From 7557252b222d44f77ec963db08f4b18b4f13b3b7 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Fri, 13 Mar 2026 16:49:29 +0100 Subject: [PATCH] tests: Refactor keys --- flake-parts/tests.nix | 18 +++++++++++++++-- tests/overlay/default.nix | 18 +++++------------ .../keys/{client1.crt => client1/nebula.crt} | 0 .../keys/{client1.key => client1/nebula.key} | 0 .../overlay/keys/{client1-ssh => client1/ssh} | 0 .../keys/{client1-ssh.pub => client1/ssh.pub} | 0 .../keys/{client2.crt => client2/nebula.crt} | 0 .../keys/{client2.key => client2/nebula.key} | 0 .../overlay/keys/{client2-ssh => client2/ssh} | 0 .../keys/{client2-ssh.pub => client2/ssh.pub} | 0 .../{lighthouse.crt => lighthouse/nebula.crt} | 0 .../{lighthouse.key => lighthouse/nebula.key} | 0 tests/overlay/keys/{ca.crt => nebula-ca.crt} | 0 tests/overlay/keys/{ca.key => nebula-ca.key} | 0 .../keys/{server.crt => server/nebula.crt} | 0 .../keys/{server.key => server/nebula.key} | 0 tests/overlay/keys/{server-ssh => server/ssh} | 0 .../keys/{server-ssh.pub => server/ssh.pub} | 0 tests/syncthing/default.nix | 20 +++++-------------- .../client1.crt => client1/nebula.crt} | 0 .../client1.key => client1/nebula.key} | 0 .../client1.cert => client1/syncthing.cert} | 0 .../client1.id => client1/syncthing.id} | 0 .../client1.key => client1/syncthing.key} | 0 .../client2.crt => client2/nebula.crt} | 0 .../client2.key => client2/nebula.key} | 0 .../client2.cert => client2/syncthing.cert} | 0 .../client2.id => client2/syncthing.id} | 0 .../client2.key => client2/syncthing.key} | 0 .../keys/{nebula/ca.crt => nebula-ca.crt} | 0 .../keys/{nebula/ca.key => nebula-ca.key} | 0 .../{nebula/server.crt => server/nebula.crt} | 0 .../{nebula/server.key => server/nebula.key} | 0 .../server.cert => server/syncthing.cert} | 0 .../server.id => server/syncthing.id} | 0 .../server.key => server/syncthing.key} | 0 36 files changed, 26 insertions(+), 30 deletions(-) rename tests/overlay/keys/{client1.crt => client1/nebula.crt} (100%) rename tests/overlay/keys/{client1.key => client1/nebula.key} (100%) rename tests/overlay/keys/{client1-ssh => client1/ssh} (100%) rename tests/overlay/keys/{client1-ssh.pub => client1/ssh.pub} (100%) rename tests/overlay/keys/{client2.crt => client2/nebula.crt} (100%) rename tests/overlay/keys/{client2.key => client2/nebula.key} (100%) rename tests/overlay/keys/{client2-ssh => client2/ssh} (100%) rename tests/overlay/keys/{client2-ssh.pub => client2/ssh.pub} (100%) rename tests/overlay/keys/{lighthouse.crt => lighthouse/nebula.crt} (100%) rename tests/overlay/keys/{lighthouse.key => lighthouse/nebula.key} (100%) rename tests/overlay/keys/{ca.crt => nebula-ca.crt} (100%) rename tests/overlay/keys/{ca.key => nebula-ca.key} (100%) rename tests/overlay/keys/{server.crt => server/nebula.crt} (100%) rename tests/overlay/keys/{server.key => server/nebula.key} (100%) rename tests/overlay/keys/{server-ssh => server/ssh} (100%) rename tests/overlay/keys/{server-ssh.pub => server/ssh.pub} (100%) rename tests/syncthing/keys/{nebula/client1.crt => client1/nebula.crt} (100%) rename tests/syncthing/keys/{nebula/client1.key => client1/nebula.key} (100%) rename tests/syncthing/keys/{syncthing/client1.cert => client1/syncthing.cert} (100%) rename tests/syncthing/keys/{syncthing/client1.id => client1/syncthing.id} (100%) rename tests/syncthing/keys/{syncthing/client1.key => client1/syncthing.key} (100%) rename tests/syncthing/keys/{nebula/client2.crt => client2/nebula.crt} (100%) rename tests/syncthing/keys/{nebula/client2.key => client2/nebula.key} (100%) rename tests/syncthing/keys/{syncthing/client2.cert => client2/syncthing.cert} (100%) rename tests/syncthing/keys/{syncthing/client2.id => client2/syncthing.id} (100%) rename tests/syncthing/keys/{syncthing/client2.key => client2/syncthing.key} (100%) rename tests/syncthing/keys/{nebula/ca.crt => nebula-ca.crt} (100%) rename tests/syncthing/keys/{nebula/ca.key => nebula-ca.key} (100%) rename tests/syncthing/keys/{nebula/server.crt => server/nebula.crt} (100%) rename tests/syncthing/keys/{nebula/server.key => server/nebula.key} (100%) rename tests/syncthing/keys/{syncthing/server.cert => server/syncthing.cert} (100%) rename tests/syncthing/keys/{syncthing/server.id => server/syncthing.id} (100%) rename tests/syncthing/keys/{syncthing/server.key => server/syncthing.key} (100%) diff --git a/flake-parts/tests.nix b/flake-parts/tests.nix index dc904bf..19f2c2f 100644 --- a/flake-parts/tests.nix +++ b/flake-parts/tests.nix @@ -5,15 +5,20 @@ let mkTest = dir: rec { name = "${dir}-test"; + value = pkgs.testers.runNixOSTest { inherit name; + imports = [ "${self}/tests/${dir}" ]; + node.specialArgs = { inherit inputs self; }; + defaults = - { nodes, ... }: + { config, nodes, ... }: { imports = [ self.nixosModules.default ]; _module.args.allHosts = nodes |> lib.mapAttrs (_: node: { config = node; }); + users = { mutableUsers = false; users.seb = { @@ -21,7 +26,16 @@ password = "seb"; }; }; - custom.networking.underlay.interface = "eth1"; + + networking.extraHosts = lib.mkForce ""; + custom = { + networking.underlay.interface = "eth1"; + services.nebula = { + caCertificateFile = "${self}/tests/${dir}/keys/nebula-ca.crt"; + certificateFile = "${self}/tests/${dir}/keys/${config.networking.hostName}/nebula.crt"; + privateKeyFile = "${self}/tests/${dir}/keys/${config.networking.hostName}/nebula.key"; + }; + }; }; }; }; diff --git a/tests/overlay/default.nix b/tests/overlay/default.nix index a3547b4..5d91468 100644 --- a/tests/overlay/default.nix +++ b/tests/overlay/default.nix @@ -7,23 +7,15 @@ { config, ... }: { users.users.seb.openssh.authorizedKeys.keyFiles = lib.mkIf config.custom.services.sshd.enable [ - ./keys/server-ssh.pub - ./keys/client1-ssh.pub - ./keys/client2-ssh.pub + ./keys/server/ssh.pub + ./keys/client1/ssh.pub + ./keys/client2/ssh.pub ]; - environment.etc."ssh-key" = lib.mkIf (lib.pathExists ./keys/${config.networking.hostName}-ssh) { - source = ./keys/${config.networking.hostName}-ssh; + environment.etc."ssh-key" = lib.mkIf (lib.pathExists ./keys/${config.networking.hostName}/ssh) { + source = ./keys/${config.networking.hostName}/ssh; mode = "0600"; }; - - custom.services.nebula = { - caCertificateFile = ./keys/ca.crt; - certificateFile = ./keys/${config.networking.hostName}.crt; - privateKeyFile = ./keys/${config.networking.hostName}.key; - }; - - networking.extraHosts = lib.mkForce ""; }; nodes = { diff --git a/tests/overlay/keys/client1.crt b/tests/overlay/keys/client1/nebula.crt similarity index 100% rename from tests/overlay/keys/client1.crt rename to tests/overlay/keys/client1/nebula.crt diff --git a/tests/overlay/keys/client1.key b/tests/overlay/keys/client1/nebula.key similarity index 100% rename from tests/overlay/keys/client1.key rename to tests/overlay/keys/client1/nebula.key diff --git a/tests/overlay/keys/client1-ssh b/tests/overlay/keys/client1/ssh similarity index 100% rename from tests/overlay/keys/client1-ssh rename to tests/overlay/keys/client1/ssh diff --git a/tests/overlay/keys/client1-ssh.pub b/tests/overlay/keys/client1/ssh.pub similarity index 100% rename from tests/overlay/keys/client1-ssh.pub rename to tests/overlay/keys/client1/ssh.pub diff --git a/tests/overlay/keys/client2.crt b/tests/overlay/keys/client2/nebula.crt similarity index 100% rename from tests/overlay/keys/client2.crt rename to tests/overlay/keys/client2/nebula.crt diff --git a/tests/overlay/keys/client2.key b/tests/overlay/keys/client2/nebula.key similarity index 100% rename from tests/overlay/keys/client2.key rename to tests/overlay/keys/client2/nebula.key diff --git a/tests/overlay/keys/client2-ssh b/tests/overlay/keys/client2/ssh similarity index 100% rename from tests/overlay/keys/client2-ssh rename to tests/overlay/keys/client2/ssh diff --git a/tests/overlay/keys/client2-ssh.pub b/tests/overlay/keys/client2/ssh.pub similarity index 100% rename from tests/overlay/keys/client2-ssh.pub rename to tests/overlay/keys/client2/ssh.pub diff --git a/tests/overlay/keys/lighthouse.crt b/tests/overlay/keys/lighthouse/nebula.crt similarity index 100% rename from tests/overlay/keys/lighthouse.crt rename to tests/overlay/keys/lighthouse/nebula.crt diff --git a/tests/overlay/keys/lighthouse.key b/tests/overlay/keys/lighthouse/nebula.key similarity index 100% rename from tests/overlay/keys/lighthouse.key rename to tests/overlay/keys/lighthouse/nebula.key diff --git a/tests/overlay/keys/ca.crt b/tests/overlay/keys/nebula-ca.crt similarity index 100% rename from tests/overlay/keys/ca.crt rename to tests/overlay/keys/nebula-ca.crt diff --git a/tests/overlay/keys/ca.key b/tests/overlay/keys/nebula-ca.key similarity index 100% rename from tests/overlay/keys/ca.key rename to tests/overlay/keys/nebula-ca.key diff --git a/tests/overlay/keys/server.crt b/tests/overlay/keys/server/nebula.crt similarity index 100% rename from tests/overlay/keys/server.crt rename to tests/overlay/keys/server/nebula.crt diff --git a/tests/overlay/keys/server.key b/tests/overlay/keys/server/nebula.key similarity index 100% rename from tests/overlay/keys/server.key rename to tests/overlay/keys/server/nebula.key diff --git a/tests/overlay/keys/server-ssh b/tests/overlay/keys/server/ssh similarity index 100% rename from tests/overlay/keys/server-ssh rename to tests/overlay/keys/server/ssh diff --git a/tests/overlay/keys/server-ssh.pub b/tests/overlay/keys/server/ssh.pub similarity index 100% rename from tests/overlay/keys/server-ssh.pub rename to tests/overlay/keys/server/ssh.pub diff --git a/tests/syncthing/default.nix b/tests/syncthing/default.nix index fcae98e..f93224d 100644 --- a/tests/syncthing/default.nix +++ b/tests/syncthing/default.nix @@ -6,21 +6,11 @@ defaults = { config, ... }: { - custom = { - services = { - nebula = { - caCertificateFile = ./keys/nebula/ca.crt; - certificateFile = ./keys/nebula/${config.networking.hostName}.crt; - privateKeyFile = ./keys/nebula/${config.networking.hostName}.key; - }; - - syncthing = { - enable = true; - deviceId = ./keys/syncthing/${config.networking.hostName}.id |> lib.readFile |> lib.trim; - certFile = ./keys/syncthing/${config.networking.hostName}.cert; - keyFile = ./keys/syncthing/${config.networking.hostName}.key; - }; - }; + custom.services.syncthing = { + enable = true; + deviceId = ./keys/${config.networking.hostName}/syncthing.id |> lib.readFile |> lib.trim; + certFile = ./keys/${config.networking.hostName}/syncthing.cert; + keyFile = ./keys/${config.networking.hostName}/syncthing.key; }; }; diff --git a/tests/syncthing/keys/nebula/client1.crt b/tests/syncthing/keys/client1/nebula.crt similarity index 100% rename from tests/syncthing/keys/nebula/client1.crt rename to tests/syncthing/keys/client1/nebula.crt diff --git a/tests/syncthing/keys/nebula/client1.key b/tests/syncthing/keys/client1/nebula.key similarity index 100% rename from tests/syncthing/keys/nebula/client1.key rename to tests/syncthing/keys/client1/nebula.key diff --git a/tests/syncthing/keys/syncthing/client1.cert b/tests/syncthing/keys/client1/syncthing.cert similarity index 100% rename from tests/syncthing/keys/syncthing/client1.cert rename to tests/syncthing/keys/client1/syncthing.cert diff --git a/tests/syncthing/keys/syncthing/client1.id b/tests/syncthing/keys/client1/syncthing.id similarity index 100% rename from tests/syncthing/keys/syncthing/client1.id rename to tests/syncthing/keys/client1/syncthing.id diff --git a/tests/syncthing/keys/syncthing/client1.key b/tests/syncthing/keys/client1/syncthing.key similarity index 100% rename from tests/syncthing/keys/syncthing/client1.key rename to tests/syncthing/keys/client1/syncthing.key diff --git a/tests/syncthing/keys/nebula/client2.crt b/tests/syncthing/keys/client2/nebula.crt similarity index 100% rename from tests/syncthing/keys/nebula/client2.crt rename to tests/syncthing/keys/client2/nebula.crt diff --git a/tests/syncthing/keys/nebula/client2.key b/tests/syncthing/keys/client2/nebula.key similarity index 100% rename from tests/syncthing/keys/nebula/client2.key rename to tests/syncthing/keys/client2/nebula.key diff --git a/tests/syncthing/keys/syncthing/client2.cert b/tests/syncthing/keys/client2/syncthing.cert similarity index 100% rename from tests/syncthing/keys/syncthing/client2.cert rename to tests/syncthing/keys/client2/syncthing.cert diff --git a/tests/syncthing/keys/syncthing/client2.id b/tests/syncthing/keys/client2/syncthing.id similarity index 100% rename from tests/syncthing/keys/syncthing/client2.id rename to tests/syncthing/keys/client2/syncthing.id diff --git a/tests/syncthing/keys/syncthing/client2.key b/tests/syncthing/keys/client2/syncthing.key similarity index 100% rename from tests/syncthing/keys/syncthing/client2.key rename to tests/syncthing/keys/client2/syncthing.key diff --git a/tests/syncthing/keys/nebula/ca.crt b/tests/syncthing/keys/nebula-ca.crt similarity index 100% rename from tests/syncthing/keys/nebula/ca.crt rename to tests/syncthing/keys/nebula-ca.crt diff --git a/tests/syncthing/keys/nebula/ca.key b/tests/syncthing/keys/nebula-ca.key similarity index 100% rename from tests/syncthing/keys/nebula/ca.key rename to tests/syncthing/keys/nebula-ca.key diff --git a/tests/syncthing/keys/nebula/server.crt b/tests/syncthing/keys/server/nebula.crt similarity index 100% rename from tests/syncthing/keys/nebula/server.crt rename to tests/syncthing/keys/server/nebula.crt diff --git a/tests/syncthing/keys/nebula/server.key b/tests/syncthing/keys/server/nebula.key similarity index 100% rename from tests/syncthing/keys/nebula/server.key rename to tests/syncthing/keys/server/nebula.key diff --git a/tests/syncthing/keys/syncthing/server.cert b/tests/syncthing/keys/server/syncthing.cert similarity index 100% rename from tests/syncthing/keys/syncthing/server.cert rename to tests/syncthing/keys/server/syncthing.cert diff --git a/tests/syncthing/keys/syncthing/server.id b/tests/syncthing/keys/server/syncthing.id similarity index 100% rename from tests/syncthing/keys/syncthing/server.id rename to tests/syncthing/keys/server/syncthing.id diff --git a/tests/syncthing/keys/syncthing/server.key b/tests/syncthing/keys/server/syncthing.key similarity index 100% rename from tests/syncthing/keys/syncthing/server.key rename to tests/syncthing/keys/server/syncthing.key