diff --git a/pkgs/sops-install-secrets/default.nix b/pkgs/sops-install-secrets/default.nix index f78541c..fbe1fbd 100644 --- a/pkgs/sops-install-secrets/default.nix +++ b/pkgs/sops-install-secrets/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoModule, path, pkgs, vendorHash, go }: +{ lib, buildGoModule, stdenv, vendorHash, go, callPackages }: buildGoModule { pname = "sops-install-secrets"; version = "0.0.1"; @@ -10,17 +10,14 @@ buildGoModule { # requires root privileges for tests doCheck = false; - passthru.tests = import ./nixos-test.nix { - makeTest = import (path + "/nixos/tests/make-test-python.nix"); - inherit pkgs; - }; + passthru.tests = callPackages ./nixos-test.nix { }; outputs = [ "out" ] ++ - pkgs.lib.lists.optionals (pkgs.stdenv.isLinux) [ "unittest" ]; + lib.lists.optionals (stdenv.isLinux) [ "unittest" ]; postInstall = '' go test -c ./pkgs/sops-install-secrets - '' + pkgs.lib.optionalString (pkgs.stdenv.isLinux) '' + '' + lib.optionalString (stdenv.isLinux) '' # *.test is only tested on linux. $unittest does not exist on darwin. install -D ./sops-install-secrets.test $unittest/bin/sops-install-secrets.test # newer versions of nixpkgs no longer require this step diff --git a/pkgs/sops-install-secrets/nixos-test.nix b/pkgs/sops-install-secrets/nixos-test.nix index 2236f14..fecd463 100644 --- a/pkgs/sops-install-secrets/nixos-test.nix +++ b/pkgs/sops-install-secrets/nixos-test.nix @@ -1,7 +1,6 @@ -{ makeTest ? import -, pkgs ? (import { }) }: +{ lib, testers }: let - userPasswordTest = name: extraConfig: makeTest { + userPasswordTest = name: extraConfig: testers.runNixOSTest { inherit name; nodes.machine = { config, lib, ... }: { imports = [ @@ -32,17 +31,14 @@ let machine.succeed("cat /run/secrets-for-users/test_key | grep -q 'test_value'") # the user password still exists # BUG in nixos's overlayfs... systemd crashes on switch-to-configuration test - '' + pkgs.lib.optionalString (!(extraConfig ? system.etc.overlay.enable)) '' + '' + lib.optionalString (!(extraConfig ? system.etc.overlay.enable)) '' machine.succeed("/run/current-system/bin/switch-to-configuration test") machine.succeed("cat /run/secrets/nested/test/file | grep -q 'another value'") # the regular secrets still work after a switch machine.succeed("cat /run/secrets-for-users/test_key | grep -q 'test_value'") # the user password is still present after a switch ''; - } { - inherit pkgs; - inherit (pkgs) system; }; in { - ssh-keys = makeTest { + ssh-keys = testers.runNixOSTest { name = "sops-ssh-keys"; nodes.server = { ... }: { imports = [ ../../modules/sops ]; @@ -60,12 +56,9 @@ in { start_all() server.succeed("cat /run/secrets/test_key | grep -q test_value") ''; - } { - inherit pkgs; - inherit (pkgs) system; }; - pruning = makeTest { + pruning = testers.runNixOSTest { name = "sops-pruning"; nodes.machine = { lib, ... }: { imports = [ ../../modules/sops ]; @@ -107,12 +100,9 @@ in { machine.succeed("test -d /run/secrets.d/92") machine.succeed("test -d /run/secrets.d/non-numeric") ''; - } { - inherit pkgs; - inherit (pkgs) system; }; - age-keys = makeTest { + age-keys = testers.runNixOSTest { name = "sops-age-keys"; nodes.machine = { lib, ... }: { imports = [ ../../modules/sops ]; @@ -133,12 +123,9 @@ in { start_all() machine.succeed("cat /run/secrets/test_key | grep -q test_value") ''; - } { - inherit pkgs; - inherit (pkgs) system; }; - age-ssh-keys = makeTest { + age-ssh-keys = testers.runNixOSTest { name = "sops-age-ssh-keys"; nodes.machine = { imports = [ ../../modules/sops ]; @@ -162,12 +149,9 @@ in { start_all() machine.succeed("cat /run/secrets/test_key | grep -q test_value") ''; - } { - inherit pkgs; - inherit (pkgs) system; }; - pgp-keys = makeTest { + pgp-keys = testers.runNixOSTest { name = "sops-pgp-keys"; nodes.server = { pkgs, lib, config, ... }: { imports = [ ../../modules/sops ]; @@ -218,12 +202,9 @@ in { target = server.succeed("readlink -f /run/existing-file") assertEqual("/run/secrets.d/1/existing-file", target.strip()) ''; - } { - inherit pkgs; - inherit (pkgs) system; }; - templates = makeTest { + templates = testers.runNixOSTest { name = "sops-templates"; nodes.machine = { config, lib, ... }: { imports = [ ../../modules/sops ]; @@ -282,12 +263,9 @@ in { if rendered.strip() != expected.strip() or rendered_default.strip() != expected_default.strip(): raise Exception("Template is not rendered correctly") ''; - } { - inherit pkgs; - inherit (pkgs) system; }; - restart-and-reload = makeTest { + restart-and-reload = testers.runNixOSTest { name = "sops-restart-and-reload"; nodes.machine = { pkgs, lib, config, ... }: { imports = [ ../../modules/sops ]; @@ -399,9 +377,6 @@ in { machine.fail("test -f /restarted") # not done in dry mode machine.fail("test -f /reloaded") # not done in dry mode ''; - } { - inherit pkgs; - inherit (pkgs) system; }; user-passwords = userPasswordTest "sops-user-passwords" { @@ -411,8 +386,8 @@ in { chmod -R 700 /run/age-keys.txt ''; }; -} // pkgs.lib.optionalAttrs (pkgs.lib.versionAtLeast (pkgs.lib.versions.majorMinor pkgs.lib.version) "24.05") { - user-passwords-sysusers = userPasswordTest "sops-user-passwords-sysusers" { +} // lib.optionalAttrs (lib.versionAtLeast (lib.versions.majorMinor lib.version) "24.05") { + user-passwords-sysusers = userPasswordTest "sops-user-passwords-sysusers" ({ pkgs, ... }: { systemd.sysusers.enable = true; users.mutableUsers = true; system.etc.overlay.enable = true; @@ -424,5 +399,5 @@ in { printf '${builtins.readFile ./test-assets/age-keys.txt}' > /run/age-keys.txt chmod -R 700 /run/age-keys.txt ''; - }; + }); }