gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2026-02-27 22:13:12 -08:00
Code Issues Packages Projects Releases Wiki Activity

chore(tests): Make the services in the integration tests only start once they are needed

Browse Source
This commit is contained in:
David Niehues
2025-08-20 16:46:11 +02:00
parent ed4ec9d7dd
commit 3498a6e12c
4 changed files with 59 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/integration/flake.lock generated
View File

@@ -100,16 +100,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1751792365, "lastModified": 1735563628,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

11
tests/integration/rp-key-exchange.nix
View File

@@ -10,7 +10,12 @@ let
in in
{ {
options.services.rosenpassKeyExchange = { options.services.rosenpassKeyExchange = {
enable = lib.mkEnableOption "rosenpass key-exchange"; create = lib.mkEnableOption "rosenpass key-exchange";
enable = lib.mkOption {
type = lib.types.bool;
description = "Should the service be enabled";
default = true;
};
config = lib.mkOption { config = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = "Path to rosenpass configuration"; description = "Path to rosenpass configuration";
@@ -21,10 +26,10 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.create {
systemd.services.rp-exchange = { systemd.services.rp-exchange = {
description = "Rosenpass Key Exchanger"; description = "Rosenpass Key Exchanger";
wantedBy = [ "multi-user.target" ]; wantedBy = [ ] ++ lib.optional cfg.enable "multi-user.target"; # If we set enable to this, then the service will be masked and cannot be enabled. Doing it this way allows us to enable it.
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
script = '' script = ''
${cfg.rosenpassVersion}/bin/rosenpass exchange-config ${cfg.config} ${cfg.rosenpassVersion}/bin/rosenpass exchange-config ${cfg.config}

14
tests/integration/rp-key-sync.nix
View File

@@ -14,7 +14,13 @@ let
{ {
# Each instance of ths service is defined by the following information: # Each instance of ths service is defined by the following information:
options = { options = {
enable = lib.mkEnableOption "RP Keysync for ${name}"; create = lib.mkEnableOption "RP Keysync for ${name}";
enable = lib.mkOption {
type = lib.types.bool;
description = "Should the service be enabled";
default = true;
};
wgInterface = lib.mkOption { wgInterface = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@@ -52,7 +58,7 @@ in
name = "${servicePrefix}${instanceName}"; name = "${servicePrefix}${instanceName}";
value = { value = {
description = "Rosenpass Key Downloader ${instanceName}"; description = "Rosenpass Key Downloader ${instanceName}";
wantedBy = [ "multi-user.target" ]; wantedBy = [ ] ++ lib.optional instanceCfg.enable "multi-user.target"; # If we set enable to this, then the service will be masked and cannot be enabled. Doing it this way allows us to enable it.
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];
# The script downloads the key generated by rosenpass from the key exchange node and sets it as the preshared key for the specified wireguard peer. # The script downloads the key generated by rosenpass from the key exchange node and sets it as the preshared key for the specified wireguard peer.
script = '' script = ''
@@ -68,7 +74,7 @@ in
RestartSec = 10; RestartSec = 10;
}; };
}; };
}) (lib.filterAttrs (_: cfg: cfg.enable) cfg.instances); # this creates one systemd service (as above) per configured instance. }) (lib.filterAttrs (_: cfg: cfg.create) cfg.instances); # this creates one systemd service (as above) per configured instance.
systemd.timers = lib.mapAttrs' (instanceName: instanceCfg: { systemd.timers = lib.mapAttrs' (instanceName: instanceCfg: {
name = "${timerPrefix}${instanceName}"; name = "${timerPrefix}${instanceName}";
@@ -80,6 +86,6 @@ in
Unit = "${servicePrefix}${instanceName}.service"; Unit = "${servicePrefix}${instanceName}.service";
}; };
}; };
}) (lib.filterAttrs (_: cfg: cfg.enable) cfg.instances); # this creates one systemd time (as above) per configured instance. }) (lib.filterAttrs (_: cfg: cfg.create) cfg.instances); # this creates one systemd timer (as above) per configured instance.
}; };
} }

53
tests/integration/rpsc-test.nix
View File

@@ -198,7 +198,8 @@ in
services.rosenpassKeySync.instances = services.rosenpassKeySync.instances =
{ {
AB = { AB = {
enable = true; create = true;
enable = false;
inherit wgInterface; inherit wgInterface;
rpHost = "peerakeyexchanger"; rpHost = "peerakeyexchanger";
peerPubkey = staticConfig.peerB.publicKey; peerPubkey = staticConfig.peerB.publicKey;
@@ -207,7 +208,8 @@ in
} }
// lib.optionalAttrs multiPeer { // lib.optionalAttrs multiPeer {
AC = { AC = {
enable = true; create = true;
enable = false;
inherit wgInterface; inherit wgInterface;
rpHost = "peerakeyexchanger"; rpHost = "peerakeyexchanger";
peerPubkey = staticConfig.peerC.publicKey; peerPubkey = staticConfig.peerC.publicKey;
@@ -243,7 +245,8 @@ in
services.rosenpassKeySync.instances = services.rosenpassKeySync.instances =
{ {
BA = { BA = {
enable = true; create = true;
enable = false;
inherit wgInterface; inherit wgInterface;
rpHost = "peerbkeyexchanger"; rpHost = "peerbkeyexchanger";
peerPubkey = staticConfig.peerA.publicKey; peerPubkey = staticConfig.peerA.publicKey;
@@ -252,7 +255,8 @@ in
} }
// lib.optionalAttrs multiPeer { // lib.optionalAttrs multiPeer {
BC = { BC = {
enable = true; create = true;
enable = false;
inherit wgInterface; inherit wgInterface;
rpHost = "peerbkeyexchanger"; rpHost = "peerbkeyexchanger";
peerPubkey = staticConfig.peerC.publicKey; peerPubkey = staticConfig.peerC.publicKey;
@@ -269,7 +273,8 @@ in
networking.firewall.allowedUDPPorts = [ rpPort ]; networking.firewall.allowedUDPPorts = [ rpPort ];
services.rosenpassKeyExchange = { services.rosenpassKeyExchange = {
enable = true; create = true;
enable = false;
config = staticConfig.peerA.rosenpassConfig; config = staticConfig.peerA.rosenpassConfig;
rosenpassVersion = pkgs.rosenpass-peer-a; rosenpassVersion = pkgs.rosenpass-peer-a;
}; };
@@ -282,7 +287,8 @@ in
users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ];
services.rosenpassKeyExchange = { services.rosenpassKeyExchange = {
enable = true; create = true;
enable = false;
config = staticConfig.peerB.rosenpassConfig; config = staticConfig.peerB.rosenpassConfig;
rosenpassVersion = pkgs.rosenpass-peer-b; rosenpassVersion = pkgs.rosenpass-peer-b;
}; };
@@ -314,14 +320,16 @@ in
# Each instance of the key sync service loads a symmetric key from a rosenpass keyexchanger node and sets it as the preshared key for the appropriate wireguard tunnel. # Each instance of the key sync service loads a symmetric key from a rosenpass keyexchanger node and sets it as the preshared key for the appropriate wireguard tunnel.
services.rosenpassKeySync.instances = { services.rosenpassKeySync.instances = {
CA = { CA = {
enable = true; create = true;
enable = false;
inherit wgInterface; inherit wgInterface;
rpHost = "peerckeyexchanger"; rpHost = "peerckeyexchanger";
peerPubkey = staticConfig.peerA.publicKey; peerPubkey = staticConfig.peerA.publicKey;
remoteKeyPath = keyExchangePathCA; remoteKeyPath = keyExchangePathCA;
}; };
CB = { CB = {
enable = true; create = true;
enable = false;
inherit wgInterface; inherit wgInterface;
rpHost = "peerckeyexchanger"; rpHost = "peerckeyexchanger";
peerPubkey = staticConfig.peerB.publicKey; peerPubkey = staticConfig.peerB.publicKey;
@@ -338,7 +346,8 @@ in
networking.firewall.allowedUDPPorts = [ rpPort ]; networking.firewall.allowedUDPPorts = [ rpPort ];
services.rosenpassKeyExchange = { services.rosenpassKeyExchange = {
enable = true; create = true;
enable = false;
config = staticConfig.peerC.rosenpassConfig; config = staticConfig.peerC.rosenpassConfig;
rosenpassVersion = pkgs.rosenpass-peer-c; rosenpassVersion = pkgs.rosenpass-peer-c;
}; };
@@ -484,12 +493,20 @@ in
) )
''} ''}
# Until now, the services must have failed due to lack of keys # Until now, the services were disbaled and didn't start (using the enable option of the services)
peerakeyexchanger.succeed("systemctl restart rp-exchange.service") peerakeyexchanger.succeed("systemctl start rp-exchange.service")
peerbkeyexchanger.succeed("systemctl restart rp-exchange.service") peerbkeyexchanger.succeed("systemctl start rp-exchange.service")
${lib.optionalString multiPeer '' ${lib.optionalString multiPeer ''
peerckeyexchanger.succeed("systemctl restart rp-exchange.service") peerckeyexchanger.succeed("systemctl start rp-exchange.service")
''}
# Wait for the service to have started.
for m in [peerbkeyexchanger, peerakeyexchanger]:
m.wait_for_unit("rp-exchange.service")
${lib.optionalString multiPeer ''
peerckeyexchanger.wait_for_unit("rp-exchange.service")
''} ''}
@@ -514,11 +531,15 @@ in
peerC.succeed("wg show all preshared-keys 1>&2") peerC.succeed("wg show all preshared-keys 1>&2")
''} ''}
for m in [peerbkeyexchanger, peerakeyexchanger]: # Start key sync services and wait for them to start.
m.wait_for_unit("rp-exchange.service") peerA.succeed("systemctl start rp-key-sync-AB.service")
peerB.succeed("systemctl start rp-key-sync-BA.service")
${lib.optionalString multiPeer '' ${lib.optionalString multiPeer ''
peerckeyexchanger.wait_for_unit("rp-exchange.service") peerA.succeed("systemctl start rp-key-sync-AC.service")
peerB.succeed("systemctl start rp-key-sync-BC.service")
peerC.succeed("systemctl start rp-key-sync-CA.service")
peerC.succeed("systemctl start rp-key-sync-CB.service")
''} ''}
peerA.wait_for_unit("rp-key-sync-AB.service") peerA.wait_for_unit("rp-key-sync-AB.service")