From 9198ad65efbf83677fb69937e29923b6a38a0521 Mon Sep 17 00:00:00 2001
From: WilliButz <wbutz@cyberfnord.de>
Date: Mon, 18 Sep 2017 14:52:07 +0200
Subject: [PATCH] tests: add initrd-network-ssh test

starts two VMs:
- one with dropbear listening from initrd,
  waiting for a file
- another connecting via ssh, creating the file
---
 nixos/release.nix                  |  1 +
 nixos/tests/initrd-network-ssh.nix | 74 ++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)
 create mode 100644 nixos/tests/initrd-network-ssh.nix

diff --git a/nixos/release.nix b/nixos/release.nix
index d7b42c53b99c..a200535f3f4a 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -259,6 +259,7 @@ in rec {
   tests.hibernate = callTest tests/hibernate.nix {};
   tests.hound = callTest tests/hound.nix {};
   tests.i3wm = callTest tests/i3wm.nix {};
+  tests.initrd-network-ssh = callTest tests/initrd-network-ssh.nix {};
   tests.installer = callSubTests tests/installer.nix {};
   tests.influxdb = callTest tests/influxdb.nix {};
   tests.ipv6 = callTest tests/ipv6.nix {};
diff --git a/nixos/tests/initrd-network-ssh.nix b/nixos/tests/initrd-network-ssh.nix
new file mode 100644
index 000000000000..596610493921
--- /dev/null
+++ b/nixos/tests/initrd-network-ssh.nix
@@ -0,0 +1,74 @@
+import ./make-test.nix ({ pkgs, lib, ... }:
+
+let
+  keys = pkgs.runCommand "gen-keys" {
+    outputs = [ "out" "dbPub" "dbPriv" "sshPub" "sshPriv" ];
+    buildInputs = with pkgs; [ dropbear openssh ];
+  }
+  ''
+    touch $out
+    dropbearkey -t rsa -f $dbPriv -s 4096 | sed -n 2p > $dbPub
+    ssh-keygen -q -t rsa -b 4096 -N "" -f client
+    mv client $sshPriv
+    mv client.pub $sshPub
+  '';
+
+in {
+  name = "initrd-network-ssh";
+  meta = with lib.maintainers; {
+    maintainers = [ willibutz ];
+  };
+
+  nodes = with lib; rec {
+    server =
+      { config, pkgs, ... }:
+      {
+        boot.kernelParams = [
+          "ip=${
+            (head config.networking.interfaces.eth1.ip4).address
+          }:::255.255.255.0::eth1:none"
+        ];
+        boot.initrd.network = {
+          enable = true;
+          ssh = {
+            enable = true;
+            authorizedKeys = [ "${readFile keys.sshPub}" ];
+            port = 22;
+            hostRSAKey = keys.dbPriv;
+          };
+        };
+        boot.initrd.preLVMCommands = ''
+          while true; do
+            if [ -f fnord ]; then
+              poweroff
+            fi
+            sleep 1
+          done
+        '';
+      };
+
+    client =
+      { config, pkgs, ... }:
+      {
+        environment.etc.knownHosts = {
+          text = concatStrings [
+            "server,"
+            "${toString (head (splitString " " (
+              toString (elemAt (splitString "\n" config.networking.extraHosts) 2)
+            )))} "
+            "${readFile keys.dbPub}"
+          ];
+        };
+      };
+  };
+
+  testScript = ''
+    startAll;
+    $client->waitForUnit("network.target");
+    $client->copyFileFromHost("${keys.sshPriv}","/etc/sshKey");
+    $client->succeed("chmod 0600 /etc/sshKey");
+    $client->waitUntilSucceeds("ping -c 1 server");
+    $client->succeed("ssh -i /etc/sshKey -o UserKnownHostsFile=/etc/knownHosts server 'touch /fnord'");
+    $client->shutdown;
+  '';
+})