nixos/tests/systemd-initrd-networkd-ssh: Test with backdoor not LUKS

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Will Fancher 2 years ago b41cbee0 8900b027

+13 -39

1 changed file

expand all

nixos

tests

systemd-initrd-networkd-ssh.nix

+13 -39

nixos/tests/systemd-initrd-networkd-ssh.nix

··· 4 4 5 5 nodes = { 6 6 server = { config, pkgs, ... }: { 7 - environment.systemPackages = [ pkgs.cryptsetup ]; 8 - boot.loader.systemd-boot.enable = true; 9 - boot.loader.timeout = 0; 10 - virtualisation = { 11 - emptyDiskImages = [ 4096 ]; 12 - useBootLoader = true; 13 - # Booting off the encrypted disk requires an available init script from 14 - # the Nix store 15 - mountHostNixStore = true; 16 - useEFIBoot = true; 17 - }; 18 - 19 - specialisation.encrypted-root.configuration = { 20 - virtualisation.rootDevice = "/dev/mapper/root"; 21 - virtualisation.fileSystems."/".autoFormat = true; 22 - boot.initrd.luks.devices = lib.mkVMOverride { 23 - root.device = "/dev/vdb"; 24 - }; 25 - boot.initrd.systemd.enable = true; 26 - boot.initrd.network = { 7 + testing.initrdBackdoor = true; 8 + boot.initrd.systemd.enable = true; 9 + boot.initrd.systemd.contents."/etc/msg".text = "foo"; 10 + boot.initrd.network = { 11 + enable = true; 12 + ssh = { 27 13 enable = true; 28 - ssh = { 29 - enable = true; 30 - authorizedKeys = [ (lib.readFile ./initrd-network-ssh/id_ed25519.pub) ]; 31 - port = 22; 32 - # Terrible hack so it works with useBootLoader 33 - hostKeys = [ { outPath = "${./initrd-network-ssh/ssh_host_ed25519_key}"; } ]; 34 - }; 14 + authorizedKeys = [ (lib.readFile ./initrd-network-ssh/id_ed25519.pub) ]; 15 + port = 22; 16 + hostKeys = [ ./initrd-network-ssh/ssh_host_ed25519_key ]; 35 17 }; 36 18 }; 37 19 }; ··· 63 45 status, _ = client.execute("nc -z server 22") 64 46 return status == 0 65 47 66 - server.wait_for_unit("multi-user.target") 67 - server.succeed( 68 - "echo somepass | cryptsetup luksFormat --type=luks2 /dev/vdb", 69 - "bootctl set-default nixos-generation-1-specialisation-encrypted-root.conf", 70 - "sync", 71 - ) 72 - server.shutdown() 73 - server.start() 74 - 75 48 client.wait_for_unit("network.target") 76 49 with client.nested("waiting for SSH server to come up"): 77 50 retry(ssh_is_up) 78 51 79 - client.succeed( 80 - "echo somepass | ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'systemd-tty-ask-password-agent' & exit" 52 + msg = client.succeed( 53 + "ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'cat /etc/msg'" 81 54 ) 55 + assert "foo" in msg 82 56 57 + server.switch_root() 83 58 server.wait_for_unit("multi-user.target") 84 - server.succeed("mount | grep '/dev/mapper/root on /'") 85 59 ''; 86 60 })