pdmxnmz4yj04hjared5ue4u385whqpl79f2ydqng0x0l diff --git a/test/simple/main.key b/test/simple/main.key new file mode 100644 index 0000000..9b79384 --- /dev/null +++ b/test/simple/main.key @@ -0,0 +1,3 @@ +# created: 2021-08-08T09:46:38+02:00 +# public key: age1kpyxel2fy7y52rc6n32zwy99gpaersn62f8uejj62vmmymnutdvqx5t258 +AGE-SECRET-KEY-1CAS0QWRWJVDZRUA0JHV6NYHCHDU37DRDNH944PXYF3HV32SQA8CQCZ69Z2 diff --git a/test/simple/main.key.pub b/test/simple/main.key.pub new file mode 100644 index 0000000..ffbc557 --- /dev/null +++ b/test/simple/main.key.pub @@ -0,0 +1 @@ +age1kpyxel2fy7y52rc6n32zwy99gpaersn62f8uejj62vmmymnutdvqx5t258 diff --git a/test/simple/secrets.nix b/test/simple/secrets.nix new file mode 100644 index 0000000..31abf74 --- /dev/null +++ b/test/simple/secrets.nix @@ -0,0 +1,10 @@ +rec { + users.user = "age16w4643wxn796n26ev9dus5a8v3zfzj74uf0vr7cakdpfaz6j2vasvjqvwg"; + hosts.main = "age1kpyxel2fy7y52rc6n32zwy99gpaersn62f8uejj62vmmymnutdvqx5t258"; + hosts.aux = "age1xjtclyph0jfcu0pdmxnmz4yj04hjared5ue4u385whqpl79f2ydqng0x0l"; + default = [ users.user hosts.main ]; + secrets = { + root = [ hosts.aux ]; + "user/sec" = [ hosts.aux ]; + }; +} diff --git a/test/simple/store/root b/test/simple/store/root new file mode 100644 index 0000000..855628e --- /dev/null +++ b/test/simple/store/root @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 gGZBkgbY8kOAHrxVYcGeYZP7i/lcyt63+doIL74MbWE +3LOkAvcE4o8Me4XJ1gdwqZJeXgW4fM1DWpDHJuT7Fw4 +-> X25519 KTDtSaC6I3Mp5nXU2/O26U4KXl5PagMVoIT1jGRYCFw +WzB04ZhxAEkLh+UEoyOUCbZ2hIkiwnuA/vdkgNaklIs +-> X25519 ZAHhOjIhElqO3r6XZwrjhUvWLWPoNBUzRM8Ya2zN6GA +94BU/DkUhbw4/S2izZe4dwitJfxDFeyotrBEt23IcJE +--- QRBSOjAFkdB5AN+Y4z+F17MoYSwqcZn1DNWZdXHAYWs +v7¨.Þ6½¥¸–Ðd¨d…±‰7Öïe÷)dö5¯lR´‹ \ No newline at end of file diff --git a/test/simple/store/user/sec b/test/simple/store/user/sec new file mode 100644 index 0000000..e3bdca8 --- /dev/null +++ b/test/simple/store/user/sec @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 JLJ+PrrdBKqLi02aXmOh8ijeuGat7QJxO6AGje6fMQE +irKL96OOBHlqP6Vc/eCRUynhqwhnFRQO1xlyP8Pnkfc +-> X25519 OYylx7vnKKpXgWY+38E1RDQ4hjBfDnSqq9HSFIrdJjo +jOYhtLhGn3pwOtExRcJZYw5R3FwxBHNH4ez+lRMPuUE +-> X25519 TVz2Vguw4dC+GVt+Q1dONpSEYVi6Qm8G1GaBdZNExm8 +fZCbL3Z63X6npikm0M87kkaOBhzN05dcXCwTY1FU/e0 +--- GqpfRnIS2I15Gn0ETxkVtR2zb2eBPu7Y33TRr/PWvys +_IçL u­•råÎÓ}bJãqûp+'VƒäQ€¬ðçFô_Ä™` \ No newline at end of file diff --git a/test/simple/user.key b/test/simple/user.key new file mode 100644 index 0000000..e853711 --- /dev/null +++ b/test/simple/user.key @@ -0,0 +1,3 @@ +# created: 2021-08-08T09:45:49+02:00 +# public key: age16w4643wxn796n26ev9dus5a8v3zfzj74uf0vr7cakdpfaz6j2vasvjqvwg +AGE-SECRET-KEY-1702YDJ0KJ9KN9A7ARMMYVXZRZE8M9TTHD5CW22NK5X765W2LAKXQK8QN2A diff --git a/test/simple/user.key.pub b/test/simple/user.key.pub new file mode 100644 index 0000000..245ad08 --- /dev/null +++ b/test/simple/user.key.pub @@ -0,0 +1 @@ +age16w4643wxn796n26ev9dus5a8v3zfzj74uf0vr7cakdpfaz6j2vasvjqvwg -- cgit v1.2.3