yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request 'Introduce flake parts module for clan nixos tests' (#4000) from speed-up-ci into main

Browse Source 
Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/4000
This commit is contained in:
Mic92
2025-06-17 19:20:08 +00:00
parent 9518fb660b a260083919
commit 63e741ed20
44 changed files with 749 additions and 941 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
clanServices/admin/flake-module.nix
View File

@@ -1,17 +1,18 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
admin = lib.modules.importApply ./default.nix { };
admin = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
admin = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.admin = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/admin" = module;
};
};
}

73
clanServices/admin/tests/vm/default.nix
View File

@@ -1,62 +1,45 @@
{
pkgs,
nixosLib,
clan-core,
...
}:
let
public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6zj7ubTg6z/aDwRNwvM/WlQdUocMprQ8E92NWxl6t+ test@test";
in
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
{
name = "admin";
hostPkgs = pkgs;
clan = {
directory = ./.;
inventory = {
name = "admin";
machines.client = { };
machines.server = { };
clan = {
directory = ./.;
modules."@clan/admin" = ../../default.nix;
inventory = {
machines.client = { };
machines.server = { };
instances = {
ssh-test-one = {
module.name = "@clan/admin";
roles.default.machines."server".settings = {
allowedKeys.testkey = public-key;
};
instances = {
ssh-test-one = {
module.name = "@clan/admin";
roles.default.machines."server".settings = {
allowedKeys.testkey = public-key;
};
};
};
};
};
nodes = {
client.environment.etc.private-test-key.source = ./private-test-key;
nodes = {
client.environment.etc.private-test-key.source = ./private-test-key;
server = {
services.openssh.enable = true;
};
server = {
services.openssh.enable = true;
};
};
testScript = ''
start_all()
testScript = ''
start_all()
machines = [client, server]
for m in machines:
m.systemctl("start network-online.target")
machines = [client, server]
for m in machines:
m.systemctl("start network-online.target")
for m in machines:
m.wait_for_unit("network-online.target")
for m in machines:
m.wait_for_unit("network-online.target")
client.succeed(f"ssh -F /dev/null -i /etc/private-test-key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o BatchMode=yes root@server true &>/dev/null")
'';
}
)
client.succeed(f"ssh -F /dev/null -i /etc/private-test-key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o BatchMode=yes root@server true &>/dev/null")
'';
}

19
clanServices/borgbackup/flake-module.nix
View File

@@ -1,17 +1,18 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
borgbackup = lib.modules.importApply ./default.nix { };
borgbackup = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
borgbackup = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.borgbackup = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/borgbackup" = module;
};
};
}

178
clanServices/borgbackup/tests/vm/default.nix
View File

@@ -1,118 +1,112 @@
{
module,
pkgs,
nixosLib,
clan-core,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
{
name = "borgbackup";
hostPkgs = pkgs;
clan = {
directory = ./.;
test.useContainers = true;
inventory = {
name = "borgbackup";
machines.clientone = { };
machines.serverone = { };
clan = {
directory = ./.;
test.useContainers = true;
modules."@clan/borgbackup" = ../../default.nix;
inventory = {
instances = {
borgone = {
machines.clientone = { };
machines.serverone = { };
module.name = "@clan/borgbackup";
instances = {
borgone = {
module.name = "@clan/borgbackup";
roles.client.machines."clientone" = { };
roles.server.machines."serverone".settings.directory = "/tmp/borg-test";
};
roles.client.machines."clientone" = { };
roles.server.machines."serverone".settings.directory = "/tmp/borg-test";
};
};
};
};
nodes = {
nodes = {
serverone = {
services.openssh.enable = true;
# Needed so PAM doesn't see the user as locked
users.users.borg.password = "borg";
};
clientone =
{
config,
pkgs,
clan-core,
...
}:
let
dependencies = [
clan-core
pkgs.stdenv.drvPath
] ++ builtins.map (i: i.outPath) (builtins.attrValues clan-core.inputs);
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in
{
serverone = {
services.openssh.enable = true;
# Needed so PAM doesn't see the user as locked
users.users.borg.password = "borg";
users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../../checks/assets/ssh/pubkey ];
clan.core.networking.targetHost = config.networking.hostName;
environment.systemPackages = [ clan-core.packages.${pkgs.system}.clan-cli ];
environment.etc.install-closure.source = "${closureInfo}/store-paths";
nix.settings = {
substituters = pkgs.lib.mkForce [ ];
hashed-mirrors = null;
connect-timeout = pkgs.lib.mkForce 3;
flake-registry = pkgs.writeText "flake-registry" ''{"flakes":[],"version":2}'';
};
system.extraDependencies = dependencies;
clan.core.state.test-backups.folders = [ "/var/test-backups" ];
};
clientone =
{ config, pkgs, ... }:
let
dependencies = [
clan-core
pkgs.stdenv.drvPath
] ++ builtins.map (i: i.outPath) (builtins.attrValues clan-core.inputs);
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
};
in
{
testScript = ''
import json
start_all()
services.openssh.enable = true;
machines = [clientone, serverone]
users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../../checks/assets/ssh/pubkey ];
for m in machines:
m.systemctl("start network-online.target")
clan.core.networking.targetHost = config.networking.hostName;
for m in machines:
m.wait_for_unit("network-online.target")
environment.systemPackages = [ clan-core.packages.${pkgs.system}.clan-cli ];
# dummy data
clientone.succeed("mkdir -p /var/test-backups /var/test-service")
clientone.succeed("echo testing > /var/test-backups/somefile")
environment.etc.install-closure.source = "${closureInfo}/store-paths";
nix.settings = {
substituters = pkgs.lib.mkForce [ ];
hashed-mirrors = null;
connect-timeout = pkgs.lib.mkForce 3;
flake-registry = pkgs.writeText "flake-registry" ''{"flakes":[],"version":2}'';
};
system.extraDependencies = dependencies;
clientone.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../../../../checks/assets/ssh/privkey} /root/.ssh/id_ed25519")
clientone.succeed("${pkgs.coreutils}/bin/touch /root/.ssh/known_hosts")
clientone.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new localhost hostname")
clientone.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new $(hostname) hostname")
clan.core.state.test-backups.folders = [ "/var/test-backups" ];
};
# create
clientone.succeed("borgbackup-create >&2")
clientone.wait_until_succeeds("! systemctl is-active borgbackup-job-serverone >&2")
};
# list
backup_id = json.loads(clientone.succeed("borg-job-serverone list --json"))["archives"][0]["archive"]
out = clientone.succeed("borgbackup-list").strip()
print(out)
assert backup_id in out, f"backup {backup_id} not found in {out}"
testScript = ''
import json
start_all()
machines = [clientone, serverone]
for m in machines:
m.systemctl("start network-online.target")
for m in machines:
m.wait_for_unit("network-online.target")
# dummy data
clientone.succeed("mkdir -p /var/test-backups /var/test-service")
clientone.succeed("echo testing > /var/test-backups/somefile")
clientone.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../../../../checks/assets/ssh/privkey} /root/.ssh/id_ed25519")
clientone.succeed("${pkgs.coreutils}/bin/touch /root/.ssh/known_hosts")
clientone.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new localhost hostname")
clientone.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new $(hostname) hostname")
# create
clientone.succeed("borgbackup-create >&2")
clientone.wait_until_succeeds("! systemctl is-active borgbackup-job-serverone >&2")
# list
backup_id = json.loads(clientone.succeed("borg-job-serverone list --json"))["archives"][0]["archive"]
out = clientone.succeed("borgbackup-list").strip()
print(out)
assert backup_id in out, f"backup {backup_id} not found in {out}"
# borgbackup restore
clientone.succeed("rm -f /var/test-backups/somefile")
clientone.succeed(f"NAME='serverone::borg@serverone:.::{backup_id}' borgbackup-restore >&2")
assert clientone.succeed("cat /var/test-backups/somefile").strip() == "testing", "restore failed"
'';
}
)
# borgbackup restore
clientone.succeed("rm -f /var/test-backups/somefile")
clientone.succeed(f"NAME='serverone::borg@serverone:.::{backup_id}' borgbackup-restore >&2")
assert clientone.succeed("cat /var/test-backups/somefile").strip() == "testing", "restore failed"
'';
}

19
clanServices/deltachat/flake-module.nix
View File

@@ -1,17 +1,18 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
deltachat = lib.modules.importApply ./default.nix { };
deltachat = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
deltachat = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.deltachat = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/deltachat" = module;
};
};
}

63
clanServices/deltachat/tests/vm/default.nix
View File

@@ -1,50 +1,39 @@
{
module,
pkgs,
nixosLib,
clan-core,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
{
name = "deltachat";
hostPkgs = pkgs;
clan = {
directory = ./.;
inventory = {
machines.server = { };
name = "deltachat";
clan = {
directory = ./.;
modules."@clan/deltachat" = ../../default.nix;
inventory = {
machines.server = { };
instances = {
deltachat-test = {
module.name = "@clan/deltachat";
roles.default.machines."server".settings = { };
};
instances = {
deltachat-test = {
module.name = "@clan/deltachat";
roles.default.machines."server".settings = { };
};
};
};
};
nodes = {
server = { };
};
nodes = {
server = { };
};
testScript = ''
start_all()
testScript = ''
start_all()
server.wait_for_unit("maddy")
server.wait_for_unit("maddy")
# imap
server.succeed("${pkgs.netcat}/bin/nc -z -v ::1 143")
# smtp submission
server.succeed("${pkgs.netcat}/bin/nc -z -v ::1 587")
# smtp
server.succeed("${pkgs.netcat}/bin/nc -z -v ::1 25")
'';
}
)
# imap
server.wait_until_succeeds("${pkgs.netcat}/bin/nc -z -v ::1 143")
# smtp submission
server.succeed("${pkgs.netcat}/bin/nc -z -v ::1 587")
# smtp
server.succeed("${pkgs.netcat}/bin/nc -z -v ::1 25")
'';
}

19
clanServices/ergochat/flake-module.nix
View File

@@ -1,17 +1,18 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
ergochat = lib.modules.importApply ./default.nix { };
ergochat = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
ergochat = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.ergochat = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/ergochat" = module;
};
};
}

62
clanServices/ergochat/tests/vm/default.nix
View File

@@ -1,51 +1,41 @@
{
module,
pkgs,
nixosLib,
clan-core,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
{
name = "ergochat";
hostPkgs = pkgs;
name = "ergochat";
clan = {
directory = ./.;
inventory = {
machines.server = { };
clan = {
directory = ./.;
modules."@clan/ergochat" = ../../default.nix;
inventory = {
machines.server = { };
instances = {
ergochat-test = {
module.name = "@clan/ergochat";
roles.default.machines."server".settings = { };
};
instances = {
ergochat-test = {
module.name = "@clan/ergochat";
roles.default.machines."server".settings = { };
};
};
};
};
nodes = {
server = { };
};
nodes = {
server = { };
};
testScript = ''
start_all()
testScript = ''
start_all()
server.wait_for_unit("ergochat")
server.wait_for_unit("ergochat")
# Check that ergochat is running
server.succeed("systemctl status ergochat")
# Check that ergochat is running
server.succeed("systemctl status ergochat")
# Check that the data directory exists
server.succeed("test -d /var/lib/ergo")
# Check that the data directory exists
server.succeed("test -d /var/lib/ergo")
# Check that the server is listening on the correct ports
server.succeed("${pkgs.netcat}/bin/nc -z -v ::1 6667")
'';
}
)
# Check that the server is listening on the correct ports
server.succeed("${pkgs.netcat}/bin/nc -z -v ::1 6667")
'';
}

19
clanServices/garage/flake-module.nix
View File

@@ -1,18 +1,19 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
garage = lib.modules.importApply ./default.nix { };
garage = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
garage = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.garage = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/garage" = module;
};
};
}

129
clanServices/garage/tests/vm/default.nix
View File

@@ -1,87 +1,76 @@
{
module,
pkgs,
nixosLib,
clan-core,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
{
name = "garage";
hostPkgs = pkgs;
clan = {
directory = ./.;
inventory = {
machines.server = { };
name = "garage";
instances = {
garage-test = {
module.name = "@clan/garage";
roles.default.machines."server".settings = { };
};
};
};
};
clan = {
directory = ./.;
modules."@clan/garage" = ../../default.nix;
inventory = {
machines.server = { };
nodes = {
server = {
services.garage = {
enable = true;
package = pkgs.garage;
settings = {
instances = {
garage-test = {
module.name = "@clan/garage";
roles.default.machines."server".settings = { };
metadata_dir = "/var/lib/garage/meta";
data_dir = "/var/lib/garage/data";
db_engine = "sqlite";
replication_factor = 1;
rpc_bind_addr = "127.0.0.1:3901";
s3_api = {
api_bind_addr = "127.0.0.1:3900";
s3_region = "garage";
root_domain = ".s3.garage";
};
s3_web = {
bind_addr = "127.0.0.1:3902";
root_domain = ".web.garage";
};
admin = {
api_bind_addr = "127.0.0.1:3903";
};
};
};
};
};
nodes = {
server = {
services.garage = {
enable = true;
package = pkgs.garage;
settings = {
testScript = ''
start_all()
metadata_dir = "/var/lib/garage/meta";
data_dir = "/var/lib/garage/data";
db_engine = "sqlite";
server.wait_for_unit("network-online.target")
server.wait_for_unit("garage")
replication_factor = 1;
# Check that garage is running
server.succeed("systemctl status garage")
rpc_bind_addr = "127.0.0.1:3901";
# Check that the data directories exist
server.succeed("test -d /var/lib/garage/meta")
server.succeed("test -d /var/lib/garage/data")
s3_api = {
api_bind_addr = "127.0.0.1:3900";
s3_region = "garage";
root_domain = ".s3.garage";
};
s3_web = {
bind_addr = "127.0.0.1:3902";
root_domain = ".web.garage";
};
admin = {
api_bind_addr = "127.0.0.1:3903";
};
};
};
};
};
testScript = ''
start_all()
server.wait_for_unit("network-online.target")
server.wait_for_unit("garage")
# Check that garage is running
server.succeed("systemctl status garage")
# Check that the data directories exist
server.succeed("test -d /var/lib/garage/meta")
server.succeed("test -d /var/lib/garage/data")
# Check that the ports are open to confirm that garage is running
server.wait_until_succeeds("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 3901")
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 3900")
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 3902")
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 3903")
'';
}
)
# Check that the ports are open to confirm that garage is running
server.wait_until_succeeds("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 3901")
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 3900")
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 3902")
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 3903")
'';
}

19
clanServices/heisenbridge/flake-module.nix
View File

@@ -1,17 +1,18 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
heisenbridge = lib.modules.importApply ./default.nix { };
heisenbridge = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
heisenbridge = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.heisenbridge = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/heisenbridge" = module;
};
};
}

80
clanServices/heisenbridge/tests/vm/default.nix
View File

@@ -1,65 +1,53 @@
{
module,
pkgs,
nixosLib,
clan-core,
...
}:
{
name = "heisenbridge";
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
clan = {
directory = ./.;
inventory = {
machines.server = { };
hostPkgs = pkgs;
name = "heisenbridge";
clan = {
directory = ./.;
modules."@clan/heisenbridge" = ../../default.nix;
inventory = {
machines.server = { };
instances = {
heisenbridge-test = {
module.name = "@clan/heisenbridge";
roles.default.machines."server".settings = {
homeserver = "http://127.0.0.1:8008";
};
instances = {
heisenbridge-test = {
module.name = "@clan/heisenbridge";
roles.default.machines."server".settings = {
homeserver = "http://127.0.0.1:8008";
};
};
};
};
};
nodes = {
server = {
# Setup a minimal matrix-synapse to test with
services.matrix-synapse = {
enable = true;
settings.server_name = "example.com";
settings.database = {
name = "sqlite3";
};
nodes = {
server = {
# Setup a minimal matrix-synapse to test with
services.matrix-synapse = {
enable = true;
settings.server_name = "example.com";
settings.database = {
name = "sqlite3";
};
};
};
};
testScript = ''
start_all()
testScript = ''
start_all()
server.wait_for_unit("matrix-synapse")
server.wait_for_unit("heisenbridge")
server.wait_for_unit("matrix-synapse")
server.wait_for_unit("heisenbridge")
# Check that heisenbridge is running
server.succeed("systemctl status heisenbridge")
# Check that heisenbridge is running
server.succeed("systemctl status heisenbridge")
# Wait for the bridge to initialize
server.wait_until_succeeds("journalctl -u heisenbridge | grep -q 'bridge is now running'")
# Wait for the bridge to initialize
server.wait_until_succeeds("journalctl -u heisenbridge | grep -q 'bridge is now running'")
# Check that heisenbridge is listening on the default port
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 9898")
'';
}
)
# Check that heisenbridge is listening on the default port
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 9898")
'';
}

17
clanServices/hello-world/flake-module.nix
View File

@@ -14,7 +14,7 @@ in
hello-world = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
let
# Module that contains the tests
# This module adds:
@@ -41,15 +41,10 @@ in
2. To run the test
nix build .#checks.x86_64-linux.hello-service
*/
checks =
# Currently we don't support nixos-integration tests on darwin
lib.optionalAttrs (pkgs.stdenv.isLinux) {
hello-service = import ./tests/vm/default.nix {
inherit module;
inherit self inputs pkgs;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
clan-core = self;
};
};
clan.nixosTests.hello-service = {
imports = [ ./tests/vm/default.nix ];
clan.modules.hello-service = module;
};
};
}

53
clanServices/hello-world/tests/vm/default.nix
View File

@@ -1,44 +1,29 @@
{
pkgs,
nixosLib,
clan-core,
module,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
{
name = "hello-service";
hostPkgs = pkgs;
clan = {
directory = ./.;
inventory = {
machines.peer1 = { };
name = "hello-service";
clan = {
directory = ./.;
modules = {
hello-service = module;
};
inventory = {
machines.peer1 = { };
instances."test" = {
module.name = "hello-service";
roles.peer.machines.peer1 = { };
};
instances."test" = {
module.name = "hello-service";
roles.peer.machines.peer1 = { };
};
};
};
testScript =
{ nodes, ... }:
''
start_all()
testScript =
{ nodes, ... }:
''
start_all()
# peer1 should have the 'hello' file
value = peer1.succeed("cat ${nodes.peer1.clan.core.vars.generators.hello.files.hello.path}")
assert value.strip() == "Hello world from peer1", value
'';
}
)
# peer1 should have the 'hello' file
value = peer1.succeed("cat ${nodes.peer1.clan.core.vars.generators.hello.files.hello.path}")
assert value.strip() == "Hello world from peer1", value
'';
}

19
clanServices/localsend/flake-module.nix
View File

@@ -1,18 +1,19 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
localsend = lib.modules.importApply ./default.nix { };
localsend = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
localsend = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.localsend = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/localsend" = module;
};
};
}

63
clanServices/localsend/tests/vm/default.nix
View File

@@ -1,51 +1,38 @@
{
pkgs,
nixosLib,
clan-core,
module,
...
}:
{
name = "localsend";
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
clan = {
directory = ./.;
inventory = {
machines.server = { };
hostPkgs = pkgs;
name = "localsend";
clan = {
directory = ./.;
modules."@clan/localsend" = ../../default.nix;
inventory = {
machines.server = { };
instances = {
localsend-test = {
module.name = "@clan/localsend";
roles.default.machines."server".settings = {
displayName = "Test Instance";
ipv4Addr = "192.168.56.2/24";
};
instances = {
localsend-test = {
module.name = "@clan/localsend";
roles.default.machines."server".settings = {
displayName = "Test Instance";
ipv4Addr = "192.168.56.2/24";
};
};
};
};
};
nodes = {
server = { };
};
nodes = {
server = { };
};
testScript = ''
start_all()
testScript = ''
start_all()
# Check that the localsend wrapper script is available
server.succeed("command -v localsend")
# Check that the localsend wrapper script is available
server.succeed("command -v localsend")
# Verify the 09-zerotier network is configured with the specified IP address
server.succeed("grep -q 'Address=192.168.56.2/24' /etc/systemd/network/09-zerotier.network")
'';
}
)
# Verify the 09-zerotier network is configured with the specified IP address
server.succeed("grep -q 'Address=192.168.56.2/24' /etc/systemd/network/09-zerotier.network")
'';
}

19
clanServices/mycelium/flake-module.nix
View File

@@ -1,17 +1,18 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
mycelium = lib.modules.importApply ./default.nix { };
mycelium = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
mycelium = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.mycelium = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/mycelium" = module;
};
};
}

65
clanServices/mycelium/tests/vm/default.nix
View File

@@ -1,53 +1,42 @@
{
module,
pkgs,
nixosLib,
clan-core,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
{
name = "mycelium";
hostPkgs = pkgs;
clan = {
name = "mycelium";
test.useContainers = false;
directory = ./.;
inventory = {
machines.server = { };
clan = {
test.useContainers = false;
directory = ./.;
modules."@clan/mycelium" = ../../default.nix;
inventory = {
machines.server = { };
instances = {
mycelium-test = {
module.name = "@clan/mycelium";
roles.peer.machines."server".settings = {
openFirewall = true;
addHostedPublicNodes = true;
};
instances = {
mycelium-test = {
module.name = "@clan/mycelium";
roles.peer.machines."server".settings = {
openFirewall = true;
addHostedPublicNodes = true;
};
};
};
};
};
nodes = {
server = { };
};
nodes = {
server = { };
};
testScript = ''
start_all()
testScript = ''
start_all()
# Check that mycelium service is running
server.wait_for_unit("mycelium")
server.succeed("systemctl status mycelium")
# Check that mycelium service is running
server.wait_for_unit("mycelium")
server.succeed("systemctl status mycelium")
# Check that mycelium is listening on its default port
server.wait_until_succeeds("${pkgs.iproute2}/bin/ss -tulpn | grep -q 'mycelium'", 10)
'';
}
)
# Check that mycelium is listening on its default port
server.wait_until_succeeds("${pkgs.iproute2}/bin/ss -tulpn | grep -q 'mycelium'", 10)
'';
}

19
clanServices/packages/flake-module.nix
View File

@@ -1,18 +1,19 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
packages = lib.modules.importApply ./default.nix { };
packages = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
packages = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.packages = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/packages" = module;
};
};

49
clanServices/packages/tests/vm/default.nix
View File

@@ -1,41 +1,28 @@
{
pkgs,
nixosLib,
clan-core,
module,
...
}:
{
name = "packages";
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
clan = {
directory = ./.;
inventory = {
machines.server = { };
hostPkgs = pkgs;
name = "packages";
clan = {
directory = ./.;
modules."@clan/packages" = ../../default.nix;
inventory = {
machines.server = { };
instances.default = {
module.name = "@clan/packages";
roles.default.machines."server".settings = {
packages = [ "cbonsai" ];
};
instances.default = {
module.name = "@clan/packages";
roles.default.machines."server".settings = {
packages = [ "cbonsai" ];
};
};
};
};
nodes.server = { };
nodes.server = { };
testScript = ''
start_all()
server.succeed("cbonsai")
'';
}
)
testScript = ''
start_all()
server.succeed("cbonsai")
'';
}

19
clanServices/sshd/flake-module.nix
View File

@@ -1,18 +1,19 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
sshd = lib.modules.importApply ./default.nix { };
sshd = module;
};
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
sshd = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.sshd = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/sshd" = module;
};
};

80
clanServices/sshd/tests/vm/default.nix
View File

@@ -1,62 +1,50 @@
{
module,
pkgs,
nixosLib,
clan-core,
...
}:
{
name = "sshd";
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
clan = {
directory = ./.;
inventory = {
machines.server = { };
machines.client = { };
hostPkgs = pkgs;
name = "sshd";
clan = {
directory = ./.;
modules."@clan/sshd" = ../../default.nix;
inventory = {
machines.server = { };
machines.client = { };
instances = {
sshd-test = {
module.name = "@clan/sshd";
roles.server.machines."server".settings = {
certificate.searchDomains = [ "example.com" ];
hostKeys.rsa.enable = true;
};
roles.client.machines."client".settings = {
certificate.searchDomains = [ "example.com" ];
};
instances = {
sshd-test = {
module.name = "@clan/sshd";
roles.server.machines."server".settings = {
certificate.searchDomains = [ "example.com" ];
hostKeys.rsa.enable = true;
};
roles.client.machines."client".settings = {
certificate.searchDomains = [ "example.com" ];
};
};
};
};
};
nodes = {
server = { };
client = { };
};
nodes = {
server = { };
client = { };
};
testScript = ''
start_all()
testScript = ''
start_all()
# Check that sshd port is open on the server
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 22")
# Check that sshd port is open on the server
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 22")
# Check that /etc/ssh/ssh_known_hosts contains the required CA string on the server
server.succeed("grep '^@cert-authority ssh-ca,\*.example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
# Check that /etc/ssh/ssh_known_hosts contains the required CA string on the server
server.succeed("grep '^@cert-authority ssh-ca,\*.example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
# Check that server contains a line starting with 'localhost,server ssh-ed25519'
server.succeed("grep '^localhost,server ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
# Check that server contains a line starting with 'localhost,server ssh-ed25519'
server.succeed("grep '^localhost,server ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
# Check that /etc/ssh/ssh_known_hosts contains the required CA string on the client
client.succeed("grep '^.cert-authority ssh-ca.*example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
'';
}
)
# Check that /etc/ssh/ssh_known_hosts contains the required CA string on the client
client.succeed("grep '^.cert-authority ssh-ca.*example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
'';
}

23
clanServices/state-version/flake-module.nix
View File

@@ -1,19 +1,16 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
state-version = lib.modules.importApply ./default.nix { };
};
clan.modules.state-version = module;
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
state-version = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.state-version = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/state-version" = module;
};
};
}

45
clanServices/state-version/tests/vm/default.nix
View File

@@ -1,37 +1,20 @@
{
pkgs,
nixosLib,
clan-core,
...
}:
name = "state-version";
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
hostPkgs = pkgs;
name = "state-version";
clan = {
directory = ./.;
modules."@clan/state-version" = ../../default.nix;
inventory = {
machines.server = { };
instances.default = {
module.name = "@clan/state-version";
roles.default.machines."server" = { };
};
clan = {
directory = ./.;
inventory = {
machines.server = { };
instances.default = {
module.name = "@clan/state-version";
roles.default.machines."server" = { };
};
};
};
nodes.server = { };
nodes.server = { };
testScript = ''
start_all()
'';
}
)
testScript = ''
start_all()
'';
}

21
clanServices/trusted-nix-caches/flake-module.nix
View File

@@ -1,17 +1,16 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
trusted-nix-caches = lib.modules.importApply ./default.nix { };
};
clan.modules.trusted-nix-caches = module;
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
trusted-nix-caches = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.trusted-nix-caches = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/trusted-nix-caches" = module;
};
};
}

48
clanServices/trusted-nix-caches/tests/vm/default.nix
View File

@@ -1,40 +1,24 @@
{
pkgs,
nixosLib,
clan-core,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
name = "trusted-nix-caches";
hostPkgs = pkgs;
clan = {
directory = ./.;
inventory = {
machines.server = { };
name = "trusted-nix-caches";
clan = {
directory = ./.;
modules."@clan/trusted-nix-caches" = ../../default.nix;
inventory = {
machines.server = { };
instances = {
trusted-nix-caches = {
module.name = "@clan/trusted-nix-caches";
roles.default.machines."server" = { };
};
instances = {
trusted-nix-caches = {
module.name = "@clan/trusted-nix-caches";
roles.default.machines."server" = { };
};
};
};
};
nodes.server = { };
nodes.server = { };
testScript = ''
start_all()
server.succeed("grep -q 'cache.clan.lol' /etc/nix/nix.conf")
'';
}
)
testScript = ''
start_all()
server.succeed("grep -q 'cache.clan.lol' /etc/nix/nix.conf")
'';
}

22
clanServices/users/flake-module.nix
View File

@@ -1,18 +1,16 @@
{ lib, self, ... }:
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
users = lib.modules.importApply ./default.nix { };
};
clan.modules.users = module;
perSystem =
{ pkgs, ... }:
{ ... }:
{
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
users = import ./tests/vm/default.nix {
inherit pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
clan.nixosTests.users = {
imports = [ ./tests/vm/default.nix ];
clan.modules."@clan/users" = module;
};
};
}

87
clanServices/users/tests/vm/default.nix
View File

@@ -1,67 +1,50 @@
{
pkgs,
nixosLib,
clan-core,
...
}:
name = "users";
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
clan = {
directory = ./.;
inventory = {
machines.server = { };
hostPkgs = pkgs;
name = "users";
clan = {
directory = ./.;
modules."@clan/users" = ../../default.nix;
inventory = {
machines.server = { };
instances = {
root-password-test = {
module.name = "@clan/users";
roles.default.machines."server".settings = {
user = "root";
prompt = false;
};
instances = {
root-password-test = {
module.name = "@clan/users";
roles.default.machines."server".settings = {
user = "root";
prompt = false;
};
user-password-test = {
module.name = "@clan/users";
roles.default.machines."server".settings = {
user = "testuser";
prompt = false;
};
};
user-password-test = {
module.name = "@clan/users";
roles.default.machines."server".settings = {
user = "testuser";
prompt = false;
};
};
};
};
};
nodes = {
server = {
users.users.testuser.group = "testuser";
users.groups.testuser = { };
users.users.testuser.isNormalUser = true;
};
nodes = {
server = {
users.users.testuser.group = "testuser";
users.groups.testuser = { };
users.users.testuser.isNormalUser = true;
};
};
testScript = ''
start_all()
testScript = ''
start_all()
server.wait_for_unit("multi-user.target")
server.wait_for_unit("multi-user.target")
# Check that the testuser account exists
server.succeed("id testuser")
# Check that the testuser account exists
server.succeed("id testuser")
# Try to log in as the user using the generated password
# TODO: fix
# password = server.succeed("cat /run/clan/vars/user-password/user-password").strip()
# server.succeed(f"echo '{password}' | su - testuser -c 'echo Login successful'")
# Try to log in as the user using the generated password
# TODO: fix
# password = server.succeed("cat /run/clan/vars/user-password/user-password").strip()
# server.succeed(f"echo '{password}' | su - testuser -c 'echo Login successful'")
'';
}
)
'';
}

27
clanServices/wifi/flake-module.nix
View File

@@ -1,6 +1,5 @@
{
self,
inputs,
lib,
...
}:
@@ -10,28 +9,14 @@ let
};
in
{
clan.modules = {
wifi = module;
};
clan.modules.wifi = module;
perSystem =
{ pkgs, ... }:
{ ... }:
{
/**
1. Prepare the test vars
nix run .#generate-test-vars -- clanServices/hello-world/tests/vm hello-service
clan.nixosTests.wifi = {
imports = [ ./tests/vm/default.nix ];
2. To run the test
nix build .#checks.x86_64-linux.hello-service
*/
checks =
# Currently we don't support nixos-integration tests on darwin
lib.optionalAttrs (pkgs.stdenv.isLinux) {
wifi-service = import ./tests/vm/default.nix {
inherit module;
inherit inputs pkgs;
clan-core = self;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
};
clan.modules."@clan/wifi" = module;
};
};
}

55
clanServices/wifi/tests/vm/default.nix
View File

@@ -1,46 +1,29 @@
{
pkgs,
nixosLib,
clan-core,
module,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
name = "wifi";
hostPkgs = pkgs;
clan = {
directory = ./.;
test.useContainers = false;
inventory = {
name = "wifi-service";
machines.test = { };
clan = {
directory = ./.;
test.useContainers = false;
modules."@clan/wifi" = module;
inventory = {
instances = {
wg-test-one = {
module.name = "@clan/wifi";
machines.test = { };
instances = {
wg-test-one = {
module.name = "@clan/wifi";
roles.default.machines = {
test.settings.networks.one = { };
};
roles.default.machines = {
test.settings.networks.one = { };
};
};
};
};
};
testScript = ''
start_all()
test.wait_for_unit("NetworkManager.service")
psk = test.succeed("cat /run/NetworkManager/system-connections/one.nmconnection")
assert "password-eins" in psk, "Password is incorrect"
'';
}
)
testScript = ''
start_all()
test.wait_for_unit("NetworkManager.service")
psk = test.succeed("cat /run/NetworkManager/system-connections/one.nmconnection")
assert "password-eins" in psk, "Password is incorrect"
'';
}

16
clanServices/zerotier/flake-module.nix
View File

@@ -8,9 +8,7 @@ let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
zerotier = module;
};
clan.modules.zerotier = module;
perSystem =
{ ... }:
let
@@ -28,11 +26,11 @@ in
imports = [
unit-test-module
];
# zerotier = import ./tests/vm/default.nix {
# inherit module;
# inherit inputs pkgs;
# clan-core = self;
# nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
# };
clan.nixosTests.zerotier = {
imports = [ ./tests/vm/default.nix ];
clan.modules.zerotier = module;
};
};
}

52
clanServices/zerotier/tests/vm/default.nix
View File

@@ -1,43 +1,27 @@
{
pkgs,
nixosLib,
clan-core,
module,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosVmTest.clanTest
];
name = "zerotier";
hostPkgs = pkgs;
clan = {
directory = ./.;
inventory = {
name = "zerotier";
machines.jon = { };
machines.sara = { };
machines.bam = { };
clan = {
directory = ./.;
modules."zerotier" = module;
inventory = {
instances = {
"zerotier" = {
module.name = "zerotier";
machines.jon = { };
machines.sara = { };
machines.bam = { };
instances = {
"zerotier" = {
module.name = "zerotier";
roles.peer.tags.all = { };
roles.controller.machines.bam = { };
};
roles.peer.tags.all = { };
roles.controller.machines.bam = { };
roles.moon.machines = { };
};
};
};
};
# This is not an actual vm test, this is a workaround to
# generate the needed vars for the eval test.
testScript = '''';
}
)
# This is not an actual vm test, this is a workaround to
# generate the needed vars for the eval test.
testScript = "";
}

6
clanServices/zerotier/tests/vm/sops/machines/test/key.json
View File

@@ -1,6 +0,0 @@
[
{
"publickey": "age13ahclyps97532zt2sfta5zrfx976d3r2jmctj8d36vj9x5v5ffqq304fqf",
"type": "age"
}
]

15
clanServices/zerotier/tests/vm/sops/secrets/test-age.key/secret
View File

@@ -1,15 +0,0 @@
{
"data": "ENC[AES256_GCM,data:AGYme1x1pE7SVk6HowmIYMN3EHNaZglW97geihpDCkKqArq/zD2IHxbgo8OtXmaNws16i0R6LehWJTL21fVmnAEA9GNZQOE/Y4Q=,iv:Kc3bDcOwJmxHnnlBweUbqDE77VVFZFelEGpmpfBSct8=,tag:m4kzx3nOtexD91kisQafFw==,type:str]",
"sops": {
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTc2Q5NTY1ejl5ODhSOXhv\nVUFrb0xvblErWEY1R0k3UXNBQk5Ja1MwaERVCmdISk1RSGFUL2FRMWlPSFdERjB6\nalltcHZLd21XOVFuaExSRUNQc1VmdjAKLS0tIGg0ZGdvbm9wbC9Jd255cHNmVWxP\nWStOQS9EQW9WQUtLZVp5SDBmM1ByaEEKzviyWc0yLbDMwk/CHhTwntrjA5LX44Wu\nNdlsQG/yfRaqRL1TKZztT9RnX0293gOEZFvoYZasEJJAIeBoZvN6VQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-05-29T13:14:51Z",
"mac": "ENC[AES256_GCM,data:uCk2e5aFHZhttLkIdvDU3KARN7PiHKLtXsqxmuLkZP903XhDTCuj1GH6S0C9UN5LftlaVjCEaqlgx68cCNwTc9bTUnhSdVVjMWy0gjxKZ1Y25YzOMlEmOAk/TZqUvnMn/cUL8KOeBnymPbAeqLm8yATjwsyx5+GrFrIVxwGQzUA=,iv:UMX2Ik0xlcljMZyBhjOpvYcsJCC5Wb6d/rgbTFb+6oM=,tag:HH05tFDzOcRrQ8TTXxrDyw==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
clanServices/zerotier/tests/vm/sops/secrets/test-age.key/users/admin
View File

@@ -1 +0,0 @@
../../../users/admin

1
clanServices/zerotier/tests/vm/vars/shared/wifi.one/network-name/machines/test
View File

@@ -1 +0,0 @@
../../../../../sops/machines/test

19
clanServices/zerotier/tests/vm/vars/shared/wifi.one/network-name/secret
View File

@@ -1,19 +0,0 @@
{
"data": "ENC[AES256_GCM,data:iNOb,iv:24+bKY5u61JYsvLHV8TIUBVmJPV1aX/BJr//c7le68o=,tag:ANCOrzvnukvqyKGf+L8gFQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age13ahclyps97532zt2sfta5zrfx976d3r2jmctj8d36vj9x5v5ffqq304fqf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxN2EwVHN3SENVTjdjZGRi\nQmJOWlNGYmpmM1BnZnpYWGhaSlRaUVJIODFRCkhhMUhyZzVWWk53SDBwSVBVZGVY\nVUpMTm9qWTIzc3VwdGJHcUVWVzFlV0UKLS0tIDBBVXdlS1FFbzNPSnlZWWtEaDJi\nK215OWQvMVRCRUZyQjFZckJFbHBZeDQK2cqgDnGM5uIm834dbQ3bi3nQA5nPq6Bf\n0+sezXuY55GdFS6OxIgI5/KcitHzDE0WHOvklIGDCSysoXIQ3QXanA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0NDB5SVcrU0V6akYwbDlv\na1BuSm5XbjYwN2ZkZWtIcnhBVHBTWGFxd24wCnZTVGlPRm5uZEd3QXYwdFRMS09K\nWWw5N2RJZ3d4N0VDMWZmM2lkYVM4VncKLS0tIGplTDVka1VoUVdXMU9VS3hYSlZ1\nRjZGL25hQWxHWEx3OXdQamJiNG9KaDgKk94uXPuCE/M4Hz/7hVKJPHuzQfbOQi/9\nVfR2i17Hjcq08l68Xzn+DllQEAFdts2fS96Pu4FFKfiLK7INl/fUOg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-05-29T13:15:02Z",
"mac": "ENC[AES256_GCM,data:4beXC5ONY5RLChluoVkklpDnaf/KCjlUzpQkFVSp7vauQmMKeTK40xqfvY5d+64u/OKRTIdc38KQTwhZ0pYzOv1LcJOWbHrGu7XadlALKgyUqKOZy03G2O8y0IF6t/LUK8TaNFnNvNteFsfD36/+wkRaxPJe7MKXGqPhWf6RC78=,iv:FR/PQUZqL3HnyVbW+H1QlZMmgFxA5juSb88wuatIlHM=,tag:parvZw3y9ZHieZ8pmUjCZQ==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
clanServices/zerotier/tests/vm/vars/shared/wifi.one/network-name/users/admin
View File

@@ -1 +0,0 @@
../../../../../sops/users/admin

1
clanServices/zerotier/tests/vm/vars/shared/wifi.one/password/machines/test
View File

@@ -1 +0,0 @@
../../../../../sops/machines/test

19
clanServices/zerotier/tests/vm/vars/shared/wifi.one/password/secret
View File

@@ -1,19 +0,0 @@
{
"data": "ENC[AES256_GCM,data:HHWyM9d6StpKc6uTxg==,iv:blDyfL/xSThCt+dhxeR5eOLa11OsIkbe+w4ReLBv754=,tag:qGHcDXS4DWdUIXUvtLc5XQ==,type:str]",
"sops": {
"age": [
{
"recipient": "age13ahclyps97532zt2sfta5zrfx976d3r2jmctj8d36vj9x5v5ffqq304fqf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdkQyYnQ1UzlCWEFtdnJh\nMWlBK0RGcENTMmRITWM5SSs2Mkt2N0ZKdm5VClNTS0NuR05OVHY3QkFLZWt6bTUx\nMzJLc2Vib1ZUbW1VM0lhYXFFeEhOaEEKLS0tIHVoODVOK3BUU2JDZkJkN2I2Wm1L\nMWM0TUNQazljZS9uWXRKRFlxWmd0clUKg1YhJoRea05c24hCuZKYvqyvjuu965KD\nr4GLtyqQ6wt9sn50Rzx5cAY/Ac684DNFJVZ1RwG1NTB2kmXcVP8SJA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZTA5QXpsOXR3L2FKcnJD\neUxzNVp3M2VQMFFaUUxwNXQ4UTlXa01rR0IwCjkyU2hmdlVYbWY4WUpVK0J1ZC9Q\nRjVkYWlGTlh1MFY3R3FxMEZHODZXMmcKLS0tIFV3bGdvUEtnT21wRWJveEQwdTBV\nbGFUUExBZWR1enQ0c0l0dUY3TnErM3cKutl5cv8dSlpQA7SXUYWJq1M0yLmko/Bx\nUvxxGGLQaK0Mp81Z5mOsjNhcVQrY160AyVnWJ0z39cqOJq9PpXRP+A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-05-29T13:15:02Z",
"mac": "ENC[AES256_GCM,data:Y2FFQevNHSJrEtCmGHQXcpfyof0v2IF8ey79g7EfGj13An4ylhvogsVjRtfMkQvKD5GZykswZgmh+PmKUIzRoc+cvnMLu0iBzleYv+KzpYqtvUpdK0+NQn/4cKOoafajwNV7EuCQh+SkJgSGjNSbMs8xtIb4q9DmJyTcTbG0JQ4=,iv:xmA/cEhl/J0Z+8QR2GFiGWRw4aH/C4HmO+Qd4e25utw=,tag:/hG5S/EmRt8CjAy8DfBoqg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}

1
clanServices/zerotier/tests/vm/vars/shared/wifi.one/password/users/admin
View File

@@ -1 +0,0 @@
../../../../../sops/users/admin

1
flake.nix
View File

@@ -71,6 +71,7 @@
./flakeModules/demo_iso.nix
./lib/filter-clan-core/flake-module.nix
./lib/flake-module.nix
./lib/flake-parts/clan-nixos-test.nix
./nixosModules/clanCore/vars/flake-module.nix
./nixosModules/flake-module.nix
./pkgs/flake-module.nix

33
lib/clanTest/flake-module.nix
View File

@@ -99,10 +99,18 @@ in
machine:
flip mapAttrsToList machine.clan.core.vars.generators (_name: generator: generator.runtimeInputs);
generatorScripts =
machine:
flip mapAttrsToList machine.clan.core.vars.generators (_name: generator: generator.finalScript);
generatorRuntimeInputs = unique (
flatten (flip mapAttrsToList config.nodes (_machineName: machine: inputsForMachine machine))
);
allGeneratorScripts = unique (
flatten (flip mapAttrsToList config.nodes (_machineName: machine: generatorScripts machine))
);
vars-check =
hostPkgs.runCommand "update-vars-check-${testName}"
{
@@ -114,16 +122,19 @@ in
hostPkgs.bubblewrap
];
closureInfo = hostPkgs.closureInfo {
rootPaths = generatorRuntimeInputs ++ [
hostPkgs.bash
hostPkgs.coreutils
hostPkgs.jq.dev
hostPkgs.stdenv
hostPkgs.stdenvNoCC
hostPkgs.shellcheck-minimal
hostPkgs.age
hostPkgs.sops
];
rootPaths =
generatorRuntimeInputs
++ allGeneratorScripts
++ [
hostPkgs.bash
hostPkgs.coreutils
hostPkgs.jq.dev
hostPkgs.stdenv
hostPkgs.stdenvNoCC
hostPkgs.shellcheck-minimal
hostPkgs.age
hostPkgs.sops
];
};
}
''
@@ -277,8 +288,6 @@ in
# Harder to handle advanced setups (like TPM, LUKS, or LVM-on-LUKS) but not needed since we are in a test
# No systemd journal logs from initrd.
boot.initrd.systemd.enable = false;
# make the test depend on its vars-check derivation
environment.variables.CLAN_VARS_CHECK = "${vars-check}";
}
);

94
lib/flake-parts/clan-nixos-test.nix Normal file
View File

@@ -0,0 +1,94 @@
{
lib,
flake-parts-lib,
self,
inputs,
...
}:
let
inherit (lib)
mkOption
types
;
inherit (flake-parts-lib)
mkPerSystemOption
;
nixosLib = import (inputs.nixpkgs + "/nixos/lib") { };
in
{
options = {
perSystem = mkPerSystemOption (
{ config, pkgs, ... }:
let
cfg = config.clan.nixosTests;
in
{
options.clan.nixosTests = mkOption {
description = "Clan NixOS tests configuration";
type = types.attrsOf types.unspecified;
default = { };
};
config.checks = lib.optionalAttrs (pkgs.stdenv.isLinux) (
let
# Build all individual vars-check derivations
varsChecks = lib.mapAttrs' (
name: testModule:
lib.nameValuePair "vars-check-${name}" (
let
test = nixosLib.runTest (
{ ... }:
{
imports = [
self.modules.nixosVmTest.clanTest
testModule
];
hostPkgs = pkgs;
defaults = {
imports = [
{
_module.args.clan-core = self;
}
];
};
}
);
in
test.config.result.vars-check
)
) cfg;
in
lib.mkMerge [
# Add the VM tests as checks
(lib.mapAttrs (
_name: testModule:
nixosLib.runTest (
{ ... }:
{
imports = [
self.modules.nixosVmTest.clanTest
testModule
];
hostPkgs = pkgs;
defaults = {
imports = [
{
_module.args.clan-core = self;
}
];
};
}
)
) cfg)
varsChecks
]
);
}
);
};
}