yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: yadunut:ke-facts-cli-warning
Branches Tags
yadunut:main yadunut:update-devFlake-clan-core-for-checks yadunut:update-nixpkgs yadunut:push-unvrqnoxxpxs yadunut:push-pmmlnrxvqntt yadunut:push-lxuyokqwsqmr yadunut:check yadunut:ke-docs-testing-container yadunut:push-qxwmroxwwppo yadunut:monitoring-network yadunut:update-nixpkgs-2025-10-20 yadunut:exports-endpoints yadunut:wireguard yadunut:hgl-site yadunut:push-tnkqqznukmkw yadunut:clan-25.05 yadunut:fix-c yadunut:feat/snapshot-tests yadunut:write-access yadunut:ke-fix-cr yadunut:ke-qa-nixpkgs-input yadunut:lopter-lo-fix-error-msg yadunut:hgl-ui-textfield yadunut:zerotier_refactor yadunut:docs-framework yadunut:simplify_http_backend yadunut:test-update-vars yadunut:deps-poc yadunut:vars-docs yadunut:yggdrasil yadunut:ui/fix-install-state-after-install yadunut:revers-update-vars-break yadunut:fix-modules-spagetti yadunut:sachk-main yadunut:pr-5024 yadunut:ke-docs-add-nixos-rebuild-switch yadunut:mdformat yadunut:fix-typography yadunut:serve-json-telegraf yadunut:remove-deprecations yadunut:remove-module-pkgs yadunut:clean-dead-code yadunut:monitoring-service-prometheus yadunut:service-static-hosts yadunut:remove-facts yadunut:vm-mamanger-remove yadunut:cli-clan-inspect yadunut:tor yadunut:terst yadunut:flake-compat yadunut:fix/combobox-form-binding yadunut:docs-options yadunut:init-restic yadunut:migration-docs yadunut:ui/reduce-opacity-sidebar-pane yadunut:migrate-syncthing yadunut:remove-build-clan yadunut:remove-modules-2 yadunut:remove-modules yadunut:nim65s-multi-wifi yadunut:feat/options-styling yadunut:clan-autorefresh yadunut:assertions yadunut:push-uymllnlsszzv yadunut:ke-facts-cli-warning yadunut:module-migration-add-warning yadunut:update-devFlake-private-nixpkgs-dev yadunut:update-templates-services-2 yadunut:ke-disko-shell-completions yadunut:templates-2 yadunut:prep-ui-version2 yadunut:try-fix-flash-test yadunut:pr-4283-generate_test_vars-fix-it yadunut:ssh-proxy yadunut:pr-3785 yadunut:vars-new yadunut:update-templates-again yadunut:revert-delete-state-version yadunut:speed-up-vars-check yadunut:agit-4042 yadunut:generate-test-vars-precache yadunut:kenji/ke-fix-ssh-deploy yadunut:fix-users yadunut:ssh-fix yadunut:remove-auto-upgrade yadunut:fix-flake-cache-chroot yadunut:nix_transform_host_options yadunut:push-trllkluxupnn yadunut:migrate-postgresql yadunut:feat/terminal-ui-component yadunut:feat/clan-uri-in-route yadunut:admin-migrate-service yadunut:pinned-clan-core yadunut:improve-container yadunut:Qubasa-replace_machine_name_with_machine_obj yadunut:control-master yadunut:check-the-checks yadunut:updated yadunut:validation-hash yadunut:push-wqqzvqtllpmt yadunut:Qubasa-main yadunut:enable-more-macos yadunut:p2p-updates yadunut:lassulus yadunut:Qubasa-debugging-docs yadunut:options-warnings yadunut:vars-deploy-test yadunut:init/manpage yadunut:a-kenji-improve/editor yadunut:complete-clan-modules yadunut:clan/cli/facts-noisy-1443 yadunut:clan/examples yadunut:init/editors yadunut:add-pre-commit yadunut:feat/clan-install-json yadunut:init/manpages yadunut:a-kenji-clan/install yadunut:init/flatpak yadunut:clana
yadunut:ui-version1 yadunut:demo-v2.2 yadunut:demo-v2.1 yadunut:demo-v2.0 yadunut:demo-v1.1 yadunut:demo-v1.0
..
compare: yadunut:fix-users
Branches Tags
yadunut:main yadunut:update-devFlake-clan-core-for-checks yadunut:update-nixpkgs yadunut:push-unvrqnoxxpxs yadunut:push-pmmlnrxvqntt yadunut:push-lxuyokqwsqmr yadunut:check yadunut:ke-docs-testing-container yadunut:push-qxwmroxwwppo yadunut:monitoring-network yadunut:update-nixpkgs-2025-10-20 yadunut:exports-endpoints yadunut:wireguard yadunut:hgl-site yadunut:push-tnkqqznukmkw yadunut:clan-25.05 yadunut:fix-c yadunut:feat/snapshot-tests yadunut:write-access yadunut:ke-fix-cr yadunut:ke-qa-nixpkgs-input yadunut:lopter-lo-fix-error-msg yadunut:hgl-ui-textfield yadunut:zerotier_refactor yadunut:docs-framework yadunut:simplify_http_backend yadunut:test-update-vars yadunut:deps-poc yadunut:vars-docs yadunut:yggdrasil yadunut:ui/fix-install-state-after-install yadunut:revers-update-vars-break yadunut:fix-modules-spagetti yadunut:sachk-main yadunut:pr-5024 yadunut:ke-docs-add-nixos-rebuild-switch yadunut:mdformat yadunut:fix-typography yadunut:serve-json-telegraf yadunut:remove-deprecations yadunut:remove-module-pkgs yadunut:clean-dead-code yadunut:monitoring-service-prometheus yadunut:service-static-hosts yadunut:remove-facts yadunut:vm-mamanger-remove yadunut:cli-clan-inspect yadunut:tor yadunut:terst yadunut:flake-compat yadunut:fix/combobox-form-binding yadunut:docs-options yadunut:init-restic yadunut:migration-docs yadunut:ui/reduce-opacity-sidebar-pane yadunut:migrate-syncthing yadunut:remove-build-clan yadunut:remove-modules-2 yadunut:remove-modules yadunut:nim65s-multi-wifi yadunut:feat/options-styling yadunut:clan-autorefresh yadunut:assertions yadunut:push-uymllnlsszzv yadunut:ke-facts-cli-warning yadunut:module-migration-add-warning yadunut:update-devFlake-private-nixpkgs-dev yadunut:update-templates-services-2 yadunut:ke-disko-shell-completions yadunut:templates-2 yadunut:prep-ui-version2 yadunut:try-fix-flash-test yadunut:pr-4283-generate_test_vars-fix-it yadunut:ssh-proxy yadunut:pr-3785 yadunut:vars-new yadunut:update-templates-again yadunut:revert-delete-state-version yadunut:speed-up-vars-check yadunut:agit-4042 yadunut:generate-test-vars-precache yadunut:kenji/ke-fix-ssh-deploy yadunut:fix-users yadunut:ssh-fix yadunut:remove-auto-upgrade yadunut:fix-flake-cache-chroot yadunut:nix_transform_host_options yadunut:push-trllkluxupnn yadunut:migrate-postgresql yadunut:feat/terminal-ui-component yadunut:feat/clan-uri-in-route yadunut:admin-migrate-service yadunut:pinned-clan-core yadunut:improve-container yadunut:Qubasa-replace_machine_name_with_machine_obj yadunut:control-master yadunut:check-the-checks yadunut:updated yadunut:validation-hash yadunut:push-wqqzvqtllpmt yadunut:Qubasa-main yadunut:enable-more-macos yadunut:p2p-updates yadunut:lassulus yadunut:Qubasa-debugging-docs yadunut:options-warnings yadunut:vars-deploy-test yadunut:init/manpage yadunut:a-kenji-improve/editor yadunut:complete-clan-modules yadunut:clan/cli/facts-noisy-1443 yadunut:clan/examples yadunut:init/editors yadunut:add-pre-commit yadunut:feat/clan-install-json yadunut:init/manpages yadunut:a-kenji-clan/install yadunut:init/flatpak yadunut:clana
yadunut:ui-version1 yadunut:demo-v2.2 yadunut:demo-v2.1 yadunut:demo-v2.0 yadunut:demo-v1.1 yadunut:demo-v1.0

1 Commits
ke-facts-c ... fix-users

Author SHA1 Message Date
pinpox
524f790dbb Fix for users service 2025-06-27 09:51:42 +02:00
745 changed files with 20758 additions and 16282 deletions
Expand all files Collapse all files

75
.gitea/workflows/create-pr.sh
View File

@@ -1,75 +0,0 @@
#!/usr/bin/env bash
# Shared script for creating pull requests in Gitea workflows
set -euo pipefail
# Required environment variables:
# - CI_BOT_TOKEN: Gitea bot token for authentication
# - PR_BRANCH: Branch name for the pull request
# - PR_TITLE: Title of the pull request
# - PR_BODY: Body/description of the pull request
if [[ -z "${CI_BOT_TOKEN:-}" ]]; then
echo "Error: CI_BOT_TOKEN is not set" >&2
exit 1
fi
if [[ -z "${PR_BRANCH:-}" ]]; then
echo "Error: PR_BRANCH is not set" >&2
exit 1
fi
if [[ -z "${PR_TITLE:-}" ]]; then
echo "Error: PR_TITLE is not set" >&2
exit 1
fi
if [[ -z "${PR_BODY:-}" ]]; then
echo "Error: PR_BODY is not set" >&2
exit 1
fi
# Push the branch
git push origin "+HEAD:${PR_BRANCH}"
# Create pull request
resp=$(nix run --inputs-from . nixpkgs#curl -- -X POST \
-H "Authorization: token $CI_BOT_TOKEN" \
-H "Content-Type: application/json" \
-d "{
\"head\": \"${PR_BRANCH}\",
\"base\": \"main\",
\"title\": \"${PR_TITLE}\",
\"body\": \"${PR_BODY}\"
}" \
"https://git.clan.lol/api/v1/repos/clan/clan-core/pulls")
pr_number=$(echo "$resp" | jq -r '.number')
if [[ "$pr_number" == "null" ]]; then
echo "Error creating pull request:" >&2
echo "$resp" | jq . >&2
exit 1
fi
echo "Created pull request #$pr_number"
# Merge when checks succeed
while true; do
resp=$(nix run --inputs-from . nixpkgs#curl -- -X POST \
-H "Authorization: token $CI_BOT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"Do": "merge",
"merge_when_checks_succeed": true,
"delete_branch_after_merge": true
}' \
"https://git.clan.lol/api/v1/repos/clan/clan-core/pulls/$pr_number/merge")
msg=$(echo "$resp" | jq -r '.message')
if [[ "$msg" != "Please try again later" ]]; then
break
fi
echo "Retrying in 2 seconds..."
sleep 2
done
echo "Pull request #$pr_number merge initiated"

37
.gitea/workflows/update-clan-core-for-checks.yml
View File

@@ -19,10 +19,35 @@ jobs:
run: | run: |
export GIT_AUTHOR_NAME=clan-bot GIT_AUTHOR_EMAIL=clan-bot@clan.lol GIT_COMMITTER_NAME=clan-bot GIT_COMMITTER_EMAIL=clan-bot@clan.lol export GIT_AUTHOR_NAME=clan-bot GIT_AUTHOR_EMAIL=clan-bot@clan.lol GIT_COMMITTER_NAME=clan-bot GIT_COMMITTER_EMAIL=clan-bot@clan.lol
git commit -am "Update pinned clan-core for checks" git commit -am "Update pinned clan-core for checks"
git push origin +HEAD:update-clan-core-for-checks
set -x
resp=$(nix run --inputs-from . nixpkgs#curl -- -X POST \
-H "Authorization: token $CI_BOT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"head": "update-clan-core-for-checks",
"base": "main",
"title": "Update Clan Core for Checks",
"body": "This PR updates the pinned clan-core flake input that is used for checks."
}' \
"https://git.clan.lol/api/v1/repos/clan/clan-core/pulls")
pr_number=$(echo "$resp" | jq -r '.number')
# Use shared PR creation script # Merge when succeed
export PR_BRANCH="update-clan-core-for-checks" while true; do
export PR_TITLE="Update Clan Core for Checks" resp=$(nix run --inputs-from . nixpkgs#curl -- -X POST \
export PR_BODY="This PR updates the pinned clan-core flake input that is used for checks." -H "Authorization: token $CI_BOT_TOKEN" \
-H "Content-Type: application/json" \
./.gitea/workflows/create-pr.sh -d '{
"Do": "merge",
"merge_when_checks_succeed": true,
"delete_branch_after_merge": true
}' \
"https://git.clan.lol/api/v1/repos/clan/clan-core/pulls/$pr_number/merge")
msg=$(echo $resp | jq -r '.message')
if [[ "$msg" != "Please try again later" ]]; then
break
fi
echo "Retrying in 2 seconds..."
sleep 2
done

40
.gitea/workflows/update-private-flake-inputs.yml
View File

@@ -1,40 +0,0 @@
name: "Update private flake inputs"
on:
repository_dispatch:
workflow_dispatch:
schedule:
- cron: "0 3 * * *" # Run daily at 3 AM
jobs:
update-private-flake:
runs-on: nix
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Update private flake inputs
run: |
# Update the private flake lock file
cd devFlake/private
nix flake update
cd ../..
# Update the narHash
bash ./devFlake/update-private-narhash
- name: Create pull request
env:
CI_BOT_TOKEN: ${{ secrets.CI_BOT_TOKEN }}
run: |
export GIT_AUTHOR_NAME=clan-bot GIT_AUTHOR_EMAIL=clan-bot@clan.lol GIT_COMMITTER_NAME=clan-bot GIT_COMMITTER_EMAIL=clan-bot@clan.lol
# Check if there are any changes
if ! git diff --quiet; then
git add devFlake/private/flake.lock devFlake/private.narHash
git commit -m "Update dev flake"
# Use shared PR creation script
export PR_BRANCH="update-dev-flake"
export PR_TITLE="Update dev flake"
export PR_BODY="This PR updates the dev flake inputs and corresponding narHash."
else
echo "No changes detected in dev flake inputs"
fi

14
checks/backups/flake-module.nix
View File

@@ -19,11 +19,11 @@
... ...
}: }:
let let
dependencies = dependencies = [
[ self
pkgs.stdenv.drvPath pkgs.stdenv.drvPath
] self.clan.clanInternals.machines.${pkgs.hostPlatform.system}.test-backup.config.system.clan.deployment.file
++ builtins.map (i: i.outPath) (builtins.attrValues (builtins.removeAttrs self.inputs [ "self" ])); ] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
closureInfo = pkgs.closureInfo { rootPaths = dependencies; }; closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in in
{ {
@@ -151,8 +151,8 @@
in in
{ {
checks = pkgs.lib.mkIf pkgs.stdenv.isLinux { checks = pkgs.lib.mkIf pkgs.stdenv.isLinux {
nixos-test-backups = self.clanLib.test.containerTest { backups = self.clanLib.test.containerTest {
name = "nixos-test-backups"; name = "backups";
nodes.machine = { nodes.machine = {
imports = imports =
[ [

20
checks/borgbackup/default.nix
View File

@@ -13,7 +13,7 @@ nixosLib.runTest (
hostPkgs = pkgs; hostPkgs = pkgs;
name = "service-borgbackup"; name = "borgbackup";
clan = { clan = {
directory = ./.; directory = ./.;
@@ -28,7 +28,6 @@ nixosLib.runTest (
borgone = { borgone = {
module.name = "@clan/borgbackup"; module.name = "@clan/borgbackup";
module.input = "self";
roles.client.machines."clientone" = { }; roles.client.machines."clientone" = { };
roles.server.machines."serverone".settings.directory = "/tmp/borg-test"; roles.server.machines."serverone".settings.directory = "/tmp/borg-test";
@@ -47,6 +46,14 @@ nixosLib.runTest (
clientone = clientone =
{ config, pkgs, ... }: { config, pkgs, ... }:
let
dependencies = [
clan-core
pkgs.stdenv.drvPath
] ++ builtins.map (i: i.outPath) (builtins.attrValues clan-core.inputs);
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in
{ {
services.openssh.enable = true; services.openssh.enable = true;
@@ -57,6 +64,15 @@ nixosLib.runTest (
environment.systemPackages = [ clan-core.packages.${pkgs.system}.clan-cli ]; environment.systemPackages = [ clan-core.packages.${pkgs.system}.clan-cli ];
environment.etc.install-closure.source = "${closureInfo}/store-paths";
nix.settings = {
substituters = pkgs.lib.mkForce [ ];
hashed-mirrors = null;
connect-timeout = pkgs.lib.mkForce 3;
flake-registry = pkgs.writeText "flake-registry" ''{"flakes":[],"version":2}'';
};
system.extraDependencies = dependencies;
clan.core.state.test-backups.folders = [ "/var/test-backups" ]; clan.core.state.test-backups.folders = [ "/var/test-backups" ];
}; };

4
checks/clan-core-for-checks.nix
View File

@@ -1,6 +1,6 @@
{ fetchgit }: { fetchgit }:
fetchgit { fetchgit {
url = "https://git.clan.lol/clan/clan-core.git"; url = "https://git.clan.lol/clan/clan-core.git";
rev = "eea93ea22c9818da67e148ba586277bab9e73cea"; rev = "28131afbbcd379a8ff04c79c66c670ef655ed889";
sha256 = "sha256-PV0Z+97QuxQbkYSVuNIJwUNXMbHZG/vhsA9M4cDTCOE="; sha256 = "1294cwjlnc341fl6zbggn4rgq8z33gqkcyggjfvk9cf7zdgygrf6";
} }

89
checks/data-mesher/default.nix Normal file
View File

@@ -0,0 +1,89 @@
{
pkgs,
nixosLib,
clan-core,
lib,
...
}:
let
machines = [
"admin"
"peer"
"signer"
];
in
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosTest.clanTest
];
hostPkgs = pkgs;
name = "data-mesher";
clan = {
directory = ./.;
inventory = {
machines = lib.genAttrs machines (_: { });
services = {
data-mesher.default = {
roles.peer.machines = [ "peer" ];
roles.admin.machines = [ "admin" ];
roles.signer.machines = [ "signer" ];
};
};
};
};
defaults =
{ config, ... }:
{
environment.systemPackages = [
config.services.data-mesher.package
];
clan.data-mesher.network.interface = "eth1";
clan.data-mesher.bootstrapNodes = [
"[2001:db8:1::1]:7946" # peer1
"[2001:db8:1::2]:7946" # peer2
];
# speed up for testing
services.data-mesher.settings = {
cluster.join_interval = lib.mkForce "2s";
cluster.push_pull_interval = lib.mkForce "5s";
};
};
nodes = {
admin.clan.data-mesher.network.tld = "foo";
};
# TODO Add better test script.
testScript = ''
def resolve(node, success = {}, fail = [], timeout = 60):
for hostname, ips in success.items():
for ip in ips:
node.wait_until_succeeds(f"getent ahosts {hostname} | grep {ip}", timeout)
for hostname in fail:
node.wait_until_fails(f"getent ahosts {hostname}")
start_all()
admin.wait_for_unit("data-mesher")
signer.wait_for_unit("data-mesher")
peer.wait_for_unit("data-mesher")
# check dns resolution
for node in [admin, signer, peer]:
resolve(node, {
"admin.foo": ["2001:db8:1::1", "192.168.1.1"],
"peer.foo": ["2001:db8:1::2", "192.168.1.2"],
"signer.foo": ["2001:db8:1::3", "192.168.1.3"]
})
'';
}
)

4
checks/data-mesher/sops/machines/admin/key.json Executable file
View File

@@ -0,0 +1,4 @@
{
"publickey": "age10zxkj45fah3qa8uyg3a36jsd06d839xfq64nrez9etrsf4km0gtsp45gsz",
"type": "age"
}

4
checks/data-mesher/sops/machines/peer/key.json Executable file
View File

@@ -0,0 +1,4 @@
{
"publickey": "age1faqrml2ukc6unfm75d3v2vnaf62v92rdxaagg3ty3cfna7vt99gqlzs43l",
"type": "age"
}

4
checks/data-mesher/sops/machines/signer/key.json Executable file
View File

@@ -0,0 +1,4 @@
{
"publickey": "age153mke8v2qksyqjc7vta7wglzdqr5epazt83nch0ur5v7kl87cfdsr07qld",
"type": "age"
}

20
checks/data-mesher/sops/secrets/admin-age.key/secret Normal file
View File

@@ -0,0 +1,20 @@
{
"data": "ENC[AES256_GCM,data:7xyb6WoaN7uRWEO8QRkBw7iytP5hFrA94VRi+sy/UhzqT9AyDPmxB/F8ASFsBbzJUwi0Oqd2E1CeIYRoDhG7JHnDyL2bYonz2RQ=,iv:slh3x774m6oTHAXFwcen1qF+jEchOKCyNsJMbNhqXHE=,tag:wtK8H8PZCESPA1vZCd7Ptw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTzZ4RTVNb2I1MTBRMEcy\neU1Eek9GakkydEJBVm9kR3AyY1pEYkorNUYwCkh2WHhNQmc1eWI2cCtEUFFWdzJq\nS0FvQWtoOFkzRVBxVzhuczc0aVprbkkKLS0tIFRLdmpnbzY1Uk9LdklEWnQzZHM2\nVEx3dzhMSnMwaWE0V0J6VTZ5ZVFYMjgKdaICa/hprHxhH89XD7ri0vyTT4rM+Si0\niHcQU4x64dgoJa4gKxgr4k9XncjoNEjJhxL7i/ZNZ5deaaLRn5rKMg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-08T13:24:55Z",
"mac": "ENC[AES256_GCM,data:TJWDHGSRBfOCW8Q+t3YxG3vlpf9a5u7B27AamnOk95huqIv0htqWV3RuV7NoOZ5v2ijqSe/pLfpwrmtdhO2sUBEvhdhJm8UzLShP7AbH9lxV+icJOsY7VSrp+R5W526V46ONP6p47b7fOQBbp03BMz01G191N68WYOf6k2arGxU=,iv:nEyTBwJ2EA+OAl8Ulo5cvFX6Ow2FwzTWooF/rdkPiXg=,tag:oYcG16zR+Fb5XzVsHhq2Qw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}

0
checks/service-dummy-test-from-flake/sops/secrets/admin1-age.key/users/admin → checks/data-mesher/sops/secrets/admin-age.key/users/admin
View File

20
checks/data-mesher/sops/secrets/peer-age.key/secret Normal file
View File

@@ -0,0 +1,20 @@
{
"data": "ENC[AES256_GCM,data:JOOhvl0clDD/b5YO45CXR3wVopBSNe9dYBG+p5iD+nniN2OgOwBgYPNSCVtc+NemqutD12hFUSfCzXidkv0ijhD1JZeLar9Ygxc=,iv:XctQwSYSvKhDRk/XMacC9uMydZ8e9hnhpoWTgyXiFI0=,tag:foAhBlg4DwpQU2G9DzTo5g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBVWMvWkp5TnZQcGs5Ykhp\nWC91YkoyZERqdXpxQm5JVmRhaUhueEJETDJVCkM4V0hSYldkV1U2Q0d1TGh3eGNR\nVjJ1VFd6ZEN0SXZjSVEvcnV2WW0vbVUKLS0tIFRCNW9nWHdYaUxLSVVUSXM0OGtN\nVFMzRXExNkYxcFE3QWlxVUM3ay9INm8KV6r8ftpwarly3qXoU9y8KxKrUKLvP9KX\nGsP0pORsaM+qPMsdfEo35CqhAeQu0+6DWd7/67+fUMp6Jr0DthtTmg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-08T13:25:28Z",
"mac": "ENC[AES256_GCM,data:scY9+/fcXhfHEdrsZJLOM6nfjpRaURgTVbCRepUjhUo24B4ByEsAo2B8psVAaGEHEsFRZuoiByqrGzKhyUASmUs+wn+ziOKBTLzu55fOakp8PWYtQ4miiz2TQffp80gCQRJpykcbUgqIKXNSNutt4tosTBL7osXwCEnEQWd+SaA=,iv:1VXNvLP6DUxZYEr1juOLJmZCGbLp33DlwhxHQV9AMD4=,tag:uFM1R8OmkFS74/zkUG0k8A==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}

0
checks/service-dummy-test-from-flake/sops/secrets/peer1-age.key/users/admin → checks/data-mesher/sops/secrets/peer-age.key/users/admin
View File

20
checks/data-mesher/sops/secrets/signer-age.key/secret Normal file
View File

@@ -0,0 +1,20 @@
{
"data": "ENC[AES256_GCM,data:i1YBJdK8XmWnVnZKBpmWggSN8JSOr8pm2Zx+CeE8qqeLZ7xwMO8SYCutM8l94M5vzmmX0CmwzeMZ/JVPbEwFd3ZAImUfh685HOY=,iv:N4rHNaX+WmoPb0EZPqMt+CT1BzaWO9LyoemBxKn+u/s=,tag:PnzSvdGwVnTMK8Do8VzFaQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RXlmcVNGTnlkY2ZqZFlH\nVnh0eHhRNE5hRDNDVkt0TEE0bmRNN2JIVkN3CkxnaGM4Y3M3a0xoK2xMRzBLMHRV\nT1FzKzNRMFZOeWc2K3E5K2FzdUsvWmsKLS0tIENtVlFSWElHN3RtOUY2alhxajhs\naXI1MmR4WC9EVGVFK3dHM1gvVnlZMVUKCyLz0DkdbWfSfccShO1xjWfxhunEIbD0\n6imeIBhZHvVJmZLXnVl7B0pNXo6be7WSBMAUM9gUtCNh4zaChBNwGw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-08T13:25:52Z",
"mac": "ENC[AES256_GCM,data:WFGysoXN95e/RxL094CoL4iueqEcSqCSQZLahwz9HMLi+8HWZIXr55a+jyK7piqR8nBS4BquU5fKhlC6BvEbZFt69t4onTA+LxS3D7A8/TO0CWS0RymUjW9omJUseRQWwAHtE7l0qI5hdOUKhQ+o5pU+2bc3PUlaONM0aOCCoFo=,iv:l1f4aVqLl5VAMfjNxDbxQEQp/qY/nxzgv2GTuPVBoBA=,tag:4PPDCmDrviqdn42RLHQYbA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}

0
checks/service-dummy-test/sops/secrets/admin1-age.key/users/admin → checks/data-mesher/sops/secrets/signer-age.key/users/admin
View File

0
checks/service-dummy-test-from-flake/sops/users/admin/key.json → checks/data-mesher/sops/users/admin/key.json
View File

0
clanServices/data-mesher/tests/vm/vars/per-machine/admin/data-mesher-host-key/private_key/machines/admin → checks/data-mesher/vars/per-machine/admin/data-mesher-host-key/private_key/machines/admin
View File

24
checks/data-mesher/vars/per-machine/admin/data-mesher-host-key/private_key/secret Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:w3bU23Pfe8W89lF+tOmEYPU/A4FkY6n7rgQ6yo+eqCJFxTyHydV6Mg4/g4jaL+4wwIqNYRiMR8J8jLhSvw3Bc59u7Ul+RGwdpiKoBBJfsHjO8r6uOz2u9Raa+iUJH1EJWmGvsQXAILpliZ+klS96VWnGN3pYMEI=,iv:7QbUxta6NPQLZrh6AOcNe+0wkrADuTI9VKVp8q+XoZ8=,tag:ZH0t3RylfQk5U23ZHWaw0g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age10zxkj45fah3qa8uyg3a36jsd06d839xfq64nrez9etrsf4km0gtsp45gsz",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaTBoSFJVSTdZeW4wZG9p\nWFR1LzVmYS8xWmRqTlNtWFVkSW9jZXpVejJBCkpqZm12L1dDSmNhekVsK1JBOU9r\nZThScGdDakFlRzNsVXp1eE5yOStFSW8KLS0tIFRrTkZBQlRsR2VNcUJvNEkzS2pw\nNksvM296UkFWTkZDVVp1ZVZMNUs4cWsKWTteB1G9Oo38a81PeqKO09NUQetuqosC\nhrToQ6NMo5O7/StmVG228MHbJS3KLXsvh2AFOEPyZrbpB2Opd2wwoA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6U2FWRThRNkVQdk9yZ0VE\nM09iSVhmeldMcDZVaFRDNGtjWTdBa0VIT2pJCkdtd04xSXdicDY3OHI1WXl5TndB\nemtQeW1SS2tVVllPUHhLUTRla3haZGMKLS0tIGN0NVNEN3RKeWM0azBBMnBpQU4r\nTFFzQ0lOcGt0ek9UZmZZRjhibTNTc0EKReUwYBVM1NKX0FD/ZeokFAAknwju5Azq\nGzl4UVJBi5Es0GWORdCGElPXMd7jMud1SwgY04AdZj/dzinCSW4CZw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-08T13:25:10Z",
"mac": "ENC[AES256_GCM,data:0vl9Gt4QeH+GJcnl8FuWSaqQXC8S6Pe50NmeDg5Nl2NWagz8aLCvOFyTqX/Icp/bTi1XQ5icHHhF3YhM+QAvdUL3aO0WGbh92dPRnFuvlZsdtwCFhT+LyHyYHFf6yP+0h/uFpJv9fE6xY22CezA6ZVQ8ywi1epaC548Gr27uVe4=,iv:G4hZVCLkIpbg9uwB7Y8xtHLdnlmBvFrPjxSoqdyHNvM=,tag:uvKwakhUY2aa7v0tmR/o8A==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}

0
checks/service-dummy-test-from-flake/vars/per-machine/admin1/dummy-generator/generated-password/users/admin → checks/data-mesher/vars/per-machine/admin/data-mesher-host-key/private_key/users/admin
View File

3
checks/data-mesher/vars/per-machine/admin/data-mesher-host-key/public_key/value Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAm204bpSFi4jOjZuXDpIZ/rcJBrbG4zAc7OSA4rAVSYE=
-----END PUBLIC KEY-----

0
clanServices/data-mesher/tests/vm/vars/per-machine/peer/data-mesher-host-key/private_key/machines/peer → checks/data-mesher/vars/per-machine/peer/data-mesher-host-key/private_key/machines/peer
View File

24
checks/data-mesher/vars/per-machine/peer/data-mesher-host-key/private_key/secret Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:kERPY40pyvke0mRBnafa4zOaF46rbueRbhpUCXjYP5ORpC7zoOhbdlVBhOsPqE2vfEP4RWkH+ZPdDYXOKXwotBCmlq2i7TfZeoNXFkzWXc3GyM5mndnjCc8hvYEQF1w6xkkVSUt4n06BAw/gT0ppz+vo5dExIA8=,iv:JmYD2o4DGqds6DV7ucUmUD0BRB61exbRsNAtINOR8cQ=,tag:Z58gVnHD+4s21Z84IRw+Vw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1faqrml2ukc6unfm75d3v2vnaf62v92rdxaagg3ty3cfna7vt99gqlzs43l",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4OFluVThBdUJSTmRVTk94\neFZnLytvcnNSdmQvR3ZkT2UvWFVieFV1SUFNCm9jWHlyZXRwaVdFaG9ocnd4S3FU\ndTZ2dklBbkFVL0hVT0Y2L1o5dnUyNG8KLS0tIGFvYlBJR3l2b3F6OU9uMTFkYjli\nNVFLOWQzOStpU2kzb0xyZUFCMnBmMVUK5Jzssf1XBX25bq0RKlJY8NwtKIytxL/c\nBPPFDZywJiUgw1izsdfGVkRhhSFCQIz+yWIJWzr01NU2jLyFjSfCNw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYW92c3Q4SktwSnJ1TkRJ\nZEJyZk96cG8ybkpPQzYzVk0xZGs0eCtISVR3CmhDaWxTem1FMjJKNmZNaTkxN01n\nenUvdFI1UkFmL1lzNlM5N0Ixd0dpc1EKLS0tIHpyS2VHaHRRdUovQVgvRmRHaXh3\naFpSNURjTWkxaW9TOXpKL2IvcUFEbmMKq4Ch7DIL34NetFV+xygTdcpQjjmV8v1n\nlvYcjUO/9c3nVkxNMJYGjuxFLuFc4Gw+AyawCjpsIYXRskYRW4UR1w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-08T13:25:43Z",
"mac": "ENC[AES256_GCM,data:YhL2d6i0VpUd15B4ow2BgRpyEm0KEA8NSb7jZcjI58d7d4lAqBMcDQB+8a9e2NZbPk8p1EYl3q4VXbEnuwsJiPZI2kabRusy/IGoHzUTUMFfVaOuUcC0eyINNVSmzJxnCbLCAA1Aj1yXzgRQ0MWr7r0RHMKw0D1e0HxdEsuAPrA=,iv:yPlMmE6+NEEQ9uOZzD3lUTBcfUwGX/Ar+bCu0XKnjIg=,tag:eR22BCFVAlRHdggg9oCeaA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}

0
checks/service-dummy-test-from-flake/vars/per-machine/peer1/dummy-generator/generated-password/users/admin → checks/data-mesher/vars/per-machine/peer/data-mesher-host-key/private_key/users/admin
View File

3
checks/data-mesher/vars/per-machine/peer/data-mesher-host-key/public_key/value Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAv5dICFue2fYO0Zi1IyfYjoNfR6713WpISo7+2bSjL18=
-----END PUBLIC KEY-----

0
clanServices/data-mesher/tests/vm/vars/per-machine/signer/data-mesher-host-key/private_key/machines/signer → checks/data-mesher/vars/per-machine/signer/data-mesher-host-key/private_key/machines/signer
View File

24
checks/data-mesher/vars/per-machine/signer/data-mesher-host-key/private_key/secret Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:U8F7clQ2Tuj8zy5EoEga/Mc9N3LLZrlFf5m7UJKrP5yybFRCJSBs05hOcNe+LQZdEAvvr0Qbkry1pQyE84gCVbxHvwkD+l3GbguBuLMsW96bHcmstb6AvZyhMDBpm73Azf4lXhNaiB8p2pDWdxV77E+PPw1MNYI=,iv:hQhN6Ak8tB6cXSCnTmmQqHEpXWpWck3uIVCk5pUqFqU=,tag:uC4ljcs92WPlUOfwSkrK9Q==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age153mke8v2qksyqjc7vta7wglzdqr5epazt83nch0ur5v7kl87cfdsr07qld",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvV05lejQrdUQvQjZPOG9v\nZ01naXlYZ1JxWHhDT1M1aUs1RWJDSU1acVFFCmdHY094aGRPYWxpdVVxSFVHRU9v\nNnVaeTlpSEdtSWRDMmVMSjdSOEQ4ZlEKLS0tIFo5NVk2bzBxYjZ5ZWpDWTMrQ2VF\nVThWUk0rVXpTY2svSCtiVDhTQ2kvbFkKEM2DBuFtdEj1G/vS1TsyIfQxSFFvPTDq\nCmO7L/J5lHdyfIXzp/FlhdKpjvmchb8gbfJn7IWpKopc7Zimy/JnGQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNzVUaHkzUzVEMlh1Q3Qr\nOEo0aDJIMG91amJiZG50MEhqblRCTWxRRVVRCk4xZlp4SkJuUHc2UnFyU1prczkz\nNGtlQlRlNnBDRFFvUGhReTh6MTBZaXMKLS0tIGxtaXhUMDM0RU4yQytualdzdTFt\nWGRiVG54MnYrR2lqZVZoT0VkbmV5WUUKbzAnOkn8RYOo7z4RISQ0yN875vSEQMDa\nnnttzVrQuK0/iZvzJ0Zq8U9+JJJKvFB1tHqye6CN0zMbv55CLLnA0g==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-08T13:26:07Z",
"mac": "ENC[AES256_GCM,data:uMss4+BiVupFqX7nHnMo+0yZ8RPuFD8VHYK2EtJSqzgurQrZVT4tJwY50mz2gVmwbrm49QYKk5S+H29DU0cM0HiEOgB5P5ObpXTRJPagWQ48CEFrDpBzLplobxulwnN6jJ1dpL3JF3jfrzrnSDFXMvx+n5x/86/AYXYRsi/UeyY=,iv:mPT1svKrNGmYpbL9hh2Bxxakml69q+U6gQ0ZnEcbEyg=,tag:zcZx1lTw/bEsX/1g+6T04g==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}

0
checks/service-dummy-test-from-flake/vars/per-machine/peer1/new-service/a-secret/users/admin → checks/data-mesher/vars/per-machine/signer/data-mesher-host-key/private_key/users/admin
View File

3
checks/data-mesher/vars/per-machine/signer/data-mesher-host-key/public_key/value Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAeUkW5UIwA1svbNY71ePyJKX68UhxrqIUGQ2jd06w5WM=
-----END PUBLIC KEY-----

0
clanServices/data-mesher/tests/vm/vars/shared/data-mesher-network-key/private_key/machines/admin → checks/data-mesher/vars/shared/data-mesher-network-key/private_key/machines/admin
View File

0
clanServices/data-mesher/tests/vm/vars/shared/data-mesher-network-key/private_key/machines/peer → checks/data-mesher/vars/shared/data-mesher-network-key/private_key/machines/peer
View File

0
clanServices/data-mesher/tests/vm/vars/shared/data-mesher-network-key/private_key/machines/signer → checks/data-mesher/vars/shared/data-mesher-network-key/private_key/machines/signer
View File

32
checks/data-mesher/vars/shared/data-mesher-network-key/private_key/secret Normal file
View File

@@ -0,0 +1,32 @@
{
"data": "ENC[AES256_GCM,data:nRlCMF58cnkdUAE2aVHEG1+vAckKtVt48Jr21Bklfbsqe1yTiHPFAMLL1ywgWWWd7FjI/Z8WID9sWzh9J8Vmotw4aJWU/rIQSeF8cJHALvfOxarJIIyb7purAiPoPPs6ggGmSmVFGB1aw8kH1JMcppQN8OItdQM=,iv:qTwaL2mgw6g7heN/H5qcjei3oY+h46PdSe3v2hDlkTs=,tag:jYNULrOPl9mcQTTrx1SDeA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age153mke8v2qksyqjc7vta7wglzdqr5epazt83nch0ur5v7kl87cfdsr07qld",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRcG44cGFBWXk2Z0pmNklv\nTnJ5b0svLytzZmNNRkxCVU1zaDVhNUs2cld3CklsenpWd0g2OEdKKzBMQlNEejRn\nTlEvY01HYjdvVExadnN3aXZIRTZ4YlEKLS0tIGRPUXdNSHZCRDBMbno2MjJqRHBl\nSzdiSURDYitQWFpaSElkdmdicDVjMWsKweQiRqyzXmzabmU2fmgwHtOa9uDmhx9O\ns9NfUhC3ifooQUSeYp58b1ZGJQx5O5bn9q/DaEoit5LTOUprt1pUPA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTEdlL29sVWFpSDNNaXRJ\ndTJDRkU4VzFPQ0M4MkFha2IxV2FXN2o3ZEFRCjF3UnZ5U1hTc3VvSTIzcWxOZjl0\ncHlLVEFqRk1UbGdxaUxEeDFqbFVYaU0KLS0tIFFyMnJkZnRHdWg4Z1IyRHFkY0I5\nQjdIMGtGLzRGMFM0ektDZ3hzZDdHSmMKvxOQuKgePom0QfPSvn+4vsGHhJ4BoOvW\nc27Vn4/i4hbjfJr4JpULAwyIwt3F0RaTA2M6EkFkY8otEi3vkcpWvA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10zxkj45fah3qa8uyg3a36jsd06d839xfq64nrez9etrsf4km0gtsp45gsz",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZzdsaVRnSmsrMGR1Ylg3\nZkpscTdwNUl5NUVXN3kvMU1icE0yZU1WSEJBClB6SlJYZUhDSElRREx5b0VueFUw\nNVFRU3BSU24yWEtpRnJoUC83SDVaUWsKLS0tIGVxNEo3TjlwakpDZlNsSkVCOXlz\nNDgwaE1xNjZkSnJBVlU5YXVHeGxVNFEKsXKyTzq9VsERpXzbFJGv/pbAghFAcXkf\nMmCgQHsfIMBJQUstcO8sAkxv3ced0dAEz8O6NUd0FS2zlhBzt29Rnw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1faqrml2ukc6unfm75d3v2vnaf62v92rdxaagg3ty3cfna7vt99gqlzs43l",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkK1hDMGxCc1IvYXlJMnBF\nWncxaXBQa1RpTWdwUHc3Yk16My8rVHNJc2dFCkNlK2h0dy9oU3Z5ZGhwRWVLYVUz\ncVBKT2x5VnlhbXNmdHkwbmZzVG5sd0EKLS0tIHJaMzhDanF4Rkl3akN4MEIxOHFC\nYWRUZ08xb1UwOFNRaktkMjIzNXZmNkUK1rlbJ96oUNQZLmCmPNDOKxfDMMa+Bl2E\nJPxcNc7XY3WBHa3xFUbcqiPxWxDyaZjhq/LYQGpepiGonGMEzR5JOQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-08T13:25:20Z",
"mac": "ENC[AES256_GCM,data:za9ku+9lu1TTRjbPcd5LYDM4tJsAYF/yuWFCGkAhqcYguEducsIfoKBwL42ahAzqLjCZp91YJuINtw16mM+Hmlhi/BVwhnXNHqcfnKoAS/zg9KJvWcvXwKMmjEjaBovqaCWXWoKS7dn/wZ7nfGrlsiUilCDkW4BzTIzkqNkyREU=,iv:2X9apXMatwCPRBIRbPxz6PJQwGrlr7O+z+MrsnFq+sQ=,tag:IYvitoV4MhyJyRO1ySxbLQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}

0
clanServices/data-mesher/tests/vm/vars/shared/data-mesher-network-key/private_key/users/admin → checks/data-mesher/vars/shared/data-mesher-network-key/private_key/users/admin
View File

3
checks/data-mesher/vars/shared/data-mesher-network-key/public_key/value Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEA/5j+Js7oxwWvZdfjfEO/3UuRqMxLKXsaNc3/5N2WSaw=
-----END PUBLIC KEY-----

8
checks/service-dummy-test-from-flake/default.nix → checks/dummy-inventory-test-from-flake/default.nix
View File

@@ -18,19 +18,19 @@ nixosLib.runTest (
# With the test framework # With the test framework
# - legacy-modules # - legacy-modules
# - clan.service modules # - clan.service modules
name = "service-dummy-test-from-flake"; name = "dummy-inventory-test-from-flake";
clan.test.fromFlake = ./.; clan.test.fromFlake = ./.;
extraPythonPackages = _p: [ extraPythonPackages = _p: [
clan-core.legacyPackages.${hostPkgs.system}.nixosTestLib clan-core.legacyPackages.${hostPkgs.system}.setupNixInNixPythonPackage
]; ];
testScript = testScript =
{ nodes, ... }: { nodes, ... }:
'' ''
from nixos_test_lib.nix_setup import setup_nix_in_nix # type: ignore[import-untyped] from setup_nix_in_nix import setup_nix_in_nix # type: ignore[import-untyped]
setup_nix_in_nix(None) # No closure info for this test setup_nix_in_nix()
def run_clan(cmd: list[str], **kwargs) -> str: def run_clan(cmd: list[str], **kwargs) -> str:
import subprocess import subprocess

7
checks/service-dummy-test-from-flake/flake.nix → checks/dummy-inventory-test-from-flake/flake.nix
View File

@@ -6,7 +6,7 @@
{ self, clan-core, ... }: { self, clan-core, ... }:
let let
# Usage see: https://docs.clan.lol # Usage see: https://docs.clan.lol
clan = clan-core.lib.clan { clan = clan-core.clanLib.buildClan {
inherit self; inherit self;
inventory = inventory =
@@ -24,7 +24,6 @@
instances."test" = { instances."test" = {
module.name = "new-service"; module.name = "new-service";
module.input = "self";
roles.peer.machines.peer1 = { }; roles.peer.machines.peer1 = { };
}; };
@@ -40,7 +39,7 @@
perMachine = { perMachine = {
nixosModule = { nixosModule = {
# This should be generated by: # This should be generated by:
# nix run .#generate-test-vars -- checks/service-dummy-test service-dummy-test # nix run .#generate-test-vars -- checks/dummy-inventory-test dummy-inventory-test
clan.core.vars.generators.new-service = { clan.core.vars.generators.new-service = {
files.not-a-secret = { files.not-a-secret = {
secret = false; secret = false;
@@ -66,6 +65,6 @@
in in
{ {
# all machines managed by Clan # all machines managed by Clan
inherit (clan.config) nixosConfigurations nixosModules clanInternals; inherit (clan) nixosConfigurations nixosModules clanInternals;
}; };
} }

0
checks/service-dummy-test-from-flake/legacy-module/README.md → checks/dummy-inventory-test-from-flake/legacy-module/README.md
View File

0
checks/service-dummy-test-from-flake/legacy-module/roles/admin.nix → checks/dummy-inventory-test-from-flake/legacy-module/roles/admin.nix
View File

0
checks/service-dummy-test-from-flake/legacy-module/roles/peer.nix → checks/dummy-inventory-test-from-flake/legacy-module/roles/peer.nix
View File

0
checks/service-dummy-test-from-flake/legacy-module/shared.nix → checks/dummy-inventory-test-from-flake/legacy-module/shared.nix
View File

0
checks/service-dummy-test-from-flake/sops/machines/admin1/key.json → checks/dummy-inventory-test-from-flake/sops/machines/admin1/key.json
View File

0
checks/service-dummy-test-from-flake/sops/machines/peer1/key.json → checks/dummy-inventory-test-from-flake/sops/machines/peer1/key.json
View File

0
checks/service-dummy-test-from-flake/sops/secrets/admin1-age.key/secret → checks/dummy-inventory-test-from-flake/sops/secrets/admin1-age.key/secret
View File

0
checks/service-dummy-test/sops/secrets/peer1-age.key/users/admin → checks/dummy-inventory-test-from-flake/sops/secrets/admin1-age.key/users/admin
View File

0
checks/service-dummy-test-from-flake/sops/secrets/peer1-age.key/secret → checks/dummy-inventory-test-from-flake/sops/secrets/peer1-age.key/secret
View File

0
clanServices/data-mesher/tests/vm/sops/secrets/admin-age.key/users/admin → checks/dummy-inventory-test-from-flake/sops/secrets/peer1-age.key/users/admin
View File

0
checks/service-dummy-test/sops/users/admin/key.json → checks/dummy-inventory-test-from-flake/sops/users/admin/key.json
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/admin1/dummy-generator/generated-password/machines/admin1 → checks/dummy-inventory-test-from-flake/vars/per-machine/admin1/dummy-generator/generated-password/machines/admin1
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/admin1/dummy-generator/generated-password/secret → checks/dummy-inventory-test-from-flake/vars/per-machine/admin1/dummy-generator/generated-password/secret
View File

0
checks/service-dummy-test/vars/per-machine/admin1/dummy-generator/generated-password/users/admin → checks/dummy-inventory-test-from-flake/vars/per-machine/admin1/dummy-generator/generated-password/users/admin
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/admin1/dummy-generator/host-id/value → checks/dummy-inventory-test-from-flake/vars/per-machine/admin1/dummy-generator/host-id/value
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/peer1/dummy-generator/generated-password/machines/peer1 → checks/dummy-inventory-test-from-flake/vars/per-machine/peer1/dummy-generator/generated-password/machines/peer1
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/peer1/dummy-generator/generated-password/secret → checks/dummy-inventory-test-from-flake/vars/per-machine/peer1/dummy-generator/generated-password/secret
View File

0
checks/service-dummy-test/vars/per-machine/peer1/dummy-generator/generated-password/users/admin → checks/dummy-inventory-test-from-flake/vars/per-machine/peer1/dummy-generator/generated-password/users/admin
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/peer1/dummy-generator/host-id/value → checks/dummy-inventory-test-from-flake/vars/per-machine/peer1/dummy-generator/host-id/value
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/peer1/new-service/a-secret/machines/peer1 → checks/dummy-inventory-test-from-flake/vars/per-machine/peer1/new-service/a-secret/machines/peer1
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/peer1/new-service/a-secret/secret → checks/dummy-inventory-test-from-flake/vars/per-machine/peer1/new-service/a-secret/secret
View File

0
checks/service-dummy-test/vars/per-machine/peer1/new-service/a-secret/users/admin → checks/dummy-inventory-test-from-flake/vars/per-machine/peer1/new-service/a-secret/users/admin
View File

0
checks/service-dummy-test-from-flake/vars/per-machine/peer1/new-service/not-a-secret/value → checks/dummy-inventory-test-from-flake/vars/per-machine/peer1/new-service/not-a-secret/value
View File

5
checks/service-dummy-test/default.nix → checks/dummy-inventory-test/default.nix
View File

@@ -17,7 +17,7 @@ nixosLib.runTest (
# With the test framework # With the test framework
# - legacy-modules # - legacy-modules
# - clan.service modules # - clan.service modules
name = "service-dummy-test"; name = "dummy-inventory-test";
clan = { clan = {
directory = ./.; directory = ./.;
@@ -33,7 +33,6 @@ nixosLib.runTest (
instances."test" = { instances."test" = {
module.name = "new-service"; module.name = "new-service";
module.input = "self";
roles.peer.machines.peer1 = { }; roles.peer.machines.peer1 = { };
}; };
@@ -48,7 +47,7 @@ nixosLib.runTest (
perMachine = { perMachine = {
nixosModule = { nixosModule = {
# This should be generated by: # This should be generated by:
# nix run .#generate-test-vars -- checks/service-dummy-test service-dummy-test # nix run .#generate-test-vars -- checks/dummy-inventory-test dummy-inventory-test
clan.core.vars.generators.new-service = { clan.core.vars.generators.new-service = {
files.not-a-secret = { files.not-a-secret = {
secret = false; secret = false;

0
checks/service-dummy-test/legacy-module/README.md → checks/dummy-inventory-test/legacy-module/README.md
View File

0
checks/service-dummy-test/legacy-module/roles/admin.nix → checks/dummy-inventory-test/legacy-module/roles/admin.nix
View File

0
checks/service-dummy-test/legacy-module/roles/peer.nix → checks/dummy-inventory-test/legacy-module/roles/peer.nix
View File

0
checks/service-dummy-test/legacy-module/shared.nix → checks/dummy-inventory-test/legacy-module/shared.nix
View File

0
checks/service-dummy-test/sops/machines/admin1/key.json → checks/dummy-inventory-test/sops/machines/admin1/key.json
View File

0
checks/service-dummy-test/sops/machines/peer1/key.json → checks/dummy-inventory-test/sops/machines/peer1/key.json
View File

0
checks/service-dummy-test/sops/secrets/admin1-age.key/secret → checks/dummy-inventory-test/sops/secrets/admin1-age.key/secret
View File

0
clanServices/data-mesher/tests/vm/sops/secrets/peer-age.key/users/admin → checks/dummy-inventory-test/sops/secrets/admin1-age.key/users/admin
View File

0
checks/service-dummy-test/sops/secrets/peer1-age.key/secret → checks/dummy-inventory-test/sops/secrets/peer1-age.key/secret
View File

0
clanServices/data-mesher/tests/vm/sops/secrets/signer-age.key/users/admin → checks/dummy-inventory-test/sops/secrets/peer1-age.key/users/admin
View File

0
clanServices/data-mesher/tests/vm/sops/users/admin/key.json → checks/dummy-inventory-test/sops/users/admin/key.json
View File

0
checks/service-dummy-test/vars/per-machine/admin1/dummy-generator/generated-password/machines/admin1 → checks/dummy-inventory-test/vars/per-machine/admin1/dummy-generator/generated-password/machines/admin1
View File

0
checks/service-dummy-test/vars/per-machine/admin1/dummy-generator/generated-password/secret → checks/dummy-inventory-test/vars/per-machine/admin1/dummy-generator/generated-password/secret
View File

0
clanServices/data-mesher/tests/vm/vars/per-machine/admin/data-mesher-host-key/private_key/users/admin → checks/dummy-inventory-test/vars/per-machine/admin1/dummy-generator/generated-password/users/admin
View File

0
checks/service-dummy-test/vars/per-machine/admin1/dummy-generator/host-id/value → checks/dummy-inventory-test/vars/per-machine/admin1/dummy-generator/host-id/value
View File

0
checks/service-dummy-test/vars/per-machine/peer1/dummy-generator/generated-password/machines/peer1 → checks/dummy-inventory-test/vars/per-machine/peer1/dummy-generator/generated-password/machines/peer1
View File

0
checks/service-dummy-test/vars/per-machine/peer1/dummy-generator/generated-password/secret → checks/dummy-inventory-test/vars/per-machine/peer1/dummy-generator/generated-password/secret
View File

0
clanServices/data-mesher/tests/vm/vars/per-machine/peer/data-mesher-host-key/private_key/users/admin → checks/dummy-inventory-test/vars/per-machine/peer1/dummy-generator/generated-password/users/admin
View File

0
checks/service-dummy-test/vars/per-machine/peer1/dummy-generator/host-id/value → checks/dummy-inventory-test/vars/per-machine/peer1/dummy-generator/host-id/value
View File

0
checks/service-dummy-test/vars/per-machine/peer1/new-service/a-secret/machines/peer1 → checks/dummy-inventory-test/vars/per-machine/peer1/new-service/a-secret/machines/peer1
View File

0
checks/service-dummy-test/vars/per-machine/peer1/new-service/a-secret/secret → checks/dummy-inventory-test/vars/per-machine/peer1/new-service/a-secret/secret
View File

0
clanServices/data-mesher/tests/vm/vars/per-machine/signer/data-mesher-host-key/private_key/users/admin → checks/dummy-inventory-test/vars/per-machine/peer1/new-service/a-secret/users/admin
View File

0
checks/service-dummy-test/vars/per-machine/peer1/new-service/not-a-secret/value → checks/dummy-inventory-test/vars/per-machine/peer1/new-service/not-a-secret/value
View File

72
checks/flake-module.nix
View File

@@ -1,19 +1,7 @@
{ { self, lib, ... }:
self,
lib,
inputs,
...
}:
let let
inherit (lib) inherit (lib)
attrNames
attrValues
elem
filter filter
filterAttrs
flip
genAttrs
hasPrefix
pathExists pathExists
; ;
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { }; nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
@@ -22,7 +10,6 @@ in
imports = filter pathExists [ imports = filter pathExists [
./backups/flake-module.nix ./backups/flake-module.nix
../nixosModules/clanCore/machine-id/tests/flake-module.nix ../nixosModules/clanCore/machine-id/tests/flake-module.nix
../nixosModules/clanCore/state-version/tests/flake-module.nix
./devshell/flake-module.nix ./devshell/flake-module.nix
./flash/flake-module.nix ./flash/flake-module.nix
./impure/flake-module.nix ./impure/flake-module.nix
@@ -31,33 +18,6 @@ in
./nixos-documentation/flake-module.nix ./nixos-documentation/flake-module.nix
./dont-depend-on-repo-root.nix ./dont-depend-on-repo-root.nix
]; ];
flake.check = genAttrs [ "x86_64-linux" "aarch64-darwin" ] (
system:
let
checks = flip filterAttrs self.checks.${system} (
name: _check:
!(hasPrefix "nixos-test-" name)
&& !(hasPrefix "nixos-" name)
&& !(hasPrefix "darwin-test-" name)
&& !(hasPrefix "service-" name)
&& !(hasPrefix "vars-check-" name)
&& !(hasPrefix "devShell-" name)
&& !(elem name [
"clan-core-for-checks"
"clan-deps"
])
);
in
inputs.nixpkgs.legacyPackages.${system}.runCommand "fast-flake-checks-${system}"
{ passthru.checks = checks; }
''
echo "Executed the following checks for ${system}..."
echo " - ${lib.concatStringsSep "\n" (map (n: " - " + n) (attrNames checks))}"
echo ${toString (attrValues checks)} >/dev/null
echo "All checks succeeded"
touch $out
''
);
perSystem = perSystem =
{ {
pkgs, pkgs,
@@ -80,20 +40,19 @@ in
nixosTests = lib.optionalAttrs (pkgs.stdenv.isLinux) { nixosTests = lib.optionalAttrs (pkgs.stdenv.isLinux) {
# Base Tests # Base Tests
nixos-test-secrets = self.clanLib.test.baseTest ./secrets nixosTestArgs; secrets = self.clanLib.test.baseTest ./secrets nixosTestArgs;
nixos-test-borgbackup-legacy = self.clanLib.test.baseTest ./borgbackup-legacy nixosTestArgs; borgbackup-legacy = self.clanLib.test.baseTest ./borgbackup-legacy nixosTestArgs;
nixos-test-wayland-proxy-virtwl = self.clanLib.test.baseTest ./wayland-proxy-virtwl nixosTestArgs; wayland-proxy-virtwl = self.clanLib.test.baseTest ./wayland-proxy-virtwl nixosTestArgs;
# Container Tests # Container Tests
nixos-test-container = self.clanLib.test.containerTest ./container nixosTestArgs; container = self.clanLib.test.containerTest ./container nixosTestArgs;
nixos-test-zt-tcp-relay = self.clanLib.test.containerTest ./zt-tcp-relay nixosTestArgs; zt-tcp-relay = self.clanLib.test.containerTest ./zt-tcp-relay nixosTestArgs;
nixos-test-matrix-synapse = self.clanLib.test.containerTest ./matrix-synapse nixosTestArgs; matrix-synapse = self.clanLib.test.containerTest ./matrix-synapse nixosTestArgs;
nixos-test-postgresql = self.clanLib.test.containerTest ./postgresql nixosTestArgs; postgresql = self.clanLib.test.containerTest ./postgresql nixosTestArgs;
nixos-test-user-firewall-iptables = self.clanLib.test.containerTest ./user-firewall/iptables.nix nixosTestArgs;
nixos-test-user-firewall-nftables = self.clanLib.test.containerTest ./user-firewall/nftables.nix nixosTestArgs;
service-dummy-test = import ./service-dummy-test nixosTestArgs; dummy-inventory-test = import ./dummy-inventory-test nixosTestArgs;
service-dummy-test-from-flake = import ./service-dummy-test-from-flake nixosTestArgs; dummy-inventory-test-from-flake = import ./dummy-inventory-test-from-flake nixosTestArgs;
data-mesher = import ./data-mesher nixosTestArgs;
}; };
packagesToBuild = lib.removeAttrs self'.packages [ packagesToBuild = lib.removeAttrs self'.packages [
@@ -106,9 +65,6 @@ in
lib.mapAttrs' ( lib.mapAttrs' (
name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
) (lib.filterAttrs (n: _: !lib.hasPrefix "test-" n) self.nixosConfigurations) ) (lib.filterAttrs (n: _: !lib.hasPrefix "test-" n) self.nixosConfigurations)
// lib.mapAttrs' (
name: config: lib.nameValuePair "darwin-${name}" config.config.system.build.toplevel
) (self.darwinConfigurations or { })
// lib.mapAttrs' (n: lib.nameValuePair "package-${n}") packagesToBuild // lib.mapAttrs' (n: lib.nameValuePair "package-${n}") packagesToBuild
// lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells // lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells
// lib.mapAttrs' (name: config: lib.nameValuePair "home-manager-${name}" config.activation-script) ( // lib.mapAttrs' (name: config: lib.nameValuePair "home-manager-${name}" config.activation-script) (
@@ -166,10 +122,10 @@ in
in in
lib.optionalAttrs (pkgs.stdenv.isLinux) { lib.optionalAttrs (pkgs.stdenv.isLinux) {
# import our test # import our test
nixos-test-secrets = import ./secrets nixosTestArgs; secrets = import ./secrets nixosTestArgs;
nixos-test-container = import ./container nixosTestArgs; container = import ./container nixosTestArgs;
# Clan app tests # Clan app tests
nixos-test-app-ocr = self.clanLib.test.baseTest ./app-ocr nixosTestArgs; app-ocr = self.clanLib.test.baseTest ./app-ocr nixosTestArgs;
}; };
}; };
}; };

6
checks/flash/flake-module.nix
View File

@@ -50,16 +50,18 @@
self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.toplevel self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.toplevel
self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.diskoScript self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.diskoScript
self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.diskoScript.drvPath self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.diskoScript.drvPath
self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.clan.deployment.file
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs); ] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
closureInfo = pkgs.closureInfo { rootPaths = dependencies; }; closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in in
{ {
checks = pkgs.lib.mkIf pkgs.stdenv.isLinux { checks = pkgs.lib.mkIf pkgs.stdenv.isLinux {
nixos-test-flash = self.clanLib.test.baseTest { flash = self.clanLib.test.baseTest {
name = "flash"; name = "flash";
nodes.target = { nodes.target = {
virtualisation.emptyDiskImages = [ 4096 ]; virtualisation.emptyDiskImages = [ 4096 ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 3000;
environment.systemPackages = [ self.packages.${pkgs.system}.clan-cli ]; environment.systemPackages = [ self.packages.${pkgs.system}.clan-cli ];
environment.etc."install-closure".source = "${closureInfo}/store-paths"; environment.etc."install-closure".source = "${closureInfo}/store-paths";

299
checks/installation/flake-module.nix
View File

@@ -1,9 +1,63 @@
{ {
self, self,
lib, lib,
... ...
}: }:
let
installer =
{ modulesPath, pkgs, ... }:
let
dependencies = [
self.clan.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.toplevel
self.clan.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.diskoScript
self.clan.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.clan.deployment.file
pkgs.stdenv.drvPath
pkgs.bash.drvPath
pkgs.nixos-anywhere
pkgs.bubblewrap
pkgs.buildPackages.xorg.lndir
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in
{
imports = [
(modulesPath + "/../tests/common/auto-format-root-device.nix")
];
networking.useNetworkd = true;
services.openssh.enable = true;
services.openssh.settings.UseDns = false;
services.openssh.settings.PasswordAuthentication = false;
system.nixos.variant_id = "installer";
environment.systemPackages = [
self.packages.${pkgs.system}.clan-cli-full
pkgs.nixos-facter
];
environment.etc."install-closure".source = "${closureInfo}/store-paths";
virtualisation.emptyDiskImages = [ 512 ];
virtualisation.diskSize = 8 * 1024;
virtualisation.rootDevice = "/dev/vdb";
# both installer and target need to use the same diskImage
virtualisation.diskImage = "./target.qcow2";
virtualisation.memorySize = 3048;
nix.settings = {
substituters = lib.mkForce [ ];
hashed-mirrors = null;
connect-timeout = lib.mkForce 3;
flake-registry = pkgs.writeText "flake-registry" ''{"flakes":[],"version":2}'';
experimental-features = [
"nix-command"
"flakes"
];
};
users.users.nonrootuser = {
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [ ../assets/ssh/pubkey ];
extraGroups = [ "wheel" ];
};
security.sudo.wheelNeedsPassword = false;
system.extraDependencies = dependencies;
};
in
{ {
# The purpose of this test is to ensure `clan machines install` works # The purpose of this test is to ensure `clan machines install` works
@@ -52,25 +106,6 @@
environment.etc."install-successful".text = "ok"; environment.etc."install-successful".text = "ok";
# Enable SSH and add authorized key for testing
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
users.users.nonrootuser = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
extraGroups = [ "wheel" ];
home = "/home/nonrootuser";
createHome = true;
};
users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
# Allow users to manage their own SSH keys
services.openssh.authorizedKeysFiles = [
"/root/.ssh/authorized_keys"
"/home/%u/.ssh/authorized_keys"
"/etc/ssh/authorized_keys.d/%u"
];
security.sudo.wheelNeedsPassword = false;
boot.consoleLogLevel = lib.mkForce 100; boot.consoleLogLevel = lib.mkForce 100;
boot.kernelParams = [ "boot.shell_on_fail" ]; boot.kernelParams = [ "boot.shell_on_fail" ];
@@ -147,199 +182,55 @@
# vm-test-run-test-installation-> target: waiting for the VM to finish booting # vm-test-run-test-installation-> target: waiting for the VM to finish booting
# vm-test-run-test-installation-> target: Guest root shell did not produce any data yet... # vm-test-run-test-installation-> target: Guest root shell did not produce any data yet...
# vm-test-run-test-installation-> target: To debug, enter the VM and run 'systemctl status backdoor.service'. # vm-test-run-test-installation-> target: To debug, enter the VM and run 'systemctl status backdoor.service'.
checks = checks = pkgs.lib.mkIf (pkgs.stdenv.isLinux && !pkgs.stdenv.isAarch64) {
let installation = self.clanLib.test.baseTest {
# Custom Python package for port management utilities name = "installation";
closureInfo = pkgs.closureInfo { nodes.target = {
rootPaths = [ services.openssh.enable = true;
self.checks.x86_64-linux.clan-core-for-checks virtualisation.diskImage = "./target.qcow2";
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.toplevel virtualisation.useBootLoader = true;
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.initialRamdisk
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.diskoScript
pkgs.stdenv.drvPath
pkgs.bash.drvPath
pkgs.buildPackages.xorg.lndir
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
}; };
in nodes.installer = installer;
pkgs.lib.mkIf (pkgs.stdenv.isLinux && !pkgs.stdenv.isAarch64) {
nixos-test-installation = self.clanLib.test.baseTest {
name = "installation";
nodes.target = (import ./test-helpers.nix { inherit lib pkgs self; }).target;
extraPythonPackages = _p: [
self.legacyPackages.${pkgs.system}.nixosTestLib
];
testScript = '' testScript = ''
import tempfile installer.start()
import os
import subprocess
from nixos_test_lib.ssh import setup_ssh_connection # type: ignore[import-untyped]
from nixos_test_lib.nix_setup import prepare_test_flake # type: ignore[import-untyped]
def create_test_machine(oldmachine, qemu_test_bin: str, **kwargs): installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519")
"""Create a new test machine from an installed disk image"""
start_command = [
f"{qemu_test_bin}/bin/qemu-kvm",
"-cpu",
"max",
"-m",
"3048",
"-virtfs",
"local,path=/nix/store,security_model=none,mount_tag=nix-store",
"-drive",
f"file={oldmachine.state_dir}/target.qcow2,id=drive1,if=none,index=1,werror=report",
"-device",
"virtio-blk-pci,drive=drive1",
"-netdev",
"user,id=net0",
"-device",
"virtio-net-pci,netdev=net0",
]
machine = create_machine(start_command=" ".join(start_command), **kwargs)
driver.machines.append(machine)
return machine
target.start() installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname")
installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake")
# Set up test environment installer.succeed("clan machines install --no-reboot --debug --flake test-flake --yes test-install-machine-without-system --target-host nonrootuser@localhost --update-hardware-config nixos-facter >&2")
with tempfile.TemporaryDirectory() as temp_dir: installer.shutdown()
# Prepare test flake and Nix store
flake_dir = prepare_test_flake(
temp_dir,
"${self.checks.x86_64-linux.clan-core-for-checks}",
"${closureInfo}"
)
# Set up SSH connection # We are missing the test instrumentation somehow. Test this later.
ssh_conn = setup_ssh_connection( target.state_dir = installer.state_dir
target, target.start()
temp_dir, target.wait_for_unit("multi-user.target")
"${../assets/ssh/privkey}" '';
) } { inherit pkgs self; };
# Run clan install from host using port forwarding update-hardware-configuration = self.clanLib.test.baseTest {
clan_cmd = [ name = "update-hardware-configuration";
"${self.packages.${pkgs.system}.clan-cli-full}/bin/clan", nodes.installer = installer;
"machines",
"install",
"--phases", "disko,install",
"--debug",
"--flake", flake_dir,
"--yes", "test-install-machine-without-system",
"--target-host", f"nonrootuser@localhost:{ssh_conn.host_port}",
"-i", ssh_conn.ssh_key,
"--option", "store", os.environ['CLAN_TEST_STORE'],
"--update-hardware-config", "nixos-facter",
]
subprocess.run(clan_cmd, check=True) testScript = ''
installer.start()
installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519")
installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname")
installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake")
installer.fail("test -f test-flake/machines/test-install-machine/hardware-configuration.nix")
installer.fail("test -f test-flake/machines/test-install-machine/facter.json")
# Shutdown the installer machine gracefully installer.succeed("clan machines update-hardware-config --debug --flake test-flake test-install-machine-without-system nonrootuser@localhost >&2")
try: installer.succeed("test -f test-flake/machines/test-install-machine-without-system/facter.json")
target.shutdown() installer.succeed("rm test-flake/machines/test-install-machine-without-system/facter.json")
except BrokenPipeError:
# qemu has already exited
pass
# Create a new machine instance that boots from the installed system installer.succeed("clan machines update-hardware-config --debug --backend nixos-generate-config --flake test-flake test-install-machine-without-system nonrootuser@localhost >&2")
installed_machine = create_test_machine(target, "${pkgs.qemu_test}", name="after_install") installer.succeed("test -f test-flake/machines/test-install-machine-without-system/hardware-configuration.nix")
installed_machine.start() installer.succeed("rm test-flake/machines/test-install-machine-without-system/hardware-configuration.nix")
installed_machine.wait_for_unit("multi-user.target") '';
installed_machine.succeed("test -f /etc/install-successful") } { inherit pkgs self; };
''; };
} { inherit pkgs self; };
nixos-test-update-hardware-configuration = self.clanLib.test.baseTest {
name = "update-hardware-configuration";
nodes.target = (import ./test-helpers.nix { inherit lib pkgs self; }).target;
extraPythonPackages = _p: [
self.legacyPackages.${pkgs.system}.nixosTestLib
];
testScript = ''
import tempfile
import os
import subprocess
from nixos_test_lib.ssh import setup_ssh_connection # type: ignore[import-untyped]
from nixos_test_lib.nix_setup import prepare_test_flake # type: ignore[import-untyped]
target.start()
# Set up test environment
with tempfile.TemporaryDirectory() as temp_dir:
# Prepare test flake and Nix store
flake_dir = prepare_test_flake(
temp_dir,
"${self.checks.x86_64-linux.clan-core-for-checks}",
"${closureInfo}"
)
# Set up SSH connection
ssh_conn = setup_ssh_connection(
target,
temp_dir,
"${../assets/ssh/privkey}"
)
# Verify files don't exist initially
hw_config_file = os.path.join(flake_dir, "machines/test-install-machine/hardware-configuration.nix")
facter_file = os.path.join(flake_dir, "machines/test-install-machine/facter.json")
assert not os.path.exists(hw_config_file), "hardware-configuration.nix should not exist initially"
assert not os.path.exists(facter_file), "facter.json should not exist initially"
# Set CLAN_FLAKE for the commands
os.environ["CLAN_FLAKE"] = flake_dir
# Test facter backend
clan_cmd = [
"${self.packages.${pkgs.system}.clan-cli-full}/bin/clan",
"machines",
"update-hardware-config",
"--debug",
"--flake", ".",
"--host-key-check", "none",
"test-install-machine-without-system",
"-i", ssh_conn.ssh_key,
"--option", "store", os.environ['CLAN_TEST_STORE'],
f"nonrootuser@localhost:{ssh_conn.host_port}"
]
result = subprocess.run(clan_cmd, capture_output=True, cwd=flake_dir)
if result.returncode != 0:
print(f"Clan update-hardware-config failed: {result.stderr.decode()}")
raise Exception(f"Clan update-hardware-config failed with return code {result.returncode}")
facter_without_system_file = os.path.join(flake_dir, "machines/test-install-machine-without-system/facter.json")
assert os.path.exists(facter_without_system_file), "facter.json should exist after update"
os.remove(facter_without_system_file)
# Test nixos-generate-config backend
clan_cmd = [
"${self.packages.${pkgs.system}.clan-cli-full}/bin/clan",
"machines",
"update-hardware-config",
"--debug",
"--backend", "nixos-generate-config",
"--host-key-check", "none",
"--flake", ".",
"test-install-machine-without-system",
"-i", ssh_conn.ssh_key,
"--option", "store", os.environ['CLAN_TEST_STORE'],
f"nonrootuser@localhost:{ssh_conn.host_port}"
]
result = subprocess.run(clan_cmd, capture_output=True, cwd=flake_dir)
if result.returncode != 0:
print(f"Clan update-hardware-config (nixos-generate-config) failed: {result.stderr.decode()}")
raise Exception(f"Clan update-hardware-config failed with return code {result.returncode}")
hw_config_without_system_file = os.path.join(flake_dir, "machines/test-install-machine-without-system/hardware-configuration.nix")
assert os.path.exists(hw_config_without_system_file), "hardware-configuration.nix should exist after update"
'';
} { inherit pkgs self; };
};
}; };
} }

44
checks/installation/pyproject.toml
View File

@@ -1,44 +0,0 @@
[build-system]
requires = ["setuptools", "wheel"]
build-backend = "setuptools.build_meta"
[project]
name = "nixos-test-lib"
version = "1.0.0"
description = "NixOS test utilities for clan VM testing"
authors = [
{name = "Clan Core Team"}
]
dependencies = []
[project.optional-dependencies]
dev = [
"mypy",
"ruff"
]
[tool.setuptools.packages.find]
where = ["."]
include = ["nixos_test_lib*"]
[tool.setuptools.package-data]
"nixos_test_lib" = ["py.typed"]
[tool.mypy]
python_version = "3.12"
strict = true
warn_return_any = true
warn_unused_configs = true
[tool.ruff]
target-version = "py312"
line-length = 88
[tool.ruff.lint]
select = ["ALL"]
ignore = [
"D", # docstrings
"ANN", # type annotations
"COM812", # trailing comma
"ISC001", # string concatenation
]

173
checks/installation/test-helpers.nix
View File

@@ -1,173 +0,0 @@
{
lib,
pkgs,
self,
...
}:
let
# Common target VM configuration used by both installation and update tests
target =
{ modulesPath, pkgs, ... }:
{
imports = [
(modulesPath + "/../tests/common/auto-format-root-device.nix")
];
networking.useNetworkd = true;
services.openssh.enable = true;
services.openssh.settings.UseDns = false;
services.openssh.settings.PasswordAuthentication = false;
system.nixos.variant_id = "installer";
environment.systemPackages = [
pkgs.nixos-facter
];
# Disable cache.nixos.org to speed up tests
nix.settings.substituters = [ ];
nix.settings.trusted-public-keys = [ ];
virtualisation.emptyDiskImages = [ 512 ];
virtualisation.diskSize = 8 * 1024;
virtualisation.rootDevice = "/dev/vdb";
# both installer and target need to use the same diskImage
virtualisation.diskImage = "./target.qcow2";
virtualisation.memorySize = 3048;
users.users.nonrootuser = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
extraGroups = [ "wheel" ];
};
users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
# Allow users to manage their own SSH keys
services.openssh.authorizedKeysFiles = [
"/root/.ssh/authorized_keys"
"/home/%u/.ssh/authorized_keys"
"/etc/ssh/authorized_keys.d/%u"
];
security.sudo.wheelNeedsPassword = false;
};
# Common base test machine configuration
baseTestMachine =
{ lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/testing/test-instrumentation.nix")
(modulesPath + "/profiles/qemu-guest.nix")
self.clanLib.test.minifyModule
];
# Enable SSH and add authorized key for testing
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
users.users.nonrootuser = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
extraGroups = [ "wheel" ];
home = "/home/nonrootuser";
createHome = true;
};
users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
# Allow users to manage their own SSH keys
services.openssh.authorizedKeysFiles = [
"/root/.ssh/authorized_keys"
"/home/%u/.ssh/authorized_keys"
"/etc/ssh/authorized_keys.d/%u"
];
security.sudo.wheelNeedsPassword = false;
boot.consoleLogLevel = lib.mkForce 100;
boot.kernelParams = [ "boot.shell_on_fail" ];
# disko config
boot.loader.grub.efiSupport = lib.mkDefault true;
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
clan.core.vars.settings.secretStore = "vm";
clan.core.vars.generators.test = {
files.test.neededFor = "partitioning";
script = ''
echo "notok" > "$out"/test
'';
};
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/vda";
preCreateHook = ''
test -e /run/partitioning-secrets/test/test
'';
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1;
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
# NixOS test library combining port utils and clan VM test utilities
nixosTestLib = pkgs.python3Packages.buildPythonPackage {
pname = "nixos-test-lib";
version = "1.0.0";
format = "pyproject";
src = lib.fileset.toSource {
root = ./.;
fileset = lib.fileset.unions [
./pyproject.toml
./nixos_test_lib
];
};
nativeBuildInputs = with pkgs.python3Packages; [
setuptools
wheel
];
doCheck = false;
};
# Common closure info
closureInfo = pkgs.closureInfo {
rootPaths = [
self.checks.x86_64-linux.clan-core-for-checks
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.toplevel
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.initialRamdisk
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.diskoScript
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.clan.deployment.file
pkgs.stdenv.drvPath
pkgs.bash.drvPath
pkgs.buildPackages.xorg.lndir
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
};
in
{
inherit
target
baseTestMachine
nixosTestLib
closureInfo
;
}

3
checks/morph/flake-module.nix
View File

@@ -24,7 +24,7 @@
}: }:
{ {
checks = pkgs.lib.mkIf (pkgs.stdenv.isLinux && !pkgs.stdenv.isAarch64) { checks = pkgs.lib.mkIf (pkgs.stdenv.isLinux && !pkgs.stdenv.isAarch64) {
nixos-test-morph = self.clanLib.test.baseTest { morph = self.clanLib.test.baseTest {
name = "morph"; name = "morph";
nodes = { nodes = {
@@ -35,6 +35,7 @@
pkgs.stdenv.drvPath pkgs.stdenv.drvPath
pkgs.stdenvNoCC pkgs.stdenvNoCC
self.nixosConfigurations.test-morph-machine.config.system.build.toplevel self.nixosConfigurations.test-morph-machine.config.system.build.toplevel
self.nixosConfigurations.test-morph-machine.config.system.clan.deployment.file
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs); ] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
closureInfo = pkgs.closureInfo { rootPaths = dependencies; }; closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
in in

4
checks/mycelium/default.nix
View File

@@ -13,9 +13,10 @@ nixosLib.runTest (
hostPkgs = pkgs; hostPkgs = pkgs;
name = "service-mycelium"; name = "mycelium";
clan = { clan = {
test.useContainers = false; test.useContainers = false;
directory = ./.; directory = ./.;
modules."@clan/mycelium" = ../../clanServices/mycelium/default.nix; modules."@clan/mycelium" = ../../clanServices/mycelium/default.nix;
@@ -25,7 +26,6 @@ nixosLib.runTest (
instances = { instances = {
mycelium-test = { mycelium-test = {
module.name = "@clan/mycelium"; module.name = "@clan/mycelium";
module.input = "self";
roles.peer.machines."server".settings = { roles.peer.machines."server".settings = {
openFirewall = true; openFirewall = true;
addHostedPublicNodes = true; addHostedPublicNodes = true;

87
checks/syncthing/default.nix Normal file
View File

@@ -0,0 +1,87 @@
{
pkgs,
nixosLib,
clan-core,
lib,
...
}:
nixosLib.runTest (
{ ... }:
{
imports = [
clan-core.modules.nixosTest.clanTest
];
hostPkgs = pkgs;
name = "syncthing";
clan = {
directory = ./.;
# TODO: container driver does not support wait_for_file() yet
test.useContainers = false;
inventory = {
machines = lib.genAttrs [
"introducer"
"peer1"
"peer2"
] (_: { });
services = {
syncthing.default = {
roles.peer.machines = [
"peer1"
"peer2"
];
roles.introducer.machines = [ "introducer" ];
};
};
};
};
nodes.introducer = {
# Doesn't test zerotier!
services.syncthing.openDefaultPorts = true;
services.syncthing.settings.folders = {
"Shared" = {
enable = true;
path = "~/Shared";
versioning = {
type = "trashcan";
params = {
cleanoutDays = "30";
};
};
};
};
clan.syncthing.autoAcceptDevices = true;
clan.syncthing.autoShares = [ "Shared" ];
# For faster Tests
systemd.timers.syncthing-auto-accept.timerConfig = {
OnActiveSec = 1;
OnUnitActiveSec = 1;
};
};
nodes.peer1 = {
services.syncthing.openDefaultPorts = true;
};
nodes.peer2 = {
services.syncthing.openDefaultPorts = true;
};
testScript = ''
start_all()
introducer.wait_for_unit("syncthing")
peer1.wait_for_unit("syncthing")
peer2.wait_for_unit("syncthing")
peer1.execute("ls -la /var/lib/syncthing")
peer2.execute("ls -la /var/lib/syncthing")
peer1.wait_for_file("/var/lib/syncthing/Shared")
peer2.wait_for_file("/var/lib/syncthing/Shared")
introducer.shutdown()
peer1.execute("echo hello > /var/lib/syncthing/Shared/hello")
peer2.wait_for_file("/var/lib/syncthing/Shared/hello")
out = peer2.succeed("cat /var/lib/syncthing/Shared/hello")
assert "hello" in out
'';
}
)

6
checks/syncthing/sops/machines/introducer/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age1wjp0vvvy4d2c0pdrth0kl505rzpz37804swf6rrny9xa208mrg2s0r5m67",
"type": "age"
}
]

6
checks/syncthing/sops/machines/peer1/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age14faw2l6rskw2gcv3rrkygmwmrp2ev9yclzq4fh8xf8sjeke8p97sw4dxuq",
"type": "age"
}
]

6
checks/syncthing/sops/machines/peer2/key.json Executable file
View File

@@ -0,0 +1,6 @@
[
{
"publickey": "age1dutdww4x48f0e3tzmjlye9n852wx0qqhhcghsrefsq9m8c5flpfs2lxexf",
"type": "age"
}
]

15
checks/syncthing/sops/secrets/introducer-age.key/secret Normal file
View File

@@ -0,0 +1,15 @@
{
"data": "ENC[AES256_GCM,data:f/KzvxsoWQFTSB17lPhe/MThYu4ZjJwvkCxKp7XkLyspFF9Dal4A+H+SY6vPG7yM3+dlE3ZnxjniUeivydDTwwJiWJ6E6XIhnPI=,iv:xat6pYzYV8sfyMKX4OMsr6oSOEOc09DDXGykKKoP14Y=,tag:xMxsIpYv7KrSYvpmvBvSUw==,type:str]",
"sops": {
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUGdWK1BnNjdCL1l1WlNB\nUEswYm1tYlIxWXltemdlQm1OcmlNbSsvTkdrClpRUjR6TUNUcGtxWWhGdDg5SG84\nSFFiV2p6ZHJwR1VKYW4vVFBHRGFSYTgKLS0tIERJa3hRM28ySHBUME4vTUE1UUFr\nQklDdTBWdWJpdGg0cnR1ZUNWREl6K1EKbRFOr3Rhb2aGnQUHiX+3DzGgrY9C2Dvz\nVlyZ0q6lWtn4qFWPVez03T8QAtLjv2UaGtYTFnyFIWiykhhrWy2PBg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-23T07:54:54Z",
"mac": "ENC[AES256_GCM,data:LJCCaGNhBgFAKtWYMD6OcXg2FMq1DYDOySIpEY91ILXDUuJSSsuYyQqE6ZvCoThlogHd9inAajsW0GbzYpSflu/WyrqlQsNJSMFkBFBQh/FIjd18GUtZ4flHWRfHqAk/xM/g+n7iOgKMvaBrG1MG1DplLRfk/8ehcqlWX4Wxof0=,iv:PrjIiUYkePPXBRGF/Wnqi1ZgA2j4YtzL/uMC5KchfIQ=,tag:yMMrJ7vGt6urz4WfRAyaNg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.1"
}
}

1
checks/syncthing/sops/secrets/introducer-age.key/users/admin Symbolic link
View File

@@ -0,0 +1 @@
../../../users/admin

15
checks/syncthing/sops/secrets/peer1-age.key/secret Normal file
View File

@@ -0,0 +1,15 @@
{
"data": "ENC[AES256_GCM,data:q6mWG65NflVEvX1QUyRVFuRGOVg9wtyWDYQ8Plqw038pEyOrsVcj6Cmo6SRaRcAaxQmAUeplzYfzm2MgXMz1l/DySErH+mCyVSk=,iv:7X4mFSJXpUii+sppSAq8H7vYWGoDq3LnFJMAAjhhm7U=,tag:ep9vzbkzVtC2A8otat8vSg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5bjNlZkppR01JT0F0TklO\nSnpIcFgwb0E5dStHQlZLdGNLQ3UxRDNBdEVVCnlpdWlPVVNIdFB3ZjlpSXZURjdS\nMVlCbFV5RXI0d2t5bHJvR3U5b2NDa2MKLS0tIDJLZlE0RjhNaGhBeFVsSE93Z0NX\nVVcyUjJPL1FVTEVOUktYTEMvVFNEdlUKYkmyVjcbAf5IVb/RWBfhbmoBbuz+u8X0\n3J8a/SJsgX3vLJIpVeSQSSFTNXu0+8/QeRiXsV7GCyHu+lwL75ycmA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-23T07:54:59Z",
"mac": "ENC[AES256_GCM,data:rhi/f3r81Cm+yXJXpnPmyK7jNqJ1Pg4tU7gsOwjCv5CeJn8U6N78ZBiHndjdwzqSdp7+qwx/9gPpLQVoPzO2IhY+uRhg0l6v6N9iK9UD6tjNzsCw8zTIb/ehObRqqpzVn2BGkUte+g0Hu2/bpHFbq6qmGm8YOYnD8K7U2FoiuGQ=,iv:o7RaD5oogpjSgdfFPqb8Tfgn43ydSzA0ZTP2ayNZI9c=,tag:e/zmTPAIWX1uDQxLNznIWQ==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.1"
}
}

1
checks/syncthing/sops/secrets/peer1-age.key/users/admin Symbolic link
View File

@@ -0,0 +1 @@
../../../users/admin

15
checks/syncthing/sops/secrets/peer2-age.key/secret Normal file
View File

@@ -0,0 +1,15 @@
{
"data": "ENC[AES256_GCM,data:2EaSVKRIMKVF9+qAozKl703entUWB04J61UM1QRj1omKUb5sDaOwnQKCZDZxO/CCtam/kz1jHoxCeFiJFcx+DpTyYptpSpYq1dI=,iv:syZ2HKRxQ73urS4Vwz7/3IMBYY6nk78zaooPMDkU1w4=,tag:uGaqxbU6/9DvkGY1Jq/XRw==,type:str]",
"sops": {
"age": [
{
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMnJrb2VHYVdMRHJhYjFH\nL25nN2RIZ3pVeDdYTllrUkF0TkREYmNMMVdrCkNSaGlRd3c3YXZPZmIxWExCaytu\nU3FGTmhUZ0pUUjJJNS9vcVBISmFyZHcKLS0tIHMwaFlEYkFFb2RwS3JDb2VxRFcw\nZmd6S3RXVGcwbmtHVVRmWXkwSnF1RkkKTbg6igFHIakR8EAPuf+x9yhmQHF3TPp/\nC+B1FuorpovudtxmJ1UzBmkE0r13cY6iu9Vdjh1g7tBcXUWoHZsvIA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-04-23T07:55:03Z",
"mac": "ENC[AES256_GCM,data:HuQQvWOGIjISxnNShYHLj4QinNoeOTwxpJK35swpcBnJ4JtDnA6F2JjpJI8DXIwO42eDbXIF22lJjqynRFRo6kQrrD8uhBHEFD2R+6U7zFxJ4gknWR1iF3fbM1+2VDiu8L9InpZcfb6Z8tpKPdPiYS3NGdoAJ0ClSw+8WlVsS5E=,iv:pJxsCP5Y6NTNAck0mphbLRnZ48sRRZ/YaYUobi6mGYU=,tag:ewR5QLBh3WRLkHlSGH5MsQ==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.1"
}
}

Some files were not shown because too many files have changed in this diff Show More