Loading nixos/modules/services/misc/gitea.nix +1 −1 Original line number Diff line number Diff line Loading @@ -597,7 +597,7 @@ in PrivateMounts = true; # System Call Filtering SystemCallArchitectures = "native"; SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap"; SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; }; environment = { Loading nixos/tests/gitea.nix +24 −1 Original line number Diff line number Diff line Loading @@ -8,6 +8,21 @@ with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; let ## gpg --faked-system-time='20230301T010000!' --quick-generate-key snakeoil ed25519 sign signingPrivateKey = '' -----BEGIN PGP PRIVATE KEY BLOCK----- lFgEY/6jkBYJKwYBBAHaRw8BAQdADXiZRV8RJUyC9g0LH04wLMaJL9WTc+szbMi7 5fw4yP8AAQCl8EwGfzSLm/P6fCBfA3I9znFb3MEHGCCJhJ6VtKYyRw7ktAhzbmFr ZW9pbIiUBBMWCgA8FiEE+wUM6VW/NLtAdSixTWQt6LZ4x50FAmP+o5ACGwMFCQPC ZwAECwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEE1kLei2eMedFTgBAKQs1oGFZrCI TZP42hmBTKxGAI1wg7VSdDEWTZxut/2JAQDGgo2sa4VHMfj0aqYGxrIwfP2B7JHO GCqGCRf9O/hzBA== =9Uy3 -----END PGP PRIVATE KEY BLOCK----- ''; signingPrivateKeyId = "4D642DE8B678C79D"; supportedDbTypes = [ "mysql" "postgres" "sqlite3" ]; makeGiteaTest = type: nameValuePair type (makeTest { name = "${giteaPackage.pname}-${type}"; Loading @@ -21,8 +36,9 @@ let database = { inherit type; }; package = giteaPackage; settings.service.DISABLE_REGISTRATION = true; settings."repository.signing".SIGNING_KEY = signingPrivateKeyId; }; environment.systemPackages = [ giteaPackage pkgs.jq ]; environment.systemPackages = [ giteaPackage pkgs.gnupg pkgs.jq ]; services.openssh.enable = true; }; client1 = { config, pkgs, ... }: { Loading Loading @@ -58,6 +74,13 @@ let server.wait_for_open_port(3000) server.succeed("curl --fail http://localhost:3000/") server.succeed( "su -l gitea -c 'gpg --homedir /var/lib/gitea/data/home/.gnupg " + "--import ${toString (pkgs.writeText "gitea.key" signingPrivateKey)}'" ) assert "BEGIN PGP PUBLIC KEY BLOCK" in server.succeed("curl http://localhost:3000/api/v1/signing-key.gpg") server.succeed( "curl --fail http://localhost:3000/user/sign_up | grep 'Registration is disabled. " + "Please contact your site administrator.'" Loading Loading
nixos/modules/services/misc/gitea.nix +1 −1 Original line number Diff line number Diff line Loading @@ -597,7 +597,7 @@ in PrivateMounts = true; # System Call Filtering SystemCallArchitectures = "native"; SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap"; SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; }; environment = { Loading
nixos/tests/gitea.nix +24 −1 Original line number Diff line number Diff line Loading @@ -8,6 +8,21 @@ with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; let ## gpg --faked-system-time='20230301T010000!' --quick-generate-key snakeoil ed25519 sign signingPrivateKey = '' -----BEGIN PGP PRIVATE KEY BLOCK----- lFgEY/6jkBYJKwYBBAHaRw8BAQdADXiZRV8RJUyC9g0LH04wLMaJL9WTc+szbMi7 5fw4yP8AAQCl8EwGfzSLm/P6fCBfA3I9znFb3MEHGCCJhJ6VtKYyRw7ktAhzbmFr ZW9pbIiUBBMWCgA8FiEE+wUM6VW/NLtAdSixTWQt6LZ4x50FAmP+o5ACGwMFCQPC ZwAECwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEE1kLei2eMedFTgBAKQs1oGFZrCI TZP42hmBTKxGAI1wg7VSdDEWTZxut/2JAQDGgo2sa4VHMfj0aqYGxrIwfP2B7JHO GCqGCRf9O/hzBA== =9Uy3 -----END PGP PRIVATE KEY BLOCK----- ''; signingPrivateKeyId = "4D642DE8B678C79D"; supportedDbTypes = [ "mysql" "postgres" "sqlite3" ]; makeGiteaTest = type: nameValuePair type (makeTest { name = "${giteaPackage.pname}-${type}"; Loading @@ -21,8 +36,9 @@ let database = { inherit type; }; package = giteaPackage; settings.service.DISABLE_REGISTRATION = true; settings."repository.signing".SIGNING_KEY = signingPrivateKeyId; }; environment.systemPackages = [ giteaPackage pkgs.jq ]; environment.systemPackages = [ giteaPackage pkgs.gnupg pkgs.jq ]; services.openssh.enable = true; }; client1 = { config, pkgs, ... }: { Loading Loading @@ -58,6 +74,13 @@ let server.wait_for_open_port(3000) server.succeed("curl --fail http://localhost:3000/") server.succeed( "su -l gitea -c 'gpg --homedir /var/lib/gitea/data/home/.gnupg " + "--import ${toString (pkgs.writeText "gitea.key" signingPrivateKey)}'" ) assert "BEGIN PGP PUBLIC KEY BLOCK" in server.succeed("curl http://localhost:3000/api/v1/signing-key.gpg") server.succeed( "curl --fail http://localhost:3000/user/sign_up | grep 'Registration is disabled. " + "Please contact your site administrator.'" Loading
