nixpkgs/nixos/tests/initrd-network-ssh.nix

import ./make-test.nix ({ pkgs, lib, ... }:

let
  keys = pkgs.runCommand "gen-keys" {
    outputs = [ "out" "dbPub" "dbPriv" "sshPub" "sshPriv" ];
    buildInputs = with pkgs; [ dropbear openssh ];
  }
  ''
    touch $out
    dropbearkey -t rsa -f $dbPriv -s 4096 | sed -n 2p > $dbPub
    ssh-keygen -q -t rsa -b 4096 -N "" -f client
    mv client $sshPriv
    mv client.pub $sshPub
  '';

in {
  name = "initrd-network-ssh";
  meta = with lib.maintainers; {
    maintainers = [ willibutz ];
  };

  nodes = with lib; rec {
    server =
      { config, pkgs, ... }:
      {
        boot.kernelParams = [
          "ip=${
            (head config.networking.interfaces.eth1.ip4).address
          }:::255.255.255.0::eth1:none"
        ];
        boot.initrd.network = {
          enable = true;
          ssh = {
            enable = true;
            authorizedKeys = [ "${readFile keys.sshPub}" ];
            port = 22;
            hostRSAKey = keys.dbPriv;
          };
        };
        boot.initrd.preLVMCommands = ''
          while true; do
            if [ -f fnord ]; then
              poweroff
            fi
            sleep 1
          done
        '';
      };

    client =
      { config, pkgs, ... }:
      {
        environment.etc.knownHosts = {
          text = concatStrings [
            "server,"
            "${toString (head (splitString " " (
              toString (elemAt (splitString "\n" config.networking.extraHosts) 2)
            )))} "
            "${readFile keys.dbPub}"
          ];
        };
      };
  };

  testScript = ''
    startAll;
    $client->waitForUnit("network.target");
    $client->copyFileFromHost("${keys.sshPriv}","/etc/sshKey");
    $client->succeed("chmod 0600 /etc/sshKey");
    $client->waitUntilSucceeds("ping -c 1 server");
    $client->succeed("ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'");
    $client->shutdown;
  '';
})
tests: add initrd-network-ssh test starts two VMs: - one with dropbear listening from initrd, waiting for a file - another connecting via ssh, creating the file 2017-09-18 14:52:07 +02:00			`import ./make-test.nix ({ pkgs, lib, ... }:`

			`let`
			`keys = pkgs.runCommand "gen-keys" {`
			`outputs = [ "out" "dbPub" "dbPriv" "sshPub" "sshPriv" ];`
			`buildInputs = with pkgs; [ dropbear openssh ];`
			`}`
			`''`
			`touch $out`
			`dropbearkey -t rsa -f $dbPriv -s 4096 \| sed -n 2p > $dbPub`
			`ssh-keygen -q -t rsa -b 4096 -N "" -f client`
			`mv client $sshPriv`
			`mv client.pub $sshPub`
			`'';`

			`in {`
			`name = "initrd-network-ssh";`
			`meta = with lib.maintainers; {`
			`maintainers = [ willibutz ];`
			`};`

			`nodes = with lib; rec {`
			`server =`
			`{ config, pkgs, ... }:`
			`{`
			`boot.kernelParams = [`
			`"ip=${`
			`(head config.networking.interfaces.eth1.ip4).address`
			`}:::255.255.255.0::eth1:none"`
			`];`
			`boot.initrd.network = {`
			`enable = true;`
			`ssh = {`
			`enable = true;`
			`authorizedKeys = [ "${readFile keys.sshPub}" ];`
			`port = 22;`
			`hostRSAKey = keys.dbPriv;`
			`};`
			`};`
			`boot.initrd.preLVMCommands = ''`
			`while true; do`
			`if [ -f fnord ]; then`
			`poweroff`
			`fi`
			`sleep 1`
			`done`
			`'';`
			`};`

			`client =`
			`{ config, pkgs, ... }:`
			`{`
			`environment.etc.knownHosts = {`
			`text = concatStrings [`
			`"server,"`
			`"${toString (head (splitString " " (`
			`toString (elemAt (splitString "\n" config.networking.extraHosts) 2)`
			`)))} "`
			`"${readFile keys.dbPub}"`
			`];`
			`};`
			`};`
			`};`

			`testScript = ''`
			`startAll;`
			`$client->waitForUnit("network.target");`
			`$client->copyFileFromHost("${keys.sshPriv}","/etc/sshKey");`
			`$client->succeed("chmod 0600 /etc/sshKey");`
			`$client->waitUntilSucceeds("ping -c 1 server");`
			`$client->succeed("ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'");`
			`$client->shutdown;`
			`'';`
			`})`