Compare commits
1 Commits
vars-new
...
generate-t
| Author | SHA1 | Date | |
|---|---|---|---|
|
11bd629597 |
@@ -22,6 +22,7 @@
|
||||
dependencies = [
|
||||
self
|
||||
pkgs.stdenv.drvPath
|
||||
self.clan.clanInternals.machines.${pkgs.hostPlatform.system}.test-backup.config.system.clan.deployment.file
|
||||
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
|
||||
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
|
||||
in
|
||||
@@ -150,8 +151,8 @@
|
||||
in
|
||||
{
|
||||
checks = pkgs.lib.mkIf pkgs.stdenv.isLinux {
|
||||
nixos-test-backups = self.clanLib.test.containerTest {
|
||||
name = "nixos-test-backups";
|
||||
backups = self.clanLib.test.containerTest {
|
||||
name = "backups";
|
||||
nodes.machine = {
|
||||
imports =
|
||||
[
|
||||
|
||||
@@ -13,7 +13,7 @@ nixosLib.runTest (
|
||||
|
||||
hostPkgs = pkgs;
|
||||
|
||||
name = "service-borgbackup";
|
||||
name = "borgbackup";
|
||||
|
||||
clan = {
|
||||
directory = ./.;
|
||||
@@ -28,7 +28,6 @@ nixosLib.runTest (
|
||||
borgone = {
|
||||
|
||||
module.name = "@clan/borgbackup";
|
||||
module.input = "self";
|
||||
|
||||
roles.client.machines."clientone" = { };
|
||||
roles.server.machines."serverone".settings.directory = "/tmp/borg-test";
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{ fetchgit }:
|
||||
fetchgit {
|
||||
url = "https://git.clan.lol/clan/clan-core.git";
|
||||
rev = "eea93ea22c9818da67e148ba586277bab9e73cea";
|
||||
sha256 = "sha256-PV0Z+97QuxQbkYSVuNIJwUNXMbHZG/vhsA9M4cDTCOE=";
|
||||
rev = "28131afbbcd379a8ff04c79c66c670ef655ed889";
|
||||
sha256 = "1294cwjlnc341fl6zbggn4rgq8z33gqkcyggjfvk9cf7zdgygrf6";
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ nixosLib.runTest (
|
||||
];
|
||||
|
||||
hostPkgs = pkgs;
|
||||
name = "service-data-mesher";
|
||||
name = "data-mesher";
|
||||
|
||||
clan = {
|
||||
directory = ./.;
|
||||
|
||||
@@ -18,19 +18,19 @@ nixosLib.runTest (
|
||||
# With the test framework
|
||||
# - legacy-modules
|
||||
# - clan.service modules
|
||||
name = "service-dummy-test-from-flake";
|
||||
name = "dummy-inventory-test-from-flake";
|
||||
|
||||
clan.test.fromFlake = ./.;
|
||||
|
||||
extraPythonPackages = _p: [
|
||||
clan-core.legacyPackages.${hostPkgs.system}.nixosTestLib
|
||||
clan-core.legacyPackages.${hostPkgs.system}.setupNixInNixPythonPackage
|
||||
];
|
||||
|
||||
testScript =
|
||||
{ nodes, ... }:
|
||||
''
|
||||
from nixos_test_lib.nix_setup import setup_nix_in_nix # type: ignore[import-untyped]
|
||||
setup_nix_in_nix(None) # No closure info for this test
|
||||
from setup_nix_in_nix import setup_nix_in_nix # type: ignore[import-untyped]
|
||||
setup_nix_in_nix()
|
||||
|
||||
def run_clan(cmd: list[str], **kwargs) -> str:
|
||||
import subprocess
|
||||
@@ -6,7 +6,7 @@
|
||||
{ self, clan-core, ... }:
|
||||
let
|
||||
# Usage see: https://docs.clan.lol
|
||||
clan = clan-core.lib.clan {
|
||||
clan = clan-core.clanLib.buildClan {
|
||||
inherit self;
|
||||
|
||||
inventory =
|
||||
@@ -24,7 +24,6 @@
|
||||
|
||||
instances."test" = {
|
||||
module.name = "new-service";
|
||||
module.input = "self";
|
||||
roles.peer.machines.peer1 = { };
|
||||
};
|
||||
|
||||
@@ -40,7 +39,7 @@
|
||||
perMachine = {
|
||||
nixosModule = {
|
||||
# This should be generated by:
|
||||
# nix run .#generate-test-vars -- checks/service-dummy-test service-dummy-test
|
||||
# nix run .#generate-test-vars -- checks/dummy-inventory-test dummy-inventory-test
|
||||
clan.core.vars.generators.new-service = {
|
||||
files.not-a-secret = {
|
||||
secret = false;
|
||||
@@ -66,6 +65,6 @@
|
||||
in
|
||||
{
|
||||
# all machines managed by Clan
|
||||
inherit (clan.config) nixosConfigurations nixosModules clanInternals;
|
||||
inherit (clan) nixosConfigurations nixosModules clanInternals;
|
||||
};
|
||||
}
|
||||
@@ -17,7 +17,7 @@ nixosLib.runTest (
|
||||
# With the test framework
|
||||
# - legacy-modules
|
||||
# - clan.service modules
|
||||
name = "service-dummy-test";
|
||||
name = "dummy-inventory-test";
|
||||
|
||||
clan = {
|
||||
directory = ./.;
|
||||
@@ -33,7 +33,6 @@ nixosLib.runTest (
|
||||
|
||||
instances."test" = {
|
||||
module.name = "new-service";
|
||||
module.input = "self";
|
||||
roles.peer.machines.peer1 = { };
|
||||
};
|
||||
|
||||
@@ -48,7 +47,7 @@ nixosLib.runTest (
|
||||
perMachine = {
|
||||
nixosModule = {
|
||||
# This should be generated by:
|
||||
# nix run .#generate-test-vars -- checks/service-dummy-test service-dummy-test
|
||||
# nix run .#generate-test-vars -- checks/dummy-inventory-test dummy-inventory-test
|
||||
clan.core.vars.generators.new-service = {
|
||||
files.not-a-secret = {
|
||||
secret = false;
|
||||
@@ -1,19 +1,7 @@
|
||||
{
|
||||
self,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
{ self, lib, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
attrNames
|
||||
attrValues
|
||||
elem
|
||||
filter
|
||||
filterAttrs
|
||||
flip
|
||||
genAttrs
|
||||
hasPrefix
|
||||
pathExists
|
||||
;
|
||||
nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
|
||||
@@ -22,7 +10,6 @@ in
|
||||
imports = filter pathExists [
|
||||
./backups/flake-module.nix
|
||||
../nixosModules/clanCore/machine-id/tests/flake-module.nix
|
||||
../nixosModules/clanCore/state-version/tests/flake-module.nix
|
||||
./devshell/flake-module.nix
|
||||
./flash/flake-module.nix
|
||||
./impure/flake-module.nix
|
||||
@@ -31,33 +18,6 @@ in
|
||||
./nixos-documentation/flake-module.nix
|
||||
./dont-depend-on-repo-root.nix
|
||||
];
|
||||
flake.check = genAttrs [ "x86_64-linux" "aarch64-darwin" ] (
|
||||
system:
|
||||
let
|
||||
checks = flip filterAttrs self.checks.${system} (
|
||||
name: _check:
|
||||
!(hasPrefix "nixos-test-" name)
|
||||
&& !(hasPrefix "nixos-" name)
|
||||
&& !(hasPrefix "darwin-test-" name)
|
||||
&& !(hasPrefix "service-" name)
|
||||
&& !(hasPrefix "vars-check-" name)
|
||||
&& !(hasPrefix "devShell-" name)
|
||||
&& !(elem name [
|
||||
"clan-core-for-checks"
|
||||
"clan-deps"
|
||||
])
|
||||
);
|
||||
in
|
||||
inputs.nixpkgs.legacyPackages.${system}.runCommand "fast-flake-checks-${system}"
|
||||
{ passthru.checks = checks; }
|
||||
''
|
||||
echo "Executed the following checks for ${system}..."
|
||||
echo " - ${lib.concatStringsSep "\n" (map (n: " - " + n) (attrNames checks))}"
|
||||
echo ${toString (attrValues checks)} >/dev/null
|
||||
echo "All checks succeeded"
|
||||
touch $out
|
||||
''
|
||||
);
|
||||
perSystem =
|
||||
{
|
||||
pkgs,
|
||||
@@ -80,21 +40,21 @@ in
|
||||
nixosTests = lib.optionalAttrs (pkgs.stdenv.isLinux) {
|
||||
|
||||
# Base Tests
|
||||
nixos-test-secrets = self.clanLib.test.baseTest ./secrets nixosTestArgs;
|
||||
nixos-test-borgbackup-legacy = self.clanLib.test.baseTest ./borgbackup-legacy nixosTestArgs;
|
||||
nixos-test-wayland-proxy-virtwl = self.clanLib.test.baseTest ./wayland-proxy-virtwl nixosTestArgs;
|
||||
secrets = self.clanLib.test.baseTest ./secrets nixosTestArgs;
|
||||
borgbackup-legacy = self.clanLib.test.baseTest ./borgbackup-legacy nixosTestArgs;
|
||||
wayland-proxy-virtwl = self.clanLib.test.baseTest ./wayland-proxy-virtwl nixosTestArgs;
|
||||
|
||||
# Container Tests
|
||||
nixos-test-container = self.clanLib.test.containerTest ./container nixosTestArgs;
|
||||
nixos-test-zt-tcp-relay = self.clanLib.test.containerTest ./zt-tcp-relay nixosTestArgs;
|
||||
nixos-test-matrix-synapse = self.clanLib.test.containerTest ./matrix-synapse nixosTestArgs;
|
||||
nixos-test-postgresql = self.clanLib.test.containerTest ./postgresql nixosTestArgs;
|
||||
nixos-test-user-firewall-iptables = self.clanLib.test.containerTest ./user-firewall/iptables.nix nixosTestArgs;
|
||||
nixos-test-user-firewall-nftables = self.clanLib.test.containerTest ./user-firewall/nftables.nix nixosTestArgs;
|
||||
container = self.clanLib.test.containerTest ./container nixosTestArgs;
|
||||
zt-tcp-relay = self.clanLib.test.containerTest ./zt-tcp-relay nixosTestArgs;
|
||||
matrix-synapse = self.clanLib.test.containerTest ./matrix-synapse nixosTestArgs;
|
||||
postgresql = self.clanLib.test.containerTest ./postgresql nixosTestArgs;
|
||||
user-firewall-iptables = self.clanLib.test.containerTest ./user-firewall/iptables.nix nixosTestArgs;
|
||||
user-firewall-nftables = self.clanLib.test.containerTest ./user-firewall/nftables.nix nixosTestArgs;
|
||||
|
||||
service-dummy-test = import ./service-dummy-test nixosTestArgs;
|
||||
service-dummy-test-from-flake = import ./service-dummy-test-from-flake nixosTestArgs;
|
||||
service-data-mesher = import ./data-mesher nixosTestArgs;
|
||||
dummy-inventory-test = import ./dummy-inventory-test nixosTestArgs;
|
||||
dummy-inventory-test-from-flake = import ./dummy-inventory-test-from-flake nixosTestArgs;
|
||||
data-mesher = import ./data-mesher nixosTestArgs;
|
||||
};
|
||||
|
||||
packagesToBuild = lib.removeAttrs self'.packages [
|
||||
@@ -107,9 +67,6 @@ in
|
||||
lib.mapAttrs' (
|
||||
name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
|
||||
) (lib.filterAttrs (n: _: !lib.hasPrefix "test-" n) self.nixosConfigurations)
|
||||
// lib.mapAttrs' (
|
||||
name: config: lib.nameValuePair "darwin-${name}" config.config.system.build.toplevel
|
||||
) (self.darwinConfigurations or { })
|
||||
// lib.mapAttrs' (n: lib.nameValuePair "package-${n}") packagesToBuild
|
||||
// lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells
|
||||
// lib.mapAttrs' (name: config: lib.nameValuePair "home-manager-${name}" config.activation-script) (
|
||||
@@ -167,10 +124,10 @@ in
|
||||
in
|
||||
lib.optionalAttrs (pkgs.stdenv.isLinux) {
|
||||
# import our test
|
||||
nixos-test-secrets = import ./secrets nixosTestArgs;
|
||||
nixos-test-container = import ./container nixosTestArgs;
|
||||
secrets = import ./secrets nixosTestArgs;
|
||||
container = import ./container nixosTestArgs;
|
||||
# Clan app tests
|
||||
nixos-test-app-ocr = self.clanLib.test.baseTest ./app-ocr nixosTestArgs;
|
||||
app-ocr = self.clanLib.test.baseTest ./app-ocr nixosTestArgs;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -50,12 +50,14 @@
|
||||
self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.toplevel
|
||||
self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.diskoScript
|
||||
self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.build.diskoScript.drvPath
|
||||
self.nixosConfigurations."test-flash-machine-${pkgs.hostPlatform.system}".config.system.clan.deployment.file
|
||||
|
||||
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
|
||||
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
|
||||
in
|
||||
{
|
||||
checks = pkgs.lib.mkIf pkgs.stdenv.isLinux {
|
||||
nixos-test-flash = self.clanLib.test.baseTest {
|
||||
flash = self.clanLib.test.baseTest {
|
||||
name = "flash";
|
||||
nodes.target = {
|
||||
virtualisation.emptyDiskImages = [ 4096 ];
|
||||
|
||||
@@ -1,9 +1,63 @@
|
||||
{
|
||||
self,
|
||||
lib,
|
||||
|
||||
...
|
||||
}:
|
||||
let
|
||||
installer =
|
||||
{ modulesPath, pkgs, ... }:
|
||||
let
|
||||
dependencies = [
|
||||
self.clan.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.toplevel
|
||||
self.clan.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.diskoScript
|
||||
self.clan.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.clan.deployment.file
|
||||
pkgs.stdenv.drvPath
|
||||
pkgs.bash.drvPath
|
||||
pkgs.nixos-anywhere
|
||||
pkgs.bubblewrap
|
||||
pkgs.buildPackages.xorg.lndir
|
||||
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
|
||||
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/../tests/common/auto-format-root-device.nix")
|
||||
];
|
||||
networking.useNetworkd = true;
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.UseDns = false;
|
||||
services.openssh.settings.PasswordAuthentication = false;
|
||||
system.nixos.variant_id = "installer";
|
||||
environment.systemPackages = [
|
||||
self.packages.${pkgs.system}.clan-cli-full
|
||||
pkgs.nixos-facter
|
||||
];
|
||||
environment.etc."install-closure".source = "${closureInfo}/store-paths";
|
||||
virtualisation.emptyDiskImages = [ 512 ];
|
||||
virtualisation.diskSize = 8 * 1024;
|
||||
virtualisation.rootDevice = "/dev/vdb";
|
||||
# both installer and target need to use the same diskImage
|
||||
virtualisation.diskImage = "./target.qcow2";
|
||||
virtualisation.memorySize = 3048;
|
||||
nix.settings = {
|
||||
substituters = lib.mkForce [ ];
|
||||
hashed-mirrors = null;
|
||||
connect-timeout = lib.mkForce 3;
|
||||
flake-registry = pkgs.writeText "flake-registry" ''{"flakes":[],"version":2}'';
|
||||
experimental-features = [
|
||||
"nix-command"
|
||||
"flakes"
|
||||
];
|
||||
};
|
||||
users.users.nonrootuser = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keyFiles = [ ../assets/ssh/pubkey ];
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
system.extraDependencies = dependencies;
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
# The purpose of this test is to ensure `clan machines install` works
|
||||
@@ -52,25 +106,6 @@
|
||||
|
||||
environment.etc."install-successful".text = "ok";
|
||||
|
||||
# Enable SSH and add authorized key for testing
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.PasswordAuthentication = false;
|
||||
users.users.nonrootuser = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
|
||||
extraGroups = [ "wheel" ];
|
||||
home = "/home/nonrootuser";
|
||||
createHome = true;
|
||||
};
|
||||
users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
|
||||
# Allow users to manage their own SSH keys
|
||||
services.openssh.authorizedKeysFiles = [
|
||||
"/root/.ssh/authorized_keys"
|
||||
"/home/%u/.ssh/authorized_keys"
|
||||
"/etc/ssh/authorized_keys.d/%u"
|
||||
];
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
boot.consoleLogLevel = lib.mkForce 100;
|
||||
boot.kernelParams = [ "boot.shell_on_fail" ];
|
||||
|
||||
@@ -147,199 +182,55 @@
|
||||
# vm-test-run-test-installation-> target: waiting for the VM to finish booting
|
||||
# vm-test-run-test-installation-> target: Guest root shell did not produce any data yet...
|
||||
# vm-test-run-test-installation-> target: To debug, enter the VM and run 'systemctl status backdoor.service'.
|
||||
checks =
|
||||
let
|
||||
# Custom Python package for port management utilities
|
||||
closureInfo = pkgs.closureInfo {
|
||||
rootPaths = [
|
||||
self.checks.x86_64-linux.clan-core-for-checks
|
||||
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.toplevel
|
||||
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.initialRamdisk
|
||||
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.diskoScript
|
||||
pkgs.stdenv.drvPath
|
||||
pkgs.bash.drvPath
|
||||
pkgs.buildPackages.xorg.lndir
|
||||
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
|
||||
checks = pkgs.lib.mkIf (pkgs.stdenv.isLinux && !pkgs.stdenv.isAarch64) {
|
||||
installation = self.clanLib.test.baseTest {
|
||||
name = "installation";
|
||||
nodes.target = {
|
||||
services.openssh.enable = true;
|
||||
virtualisation.diskImage = "./target.qcow2";
|
||||
virtualisation.useBootLoader = true;
|
||||
};
|
||||
in
|
||||
pkgs.lib.mkIf (pkgs.stdenv.isLinux && !pkgs.stdenv.isAarch64) {
|
||||
nixos-test-installation = self.clanLib.test.baseTest {
|
||||
name = "installation";
|
||||
nodes.target = (import ./test-helpers.nix { inherit lib pkgs self; }).target;
|
||||
extraPythonPackages = _p: [
|
||||
self.legacyPackages.${pkgs.system}.nixosTestLib
|
||||
];
|
||||
nodes.installer = installer;
|
||||
|
||||
testScript = ''
|
||||
import tempfile
|
||||
import os
|
||||
import subprocess
|
||||
from nixos_test_lib.ssh import setup_ssh_connection # type: ignore[import-untyped]
|
||||
from nixos_test_lib.nix_setup import prepare_test_flake # type: ignore[import-untyped]
|
||||
testScript = ''
|
||||
installer.start()
|
||||
|
||||
def create_test_machine(oldmachine, qemu_test_bin: str, **kwargs):
|
||||
"""Create a new test machine from an installed disk image"""
|
||||
start_command = [
|
||||
f"{qemu_test_bin}/bin/qemu-kvm",
|
||||
"-cpu",
|
||||
"max",
|
||||
"-m",
|
||||
"3048",
|
||||
"-virtfs",
|
||||
"local,path=/nix/store,security_model=none,mount_tag=nix-store",
|
||||
"-drive",
|
||||
f"file={oldmachine.state_dir}/target.qcow2,id=drive1,if=none,index=1,werror=report",
|
||||
"-device",
|
||||
"virtio-blk-pci,drive=drive1",
|
||||
"-netdev",
|
||||
"user,id=net0",
|
||||
"-device",
|
||||
"virtio-net-pci,netdev=net0",
|
||||
]
|
||||
machine = create_machine(start_command=" ".join(start_command), **kwargs)
|
||||
driver.machines.append(machine)
|
||||
return machine
|
||||
installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519")
|
||||
|
||||
target.start()
|
||||
installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname")
|
||||
installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake")
|
||||
|
||||
# Set up test environment
|
||||
with tempfile.TemporaryDirectory() as temp_dir:
|
||||
# Prepare test flake and Nix store
|
||||
flake_dir = prepare_test_flake(
|
||||
temp_dir,
|
||||
"${self.checks.x86_64-linux.clan-core-for-checks}",
|
||||
"${closureInfo}"
|
||||
)
|
||||
installer.succeed("clan machines install --no-reboot --debug --flake test-flake --yes test-install-machine-without-system --target-host nonrootuser@localhost --update-hardware-config nixos-facter >&2")
|
||||
installer.shutdown()
|
||||
|
||||
# Set up SSH connection
|
||||
ssh_conn = setup_ssh_connection(
|
||||
target,
|
||||
temp_dir,
|
||||
"${../assets/ssh/privkey}"
|
||||
)
|
||||
# We are missing the test instrumentation somehow. Test this later.
|
||||
target.state_dir = installer.state_dir
|
||||
target.start()
|
||||
target.wait_for_unit("multi-user.target")
|
||||
'';
|
||||
} { inherit pkgs self; };
|
||||
|
||||
# Run clan install from host using port forwarding
|
||||
clan_cmd = [
|
||||
"${self.packages.${pkgs.system}.clan-cli-full}/bin/clan",
|
||||
"machines",
|
||||
"install",
|
||||
"--phases", "disko,install",
|
||||
"--debug",
|
||||
"--flake", flake_dir,
|
||||
"--yes", "test-install-machine-without-system",
|
||||
"--target-host", f"nonrootuser@localhost:{ssh_conn.host_port}",
|
||||
"-i", ssh_conn.ssh_key,
|
||||
"--option", "store", os.environ['CLAN_TEST_STORE'],
|
||||
"--update-hardware-config", "nixos-facter",
|
||||
]
|
||||
update-hardware-configuration = self.clanLib.test.baseTest {
|
||||
name = "update-hardware-configuration";
|
||||
nodes.installer = installer;
|
||||
|
||||
subprocess.run(clan_cmd, check=True)
|
||||
testScript = ''
|
||||
installer.start()
|
||||
installer.succeed("${pkgs.coreutils}/bin/install -Dm 600 ${../assets/ssh/privkey} /root/.ssh/id_ed25519")
|
||||
installer.wait_until_succeeds("timeout 2 ssh -o StrictHostKeyChecking=accept-new -v nonrootuser@localhost hostname")
|
||||
installer.succeed("cp -r ${self.checks.x86_64-linux.clan-core-for-checks} test-flake && chmod -R +w test-flake")
|
||||
installer.fail("test -f test-flake/machines/test-install-machine/hardware-configuration.nix")
|
||||
installer.fail("test -f test-flake/machines/test-install-machine/facter.json")
|
||||
|
||||
# Shutdown the installer machine gracefully
|
||||
try:
|
||||
target.shutdown()
|
||||
except BrokenPipeError:
|
||||
# qemu has already exited
|
||||
pass
|
||||
installer.succeed("clan machines update-hardware-config --debug --flake test-flake test-install-machine-without-system nonrootuser@localhost >&2")
|
||||
installer.succeed("test -f test-flake/machines/test-install-machine-without-system/facter.json")
|
||||
installer.succeed("rm test-flake/machines/test-install-machine-without-system/facter.json")
|
||||
|
||||
# Create a new machine instance that boots from the installed system
|
||||
installed_machine = create_test_machine(target, "${pkgs.qemu_test}", name="after_install")
|
||||
installed_machine.start()
|
||||
installed_machine.wait_for_unit("multi-user.target")
|
||||
installed_machine.succeed("test -f /etc/install-successful")
|
||||
'';
|
||||
} { inherit pkgs self; };
|
||||
|
||||
nixos-test-update-hardware-configuration = self.clanLib.test.baseTest {
|
||||
name = "update-hardware-configuration";
|
||||
nodes.target = (import ./test-helpers.nix { inherit lib pkgs self; }).target;
|
||||
extraPythonPackages = _p: [
|
||||
self.legacyPackages.${pkgs.system}.nixosTestLib
|
||||
];
|
||||
|
||||
testScript = ''
|
||||
import tempfile
|
||||
import os
|
||||
import subprocess
|
||||
from nixos_test_lib.ssh import setup_ssh_connection # type: ignore[import-untyped]
|
||||
from nixos_test_lib.nix_setup import prepare_test_flake # type: ignore[import-untyped]
|
||||
|
||||
target.start()
|
||||
|
||||
# Set up test environment
|
||||
with tempfile.TemporaryDirectory() as temp_dir:
|
||||
# Prepare test flake and Nix store
|
||||
flake_dir = prepare_test_flake(
|
||||
temp_dir,
|
||||
"${self.checks.x86_64-linux.clan-core-for-checks}",
|
||||
"${closureInfo}"
|
||||
)
|
||||
|
||||
# Set up SSH connection
|
||||
ssh_conn = setup_ssh_connection(
|
||||
target,
|
||||
temp_dir,
|
||||
"${../assets/ssh/privkey}"
|
||||
)
|
||||
|
||||
# Verify files don't exist initially
|
||||
hw_config_file = os.path.join(flake_dir, "machines/test-install-machine/hardware-configuration.nix")
|
||||
facter_file = os.path.join(flake_dir, "machines/test-install-machine/facter.json")
|
||||
|
||||
assert not os.path.exists(hw_config_file), "hardware-configuration.nix should not exist initially"
|
||||
assert not os.path.exists(facter_file), "facter.json should not exist initially"
|
||||
|
||||
# Set CLAN_FLAKE for the commands
|
||||
os.environ["CLAN_FLAKE"] = flake_dir
|
||||
|
||||
# Test facter backend
|
||||
clan_cmd = [
|
||||
"${self.packages.${pkgs.system}.clan-cli-full}/bin/clan",
|
||||
"machines",
|
||||
"update-hardware-config",
|
||||
"--debug",
|
||||
"--flake", ".",
|
||||
"--host-key-check", "none",
|
||||
"test-install-machine-without-system",
|
||||
"-i", ssh_conn.ssh_key,
|
||||
"--option", "store", os.environ['CLAN_TEST_STORE'],
|
||||
f"nonrootuser@localhost:{ssh_conn.host_port}"
|
||||
]
|
||||
|
||||
result = subprocess.run(clan_cmd, capture_output=True, cwd=flake_dir)
|
||||
if result.returncode != 0:
|
||||
print(f"Clan update-hardware-config failed: {result.stderr.decode()}")
|
||||
raise Exception(f"Clan update-hardware-config failed with return code {result.returncode}")
|
||||
|
||||
facter_without_system_file = os.path.join(flake_dir, "machines/test-install-machine-without-system/facter.json")
|
||||
assert os.path.exists(facter_without_system_file), "facter.json should exist after update"
|
||||
os.remove(facter_without_system_file)
|
||||
|
||||
# Test nixos-generate-config backend
|
||||
clan_cmd = [
|
||||
"${self.packages.${pkgs.system}.clan-cli-full}/bin/clan",
|
||||
"machines",
|
||||
"update-hardware-config",
|
||||
"--debug",
|
||||
"--backend", "nixos-generate-config",
|
||||
"--host-key-check", "none",
|
||||
"--flake", ".",
|
||||
"test-install-machine-without-system",
|
||||
"-i", ssh_conn.ssh_key,
|
||||
"--option", "store", os.environ['CLAN_TEST_STORE'],
|
||||
f"nonrootuser@localhost:{ssh_conn.host_port}"
|
||||
]
|
||||
|
||||
result = subprocess.run(clan_cmd, capture_output=True, cwd=flake_dir)
|
||||
if result.returncode != 0:
|
||||
print(f"Clan update-hardware-config (nixos-generate-config) failed: {result.stderr.decode()}")
|
||||
raise Exception(f"Clan update-hardware-config failed with return code {result.returncode}")
|
||||
|
||||
hw_config_without_system_file = os.path.join(flake_dir, "machines/test-install-machine-without-system/hardware-configuration.nix")
|
||||
assert os.path.exists(hw_config_without_system_file), "hardware-configuration.nix should exist after update"
|
||||
'';
|
||||
} { inherit pkgs self; };
|
||||
|
||||
};
|
||||
installer.succeed("clan machines update-hardware-config --debug --backend nixos-generate-config --flake test-flake test-install-machine-without-system nonrootuser@localhost >&2")
|
||||
installer.succeed("test -f test-flake/machines/test-install-machine-without-system/hardware-configuration.nix")
|
||||
installer.succeed("rm test-flake/machines/test-install-machine-without-system/hardware-configuration.nix")
|
||||
'';
|
||||
} { inherit pkgs self; };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,44 +0,0 @@
|
||||
[build-system]
|
||||
requires = ["setuptools", "wheel"]
|
||||
build-backend = "setuptools.build_meta"
|
||||
|
||||
[project]
|
||||
name = "nixos-test-lib"
|
||||
version = "1.0.0"
|
||||
description = "NixOS test utilities for clan VM testing"
|
||||
authors = [
|
||||
{name = "Clan Core Team"}
|
||||
]
|
||||
dependencies = []
|
||||
|
||||
[project.optional-dependencies]
|
||||
dev = [
|
||||
"mypy",
|
||||
"ruff"
|
||||
]
|
||||
|
||||
[tool.setuptools.packages.find]
|
||||
where = ["."]
|
||||
include = ["nixos_test_lib*"]
|
||||
|
||||
[tool.setuptools.package-data]
|
||||
"nixos_test_lib" = ["py.typed"]
|
||||
|
||||
[tool.mypy]
|
||||
python_version = "3.12"
|
||||
strict = true
|
||||
warn_return_any = true
|
||||
warn_unused_configs = true
|
||||
|
||||
[tool.ruff]
|
||||
target-version = "py312"
|
||||
line-length = 88
|
||||
|
||||
[tool.ruff.lint]
|
||||
select = ["ALL"]
|
||||
ignore = [
|
||||
"D", # docstrings
|
||||
"ANN", # type annotations
|
||||
"COM812", # trailing comma
|
||||
"ISC001", # string concatenation
|
||||
]
|
||||
@@ -1,173 +0,0 @@
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
self,
|
||||
...
|
||||
}:
|
||||
let
|
||||
# Common target VM configuration used by both installation and update tests
|
||||
target =
|
||||
{ modulesPath, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/../tests/common/auto-format-root-device.nix")
|
||||
];
|
||||
networking.useNetworkd = true;
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.UseDns = false;
|
||||
services.openssh.settings.PasswordAuthentication = false;
|
||||
system.nixos.variant_id = "installer";
|
||||
environment.systemPackages = [
|
||||
pkgs.nixos-facter
|
||||
];
|
||||
# Disable cache.nixos.org to speed up tests
|
||||
nix.settings.substituters = [ ];
|
||||
nix.settings.trusted-public-keys = [ ];
|
||||
virtualisation.emptyDiskImages = [ 512 ];
|
||||
virtualisation.diskSize = 8 * 1024;
|
||||
virtualisation.rootDevice = "/dev/vdb";
|
||||
# both installer and target need to use the same diskImage
|
||||
virtualisation.diskImage = "./target.qcow2";
|
||||
virtualisation.memorySize = 3048;
|
||||
users.users.nonrootuser = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
|
||||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
|
||||
# Allow users to manage their own SSH keys
|
||||
services.openssh.authorizedKeysFiles = [
|
||||
"/root/.ssh/authorized_keys"
|
||||
"/home/%u/.ssh/authorized_keys"
|
||||
"/etc/ssh/authorized_keys.d/%u"
|
||||
];
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
# Common base test machine configuration
|
||||
baseTestMachine =
|
||||
{ lib, modulesPath, ... }:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/testing/test-instrumentation.nix")
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
self.clanLib.test.minifyModule
|
||||
];
|
||||
|
||||
# Enable SSH and add authorized key for testing
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.PasswordAuthentication = false;
|
||||
users.users.nonrootuser = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
|
||||
extraGroups = [ "wheel" ];
|
||||
home = "/home/nonrootuser";
|
||||
createHome = true;
|
||||
};
|
||||
users.users.root.openssh.authorizedKeys.keys = [ (builtins.readFile ../assets/ssh/pubkey) ];
|
||||
# Allow users to manage their own SSH keys
|
||||
services.openssh.authorizedKeysFiles = [
|
||||
"/root/.ssh/authorized_keys"
|
||||
"/home/%u/.ssh/authorized_keys"
|
||||
"/etc/ssh/authorized_keys.d/%u"
|
||||
];
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
boot.consoleLogLevel = lib.mkForce 100;
|
||||
boot.kernelParams = [ "boot.shell_on_fail" ];
|
||||
|
||||
# disko config
|
||||
boot.loader.grub.efiSupport = lib.mkDefault true;
|
||||
boot.loader.grub.efiInstallAsRemovable = lib.mkDefault true;
|
||||
clan.core.vars.settings.secretStore = "vm";
|
||||
clan.core.vars.generators.test = {
|
||||
files.test.neededFor = "partitioning";
|
||||
script = ''
|
||||
echo "notok" > "$out"/test
|
||||
'';
|
||||
};
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
device = "/dev/vda";
|
||||
|
||||
preCreateHook = ''
|
||||
test -e /run/partitioning-secrets/test/test
|
||||
'';
|
||||
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "1M";
|
||||
type = "EF02"; # for grub MBR
|
||||
priority = 1;
|
||||
};
|
||||
ESP = {
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# NixOS test library combining port utils and clan VM test utilities
|
||||
nixosTestLib = pkgs.python3Packages.buildPythonPackage {
|
||||
pname = "nixos-test-lib";
|
||||
version = "1.0.0";
|
||||
format = "pyproject";
|
||||
src = lib.fileset.toSource {
|
||||
root = ./.;
|
||||
fileset = lib.fileset.unions [
|
||||
./pyproject.toml
|
||||
./nixos_test_lib
|
||||
];
|
||||
};
|
||||
nativeBuildInputs = with pkgs.python3Packages; [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
doCheck = false;
|
||||
};
|
||||
|
||||
# Common closure info
|
||||
closureInfo = pkgs.closureInfo {
|
||||
rootPaths = [
|
||||
self.checks.x86_64-linux.clan-core-for-checks
|
||||
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.toplevel
|
||||
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.initialRamdisk
|
||||
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.build.diskoScript
|
||||
self.clanInternals.machines.${pkgs.hostPlatform.system}.test-install-machine-with-system.config.system.clan.deployment.file
|
||||
pkgs.stdenv.drvPath
|
||||
pkgs.bash.drvPath
|
||||
pkgs.buildPackages.xorg.lndir
|
||||
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
inherit
|
||||
target
|
||||
baseTestMachine
|
||||
nixosTestLib
|
||||
closureInfo
|
||||
;
|
||||
}
|
||||
@@ -24,7 +24,7 @@
|
||||
}:
|
||||
{
|
||||
checks = pkgs.lib.mkIf (pkgs.stdenv.isLinux && !pkgs.stdenv.isAarch64) {
|
||||
nixos-test-morph = self.clanLib.test.baseTest {
|
||||
morph = self.clanLib.test.baseTest {
|
||||
name = "morph";
|
||||
|
||||
nodes = {
|
||||
@@ -35,6 +35,7 @@
|
||||
pkgs.stdenv.drvPath
|
||||
pkgs.stdenvNoCC
|
||||
self.nixosConfigurations.test-morph-machine.config.system.build.toplevel
|
||||
self.nixosConfigurations.test-morph-machine.config.system.clan.deployment.file
|
||||
] ++ builtins.map (i: i.outPath) (builtins.attrValues self.inputs);
|
||||
closureInfo = pkgs.closureInfo { rootPaths = dependencies; };
|
||||
in
|
||||
|
||||
@@ -13,9 +13,10 @@ nixosLib.runTest (
|
||||
|
||||
hostPkgs = pkgs;
|
||||
|
||||
name = "service-mycelium";
|
||||
name = "mycelium";
|
||||
|
||||
clan = {
|
||||
|
||||
test.useContainers = false;
|
||||
directory = ./.;
|
||||
modules."@clan/mycelium" = ../../clanServices/mycelium/default.nix;
|
||||
@@ -25,7 +26,6 @@ nixosLib.runTest (
|
||||
instances = {
|
||||
mycelium-test = {
|
||||
module.name = "@clan/mycelium";
|
||||
module.input = "self";
|
||||
roles.peer.machines."server".settings = {
|
||||
openFirewall = true;
|
||||
addHostedPublicNodes = true;
|
||||
|
||||
87
checks/syncthing/default.nix
Normal file
87
checks/syncthing/default.nix
Normal file
@@ -0,0 +1,87 @@
|
||||
{
|
||||
pkgs,
|
||||
nixosLib,
|
||||
clan-core,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
nixosLib.runTest (
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
clan-core.modules.nixosTest.clanTest
|
||||
];
|
||||
|
||||
hostPkgs = pkgs;
|
||||
|
||||
name = "syncthing";
|
||||
|
||||
clan = {
|
||||
directory = ./.;
|
||||
# TODO: container driver does not support wait_for_file() yet
|
||||
test.useContainers = false;
|
||||
inventory = {
|
||||
machines = lib.genAttrs [
|
||||
"introducer"
|
||||
"peer1"
|
||||
"peer2"
|
||||
] (_: { });
|
||||
services = {
|
||||
syncthing.default = {
|
||||
roles.peer.machines = [
|
||||
"peer1"
|
||||
"peer2"
|
||||
];
|
||||
roles.introducer.machines = [ "introducer" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nodes.introducer = {
|
||||
# Doesn't test zerotier!
|
||||
services.syncthing.openDefaultPorts = true;
|
||||
services.syncthing.settings.folders = {
|
||||
"Shared" = {
|
||||
enable = true;
|
||||
path = "~/Shared";
|
||||
versioning = {
|
||||
type = "trashcan";
|
||||
params = {
|
||||
cleanoutDays = "30";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
clan.syncthing.autoAcceptDevices = true;
|
||||
clan.syncthing.autoShares = [ "Shared" ];
|
||||
# For faster Tests
|
||||
systemd.timers.syncthing-auto-accept.timerConfig = {
|
||||
OnActiveSec = 1;
|
||||
OnUnitActiveSec = 1;
|
||||
};
|
||||
};
|
||||
nodes.peer1 = {
|
||||
services.syncthing.openDefaultPorts = true;
|
||||
};
|
||||
nodes.peer2 = {
|
||||
services.syncthing.openDefaultPorts = true;
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
introducer.wait_for_unit("syncthing")
|
||||
peer1.wait_for_unit("syncthing")
|
||||
peer2.wait_for_unit("syncthing")
|
||||
peer1.execute("ls -la /var/lib/syncthing")
|
||||
peer2.execute("ls -la /var/lib/syncthing")
|
||||
peer1.wait_for_file("/var/lib/syncthing/Shared")
|
||||
peer2.wait_for_file("/var/lib/syncthing/Shared")
|
||||
introducer.shutdown()
|
||||
peer1.execute("echo hello > /var/lib/syncthing/Shared/hello")
|
||||
peer2.wait_for_file("/var/lib/syncthing/Shared/hello")
|
||||
out = peer2.succeed("cat /var/lib/syncthing/Shared/hello")
|
||||
assert "hello" in out
|
||||
'';
|
||||
}
|
||||
)
|
||||
6
checks/syncthing/sops/machines/introducer/key.json
Executable file
6
checks/syncthing/sops/machines/introducer/key.json
Executable file
@@ -0,0 +1,6 @@
|
||||
[
|
||||
{
|
||||
"publickey": "age1wjp0vvvy4d2c0pdrth0kl505rzpz37804swf6rrny9xa208mrg2s0r5m67",
|
||||
"type": "age"
|
||||
}
|
||||
]
|
||||
6
checks/syncthing/sops/machines/peer1/key.json
Executable file
6
checks/syncthing/sops/machines/peer1/key.json
Executable file
@@ -0,0 +1,6 @@
|
||||
[
|
||||
{
|
||||
"publickey": "age14faw2l6rskw2gcv3rrkygmwmrp2ev9yclzq4fh8xf8sjeke8p97sw4dxuq",
|
||||
"type": "age"
|
||||
}
|
||||
]
|
||||
6
checks/syncthing/sops/machines/peer2/key.json
Executable file
6
checks/syncthing/sops/machines/peer2/key.json
Executable file
@@ -0,0 +1,6 @@
|
||||
[
|
||||
{
|
||||
"publickey": "age1dutdww4x48f0e3tzmjlye9n852wx0qqhhcghsrefsq9m8c5flpfs2lxexf",
|
||||
"type": "age"
|
||||
}
|
||||
]
|
||||
15
checks/syncthing/sops/secrets/introducer-age.key/secret
Normal file
15
checks/syncthing/sops/secrets/introducer-age.key/secret
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:f/KzvxsoWQFTSB17lPhe/MThYu4ZjJwvkCxKp7XkLyspFF9Dal4A+H+SY6vPG7yM3+dlE3ZnxjniUeivydDTwwJiWJ6E6XIhnPI=,iv:xat6pYzYV8sfyMKX4OMsr6oSOEOc09DDXGykKKoP14Y=,tag:xMxsIpYv7KrSYvpmvBvSUw==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArUGdWK1BnNjdCL1l1WlNB\nUEswYm1tYlIxWXltemdlQm1OcmlNbSsvTkdrClpRUjR6TUNUcGtxWWhGdDg5SG84\nSFFiV2p6ZHJwR1VKYW4vVFBHRGFSYTgKLS0tIERJa3hRM28ySHBUME4vTUE1UUFr\nQklDdTBWdWJpdGg0cnR1ZUNWREl6K1EKbRFOr3Rhb2aGnQUHiX+3DzGgrY9C2Dvz\nVlyZ0q6lWtn4qFWPVez03T8QAtLjv2UaGtYTFnyFIWiykhhrWy2PBg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:54:54Z",
|
||||
"mac": "ENC[AES256_GCM,data:LJCCaGNhBgFAKtWYMD6OcXg2FMq1DYDOySIpEY91ILXDUuJSSsuYyQqE6ZvCoThlogHd9inAajsW0GbzYpSflu/WyrqlQsNJSMFkBFBQh/FIjd18GUtZ4flHWRfHqAk/xM/g+n7iOgKMvaBrG1MG1DplLRfk/8ehcqlWX4Wxof0=,iv:PrjIiUYkePPXBRGF/Wnqi1ZgA2j4YtzL/uMC5KchfIQ=,tag:yMMrJ7vGt6urz4WfRAyaNg==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
1
checks/syncthing/sops/secrets/introducer-age.key/users/admin
Symbolic link
1
checks/syncthing/sops/secrets/introducer-age.key/users/admin
Symbolic link
@@ -0,0 +1 @@
|
||||
../../../users/admin
|
||||
15
checks/syncthing/sops/secrets/peer1-age.key/secret
Normal file
15
checks/syncthing/sops/secrets/peer1-age.key/secret
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:q6mWG65NflVEvX1QUyRVFuRGOVg9wtyWDYQ8Plqw038pEyOrsVcj6Cmo6SRaRcAaxQmAUeplzYfzm2MgXMz1l/DySErH+mCyVSk=,iv:7X4mFSJXpUii+sppSAq8H7vYWGoDq3LnFJMAAjhhm7U=,tag:ep9vzbkzVtC2A8otat8vSg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5bjNlZkppR01JT0F0TklO\nSnpIcFgwb0E5dStHQlZLdGNLQ3UxRDNBdEVVCnlpdWlPVVNIdFB3ZjlpSXZURjdS\nMVlCbFV5RXI0d2t5bHJvR3U5b2NDa2MKLS0tIDJLZlE0RjhNaGhBeFVsSE93Z0NX\nVVcyUjJPL1FVTEVOUktYTEMvVFNEdlUKYkmyVjcbAf5IVb/RWBfhbmoBbuz+u8X0\n3J8a/SJsgX3vLJIpVeSQSSFTNXu0+8/QeRiXsV7GCyHu+lwL75ycmA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:54:59Z",
|
||||
"mac": "ENC[AES256_GCM,data:rhi/f3r81Cm+yXJXpnPmyK7jNqJ1Pg4tU7gsOwjCv5CeJn8U6N78ZBiHndjdwzqSdp7+qwx/9gPpLQVoPzO2IhY+uRhg0l6v6N9iK9UD6tjNzsCw8zTIb/ehObRqqpzVn2BGkUte+g0Hu2/bpHFbq6qmGm8YOYnD8K7U2FoiuGQ=,iv:o7RaD5oogpjSgdfFPqb8Tfgn43ydSzA0ZTP2ayNZI9c=,tag:e/zmTPAIWX1uDQxLNznIWQ==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
1
checks/syncthing/sops/secrets/peer1-age.key/users/admin
Symbolic link
1
checks/syncthing/sops/secrets/peer1-age.key/users/admin
Symbolic link
@@ -0,0 +1 @@
|
||||
../../../users/admin
|
||||
15
checks/syncthing/sops/secrets/peer2-age.key/secret
Normal file
15
checks/syncthing/sops/secrets/peer2-age.key/secret
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:2EaSVKRIMKVF9+qAozKl703entUWB04J61UM1QRj1omKUb5sDaOwnQKCZDZxO/CCtam/kz1jHoxCeFiJFcx+DpTyYptpSpYq1dI=,iv:syZ2HKRxQ73urS4Vwz7/3IMBYY6nk78zaooPMDkU1w4=,tag:uGaqxbU6/9DvkGY1Jq/XRw==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMnJrb2VHYVdMRHJhYjFH\nL25nN2RIZ3pVeDdYTllrUkF0TkREYmNMMVdrCkNSaGlRd3c3YXZPZmIxWExCaytu\nU3FGTmhUZ0pUUjJJNS9vcVBISmFyZHcKLS0tIHMwaFlEYkFFb2RwS3JDb2VxRFcw\nZmd6S3RXVGcwbmtHVVRmWXkwSnF1RkkKTbg6igFHIakR8EAPuf+x9yhmQHF3TPp/\nC+B1FuorpovudtxmJ1UzBmkE0r13cY6iu9Vdjh1g7tBcXUWoHZsvIA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:55:03Z",
|
||||
"mac": "ENC[AES256_GCM,data:HuQQvWOGIjISxnNShYHLj4QinNoeOTwxpJK35swpcBnJ4JtDnA6F2JjpJI8DXIwO42eDbXIF22lJjqynRFRo6kQrrD8uhBHEFD2R+6U7zFxJ4gknWR1iF3fbM1+2VDiu8L9InpZcfb6Z8tpKPdPiYS3NGdoAJ0ClSw+8WlVsS5E=,iv:pJxsCP5Y6NTNAck0mphbLRnZ48sRRZ/YaYUobi6mGYU=,tag:ewR5QLBh3WRLkHlSGH5MsQ==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
1
checks/syncthing/sops/secrets/peer2-age.key/users/admin
Symbolic link
1
checks/syncthing/sops/secrets/peer2-age.key/users/admin
Symbolic link
@@ -0,0 +1 @@
|
||||
../../../users/admin
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/introducer
|
||||
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:UVv08bXHtWMWcMC7tBb+xy7+3JRiOfVpRPD/q/TR1/+5,iv:ZNb3GDvtuZFbXlcJyN/kzy8cRppRqWnN308mAAkOc/4=,tag:Jv5MsPQ+gTBROzG6oo0ztg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha2t2enBPWUhHcXIveGJJ\nZklLeVNkNkhkcXFLczJjeHdFT2haSGF6UnhNCjh1MHJobSs4dmVKTVdzL1JRTXJK\nUlo2MzFOelV5UVNqVjladStHdUlqSGcKLS0tIGlqa1RZVHpva2ZmNnpSRjhseGUw\na0hmSER6VlZsZ1A2TE84OTVyQVVTRDgKoE3UzWOqYhV9Y/vayIGY6ak4MEPR+q5t\n5NY6VDkCwYiactvcSo36jiaru47jRr6ovk5Vfkq/jFO2njDND5mLqQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1wjp0vvvy4d2c0pdrth0kl505rzpz37804swf6rrny9xa208mrg2s0r5m67",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZGZUVmVBOENtZTJmRTQz\ndUpzYXBwb1NUWmhPU1g0VWFkWUp3Y2JGQ0JVCjZPS1lxL3N0YlU5T2owSS9FSC9L\naWtScmdyclhqcTE3blFEZHRNRHhjOXMKLS0tIGR2MnhRdUpHZ2tqTzVLWFo0WVhm\neXlpWUdwc3ZHOGRXWTNlZC9UMHd2M3cKgabJLSO2rT1u+I4V/XdCt8iDXuFQw+2w\nwr2juhtq3IwBuO6VqQKwAy6hHNbEWa+e/6bPaoXiJAOdA6+LbzfSmg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:54:56Z",
|
||||
"mac": "ENC[AES256_GCM,data:ajkYjU6vAqrNiknSLZOYgFYiL7A6/ut+m3bt/x22Ms7LGZv5BgsTtLDw70gbAQh9fMbQCxCngkUrHk6bvVe9afpNvdw3fPQ9hfMkXquvDjhGHMvr3bmawsBJrShuywYRZY2z++f6FA0ApGVkSG1tSFDt/Tob1wkhxbPonGnsliQ=,iv:6H2X+4RkW48+w1dHWxa4nogKbHHriGyvAOr9ODf7m68=,tag:RWv+zSyqfaKcLAjxFHhqXw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/introducer
|
||||
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:DdiIZhVVosBWWyQu52g9bZm4PHlYalIeNQZtiqzN6p0Q3GcIPZkrA7EUtiI/jLOY9ILRKX3yreJWlDQHiEdfjQhqR1Oneb3JVv41GASEIumhuxPU4VQyIMV3u5MNO7H+NkzsBx8JHvm0MOIar76B4Bc+7ZoaahHacNzog+rGxUplecoY8A22Cr9G71OFj4JPQJTK40DhdSxdmSaiI3FzqxyuzbYfMViVqm6X3hX/CUv5nxlNeFUw5ZKruOTq4sjgiy859dOTiTG1L4X5T2G9UNevg5eRAqGdmjB/DB8is8yMUXYloD5TSvoDXCS8rAB7DgrtcF91nv9Wxq5aYGv6ovHpG7sL/aOY507PyaWtItir1+Gy9M8ECQq50wgj308KEMSbllFIhiHaHklpqTZdJejIzVB5nxbMIrcF2537Nfw3T2awveBk7ZjuYFQ3lIZVWNe9mbVubH1JLZS6x/Fm+rY85KnT3hZHCRLuUTvb5b3My73UMmWmAN3DekSr/m7z51cxtvJQJrM9GV6Lv4PAbgzvz8BvWps/9pIQlqVPYk8fRBvKqIAtbM7V6nIH1Fx8hmoMYM+c2CIHhMKxh1b+SGTk3BYXRuF/MX/btAt0kwUh+qPQJEd+i+9qFCS2I26BzoFsjm4M9e5tp1tx0KazrsIrWRAi6faGI+i48VpYxP60BQdK0YZTczTVLw4nIZGWJ1m0cHzeViR/P3mvP0tROo4GyAloUP3QWAwC88I2btHmC008Ldg7XRmOrPtwMuj1Z38Sj1mlRSu3+5hYS7T9wbOg3J/S9o3xbGDzJFAVU5YouAhU3qWwKvmrTKn6WRPyGFafcbBxzoNyOwK1U8MtrvDEUyoevN9kP/nGbD7sfyJpStN5zrn/9NxANVAAWjje1vWVmjFlTdip9USRzmrSIbPb4PwgXjJJObF6VWXF9RTdlZNq486BTC2eE4XQ3stOJ6UJmRwsowU3TuI8xb9wNXZBFmwfkrNhvgOrpf6LTc6ouL5QfSgcj6Gg/mXvE24Y4yhRZA4lnDqbuyl7lIyzTyfiwSEmDbJTVkc=,iv:Sby7ZpP5/ThihlnmxBX485/dtdxHQBPEoHPhbRVc7hk=,tag:9azO7wAzCSkYj/Awv6X+7Q==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBreW1Cd3NQWE13NUJHR2Ur\nSmdWK3hvVHpNMzZ1cGxHbEdHd2FETm1tSkZBCkhNMHdReGRpZmVJVUJ6aDY4MW1G\nOFhHRVhpUE1FWThwZ1BDZFJxRnZqYzAKLS0tIDd6QTROa2JYLzd4RmtDODJhM2hJ\nU1NwSTE3TVQ5WEdGVzB5YVdYWWNPazQKot8O9EYCfw4r59Fn/9lYZ0xYd7SUo9lJ\nEsus6BeNg2VLFa5V5q3hlVgRHUgNM4LMqIhdDf9mkxULKt1ilmoB6A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1wjp0vvvy4d2c0pdrth0kl505rzpz37804swf6rrny9xa208mrg2s0r5m67",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Q213dEI0d2FMUDB2Z2F3\nOVp6anVnVVZSNTdGMktnL2Z1c3JxNEt6ZUhZCnhrRUFrcnRpRVJXbmNjSWJRQ2hO\nVnlCRVdCRUZidUwwNDQyc1UwemRWbkkKLS0tIER1WWhNNERtaEZ1NVZNOXZoczZN\nZHd3U3UrOC9PZWhPMTBCVG03ZVdRdW8KY3bksqIx78GETGEg8q63HvEp+b8GnLFM\nqE7hiC9sNN8THvXV5rZeJdIPYZ6Kan2Q09GxRzDEJBavK3ZK0DKblA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:54:57Z",
|
||||
"mac": "ENC[AES256_GCM,data:SckFGU9nPJi6t3bJdRqE49i7tqzcJQB4+ZZzuzSUTnPJV+Bn+/nr6zqbf40jG4qWPPV1PJsiXoJrTOQZ5O/skLg4++c4op5U+brRZqggeJepHVdHpxe7ldVak64Of7gMJ9S5fsynyRa+96kxf/qN2qZ1f63sk0u9bImPovYOJKA=,iv:EWWRbnySYk07m8oAio71VftGhRUJWiXYKJxsnErx2ng=,tag:MS7JFdlny6OA+MjCCz3kHA==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
Y45RCSC-Y2OENC7-OI2NQ6Y-VUU6W7X-TQDROMD-JZNYC3B-BZJA2TI-7IMW4Q4
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/introducer
|
||||
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:DkRR6AfyQJh0rnuzIO9gOs+xSmtncpo4zQOOLMeyfRcMRYYMnfzFIDYrOg4AYEmyd/KDfX8O7r/9dfrg4t4VJIFtA78h7hVA3KFpVhyA55AMfiWKJUQZhTvZG2eRP89+S0tChu6spgTXFDXIwCXa8EwzUc5Cqd/3UHs1DFdsuwWpmcbbXY1P3k4iaSpvQse/7BC0TNn2bg2ZPd4i9ovdY9kyMyOT9/54JRr21PeJ2SJYzLEMhzc+VirU4xIWdRMvK+LJRPWQEhvDGUjxAE5B90rHYmAi8eAaEEB52wpQBthJKUdBoZHlZ/DUbk9CVF2UF4B1rBLOtnt+pN9EfBFqrq0my/6bElEQV3P5UcdC7Z/sOjWVQvjBkHc9wkJp0g6e,iv:T0qYtoUeX7FZA8omE4heI6Beeh4gmbYoJ4Ww+6ix5AY=,tag:0FpsipDR1pfQA2/Z+4ogQQ==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWam5QUlF2K2ZQa3RjYkxt\nZXBmbmhKcC9HeklPL2c3UFRsUGhxL212T25rCmpCYzF4MFd3REk5cWtsSSt4ZFlK\nMzlLUUg3M1J4am1ZSVg0ait3eHFtVjgKLS0tIGpzYXJzWXJ4emhIOS9oL1E1SVBR\nRXZSZlVtMENGR2RNRzRMcGxCZW8xS1UK1BuhZV2eVb545eTg7I+wk5Dth6ZUwb9R\n5KkJ8oNSahtk9J27ZmJNIuof+fEj9yNueKHbvkDGo5rUoeH9u/awsw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1wjp0vvvy4d2c0pdrth0kl505rzpz37804swf6rrny9xa208mrg2s0r5m67",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0c1FmdlRUSXBsaDcvMmlj\nUVovdlRoMzAxeGh1blh1OU1JWTh0OElhZkFZClpyZ0JpcGVFbHRJdHhqNDRnaHhY\nQVVSS3NwcXZWMm83R1BPOTAySmF6QTgKLS0tIDd1OE5VYm5qWUZtd2VvYmdob2lG\nODlpUDAzdENDT1Nvdlo2bnVHRjVRSzQKFiKoA9JY6vY6+StLnLq3Fx0SmCRDro6+\nTLy2MmJM2VjdixMBvSDJATIXdf2T5lRFqGeJIlmLftzwCSJNmar+qg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:54:57Z",
|
||||
"mac": "ENC[AES256_GCM,data:xZlGmeBeMrM4bCYU0j/1rz/lh33Zm3SUKJCSHWQ9rkVzBqD6Zxok+8OLYPIXKmEUQLuD6A3Jj8BIELm7poC0ycDqTCHRP6crPR3TZ9Ha/8ws5yjpbvQA5lvYcF+GindIhTHifo0LlkXsr0Yr3ViErvHHwLifmB2RBYw++gUhxHY=,iv:DT0GgfCrKpVLaBtljUMzSMZ0vP8o24VIiUfp0etNn9Q=,tag:+4kYXei4E1AMpNAusQKcVg==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/peer1
|
||||
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:j/cBGXgSdfB1NOuNdj6w8rdF5dVQ6ngu/pIDys7NIwoX,iv:9G2mTyHNtryKqR0hk8sceaYvQMvIMeprH2M34RphhuY=,tag:8eSMKD5PVwGB+rPS7/XBng==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age14faw2l6rskw2gcv3rrkygmwmrp2ev9yclzq4fh8xf8sjeke8p97sw4dxuq",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4NVlLSjEyZGFoRXVkR2ZE\nSE9NeXV2V3ZDVXF0RVBUamxWdzNIL2ZYdXhjCisyVWxLak54TS9wVU1VUzVjQVEw\nZlZUaXFqSEdFd3BuMmZzNllKSkxxT28KLS0tIHNqai9wYm5oUHdjbElmRlZrRVg1\nK3BSeG9rTGJyQUpKZU95cjNQakRKajQKUBXxIEwTiz5grVKfbWlJnCC9OiHhDFCi\nG5gNsUHcj74tTWSM+nIAzjRsRWXHpz7kWk/05EQ4W0auOhQ2FaHSTw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSkwrclJrRUVqYjZXZ2ZR\naDBMKzdocjBJNlN2U3A3T09jUmNkVDk1aDJNCkQyQVU2RWpGYzJqdVBKdVRCUHdZ\ndENMbGl2VjNCQXE5Q1lBMEVHYVp3UWsKLS0tICtaZFZGRmxpMTdodGd1a2dEMDYr\nNUowMy9MNTQ1bzVxTlJ2bDdmWjJSREUKJUZ8lQ45pQBXrOfeW25v84ywXN52Og1F\nkmtXkBNAOTr5OkJVZbUXa1lQ0CahLluleVufX0wJIyCpBfhmnjHYFQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:55:01Z",
|
||||
"mac": "ENC[AES256_GCM,data:kUDSBhylpGSwaHDw6HK62UgtIAmG6gnAnoooFTBC5XLS/FX1KhWIg+8fmJK8mHbPVGE/Ju7Qa8cxAEEIWa12xoVlsu6UlaHOIwiOTab6gHnxAA/WL+vYjf5H4IVzh6uOJwGIl+Wc//Yovlifs5Kg2ftkiU7rlrm5aMN6GkVGS70=,iv:hRtDatGis5VgWZcyzky5MZADba4ApZhclOxjQNgDXiI=,tag:iHcjmXiHoOHTJ88kFwezdg==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/peer1
|
||||
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:PWIDQ2EF758/YMlZ6LKB7ofyCKQJuAi0ksg70oB+Km0O5JLJ1O4nz0gpf4dk3qoHRyoyEHH2UvMHD9c7Wuxvy/2YNsIkocpDKiNLUBymYlbqA8TAbg5aZU6q5P7KT5kEujFHZlRxeDoYVgV+wtSs19nGnuZmkkqqkJ/cLWEau42YNTZ+Zu+qnahVI42eGxDK3Hz4Gynm0t5xXCHf3IQI/6eXbDxOdcTepx4hkYnE6zWIsJdS+yK+aw9dtz1NJlpaPTV9OACFZXqlEtP7H3d9XVVyGd8Gx1FbjcJZosMBEB9fG+bmxFm20gBksB1oGBaKh5sOB8OGhZEvxGqFjsJXYt1WPbm/POIvu9oDaWwAz3q9QRC60IbRSogiKLnGkeavnKqC5qYEFTcFr+9JbM9g6+pyI7PosKt5GACpqFODPx/U8iu3ooxseeI7ncDuiNbmWrDAhBcELmclWrRN879nDlfAw+Ct9EIVmP97oFYVAM6fvbxzhQ0uFe9Xrh+G0gsKnfc+XYiEhG35Ge//PdXUI1HDIaGEqcEMpH4dqzbYqkx9CKZ5+fhIcL8R0WBr4I2MI80gvD2ga9k6jpnhnlu6izAajEMNcOjCXrwc47dh5ytRi949gg/HLu38NUU8cG5JtnNP2qqHmn/hFVtTDWL7BDGGAIopC1vyJCjHY1s6pedoJkfFOEPJoKBl1bU8WCbz68GkQ5f0LrFK4026iiI0ExKXP8BApbBEU+UROqzEPcvcC24+5wUbWCnBO0O4S1k7Z4rZdfUVe9XqN2qTLFUgyaEUAnov48aB09+wsnol4xxbkkD3eihpihG58yzwBrPIhsttApOcEhMwjMwrXvbrDcV1wedglZdDCjTa7z0lPwxHaAIf4obYyddlZ36whBU8fsJEoLD2dzTzXFEmGPUKPFwtocJ4IJbNYvNBBmjeH2Eh+wcZyO0dpEuQdMY1zWeYMGWbHSuQC0LdfSvx+hCmsr2rfu8ISVqAgI7YgJc5rNro+poMl5kLpwbSFwH0TdXUJfeRuGFzi7iDgLduf5ZuUMUDsPbw7w==,iv:d6QjUKGw6zfp0Me1YjzkcEtR2fgXuKMjISB4LTbkHI0=,tag:AVyZuNbT81ER6e5/eq9WMg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age14faw2l6rskw2gcv3rrkygmwmrp2ev9yclzq4fh8xf8sjeke8p97sw4dxuq",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSGxaVXN3LzFQaUFnN2Fk\nUStGY1J0a2YydFNVOXZBbjBxMmpLOUdSVVM0Ck5NWTVjNkZTSEVHT3N1UzltVDhN\ndnM3czdvV1pTVG5OV0QwN1hjRC9FYjAKLS0tIFRpS25rL0NEMGJKUHhrOG1TQVNS\nODkybmFPMnBwT3J2T2N5eUdnWlNuWk0K77EWBMrWSRcOgJz2VMTWG8b2VF3hsnfN\nlB24D6g6X+NyYqA5sr6tt2CokSelHvDmdQPp+9ctFUd8MZZOG80odg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TTlVS0R3K0N5QlRmOXlz\nU0JFVmx5VktaYlhKTnNYRkp4YmVHa00xbkc0ClZVQ0ozQXhNRlNvbHJ3M3VpdUFy\nK01kV1hJeG1iSVZDUTFGUVlZdHF2VjgKLS0tIFRLcldTdWpmS2RFM3lkcUlIbWg4\nelNxYlowWlRQbmhlUFRON0lOTG5FdFkKFPvYOu22il6Sq2YSHmV1p5ffOafiUQVz\n19YU773ENRNtodhqigpyJJYsC53gI4lbQC70taJciICdcmdFo/OdSA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:55:01Z",
|
||||
"mac": "ENC[AES256_GCM,data:+jHseVVdCG1Y/0D9hnO8DP7mZIV60nG1AHw11R+pGy7EHhKfLlHT7/MwCRSCbP2hwekUtfrOsuRxSCnckv29h+BMGSi3NZNPXY04tScvEmMECXia7UQWE2o0gQHHLEfSVoWYJ2dcC60cQlpXYocNY47pFx0eq0Q/u6F0SOZwEjU=,iv:GNFszYeZUVdnonQgyVNp5RPofInAOFwyk1wi506wdrI=,tag:Ix0/OieMU7KNwx6y7i8LyQ==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
BZMMAO2-WNUTFFN-GMRL6TM-QZX57TS-Q3NXHVU-V3VPNGX-QHQMBIX-LWQUQQA
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/peer1
|
||||
19
checks/syncthing/vars/per-machine/peer1/syncthing/key/secret
Normal file
19
checks/syncthing/vars/per-machine/peer1/syncthing/key/secret
Normal file
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:e9zI2AphJlfeoK08uohWw+uQKdBBitrMnJCEwE5EPxD6w1qq/yoR5d94fwmEW+PzMRC+eg838I0sACEWJ0XIBb6uOECbKbhgqfqKi67GwXaobtjfQMpYe2xZvODb0LWQdZ33hJ1h23mGnbNlsafVMFySi0ydeul7rCLdNULhIBR6ph+JQHCsOO0G9BVZWSjKc1P/ItcoapMHhS0KzEhY87E6p6jkZFKrVi+bz9e1rF9uSemPF3kE/MAz3PBaqp2JbSrYHUgvDIFuQVt1AK+47rnB3Lmvk2iBD5aYXn+q6ZMRA7M5pYDxTglTlOpALikbjuUmiRZpMuJR+vCsmIEfO/MtoTah2Rawvbyn+80J/iD0C10xF4XvTgv+CAYtJhiw,iv:FZywq4cjxcMpWOYZyBKVCXHPWUNRAp01ufx3LIexfGw=,tag:Rc2iAT6CdP3UYvHf5nvDgw==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age14faw2l6rskw2gcv3rrkygmwmrp2ev9yclzq4fh8xf8sjeke8p97sw4dxuq",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUmNuaWlsZXMwWE9OTVZz\nVWR3MGE0TnN4eW94TzA3a3RHK000Yy9XS1MwCm8rN2xSWTFRSG02c285UUVLTFM5\nNHN0Lyt2T1c1K0tqZEdkd0VCYTVMSHMKLS0tIHpOY1hKS2xwazd3bmJIZWZvc1h6\nR2VocjBudk10bm5JVDIydVpiTnFBcnMKS5Ip6wMtZ0lfyGXLE0CJsgY6JYATPId7\nKQB3iY4YcDnW4Kz3Y8mouJcS3wGpu5l5CvBBpjbP3uUQRD1r6ex2HA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaL1QvcXh3UzZVcFkzK1Zu\ncGtkNlptWlJSZlhxSjNzUzZlM2pzUGFYRFNRCm9xdU9HZ29oT2NNM0lkTVFrWjY1\nbFNPU3BsUWVDbW9EcWlLM3NzbTNTanMKLS0tIEtJQmdwNnBXa1lveEovOC9jRkZs\nbkxOL1dkdGpCQkkvMTNrQ2FZWDF2TTAKptb/vJ5kzpULSm8LeAJqqR5Tks33Vf52\nJaVEMSbHJxcIWWR1Sf954pOOgoOyVpB3BB/DFOAf6VOeVt8RBalvBw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:55:01Z",
|
||||
"mac": "ENC[AES256_GCM,data:WuvkahW8Nm091/eyitO/fmUJE0c8V2G2LAkfr0QdoLqppevEjV+YGNmtqtkVYFnxoQYhzysjVT54eVHVWoeZV7yUg2P9gwMIShT+skayJfXvZfJyvEaNkHWloWeGOLn5gv93P908srTKhHeufsnfGl/hkd+TuNwzzE2mS7k2gMs=,iv:9CPjqSABHJY/sXhzU3AVvtWW5tLMHDqjAV0/Hu9/Jsc=,tag:FYMbuN/BoSowzuoyoFlYxw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/peer2
|
||||
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:4KwVxOYKVLymyDXQ9GswpxJi6Fi5BCDJzMj4d/02nNa4,iv:9uGX3BRswPRlgPpPjdodzfwjbj7vmTqTcDNClKdGGlw=,tag:jLkefKqBfdRVy+qV073Ksg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1dutdww4x48f0e3tzmjlye9n852wx0qqhhcghsrefsq9m8c5flpfs2lxexf",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTWmdQb1VNRUM4NHViYzRU\nOEkzdnhneFBQaGJ5ek1NTUxYcG5YdDhUQWhvCm1RTVc1aFRkczBYLzVZTUdhbjBz\nWXJqTDUyUXRmQVJ1R1p6cC9wSTNVbUkKLS0tIEgwSTVhMTFsdzRHdW9QcVRlZ3l3\nd2xrQkYzVFBTYldlZGtwakFnUHF2WmMKJa1A6a7umGgaFHSq8JqdwUQ6oBu65r1E\nCHSdEt7vviRXS6TRhdMdH0OiKQPTpHdspz6NRwn9KjMbrANq9Cxl6g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsSnMxNHBJNXVyd0RKTFYw\nUW5VMGJFdDI4dTNDTTNKL0xOZ1dvQTlGN2hNCkFPbGRhc0pEUGNlN2NManV0MHRV\nOXZtTGQwbWo3cWN5d0kxd3UwcHh2NlUKLS0tIGs3NERZRTRvc0h5T0h0SFV0VzBv\nL0hCVXE1TmFKV25lWHZvOGQ5YzM0ek0K19o2HCcCHlI55kQ1khuyXMnYGf7X5YI8\nsOgm6sM//6qB2I1DC/IwrHT5+yq/3CkqKcHYfinr3ClaKNDLV4hpAw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:55:05Z",
|
||||
"mac": "ENC[AES256_GCM,data:5S1c4kdweAoikTnowDMWYXbSOS4v97CVMTeq+OFb78FHDKVwlnk1mT43cOLVyF02i589Lxf1rMXl7T9mXyYpY6fTvWKpRBewryS58eUaI01K8NFtS/+aqdgtXoqx5jO4BHrITTlJUjQh0PfXf5Lv7cZBPiNZnu9lfwrxsNbRRPE=,iv:NQeuNVZaVjBOGydA3aCPWHTX7rlG2/I4+YhOTli+nIE=,tag:wzuOuMECuitwewGArGZMeA==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/peer2
|
||||
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:BEFeUE9tN3sjDQmLICGXziA5VPDfHNyjHaMmQlcjJj/AUmhMPOdBUAo28rPPXE+ici0vPLZmXVEcgd4ad02YpBfd1EfUMZW9vz10sv51I7ac/ClFfmbRU1q1CNDiIAHJUErDbCTghnpJMNAiz3CDg409uF8LJ/UmDo73uN8O6UVYI+jB1nxbUD8zPKpQnydRSf6MIrUSluZ3ckDNuoBe2ZcHrvBpbnzhEYHEnEwoM9C9uQQCWtEOjyrahWKr+7wCd7kgVhQfPJLeiSZDgmnnLw0q61dPWNrTyRa48DX5wMgKOOYUM0fMtPI2HGOEqTcel/smNR/4uHVyjsQBuwK/mSdwmfKxVACu6Hxb9is+qkK7pQuPYYLyyubn/nbIhflOLlH5CxbVj/4LK1wDfMbrCOueVq5Fshsj51AgNipi0b+srlDeVnWuQ1BWoCHQ4YTMdIUB5PMYPLCONWlbsb9OQoaAnD03JA3ucCUvpEEtVkqxXMVh+5VjzPX+VoenyVP6O1amiwO1FKIGh0sRd8OJRTD4ait885T4xx2e/Evi9gxZpirFmmn8enZ+oi+zL7YFLRBp+GVso/TRHHEesCHLmsqCaclt6i6BQCK4z2lLd1bXu5ATtx27ka54qdD7sTf1XhcU8Za0d+wmDNzwOCiuMMir37XDWFnR6HP1MS9cgCAVMCxmP4ETZa3FXlA0muwSWOifMlk5OZBoorMNAq543Cmffteh883NRkHUF/SAfr7hVCzUfPsDC3px7MvgqiNaUAi+bvjxlTU1NBZOMvTYtkBcpXzSyjuQ2pVGVEUKNxG8w4QS+5UoUtBBvGCF61D7iWIEHvTfJ8U6agWpcJLSMTAhNjQ8WAbYm3zMbv0J4r4qDvqe8Jn6+3lzZ5EYk4dUvd/6r/pzVJhhhzgEuGn6hfcJusb9xV92hTAVqkLocrwGzvDJ1R/kNx3shm+8H0VRiigrANoRpiTGNPF66qUynkaGU/S6K4Oo2fjCeOrpkO/XwhWsK6ZQ/24a10pO+diBLsGGoW7boqC3ff6sSxhO+Dpl4IEV9Q==,iv:Pc8ZfMZ1ZW94tRkQeVs4VZUfeXUj3WG1h4+mFW7Zafc=,tag:Q2SzduFZATYjEZJeurUMfw==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1dutdww4x48f0e3tzmjlye9n852wx0qqhhcghsrefsq9m8c5flpfs2lxexf",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwUDBxUm4yUXgybmdzZHBV\nZVJXcFNuN3FENU91Y2U3bDEwN2t2ZmlCQW5rCjdta1FvWWgwb042alUybVZ4WVB1\naGIrdUR3aDNmazZSd3YwSTNxb3d6b2cKLS0tIEc3dHhuRW5SaWI1YUhHQnpSR3Vr\nQ1paemJKWld6SENUbmQ3dHFmNnNoZkEKBAO21R4igmxdkZWg64tNj/wVQql4zDI/\nM6Huuoy0KqaMNGnQZyYpHOoXaA0V2Z3wRIiqBpYmpF9yPX41TWDqAw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKamJ5TDNlUHBUSm1aOW1z\nMjNEODZJWk42NlJFTW1Zdk1XWnFMU2NuZndFClJpZGVwdWtFRWgrU1EwMndxRTZK\nR0UvNzJwckZMMzdaNDBwMWZKeGppUm8KLS0tIGxsbVhqcGpZRlNGRE5JWXo4MXYy\nZGlzcVFlNHUxRmEvRkNPU3dGWlJxVXcKO/qq4BD40ctBTLKbTUb5elD/QOlFfeSL\n1a9ioyiNVehXsOWmgjg2x6POfY/1FTqB3x6PG7CxdSw5Qg31d4qcWw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:55:05Z",
|
||||
"mac": "ENC[AES256_GCM,data:JW1ACIn9FnOYm0a18UanYeXgdoyuGXaBzvGMBdSTUBJAF/soeN/DP41mpyzWl9JknzId+R6qooSJ3Zs9asekeUc+9ehc2ra9KdKDNEliwB1Hi5GswIYo1fYRdRrPPBV0EnWg3lLT9Sa3vDDDKQJiMUA30jnGIkN4rNOA4xD4KeE=,iv:Eyvx/ZkqM63jaamPRk5rjjeWQsA3c0rmB2Xhl28HAYc=,tag:KTzwnPsVw9uTYQU2al5mhw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
TB7HCPA-CIEXTMA-KXMBEL3-V2UIPND-C2VBRVP-BJTYZP3-G62QKYA-HFF2CQ4
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/peer2
|
||||
19
checks/syncthing/vars/per-machine/peer2/syncthing/key/secret
Normal file
19
checks/syncthing/vars/per-machine/peer2/syncthing/key/secret
Normal file
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:H4xEba34JvUXuHAIxXapjcBgtScEBn++uzXqKKeCttTgHbMTHuFczAHRbNraPn6qMJj8dkgPgHuAf2xbwnIxoabnFK9C34f84DyN0QdiIUSi7WweWLK6u6HtfaL4w1yoQSwlnv3t/wYPFObMmbEivfPi7zR1ojdoZhKflCBg8piUWzh915PDiZzJ/jrdsQs1gzPD05JWPm759TgQb7vRsueXl+Cvl/sTpSQsR4TyOzJ4UveJnpGskpJiKHODkUcON5l7Dp1PJWum2Vy86bIYdsIKtm2JWysPxIbGhXHCGhrgbg5IbtTzc/XAd4P8OD2cRWeVO9zho5mUzSrHhMwdI33vmw3CvT4eLsE4i9a3NioiZP+skUm9+DIWISlaV7NS,iv:2/XetmHh4rKd3P4wjMPvmSId08u+C34g/Bo7H12G890=,tag:x9r6j87FGYex16eGhgwXVA==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1dutdww4x48f0e3tzmjlye9n852wx0qqhhcghsrefsq9m8c5flpfs2lxexf",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyd2J1VWJ5b1RHUS9QWVN5\nakRWNjFsVWRzWHVkQ1Jld2E5d2ovNWMyRkRjClhQY0dWN3IrWlI1L3Y0c2l0VlFY\ndWphNkRiWGFQZnB6Wlh6eWR4KzRwREUKLS0tIFVMQTk1YUpKZGJHUzQwZlRLN1hV\nTkRud2gwdE5VQlJrNVZvcmluZ2dOUVUK/TxbSStfbidfeiT6oxqXwY5xNqRQ8bbf\nRsrUR7904v41JgwawFFcTgf701SM4D0O85Nc9Sog8OkGO36jMqOEtg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWYWlJSTVCWWdOY2Yybnda\neExPU1Byb0REOGc0S3Z0MlFuWHFLdkdXbnpBClk1c1pMR2V2ZFBWckNRMmJJc3Jp\ncG9qMmU1NElVeVUxS0xpeFV4VmxqS1kKLS0tIHZYYktYaHFIZXVwWkh2bThDclcr\nQlNhcDduOXJnelI2cmNEdXVzSDhlVFkKTOXZB7SJ4vl++Du5hFi9T3nMhxPNmm8s\nkODjnmPxyKYvRMfrDzPkHtzQKaPMHRls9yzZzE2imUhwKpVlvwu2lA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-04-23T07:55:05Z",
|
||||
"mac": "ENC[AES256_GCM,data:PJ0CH2G8tYNnAQV++BNTZbG2emMTp0EEY29NLXUEGxwdWfuHTZxc8QnYx1ck+4Rs28a9U7KHffnPfh4/8NwnnR9MmDcyoLN6/JMHWzUJQZhuMpGGoDxJCaxs/dFaiitlvhNdazSf1f2t8ng+OKokG6L15Mi34oXNTQ/0dyYG4Hc=,iv:YzZBO69nY4p9ut3e8NBGD1EV6Rbq/6z6z2Oh2OnM8JI=,tag:KUQqxuxJfMRSvbbRP2fLng==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.1"
|
||||
}
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user