sshd: migrate to clan.nixosTests module

2025-06-17 19:32:04 +02:00
parent 2c0c4cf342
commit b5bdf4b0c7
2 changed files with 44 additions and 55 deletions
--- a/clanServices/sshd/flake-module.nix
+++ b/clanServices/sshd/flake-module.nix
@@ -1,18 +1,19 @@
-{ lib, self, ... }:
+{ lib, ... }:
+let
+  module = lib.modules.importApply ./default.nix { };
+in
 {
  clan.modules = {
-    sshd = lib.modules.importApply ./default.nix { };
+    sshd = module;
  };

  perSystem =
-    { pkgs, ... }:
+    { ... }:
    {
-      checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
-        sshd = import ./tests/vm/default.nix {
-          inherit pkgs;
-          clan-core = self;
-          nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
-        };
+      clan.nixosTests.sshd = {
+        imports = [ ./tests/vm/default.nix ];
+
+        clan.modules."@clan/sshd" = module;
      };
    };

--- a/clanServices/sshd/tests/vm/default.nix
+++ b/clanServices/sshd/tests/vm/default.nix
@@ -1,62 +1,50 @@
 {
+  module,
  pkgs,
-  nixosLib,
-  clan-core,
  ...
 }:
+{
+  name = "sshd";

-nixosLib.runTest (
-  { ... }:
-  {
-    imports = [
-      clan-core.modules.nixosVmTest.clanTest
-    ];
+  clan = {
+    directory = ./.;
+    inventory = {
+      machines.server = { };
+      machines.client = { };

-    hostPkgs = pkgs;
-
-    name = "sshd";
-
-    clan = {
-      directory = ./.;
-      modules."@clan/sshd" = ../../default.nix;
-      inventory = {
-        machines.server = { };
-        machines.client = { };
-
-        instances = {
-          sshd-test = {
-            module.name = "@clan/sshd";
-            roles.server.machines."server".settings = {
-              certificate.searchDomains = [ "example.com" ];
-              hostKeys.rsa.enable = true;
-            };
-            roles.client.machines."client".settings = {
-              certificate.searchDomains = [ "example.com" ];
-            };
+      instances = {
+        sshd-test = {
+          module.name = "@clan/sshd";
+          roles.server.machines."server".settings = {
+            certificate.searchDomains = [ "example.com" ];
+            hostKeys.rsa.enable = true;
+          };
+          roles.client.machines."client".settings = {
+            certificate.searchDomains = [ "example.com" ];
          };
        };
      };
    };
+  };

-    nodes = {
-      server = { };
-      client = { };
-    };
+  nodes = {
+    server = { };
+    client = { };
+  };

-    testScript = ''
-      start_all()
+  testScript = ''
+    start_all()

-      # Check that sshd port is open on the server
-      server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 22")
+    # Check that sshd port is open on the server
+    server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 22")

-      # Check that /etc/ssh/ssh_known_hosts contains the required CA string on the server
-      server.succeed("grep '^@cert-authority ssh-ca,\*.example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
+    # Check that /etc/ssh/ssh_known_hosts contains the required CA string on the server
+    server.succeed("grep '^@cert-authority ssh-ca,\*.example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")

-      # Check that server contains a line starting with 'localhost,server ssh-ed25519'
-      server.succeed("grep '^localhost,server ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
+    # Check that server contains a line starting with 'localhost,server ssh-ed25519'
+    server.succeed("grep '^localhost,server ssh-ed25519 ' /etc/ssh/ssh_known_hosts")

-      # Check that /etc/ssh/ssh_known_hosts contains the required CA string on the client
-      client.succeed("grep '^.cert-authority ssh-ca.*example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
-    '';
-  }
-)
+    # Check that /etc/ssh/ssh_known_hosts contains the required CA string on the client
+    client.succeed("grep '^.cert-authority ssh-ca.*example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
+  '';
+}