depot/nixos/tests/locate.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

63 lines
1.8 KiB
Nix
Raw Normal View History

import ./make-test-python.nix ({ lib, pkgs, ... }:
let inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey;
in {
name = "locate";
meta.maintainers = with pkgs.lib.maintainers; [ chkno ];
nodes = rec {
a = {
environment.systemPackages = with pkgs; [ sshfs ];
virtualisation.fileSystems = {
"/ssh" = {
device = "alice@b:/";
fsType = "fuse.sshfs";
options = [
"allow_other"
"IdentityFile=/privkey"
"noauto"
"StrictHostKeyChecking=no"
"UserKnownHostsFile=/dev/null"
];
};
};
services.locate = {
enable = true;
interval = "*:*:0/5";
};
};
b = {
services.openssh.enable = true;
users.users.alice = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
};
};
};
testScript = ''
start_all()
# Set up sshfs mount
a.succeed(
"(umask 077; cat ${snakeOilPrivateKey} > /privkey)"
)
b.succeed("touch /file-on-b-machine")
b.wait_for_open_port(22)
a.succeed("mkdir /ssh")
a.succeed("mount /ssh")
# Core locatedb functionality
a.succeed("touch /file-on-a-machine-1")
a.wait_for_file("/var/cache/locatedb")
a.wait_until_succeeds("locate file-on-a-machine-1")
# Wait for a second update to make sure we're using a locatedb from a run
# that began after the sshfs mount
a.succeed("touch /file-on-a-machine-2")
a.wait_until_succeeds("locate file-on-a-machine-2")
# We shouldn't be able to see files on the other machine
a.fail("locate file-on-b-machine")
'';
})