blob: 5bf55060d2e03c3baafd6b0bb3a6e631aebc49bc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
import ./make-test-python.nix ({pkgs, lib, ...}:
let
gpgKeyring = (pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
mkdir -p $out
export GNUPGHOME=$out
cat > foo <<EOF
%echo Generating a basic OpenPGP key
%no-protection
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Joe Tester
Name-Email: joe@foo.bar
Expire-Date: 0
# Do a commit here, so that we can later print "done"
%commit
%echo done
EOF
gpg --batch --generate-key foo
rm $out/S.gpg-agent $out/S.gpg-agent.*
gpg --export joe@foo.bar -a > $out/pubkey.gpg
'');
nspawnImages = (pkgs.runCommand "localhost" { buildInputs = [ pkgs.coreutils pkgs.gnupg ]; } ''
mkdir -p $out
cd $out
dd if=/dev/urandom of=$out/testimage.raw bs=$((1024*1024+7)) count=5
sha256sum testimage.raw > SHA256SUMS
export GNUPGHOME="$(mktemp -d)"
cp -R ${gpgKeyring}/* $GNUPGHOME
gpg --batch --sign --detach-sign --output SHA256SUMS.gpg SHA256SUMS
'');
in {
name = "systemd-nspawn";
nodes = {
server = { pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 ];
services.nginx = {
enable = true;
virtualHosts."server".root = nspawnImages;
};
};
client = { pkgs, ... }: {
environment.etc."systemd/import-pubring.gpg".source = "${gpgKeyring}/pubkey.gpg";
};
};
testScript = ''
start_all()
server.wait_for_unit("nginx.service")
client.wait_for_unit("network-online.target")
client.succeed("machinectl pull-raw --verify=signature http://server/testimage.raw")
client.succeed(
"cmp /var/lib/machines/testimage.raw ${nspawnImages}/testimage.raw"
)
'';
})
|