Loading nixos/tests/syncthing-folders.nix +57 −6 Original line number Diff line number Diff line Loading @@ -10,6 +10,8 @@ import ../make-test-python.nix ( ''; idA = genNodeId "a"; idB = genNodeId "b"; idC = genNodeId "c"; testPasswordFile = pkgs.writeText "syncthing-test-password" "it's a secret"; in { name = "syncthing"; Loading @@ -23,13 +25,16 @@ import ../make-test-python.nix ( cert = "${idA}/cert.pem"; key = "${idA}/key.pem"; settings = { devices.b = { id = lib.fileContents "${idB}/id"; }; devices.b.id = lib.fileContents "${idB}/id"; devices.c.id = lib.fileContents "${idC}/id"; folders.foo = { path = "/var/lib/syncthing/foo"; devices = [ "b" ]; }; folders.bar = { path = "/var/lib/syncthing/bar"; devices.c.encryptionPassword = "${testPasswordFile}"; }; }; }; }; Loading @@ -40,13 +45,36 @@ import ../make-test-python.nix ( cert = "${idB}/cert.pem"; key = "${idB}/key.pem"; settings = { devices.a = { id = lib.fileContents "${idA}/id"; }; devices.a.id = lib.fileContents "${idA}/id"; devices.c.id = lib.fileContents "${idC}/id"; folders.foo = { path = "/var/lib/syncthing/foo"; devices = [ "a" ]; }; folders.bar = { path = "/var/lib/syncthing/bar"; devices.c.encryptionPassword = "${testPasswordFile}"; }; }; }; }; c = { services.syncthing = { enable = true; openDefaultPorts = true; cert = "${idC}/cert.pem"; key = "${idC}/key.pem"; settings = { devices.a.id = lib.fileContents "${idA}/id"; devices.b.id = lib.fileContents "${idB}/id"; folders.bar = { path = "/var/lib/syncthing/bar"; devices = [ "a" "b" ]; type = "receiveencrypted"; }; }; }; }; Loading @@ -54,16 +82,39 @@ import ../make-test-python.nix ( testScript = '' start_all() a.wait_for_unit("syncthing.service") b.wait_for_unit("syncthing.service") c.wait_for_unit("syncthing.service") a.wait_for_open_port(22000) b.wait_for_open_port(22000) c.wait_for_open_port(22000) # Test foo a.wait_for_file("/var/lib/syncthing/foo") b.wait_for_file("/var/lib/syncthing/foo") a.succeed("echo a2b > /var/lib/syncthing/foo/a2b") b.succeed("echo b2a > /var/lib/syncthing/foo/b2a") a.wait_for_file("/var/lib/syncthing/foo/b2a") b.wait_for_file("/var/lib/syncthing/foo/a2b") # Test bar a.wait_for_file("/var/lib/syncthing/bar") b.wait_for_file("/var/lib/syncthing/bar") c.wait_for_file("/var/lib/syncthing/bar") a.succeed("echo plaincontent > /var/lib/syncthing/bar/plainname") # B should be able to decrypt, check that content of file matches b.wait_for_file("/var/lib/syncthing/bar/plainname") b.succeed("grep plaincontent /var/lib/syncthing/bar/plainname") # Bar on C is untrusted, check that content is not in cleartext c.fail("grep -R plaincontent /var/lib/syncthing/bar") ''; } ) Loading
nixos/tests/syncthing-folders.nix +57 −6 Original line number Diff line number Diff line Loading @@ -10,6 +10,8 @@ import ../make-test-python.nix ( ''; idA = genNodeId "a"; idB = genNodeId "b"; idC = genNodeId "c"; testPasswordFile = pkgs.writeText "syncthing-test-password" "it's a secret"; in { name = "syncthing"; Loading @@ -23,13 +25,16 @@ import ../make-test-python.nix ( cert = "${idA}/cert.pem"; key = "${idA}/key.pem"; settings = { devices.b = { id = lib.fileContents "${idB}/id"; }; devices.b.id = lib.fileContents "${idB}/id"; devices.c.id = lib.fileContents "${idC}/id"; folders.foo = { path = "/var/lib/syncthing/foo"; devices = [ "b" ]; }; folders.bar = { path = "/var/lib/syncthing/bar"; devices.c.encryptionPassword = "${testPasswordFile}"; }; }; }; }; Loading @@ -40,13 +45,36 @@ import ../make-test-python.nix ( cert = "${idB}/cert.pem"; key = "${idB}/key.pem"; settings = { devices.a = { id = lib.fileContents "${idA}/id"; }; devices.a.id = lib.fileContents "${idA}/id"; devices.c.id = lib.fileContents "${idC}/id"; folders.foo = { path = "/var/lib/syncthing/foo"; devices = [ "a" ]; }; folders.bar = { path = "/var/lib/syncthing/bar"; devices.c.encryptionPassword = "${testPasswordFile}"; }; }; }; }; c = { services.syncthing = { enable = true; openDefaultPorts = true; cert = "${idC}/cert.pem"; key = "${idC}/key.pem"; settings = { devices.a.id = lib.fileContents "${idA}/id"; devices.b.id = lib.fileContents "${idB}/id"; folders.bar = { path = "/var/lib/syncthing/bar"; devices = [ "a" "b" ]; type = "receiveencrypted"; }; }; }; }; Loading @@ -54,16 +82,39 @@ import ../make-test-python.nix ( testScript = '' start_all() a.wait_for_unit("syncthing.service") b.wait_for_unit("syncthing.service") c.wait_for_unit("syncthing.service") a.wait_for_open_port(22000) b.wait_for_open_port(22000) c.wait_for_open_port(22000) # Test foo a.wait_for_file("/var/lib/syncthing/foo") b.wait_for_file("/var/lib/syncthing/foo") a.succeed("echo a2b > /var/lib/syncthing/foo/a2b") b.succeed("echo b2a > /var/lib/syncthing/foo/b2a") a.wait_for_file("/var/lib/syncthing/foo/b2a") b.wait_for_file("/var/lib/syncthing/foo/a2b") # Test bar a.wait_for_file("/var/lib/syncthing/bar") b.wait_for_file("/var/lib/syncthing/bar") c.wait_for_file("/var/lib/syncthing/bar") a.succeed("echo plaincontent > /var/lib/syncthing/bar/plainname") # B should be able to decrypt, check that content of file matches b.wait_for_file("/var/lib/syncthing/bar/plainname") b.succeed("grep plaincontent /var/lib/syncthing/bar/plainname") # Bar on C is untrusted, check that content is not in cleartext c.fail("grep -R plaincontent /var/lib/syncthing/bar") ''; } )
