nixos/tests/gitolite.nix

   1 import ./make-test-python.nix ({ pkgs, ...}:
   2
   3 let
   4   adminPrivateKey = pkgs.writeText "id_ed25519" ''
   5     -----BEGIN OPENSSH PRIVATE KEY-----
   6     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
   7     QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM
   8     QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g
   9     AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3
  10     W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU=
  11     -----END OPENSSH PRIVATE KEY-----
  12   '';
  13
  14   adminPublicKey = ''
  15     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
  16   '';
  17
  18   alicePrivateKey = pkgs.writeText "id_ed25519" ''
  19     -----BEGIN OPENSSH PRIVATE KEY-----
  20     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
  21     QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
  22     VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
  23     AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
  24     Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
  25     -----END OPENSSH PRIVATE KEY-----
  26   '';
  27
  28   alicePublicKey = pkgs.writeText "id_ed25519.pub" ''
  29     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client
  30   '';
  31
  32   bobPrivateKey = pkgs.writeText "id_ed25519" ''
  33     -----BEGIN OPENSSH PRIVATE KEY-----
  34     b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
  35     QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj
  36     VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA
  37     AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN
  38     6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU=
  39     -----END OPENSSH PRIVATE KEY-----
  40   '';
  41
  42   bobPublicKey = pkgs.writeText "id_ed25519.pub" ''
  43     ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
  44   '';
  45
  46   gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" ''
  47     repo alice-project
  48         RW+     =   alice
  49   '';
  50 in
  51 {
  52   name = "gitolite";
  53
  54   meta = with pkgs.lib.maintainers; {
  55     maintainers = [ bjornfor ];
  56   };
  57
  58   nodes = {
  59
  60     server =
  61       { ... }:
  62       {
  63         services.gitolite = {
  64           enable = true;
  65           adminPubkey = adminPublicKey;
  66         };
  67         services.openssh.enable = true;
  68       };
  69
  70     client =
  71       { pkgs, ... }:
  72       {
  73         environment.systemPackages = [ pkgs.git ];
  74         programs.ssh.extraConfig = ''
  75           Host *
  76             UserKnownHostsFile /dev/null
  77             StrictHostKeyChecking no
  78             # there's nobody around that can input password
  79             PreferredAuthentications publickey
  80         '';
  81         users.users.alice = { isNormalUser = true; };
  82         users.users.bob = { isNormalUser = true; };
  83       };
  84
  85   };
  86
  87   testScript = ''
  88     start_all()
  89
  90     with subtest("can setup ssh keys on system"):
  91         client.succeed(
  92             "mkdir -p ~root/.ssh",
  93             "cp ${adminPrivateKey} ~root/.ssh/id_ed25519",
  94             "chmod 600 ~root/.ssh/id_ed25519",
  95         )
  96         client.succeed(
  97             "sudo -u alice mkdir -p ~alice/.ssh",
  98             "sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519",
  99             "sudo -u alice chmod 600 ~alice/.ssh/id_ed25519",
 100         )
 101         client.succeed(
 102             "sudo -u bob mkdir -p ~bob/.ssh",
 103             "sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519",
 104             "sudo -u bob chmod 600 ~bob/.ssh/id_ed25519",
 105         )
 106
 107     with subtest("gitolite server starts"):
 108         server.wait_for_unit("gitolite-init.service")
 109         server.wait_for_unit("sshd.service")
 110         client.succeed("ssh -n gitolite@server info")
 111
 112     with subtest("admin can clone and configure gitolite-admin.git"):
 113         client.succeed(
 114             "git clone gitolite@server:gitolite-admin.git",
 115             "git config --global user.name 'System Administrator'",
 116             "git config --global user.email root\@domain.example",
 117             "cp ${alicePublicKey} gitolite-admin/keydir/alice.pub",
 118             "cp ${bobPublicKey} gitolite-admin/keydir/bob.pub",
 119             "(cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push)",
 120             "cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf",
 121             "(cd gitolite-admin && git add . && git commit -m 'Add repo for alice' && git push)",
 122         )
 123
 124     with subtest("non-admins cannot clone gitolite-admin.git"):
 125         client.fail("sudo -i -u alice git clone gitolite@server:gitolite-admin.git")
 126         client.fail("sudo -i -u bob git clone gitolite@server:gitolite-admin.git")
 127
 128     with subtest("non-admins can clone testing.git"):
 129         client.succeed("sudo -i -u alice git clone gitolite@server:testing.git")
 130         client.succeed("sudo -i -u bob git clone gitolite@server:testing.git")
 131
 132     with subtest("alice can clone alice-project.git"):
 133         client.succeed("sudo -i -u alice git clone gitolite@server:alice-project.git")
 134
 135     with subtest("bob cannot clone alice-project.git"):
 136         client.fail("sudo -i -u bob git clone gitolite@server:alice-project.git")
 137   '';
 138 })