2 files changed, 34 insertions, 0 deletions

diff --git a/nixos/tests/stratis/default.nix b/nixos/tests/stratis/default.nix
index 6964852e30a09..42daadd5fcaac 100644
--- a/nixos/tests/stratis/default.nix
+++ b/nixos/tests/stratis/default.nix
@@ -4,4 +4,5 @@
 
 {
   simple = import ./simple.nix { inherit system pkgs; };
+  encryption = import ./encryption.nix { inherit system pkgs; };
 }
diff --git a/nixos/tests/stratis/encryption.nix b/nixos/tests/stratis/encryption.nix
new file mode 100644
index 0000000000000..3faa3171843f7
--- /dev/null
+++ b/nixos/tests/stratis/encryption.nix
@@ -0,0 +1,33 @@
+import ../make-test-python.nix ({ pkgs, ... }:
+  {
+    name = "stratis";
+
+    meta = with pkgs.lib.maintainers; {
+      maintainers = [ nickcao ];
+    };
+
+    nodes.machine = { pkgs, ... }: {
+      services.stratis.enable = true;
+      virtualisation.emptyDiskImages = [ 2048 ];
+    };
+
+    testScript =
+      let
+        testkey1 = pkgs.writeText "testkey1" "supersecret1";
+        testkey2 = pkgs.writeText "testkey2" "supersecret2";
+      in
+      ''
+        machine.wait_for_unit("stratisd")
+        # test creation of encrypted pool and filesystem
+        machine.succeed("stratis key  set    testkey1  --keyfile-path ${testkey1}")
+        machine.succeed("stratis key  set    testkey2  --keyfile-path ${testkey2}")
+        machine.succeed("stratis pool create testpool /dev/vdb --key-desc testkey1")
+        machine.succeed("stratis fs   create testpool testfs")
+        # test rebinding encrypted pool
+        machine.succeed("stratis pool rebind keyring  testpool testkey2")
+        # test restarting encrypted pool
+        uuid = machine.succeed("stratis pool list | grep -oE '[0-9a-fA-F-]{36}'").rstrip('\n')
+        machine.succeed(" stratis pool stop   testpool")
+        machine.succeed(f"stratis pool start  {uuid}   --unlock-method keyring")
+      '';
+  })