vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / gitolite.nix
blob9b3af59e4fbd8e3d25f46782e5b6794a9407bd15
1 import ./make-test-python.nix ({ pkgs, ...}:
3 let
4   adminPrivateKey = pkgs.writeText "id_ed25519" ''
5     -----BEGIN OPENSSH PRIVATE KEY-----
6     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
7     QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM
8     QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g
9     AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3
10     W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU=
11     -----END OPENSSH PRIVATE KEY-----
12   '';
14   adminPublicKey = ''
15     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
16   '';
18   alicePrivateKey = pkgs.writeText "id_ed25519" ''
19     -----BEGIN OPENSSH PRIVATE KEY-----
20     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
21     QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
22     VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
23     AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
24     Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
25     -----END OPENSSH PRIVATE KEY-----
26   '';
28   alicePublicKey = pkgs.writeText "id_ed25519.pub" ''
29     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client
30   '';
32   bobPrivateKey = pkgs.writeText "id_ed25519" ''
33     -----BEGIN OPENSSH PRIVATE KEY-----
34     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
35     QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj
36     VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA
37     AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN
38     6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU=
39     -----END OPENSSH PRIVATE KEY-----
40   '';
42   bobPublicKey = pkgs.writeText "id_ed25519.pub" ''
43     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
44   '';
46   gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" ''
47     repo alice-project
48         RW+     =   alice
49   '';
52   name = "gitolite";
54   meta = with pkgs.lib.maintainers; {
55     maintainers = [ bjornfor ];
56   };
58   nodes = {
60     server =
61       { ... }:
62       {
63         services.gitolite = {
64           enable = true;
65           adminPubkey = adminPublicKey;
66         };
67         services.openssh.enable = true;
68       };
70     client =
71       { pkgs, ... }:
72       {
73         environment.systemPackages = [ pkgs.git ];
74         programs.ssh.extraConfig = ''
75           Host *
76             UserKnownHostsFile /dev/null
77             StrictHostKeyChecking no
78             # there's nobody around that can input password
79             PreferredAuthentications publickey
80         '';
81         users.users.alice = { isNormalUser = true; };
82         users.users.bob = { isNormalUser = true; };
83       };
85   };
87   testScript = ''
88     start_all()
90     with subtest("can setup ssh keys on system"):
91         client.succeed(
92             "mkdir -p ~root/.ssh",
93             "cp ${adminPrivateKey} ~root/.ssh/id_ed25519",
94             "chmod 600 ~root/.ssh/id_ed25519",
95         )
96         client.succeed(
97             "sudo -u alice mkdir -p ~alice/.ssh",
98             "sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519",
99             "sudo -u alice chmod 600 ~alice/.ssh/id_ed25519",
100         )
101         client.succeed(
102             "sudo -u bob mkdir -p ~bob/.ssh",
103             "sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519",
104             "sudo -u bob chmod 600 ~bob/.ssh/id_ed25519",
105         )
107     with subtest("gitolite server starts"):
108         server.wait_for_unit("gitolite-init.service")
109         server.wait_for_unit("sshd.service")
110         client.succeed("ssh -n gitolite@server info")
112     with subtest("admin can clone and configure gitolite-admin.git"):
113         client.succeed(
114             "git clone gitolite@server:gitolite-admin.git",
115             "git config --global user.name 'System Administrator'",
116             "git config --global user.email root\@domain.example",
117             "cp ${alicePublicKey} gitolite-admin/keydir/alice.pub",
118             "cp ${bobPublicKey} gitolite-admin/keydir/bob.pub",
119             "(cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push)",
120             "cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf",
121             "(cd gitolite-admin && git add . && git commit -m 'Add repo for alice' && git push)",
122         )
124     with subtest("non-admins cannot clone gitolite-admin.git"):
125         client.fail("sudo -i -u alice git clone gitolite@server:gitolite-admin.git")
126         client.fail("sudo -i -u bob git clone gitolite@server:gitolite-admin.git")
128     with subtest("non-admins can clone testing.git"):
129         client.succeed("sudo -i -u alice git clone gitolite@server:testing.git")
130         client.succeed("sudo -i -u bob git clone gitolite@server:testing.git")
132     with subtest("alice can clone alice-project.git"):
133         client.succeed("sudo -i -u alice git clone gitolite@server:alice-project.git")
135     with subtest("bob cannot clone alice-project.git"):
136         client.fail("sudo -i -u bob git clone gitolite@server:alice-project.git")
137   '';