mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-19 19:34:06 +00:00
4f0dadbf38
After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-builda08b3a4d19
.tar.gz \ --argstr baseRevb32a094368
result/bin/apply-formatting $NIXPKGS_PATH
145 lines
5.3 KiB
Nix
145 lines
5.3 KiB
Nix
import ./make-test-python.nix (
|
|
{ pkgs, ... }:
|
|
|
|
let
|
|
adminPrivateKey = pkgs.writeText "id_ed25519" ''
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM
|
|
QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g
|
|
AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3
|
|
W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
'';
|
|
|
|
adminPublicKey = ''
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client
|
|
'';
|
|
|
|
alicePrivateKey = pkgs.writeText "id_ed25519" ''
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
|
|
VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
|
|
AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
|
|
Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
'';
|
|
|
|
alicePublicKey = pkgs.writeText "id_ed25519.pub" ''
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client
|
|
'';
|
|
|
|
bobPrivateKey = pkgs.writeText "id_ed25519" ''
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj
|
|
VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA
|
|
AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN
|
|
6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
'';
|
|
|
|
bobPublicKey = pkgs.writeText "id_ed25519.pub" ''
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client
|
|
'';
|
|
|
|
gitoliteAdminConfSnippet = pkgs.writeText "gitolite-admin-conf-snippet" ''
|
|
repo alice-project
|
|
RW+ = alice
|
|
'';
|
|
in
|
|
{
|
|
name = "gitolite";
|
|
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ bjornfor ];
|
|
};
|
|
|
|
nodes = {
|
|
|
|
server =
|
|
{ ... }:
|
|
{
|
|
services.gitolite = {
|
|
enable = true;
|
|
adminPubkey = adminPublicKey;
|
|
};
|
|
services.openssh.enable = true;
|
|
};
|
|
|
|
client =
|
|
{ pkgs, ... }:
|
|
{
|
|
environment.systemPackages = [ pkgs.git ];
|
|
programs.ssh.extraConfig = ''
|
|
Host *
|
|
UserKnownHostsFile /dev/null
|
|
StrictHostKeyChecking no
|
|
# there's nobody around that can input password
|
|
PreferredAuthentications publickey
|
|
'';
|
|
users.users.alice = {
|
|
isNormalUser = true;
|
|
};
|
|
users.users.bob = {
|
|
isNormalUser = true;
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
testScript = ''
|
|
start_all()
|
|
|
|
with subtest("can setup ssh keys on system"):
|
|
client.succeed(
|
|
"mkdir -p ~root/.ssh",
|
|
"cp ${adminPrivateKey} ~root/.ssh/id_ed25519",
|
|
"chmod 600 ~root/.ssh/id_ed25519",
|
|
)
|
|
client.succeed(
|
|
"sudo -u alice mkdir -p ~alice/.ssh",
|
|
"sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519",
|
|
"sudo -u alice chmod 600 ~alice/.ssh/id_ed25519",
|
|
)
|
|
client.succeed(
|
|
"sudo -u bob mkdir -p ~bob/.ssh",
|
|
"sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519",
|
|
"sudo -u bob chmod 600 ~bob/.ssh/id_ed25519",
|
|
)
|
|
|
|
with subtest("gitolite server starts"):
|
|
server.wait_for_unit("gitolite-init.service")
|
|
server.wait_for_unit("sshd.service")
|
|
client.succeed("ssh -n gitolite@server info")
|
|
|
|
with subtest("admin can clone and configure gitolite-admin.git"):
|
|
client.succeed(
|
|
"git clone gitolite@server:gitolite-admin.git",
|
|
"git config --global user.name 'System Administrator'",
|
|
"git config --global user.email root\@domain.example",
|
|
"cp ${alicePublicKey} gitolite-admin/keydir/alice.pub",
|
|
"cp ${bobPublicKey} gitolite-admin/keydir/bob.pub",
|
|
"(cd gitolite-admin && git add . && git commit -m 'Add keys for alice, bob' && git push)",
|
|
"cat ${gitoliteAdminConfSnippet} >> gitolite-admin/conf/gitolite.conf",
|
|
"(cd gitolite-admin && git add . && git commit -m 'Add repo for alice' && git push)",
|
|
)
|
|
|
|
with subtest("non-admins cannot clone gitolite-admin.git"):
|
|
client.fail("sudo -i -u alice git clone gitolite@server:gitolite-admin.git")
|
|
client.fail("sudo -i -u bob git clone gitolite@server:gitolite-admin.git")
|
|
|
|
with subtest("non-admins can clone testing.git"):
|
|
client.succeed("sudo -i -u alice git clone gitolite@server:testing.git")
|
|
client.succeed("sudo -i -u bob git clone gitolite@server:testing.git")
|
|
|
|
with subtest("alice can clone alice-project.git"):
|
|
client.succeed("sudo -i -u alice git clone gitolite@server:alice-project.git")
|
|
|
|
with subtest("bob cannot clone alice-project.git"):
|
|
client.fail("sudo -i -u bob git clone gitolite@server:alice-project.git")
|
|
'';
|
|
}
|
|
)
|