tests: add initrd-network-ssh test

starts two VMs: - one with dropbear listening from initrd, waiting for a file - another connecting via ssh, creating the file
NixOS · Sep 18, 2017 · 9198ad6 · grahamc · Nov 26, 2017 · grahamc
1 parent ede0ecd
commit 9198ad6
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 0 deletions.
diff --git a/nixos/release.nix b/nixos/release.nix
@@ -259,6 +259,7 @@ in rec {
   tests.hibernate = callTest tests/hibernate.nix {};
   tests.hound = callTest tests/hound.nix {};
   tests.i3wm = callTest tests/i3wm.nix {};
+  tests.initrd-network-ssh = callTest tests/initrd-network-ssh.nix {};
   tests.installer = callSubTests tests/installer.nix {};
   tests.influxdb = callTest tests/influxdb.nix {};
   tests.ipv6 = callTest tests/ipv6.nix {};

diff --git a/nixos/tests/initrd-network-ssh.nix b/nixos/tests/initrd-network-ssh.nix
@@ -0,0 +1,74 @@
+import ./make-test.nix ({ pkgs, lib, ... }:
+
+let
+  keys = pkgs.runCommand "gen-keys" {
+    outputs = [ "out" "dbPub" "dbPriv" "sshPub" "sshPriv" ];
+    buildInputs = with pkgs; [ dropbear openssh ];
+  }
+  ''
+    touch $out
+    dropbearkey -t rsa -f $dbPriv -s 4096 | sed -n 2p > $dbPub
+    ssh-keygen -q -t rsa -b 4096 -N "" -f client
+    mv client $sshPriv
+    mv client.pub $sshPub
+  '';
+
+in {
+  name = "initrd-network-ssh";
+  meta = with lib.maintainers; {
+    maintainers = [ willibutz ];
+  };
+
+  nodes = with lib; rec {
+    server =
+      { config, pkgs, ... }:
+      {
+        boot.kernelParams = [
+          "ip=${
+            (head config.networking.interfaces.eth1.ip4).address
+          }:::255.255.255.0::eth1:none"
+        ];
+        boot.initrd.network = {
+          enable = true;
+          ssh = {
+            enable = true;
+            authorizedKeys = [ "${readFile keys.sshPub}" ];
+            port = 22;
+            hostRSAKey = keys.dbPriv;
+          };
+        };
+        boot.initrd.preLVMCommands = ''
+          while true; do
+            if [ -f fnord ]; then
+              poweroff
+            fi
+            sleep 1
+          done
+        '';
+      };
+
+    client =
+      { config, pkgs, ... }:
+      {
+        environment.etc.knownHosts = {
+          text = concatStrings [
+            "server,"
+            "${toString (head (splitString " " (
+              toString (elemAt (splitString "\n" config.networking.extraHosts) 2)
+            )))} "
+            "${readFile keys.dbPub}"
+          ];
+        };
+      };
+  };
+
+  testScript = ''
+    startAll;
+    $client->waitForUnit("network.target");
+    $client->copyFileFromHost("${keys.sshPriv}","/etc/sshKey");
+    $client->succeed("chmod 0600 /etc/sshKey");
+    $client->waitUntilSucceeds("ping -c 1 server");
+    $client->succeed("ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'");
+    $client->shutdown;
+  '';
+})