SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 14:19:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

tests: Refactor keys

Browse source
This commit is contained in:
SebastianStork 2026-03-13 16:49:29 +01:00
parent d59a644c36
commit 7557252b22
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
36 changed files with 26 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

18
flake-parts/tests.nix
View file

@ -5,15 +5,20 @@
let
mkTest = dir: rec {
name = "${dir}-test";
value = pkgs.testers.runNixOSTest {
inherit name;
imports = [ "${self}/tests/${dir}" ];
node.specialArgs = { inherit inputs self; };
defaults =
{ nodes, ... }:
{ config, nodes, ... }:
{
imports = [ self.nixosModules.default ];
_module.args.allHosts = nodes |> lib.mapAttrs (_: node: { config = node; });
users = {
mutableUsers = false;
users.seb = {
@ -21,7 +26,16 @@
password = "seb";
};
};
custom.networking.underlay.interface = "eth1";
networking.extraHosts = lib.mkForce "";
custom = {
networking.underlay.interface = "eth1";
services.nebula = {
caCertificateFile = "${self}/tests/${dir}/keys/nebula-ca.crt";
certificateFile = "${self}/tests/${dir}/keys/${config.networking.hostName}/nebula.crt";
privateKeyFile = "${self}/tests/${dir}/keys/${config.networking.hostName}/nebula.key";
};
};
};
};
};

18
tests/overlay/default.nix
View file

@ -7,23 +7,15 @@
{ config, ... }:
{
users.users.seb.openssh.authorizedKeys.keyFiles = lib.mkIf config.custom.services.sshd.enable [
./keys/server-ssh.pub
./keys/client1-ssh.pub
./keys/client2-ssh.pub
./keys/server/ssh.pub
./keys/client1/ssh.pub
./keys/client2/ssh.pub
];
environment.etc."ssh-key" = lib.mkIf (lib.pathExists ./keys/${config.networking.hostName}-ssh) {
source = ./keys/${config.networking.hostName}-ssh;
environment.etc."ssh-key" = lib.mkIf (lib.pathExists ./keys/${config.networking.hostName}/ssh) {
source = ./keys/${config.networking.hostName}/ssh;
mode = "0600";
};
custom.services.nebula = {
caCertificateFile = ./keys/ca.crt;
certificateFile = ./keys/${config.networking.hostName}.crt;
privateKeyFile = ./keys/${config.networking.hostName}.key;
};
networking.extraHosts = lib.mkForce "";
};
nodes = {

0
tests/overlay/keys/client1.crt → tests/overlay/keys/client1/nebula.crt
View file

0
tests/overlay/keys/client1.key → tests/overlay/keys/client1/nebula.key
View file

0
tests/overlay/keys/client1-ssh → tests/overlay/keys/client1/ssh
View file

0
tests/overlay/keys/client1-ssh.pub → tests/overlay/keys/client1/ssh.pub
View file

0
tests/overlay/keys/client2.crt → tests/overlay/keys/client2/nebula.crt
View file

0
tests/overlay/keys/client2.key → tests/overlay/keys/client2/nebula.key
View file

0
tests/overlay/keys/client2-ssh → tests/overlay/keys/client2/ssh
View file

0
tests/overlay/keys/client2-ssh.pub → tests/overlay/keys/client2/ssh.pub
View file

0
tests/overlay/keys/lighthouse.crt → tests/overlay/keys/lighthouse/nebula.crt
View file

0
tests/overlay/keys/lighthouse.key → tests/overlay/keys/lighthouse/nebula.key
View file

0
tests/overlay/keys/ca.crt → tests/overlay/keys/nebula-ca.crt
View file

0
tests/overlay/keys/ca.key → tests/overlay/keys/nebula-ca.key
View file

0
tests/overlay/keys/server.crt → tests/overlay/keys/server/nebula.crt
View file

0
tests/overlay/keys/server.key → tests/overlay/keys/server/nebula.key
View file

0
tests/overlay/keys/server-ssh → tests/overlay/keys/server/ssh
View file

0
tests/overlay/keys/server-ssh.pub → tests/overlay/keys/server/ssh.pub
View file

18
tests/syncthing/default.nix
View file

@ -6,21 +6,11 @@
defaults =
{ config, ... }:
{
custom = {
services = {
nebula = {
caCertificateFile = ./keys/nebula/ca.crt;
certificateFile = ./keys/nebula/${config.networking.hostName}.crt;
privateKeyFile = ./keys/nebula/${config.networking.hostName}.key;
};
syncthing = {
custom.services.syncthing = {
enable = true;
deviceId = ./keys/syncthing/${config.networking.hostName}.id |> lib.readFile |> lib.trim;
certFile = ./keys/syncthing/${config.networking.hostName}.cert;
keyFile = ./keys/syncthing/${config.networking.hostName}.key;
};
};
deviceId = ./keys/${config.networking.hostName}/syncthing.id |> lib.readFile |> lib.trim;
certFile = ./keys/${config.networking.hostName}/syncthing.cert;
keyFile = ./keys/${config.networking.hostName}/syncthing.key;
};
};

0
tests/syncthing/keys/nebula/client1.crt → tests/syncthing/keys/client1/nebula.crt
View file

0
tests/syncthing/keys/nebula/client1.key → tests/syncthing/keys/client1/nebula.key
View file

0
tests/syncthing/keys/syncthing/client1.cert → tests/syncthing/keys/client1/syncthing.cert
View file

0
tests/syncthing/keys/syncthing/client1.id → tests/syncthing/keys/client1/syncthing.id
View file

0
tests/syncthing/keys/syncthing/client1.key → tests/syncthing/keys/client1/syncthing.key
View file

0
tests/syncthing/keys/nebula/client2.crt → tests/syncthing/keys/client2/nebula.crt
View file

0
tests/syncthing/keys/nebula/client2.key → tests/syncthing/keys/client2/nebula.key
View file

0
tests/syncthing/keys/syncthing/client2.cert → tests/syncthing/keys/client2/syncthing.cert
View file

0
tests/syncthing/keys/syncthing/client2.id → tests/syncthing/keys/client2/syncthing.id
View file

0
tests/syncthing/keys/syncthing/client2.key → tests/syncthing/keys/client2/syncthing.key
View file

0
tests/syncthing/keys/nebula/ca.crt → tests/syncthing/keys/nebula-ca.crt
View file

0
tests/syncthing/keys/nebula/ca.key → tests/syncthing/keys/nebula-ca.key
View file

0
tests/syncthing/keys/nebula/server.crt → tests/syncthing/keys/server/nebula.crt
View file

0
tests/syncthing/keys/nebula/server.key → tests/syncthing/keys/server/nebula.key
View file

0
tests/syncthing/keys/syncthing/server.cert → tests/syncthing/keys/server/syncthing.cert
View file

0
tests/syncthing/keys/syncthing/server.id → tests/syncthing/keys/server/syncthing.id
View file

0
tests/syncthing/keys/syncthing/server.key → tests/syncthing/keys/server/syncthing.key
View file