yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

sshd: migrate to clan.nixosTests module

Browse Source
This commit is contained in:
Jörg Thalheim
2025-06-17 19:32:04 +02:00
parent 2c0c4cf342
commit b5bdf4b0c7
2 changed files with 44 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
clanServices/sshd/flake-module.nix
View File

@@ -1,18 +1,19 @@
{ lib, self, ... }: { lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{ {
clan.modules = { clan.modules = {
sshd = lib.modules.importApply ./default.nix { }; sshd = module;
}; };
perSystem = perSystem =
{ pkgs, ... }: { ... }:
{ {
checks = lib.optionalAttrs (pkgs.stdenv.isLinux) { clan.nixosTests.sshd = {
sshd = import ./tests/vm/default.nix { imports = [ ./tests/vm/default.nix ];
inherit pkgs;
clan-core = self; clan.modules."@clan/sshd" = module;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
};
}; };
}; };

80
clanServices/sshd/tests/vm/default.nix
View File

@@ -1,62 +1,50 @@
{ {
module,
pkgs, pkgs,
nixosLib,
clan-core,
... ...
}: }:
{
name = "sshd";
nixosLib.runTest ( clan = {
{ ... }: directory = ./.;
{ inventory = {
imports = [ machines.server = { };
clan-core.modules.nixosVmTest.clanTest machines.client = { };
];
hostPkgs = pkgs; instances = {
sshd-test = {
name = "sshd"; module.name = "@clan/sshd";
roles.server.machines."server".settings = {
clan = { certificate.searchDomains = [ "example.com" ];
directory = ./.; hostKeys.rsa.enable = true;
modules."@clan/sshd" = ../../default.nix; };
inventory = { roles.client.machines."client".settings = {
machines.server = { }; certificate.searchDomains = [ "example.com" ];
machines.client = { };
instances = {
sshd-test = {
module.name = "@clan/sshd";
roles.server.machines."server".settings = {
certificate.searchDomains = [ "example.com" ];
hostKeys.rsa.enable = true;
};
roles.client.machines."client".settings = {
certificate.searchDomains = [ "example.com" ];
};
}; };
}; };
}; };
}; };
};
nodes = { nodes = {
server = { }; server = { };
client = { }; client = { };
}; };
testScript = '' testScript = ''
start_all() start_all()
# Check that sshd port is open on the server # Check that sshd port is open on the server
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 22") server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 22")
# Check that /etc/ssh/ssh_known_hosts contains the required CA string on the server # Check that /etc/ssh/ssh_known_hosts contains the required CA string on the server
server.succeed("grep '^@cert-authority ssh-ca,\*.example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts") server.succeed("grep '^@cert-authority ssh-ca,\*.example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
# Check that server contains a line starting with 'localhost,server ssh-ed25519' # Check that server contains a line starting with 'localhost,server ssh-ed25519'
server.succeed("grep '^localhost,server ssh-ed25519 ' /etc/ssh/ssh_known_hosts") server.succeed("grep '^localhost,server ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
# Check that /etc/ssh/ssh_known_hosts contains the required CA string on the client # Check that /etc/ssh/ssh_known_hosts contains the required CA string on the client
client.succeed("grep '^.cert-authority ssh-ca.*example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts") client.succeed("grep '^.cert-authority ssh-ca.*example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
''; '';
} }
)