From 6d0e119f13abb19a88598faae31a68066a401688 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sun, 12 Jun 2022 15:12:11 +0200
Subject: [PATCH] add nixos test

---
 default.nix               |  6 +++---
 nix/checks/nixos-test.nix | 25 +++++++++++++++++++++++++
 nix/checks/unittests.nix  | 22 ++++++++++++++++++++++
 3 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 nix/checks/nixos-test.nix
 create mode 100644 nix/checks/unittests.nix

diff --git a/default.nix b/default.nix
index 04cc0b0..686fb65 100644
--- a/default.nix
+++ b/default.nix
@@ -1,9 +1,9 @@
-with import <nixpkgs> {};
-  buildGoModule {
+{ pkgs ? import <nixpkgs> {} }:
+pkgs.buildGoModule {
     name = "systemd-vaultd";
     src = ./.;
     vendorSha256 = null;
-    meta = with lib; {
+    meta = with pkgs.lib; {
       description = "A proxy for secrets between systemd services and vault";
       homepage = "https://github.com/numtide/systemd-vaultd";
       license = licenses.mit;
diff --git a/nix/checks/nixos-test.nix b/nix/checks/nixos-test.nix
new file mode 100644
index 0000000..359c787
--- /dev/null
+++ b/nix/checks/nixos-test.nix
@@ -0,0 +1,25 @@
+{
+  makeTest ? import <nixpkgs/nixos/tests/make-test-python.nix>,
+  pkgs ? (import <nixpkgs> {}),
+}: let
+  makeTest' = args:
+    makeTest args {
+      inherit pkgs;
+      inherit (pkgs) system;
+    };
+in {
+  ssh-keys = makeTest' {
+    name = "unitests";
+    nodes.server = {pkgs, ...}: {
+      # Important to get the systemd service running for root
+      #environment.variables.XDG_RUNTIME_DIR = "/run/user/0";
+    };
+
+    testScript = ''
+      start_all()
+      server.succeed("machinectl shell .host ${pkgs.callPackage ./unittests.nix {}} >&2")
+      # machinectl does not passthru exit codes, so we have to check manually
+      server.succeed("[[ -f /tmp/success ]]")
+    '';
+  };
+}
diff --git a/nix/checks/unittests.nix b/nix/checks/unittests.nix
new file mode 100644
index 0000000..1c0298a
--- /dev/null
+++ b/nix/checks/unittests.nix
@@ -0,0 +1,22 @@
+{
+  writeShellScript,
+  python3,
+  pkgs,
+  lib,
+  coreutils,
+  systemd
+}: let
+  systemd-vaultd = pkgs.callPackage ../../default.nix {};
+in
+  writeShellScript "unittests" ''
+    set -eu -o pipefail
+    export PATH=${lib.makeBinPath [ python3.pkgs.pytest coreutils systemd ]}
+    export SYSTEMD_VAULTD_BIN=${systemd-vaultd}/bin/systemd-vaultd
+    export TMPDIR=$(mktemp -d)
+    trap 'rm -rf $TMPDIR' EXIT
+    cp --no-preserve=mode --preserve=timestamps -r ${../..} "$TMPDIR/source"
+    cd "$TMPDIR/source"
+    pytest -s ./tests
+    # we need this in our nixos tests
+    touch /tmp/success
+  ''