testing vm

2025-05-13 22:11:54 -05:00 · 2025-05-13 22:11:54 -05:00 · 9f3ca2ae1e
parent 070544ef18
commit 9f3ca2ae1e
5 changed files with 104 additions and 49 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 .ssh/
 .ugit/
 .tsnet/
+*.qcow2
--- a/flake.nix
+++ b/flake.nix
@ -54,5 +54,19 @@
        }
      );
      nixosModules.default = import ./nix/module.nix;
+      nixosConfigurations.ugitVM = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./nix/vm.nix
+          {
+            virtualisation.vmVariant.virtualisation = {
+              cores = 2;
+              memorySize = 2048;
+              graphics = false;
+            };
+            system.stateVersion = "23.11";
+          }
+        ];
+      };
    };
 }
--- a/nix/module.nix
+++ b/nix/module.nix
@ -12,6 +12,7 @@ let
    { name, config, ... }:
    let
      inherit (lib) mkEnableOption mkOption types;
+      baseDir = "/var/lib/ugit-${name}";
    in
    {
      options = {
@ -26,13 +27,13 @@ let
        homeDir = mkOption {
          type = types.str;
          description = "ugit home directory";
-          default = "/var/lib/${name}";
+          default = baseDir;
        };

        repoDir = mkOption {
          type = types.str;
          description = "where ugit stores repositories";
-          default = "/var/lib/${name}/repos";
+          default = "${baseDir}/repos";
        };

        authorizedKeys = mkOption {
@ -44,13 +45,13 @@ let
        authorizedKeysFile = mkOption {
          type = types.str;
          description = "path to authorized_keys file ugit uses for auth";
-          default = "/var/lib/${name}/authorized_keys";
+          default = "${baseDir}/authorized_keys";
        };

        hostKeyFile = mkOption {
          type = types.str;
          description = "path to host key file (will be created if it doesn't exist)";
-          default = "/var/lib/${name}/ugit_ed25519";
+          default = "${baseDir}/ugit_ed25519";
        };

        config = mkOption {
@ -223,28 +224,5 @@ in
        }
      )
    ) { } (builtins.attrNames cfg);
-
-    systemd.tmpfiles.settings = lib.mapAttrs' (
-      name: instanceCfg:
-      lib.nameValuePair "ugit-${name}" (
-        builtins.listToAttrs (
-          map (
-            hook:
-            let
-              script = pkgs.writeShellScript hook.name hook.content;
-              path = "${instanceCfg.repoDir}/hooks/pre-receive.d/${hook.name}";
-            in
-            {
-              name = path;
-              value = {
-                "L" = {
-                  argument = "${script}";
-                };
-              };
-            }
-          ) instanceCfg.hooks
-        )
-      )
-    ) (lib.filterAttrs (name: instanceCfg: instanceCfg.enable) cfg);
  };
 }
--- a/nix/test.nix
+++ b/nix/test.nix
@ -1,22 +0,0 @@
-{ config, pkgs, ... }:
-{
-  imports = [ ./module.nix ];
-
-  users.users.jolheiser = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ];
-    initialPassword = "test";
-  };
-
-  services.ugit = {
-    enable = true;
-    hooks = [
-      {
-        name = "pre-receive";
-        content = ''
-          echo "Pre-receive hook executed"
-        '';
-      }
-    ];
-  };
-}
--- a/nix/vm.nix
+++ b/nix/vm.nix
@ -0,0 +1,84 @@
+{ pkgs, ... }:
+let
+  privKey = ''
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQAAAIgAYtkzAGLZ
+    MwAAAAtzc2gtZWQyNTUxOQAAACBIpmLtcHhECei1ls6s0kKUehjpRCP9yel/c5YCIb5DpQ
+    AAAEDFY3M69VfnFbyE67r3l4lDcf5eht5qgNemE9xtMhRkBkimYu1weEQJ6LWWzqzSQpR6
+    GOlEI/3J6X9zlgIhvkOlAAAAAAECAwQF
+    -----END OPENSSH PRIVATE KEY-----
+  '';
+  pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEimYu1weEQJ6LWWzqzSQpR6GOlEI/3J6X9zlgIhvkOl";
+  sshConfig = ''
+    Host ugit
+        HostName localhost
+        Port 8448
+        User ugit
+        IdentityFile ~/.ssh/vm
+        IdentitiesOnly yes
+  '';
+in
+{
+  imports = [ ./module.nix ];
+  environment.systemPackages = with pkgs; [ git ];
+  services.getty.autologinUser = "root";
+  services.openssh.enable = true;
+  services.ugit.vm = {
+    enable = true;
+    authorizedKeys = [ pubKey ];
+    hooks = [
+      {
+        name = "pre-receive";
+        content = ''
+          echo "Pre-receive hook executed"
+        '';
+      }
+    ];
+  };
+  systemd.services."setup-vm" = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "ugit-vm.service" ];
+    path = with pkgs; [
+      git
+    ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      User = "root";
+      Group = "root";
+      ExecStart =
+        let
+          privSSH = pkgs.writeText "vm-privkey" privKey;
+          sshConfigFile = pkgs.writeText "vm-sshconfig" sshConfig;
+        in
+        pkgs.writeShellScript "setup-vm-script" ''
+          # Hack to let ugit start up and generate its SSH keypair
+          sleep 3
+
+          # Set up git
+          git config --global user.name "NixUser"
+          git config --global user.email "nixuser@example.com"
+          git config --global init.defaultBranch main
+          git config --global push.autoSetupRemote true
+
+          # Set up SSH files
+          mkdir ~/.ssh
+          ln -sf ${sshConfigFile} ~/.ssh/config
+          cp ${privSSH} ~/.ssh/vm
+          chmod 600 ~/.ssh/vm
+          echo "[localhost]:8448 $(cat /var/lib/ugit-vm/ugit_ed25519.pub)" > ~/.ssh/known_hosts
+
+          # Stage some git activity
+          mkdir ~/repo
+          cd ~/repo
+          git init
+          git remote add origin ugit:repo.git
+          touch README.md
+          git add README.md
+          git commit -m "Test"
+        '';
+    };
+  };
+
+}