mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-10 08:16:15 +02:00
102 lines
3.2 KiB
Nix
102 lines
3.2 KiB
Nix
{ lib, nixpkgs, system, pkgs, ... }: let
|
|
clientPrivateKey = pkgs.writeText "id_ed25519" ''
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO
|
|
VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ
|
|
AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH
|
|
Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
'';
|
|
|
|
clientPublicKey =
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB";
|
|
|
|
in {
|
|
imports = [
|
|
../testsupport/setup.nix
|
|
../testsupport/gitea-repo.nix
|
|
];
|
|
nodes = {
|
|
gitea = { pkgs, ... }: {
|
|
services.gitea.enable = true;
|
|
services.gitea.settings.service.DISABLE_REGISTRATION = true;
|
|
services.gitea.settings.log.LEVEL = "Info";
|
|
services.gitea.settings.database.LOG_SQL = false;
|
|
services.openssh.enable = true;
|
|
networking.firewall.allowedTCPPorts = [ 3000 ];
|
|
environment.systemPackages = [ pkgs.git pkgs.gitea ];
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [clientPublicKey];
|
|
|
|
# TODO: remove this after updating to nixos-23.11
|
|
nixpkgs.pkgs = lib.mkForce (import nixpkgs {
|
|
inherit system;
|
|
config.permittedInsecurePackages = [
|
|
"gitea-1.19.4"
|
|
];
|
|
});
|
|
};
|
|
client = { pkgs, ... }: {
|
|
environment.systemPackages = [ pkgs.git ];
|
|
};
|
|
};
|
|
defaults = { pkgs, ... }: {
|
|
environment.systemPackages = [ pkgs.jq ];
|
|
};
|
|
|
|
setupScript = ''
|
|
import shlex
|
|
|
|
gitea.wait_for_unit("gitea.service")
|
|
|
|
gitea_admin = "test"
|
|
gitea_admin_password = "test123test"
|
|
|
|
gitea.succeed(f"""
|
|
gitea --version >&2
|
|
su -l gitea -c 'GITEA_WORK_DIR=/var/lib/gitea gitea admin user create \
|
|
--username {gitea_admin} --password {gitea_admin_password} --email test@client'
|
|
""")
|
|
|
|
client.wait_for_unit("multi-user.target")
|
|
gitea.wait_for_open_port(3000)
|
|
|
|
gitea_admin_token = gitea.succeed(f"""
|
|
curl --fail -X POST http://{gitea_admin}:{gitea_admin_password}@gitea:3000/api/v1/users/test/tokens \
|
|
-H 'Accept: application/json' -H 'Content-Type: application/json' \
|
|
-d {shlex.quote( '{"name":"token", "scopes":["all"]}' )} \
|
|
| jq -r '.sha1'
|
|
""").strip()
|
|
|
|
client.succeed(f"""
|
|
echo "http://{gitea_admin}:{gitea_admin_password}@gitea:3000" >~/.git-credentials-admin
|
|
git config --global credential.helper 'store --file ~/.git-credentials-admin'
|
|
git config --global user.email "test@client"
|
|
git config --global user.name "Test User"
|
|
git config --global gc.autodetach 0
|
|
git config --global gc.auto 0
|
|
""")
|
|
|
|
# add client's private key to ~/.ssh
|
|
client.succeed("""
|
|
mkdir -p ~/.ssh
|
|
chmod 700 ~/.ssh
|
|
cat ${clientPrivateKey} >~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
""")
|
|
|
|
client.succeed("""
|
|
echo "Host gitea" >>~/.ssh/config
|
|
echo " StrictHostKeyChecking no" >>~/.ssh/config
|
|
echo " UserKnownHostsFile /dev/null" >>~/.ssh/config
|
|
echo " User root" >>~/.ssh/config
|
|
""")
|
|
|
|
# ensure ssh from client to gitea works
|
|
client.succeed("""
|
|
ssh root@gitea true
|
|
""")
|
|
|
|
'';
|
|
}
|