diff --git a/default.nix b/default.nix index 686fb65..913867c 100644 --- a/default.nix +++ b/default.nix @@ -1,13 +1,13 @@ -{ pkgs ? import {} }: +{pkgs ? import {}}: pkgs.buildGoModule { - name = "systemd-vaultd"; - src = ./.; - vendorSha256 = null; - meta = with pkgs.lib; { - description = "A proxy for secrets between systemd services and vault"; - homepage = "https://github.com/numtide/systemd-vaultd"; - license = licenses.mit; - maintainers = with maintainers; [mic92]; - platforms = platforms.unix; - }; - } + name = "systemd-vaultd"; + src = ./.; + vendorSha256 = null; + meta = with pkgs.lib; { + description = "A proxy for secrets between systemd services and vault"; + homepage = "https://github.com/numtide/systemd-vaultd"; + license = licenses.mit; + maintainers = with maintainers; [mic92]; + platforms = platforms.unix; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..cbf96c6 --- /dev/null +++ b/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "flake-parts": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1655570068, + "narHash": "sha256-KUSd2a6KgYTHd2l3Goee/P+DrAC6n1Tau+7V68czSZU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "6dbc77b9c0477f8a9a6a9081077bb38c6a3dbb3a", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1655567057, + "narHash": "sha256-Cc5hQSMsTzOHmZnYm8OSJ5RNUp22bd5NADWLHorULWQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e0a42267f73ea52adc061a64650fddc59906fc99", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..f52f560 --- /dev/null +++ b/flake.nix @@ -0,0 +1,43 @@ +{ + description = "Description for the project"; + + inputs = { + flake-parts.url = "github:hercules-ci/flake-parts"; + flake-parts.inputs.nixpkgs.follows = "nixpkgs"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + outputs = { + self, + flake-parts, + ... + }: + flake-parts.lib.mkFlake {inherit self;} { + systems = ["x86_64-linux" "aarch64-linux"]; + perSystem = { + config, + self', + inputs', + pkgs, + system, + ... + }: { + packages.default = pkgs.callPackage ./default.nix {}; + devShells.default = pkgs.callPackage ./shell.nix {}; + checks = { + treefmt = pkgs.callPackage ./nix/checks/treefmt.nix {}; + inherit + (pkgs.callPackages ./nix/checks/nixos-test.nix { + makeTest = import (pkgs.path + "/nixos/tests/make-test-python.nix"); + }) + unittests + ; + }; + }; + flake = { + # The usual flake attributes can be defined here, including system- + # agnostic ones like nixosModule and system-enumerating ones, although + # those are more easily expressed in perSystem. + }; + }; +} diff --git a/nix/checks/nixos-test.nix b/nix/checks/nixos-test.nix index 359c787..d409908 100644 --- a/nix/checks/nixos-test.nix +++ b/nix/checks/nixos-test.nix @@ -8,7 +8,7 @@ inherit (pkgs) system; }; in { - ssh-keys = makeTest' { + unittests = makeTest' { name = "unitests"; nodes.server = {pkgs, ...}: { # Important to get the systemd service running for root diff --git a/nix/checks/unittests.nix b/nix/checks/unittests.nix index 1c0298a..994fe42 100644 --- a/nix/checks/unittests.nix +++ b/nix/checks/unittests.nix @@ -4,13 +4,13 @@ pkgs, lib, coreutils, - systemd + systemd, }: let systemd-vaultd = pkgs.callPackage ../../default.nix {}; in writeShellScript "unittests" '' set -eu -o pipefail - export PATH=${lib.makeBinPath [ python3.pkgs.pytest coreutils systemd ]} + export PATH=${lib.makeBinPath [python3.pkgs.pytest coreutils systemd]} export SYSTEMD_VAULTD_BIN=${systemd-vaultd}/bin/systemd-vaultd export TMPDIR=$(mktemp -d) trap 'rm -rf $TMPDIR' EXIT diff --git a/tests/test_blocking_secret.py b/tests/test_blocking_secret.py index 84e21ca..d5886b1 100644 --- a/tests/test_blocking_secret.py +++ b/tests/test_blocking_secret.py @@ -2,13 +2,11 @@ import subprocess from pathlib import Path import time -from command import Command, run +from command import Command from random_service import random_service -def test_blocking_secret( - systemd_vaultd: Path, command: Command, tempdir: Path -) -> None: +def test_blocking_secret(systemd_vaultd: Path, command: Command, tempdir: Path) -> None: secrets_dir = tempdir / "secrets" sock = tempdir / "sock" command.run([str(systemd_vaultd), "-secrets", str(secrets_dir), "-sock", str(sock)]) diff --git a/tests/test_socket_activation.py b/tests/test_socket_activation.py index 62b3d35..861b8dc 100644 --- a/tests/test_socket_activation.py +++ b/tests/test_socket_activation.py @@ -7,8 +7,11 @@ from pathlib import Path from command import Command, run from random_service import random_service + def test_socket_activation( - systemd_vaultd: Path, command: Command, tempdir: Path, + systemd_vaultd: Path, + command: Command, + tempdir: Path, ) -> None: secrets_dir = tempdir / "secrets" secrets_dir.mkdir()