about summary refs log tree commit diff
path: root/nixos/tests/btrbk-doas.nix
blob: 1e3f8d56addb94d5bae7f1c20d8652c37a2d84ae (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import ./make-test-python.nix ({ pkgs, ... }:

  let
    privateKey = ''
      -----BEGIN OPENSSH PRIVATE KEY-----
      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
      QyNTUxOQAAACBx8UB04Q6Q/fwDFjakHq904PYFzG9pU2TJ9KXpaPMcrwAAAJB+cF5HfnBe
      RwAAAAtzc2gtZWQyNTUxOQAAACBx8UB04Q6Q/fwDFjakHq904PYFzG9pU2TJ9KXpaPMcrw
      AAAEBN75NsJZSpt63faCuaD75Unko0JjlSDxMhYHAPJk2/xXHxQHThDpD9/AMWNqQer3Tg
      9gXMb2lTZMn0pelo8xyvAAAADXJzY2h1ZXR6QGt1cnQ=
      -----END OPENSSH PRIVATE KEY-----
    '';
    publicKey = ''
      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHxQHThDpD9/AMWNqQer3Tg9gXMb2lTZMn0pelo8xyv
    '';
  in
  {
    name = "btrbk-doas";
    meta = with pkgs.lib; {
      maintainers = with maintainers; [ symphorien tu-maurice ];
    };

    nodes = {
      archive = { ... }: {
        security.sudo.enable = false;
        security.doas.enable = true;
        environment.systemPackages = with pkgs; [ btrfs-progs ];
        # note: this makes the privateKey world readable.
        # don't do it with real ssh keys.
        environment.etc."btrbk_key".text = privateKey;
        services.btrbk = {
          extraPackages = [ pkgs.lz4 ];
          instances = {
            remote = {
              onCalendar = "minutely";
              settings = {
                ssh_identity = "/etc/btrbk_key";
                ssh_user = "btrbk";
                stream_compress = "lz4";
                volume = {
                  "ssh://main/mnt" = {
                    target = "/mnt";
                    snapshot_dir = "btrbk/remote";
                    subvolume = "to_backup";
                  };
                };
              };
            };
          };
        };
      };

      main = { ... }: {
        security.sudo.enable = false;
        security.doas.enable = true;
        environment.systemPackages = with pkgs; [ btrfs-progs ];
        services.openssh = {
          enable = true;
          passwordAuthentication = false;
          kbdInteractiveAuthentication = false;
        };
        services.btrbk = {
          extraPackages = [ pkgs.lz4 ];
          sshAccess = [
            {
              key = publicKey;
              roles = [ "source" "send" "info" "delete" ];
            }
          ];
          instances = {
            local = {
              onCalendar = "minutely";
              settings = {
                volume = {
                  "/mnt" = {
                    snapshot_dir = "btrbk/local";
                    subvolume = "to_backup";
                  };
                };
              };
            };
          };
        };
      };
    };

    testScript = ''
      start_all()

      # create btrfs partition at /mnt
      for machine in (archive, main):
        machine.succeed("dd if=/dev/zero of=/data_fs bs=120M count=1")
        machine.succeed("mkfs.btrfs /data_fs")
        machine.succeed("mkdir /mnt")
        machine.succeed("mount /data_fs /mnt")

      # what to backup and where
      main.succeed("btrfs subvolume create /mnt/to_backup")
      main.succeed("mkdir -p /mnt/btrbk/{local,remote}")

      # check that local snapshots work
      with subtest("local"):
          main.succeed("echo foo > /mnt/to_backup/bar")
          main.wait_until_succeeds("cat /mnt/btrbk/local/*/bar | grep foo")
          main.succeed("echo bar > /mnt/to_backup/bar")
          main.succeed("cat /mnt/btrbk/local/*/bar | grep foo")

      # check that btrfs send/receive works and ssh access works
      with subtest("remote"):
          archive.wait_until_succeeds("cat /mnt/*/bar | grep bar")
          main.succeed("echo baz > /mnt/to_backup/bar")
          archive.succeed("cat /mnt/*/bar | grep bar")
    '';
  })