From 62d71897b89f6fd86856f6a32d659f08965836dd Mon Sep 17 00:00:00 2001 From: jolheiser Date: Tue, 13 May 2025 22:11:54 -0500 Subject: [PATCH] testing vm --- .gitignore | 1 + nix/module.nix | 32 ++++--------------------- nix/test.nix | 64 +++++++++++++++++++++++++++++++++++++++++++------- 3 files changed, 61 insertions(+), 36 deletions(-) diff --git a/.gitignore b/.gitignore index 8905796..83d33eb 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ .ssh/ .ugit/ .tsnet/ +*.qcow2 diff --git a/nix/module.nix b/nix/module.nix index 7c39455..1dc7638 100644 --- a/nix/module.nix +++ b/nix/module.nix @@ -12,6 +12,7 @@ let { name, config, ... }: let inherit (lib) mkEnableOption mkOption types; + baseDir = "/var/lib/ugit-${name}"; in { options = { @@ -26,13 +27,13 @@ let homeDir = mkOption { type = types.str; description = "ugit home directory"; - default = "/var/lib/${name}"; + default = baseDir; }; repoDir = mkOption { type = types.str; description = "where ugit stores repositories"; - default = "/var/lib/${name}/repos"; + default = "${baseDir}/repos"; }; authorizedKeys = mkOption { @@ -44,13 +45,13 @@ let authorizedKeysFile = mkOption { type = types.str; description = "path to authorized_keys file ugit uses for auth"; - default = "/var/lib/${name}/authorized_keys"; + default = "${baseDir}/authorized_keys"; }; hostKeyFile = mkOption { type = types.str; description = "path to host key file (will be created if it doesn't exist)"; - default = "/var/lib/${name}/ugit_ed25519"; + default = "${baseDir}/ugit_ed25519"; }; config = mkOption { @@ -223,28 +224,5 @@ in } ) ) { } (builtins.attrNames cfg); - - systemd.tmpfiles.settings = lib.mapAttrs' ( - name: instanceCfg: - lib.nameValuePair "ugit-${name}" ( - builtins.listToAttrs ( - map ( - hook: - let - script = pkgs.writeShellScript hook.name hook.content; - path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}"; - in - { - name = path; - value = { - "L" = { - argument = "${script}"; - }; - }; - } - ) instanceCfg.hooks - ) - ) - ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg); }; } diff --git a/nix/test.nix b/nix/test.nix index 095c906..9836c2d 100644 --- a/nix/test.nix +++ b/nix/test.nix @@ -1,15 +1,31 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: +let + privKey = '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQAAAIgAYtkzAGLZ + MwAAAAtzc2gtZWQyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQ + AAAEDFY3M69VfnFbyE67r3l4lDcf5eht5qgNemE9xtMhRkBkimYu1weEQJ6LWWzqzSQpR6 + GOlEI/3J6X9zlgIhvkOlAAAAAAECAwQF + -----END OPENSSH PRIVATE KEY-----''; + pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEimYu1weEQJ6LWWzqzSQpR6GOlEI/3J6X9zlgIhvkOl"; + sshConfig = '' + Host ugit + HostName localhost + Port 8448 + User ugit + IdentityFile ~/.ssh/vm + IdentitiesOnly yes + ''; +in { imports = [ ./module.nix ]; - - users.users.jolheiser = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - initialPassword = "test"; - }; - - services.ugit = { + environment.systemPackages = with pkgs; [ git ]; + services.getty.autologinUser = "root"; + services.openssh.enable = true; + services.ugit.vm = { enable = true; + authorizedKeys = [ pubKey ]; hooks = [ { name = "pre-receive"; @@ -19,4 +35,34 @@ } ]; }; + systemd.services."setup-vm" = { + wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + git + ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + User = "root"; + Group = "root"; + ExecStart = + let + privSSH = pkgs.writeText "vm-privkey" privKey; + sshConfigFile = pkgs.writeText "vm-sshconfig" sshConfig; + in + pkgs.writeShellScript "setup-vm-script" '' + git config --global user.name "NixUser" + git config --global user.email "nixuser@example.com" + + mkdir ~/.ssh + ln -sf ${sshConfigFile} ~/.ssh/config + cp ${privSSH} ~/.ssh/vm + chmod 600 ~/.ssh/vm + + mkdir ~/repo + cd ~/repo + ''; + }; + }; + }