51 lines
1.3 KiB
Nix
51 lines
1.3 KiB
Nix
{
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
name = "sshd";
|
|
|
|
clan = {
|
|
directory = ./.;
|
|
inventory = {
|
|
machines.server = { };
|
|
machines.client = { };
|
|
|
|
instances = {
|
|
sshd-test = {
|
|
module.name = "@clan/sshd";
|
|
module.input = "self";
|
|
roles.server.machines."server".settings = {
|
|
certificate.searchDomains = [ "example.com" ];
|
|
hostKeys.rsa.enable = true;
|
|
};
|
|
roles.client.machines."client".settings = {
|
|
certificate.searchDomains = [ "example.com" ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
nodes = {
|
|
server = { };
|
|
client = { };
|
|
};
|
|
|
|
testScript = ''
|
|
start_all()
|
|
|
|
# Check that sshd port is open on the server
|
|
server.succeed("${pkgs.netcat}/bin/nc -z -v 127.0.0.1 22")
|
|
|
|
# Check that /etc/ssh/ssh_known_hosts contains the required CA string on the server
|
|
server.succeed("grep '^@cert-authority ssh-ca,\*.example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
|
|
|
|
# Check that server contains a line starting with 'localhost,server ssh-ed25519'
|
|
server.succeed("grep '^localhost,server ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
|
|
|
|
# Check that /etc/ssh/ssh_known_hosts contains the required CA string on the client
|
|
client.succeed("grep '^.cert-authority ssh-ca.*example.com ssh-ed25519 ' /etc/ssh/ssh_known_hosts")
|
|
'';
|
|
}
|