nix/2.home-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

ssh: sockets forwards; remote and dynamic forwards

Browse source 
This commit adds support for forwarding paths rather than just
addresses/ports. It also adds options for specifying remote and
dynamic forwards.
This commit is contained in:
David Wood 2019-08-20 12:20:39 +01:00 committed by Robert Helgesson
parent 3d546e0d01
commit e8dbc35613
No known key found for this signature in database
GPG key ID: 36BDAA14C2797E89
14 changed files with 377 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tests/modules/programs/ssh/default-config.nix
View file

@ -8,9 +8,16 @@ with lib;
enable = true;
};
home.file.assertions.text =
builtins.toJSON
(map (a: a.message)
(filter (a: !a.assertion)
config.assertions));
nmt.script = ''
assertFileExists home-files/.ssh/config
assertFileContent home-files/.ssh/config ${./default-config-expected.conf}
assertFileContent home-files/assertions ${./no-assertions.json}
'';
};
}

13
tests/modules/programs/ssh/default.nix
View file

@ -1,4 +1,17 @@
{
ssh-defaults = ./default-config.nix;
ssh-match-blocks = ./match-blocks-attrs.nix;
ssh-forwards-dynamic-valid-bind-no-asserts =
./forwards-dynamic-valid-bind-no-asserts.nix;
ssh-forwards-dynamic-bind-path-with-port-asserts =
./forwards-dynamic-bind-path-with-port-asserts.nix;
ssh-forwards-local-bind-path-with-port-asserts =
./forwards-local-bind-path-with-port-asserts.nix;
ssh-forwards-local-host-path-with-port-asserts =
./forwards-local-host-path-with-port-asserts.nix;
ssh-forwards-remote-bind-path-with-port-asserts =
./forwards-remote-bind-path-with-port-asserts.nix;
ssh-forwards-remote-host-path-with-port-asserts =
./forwards-remote-host-path-with-port-asserts.nix;
}

32
tests/modules/programs/ssh/forwards-dynamic-bind-path-with-port-asserts.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
programs.ssh = {
enable = true;
matchBlocks = {
dynamicBindPathWithPort = {
dynamicForwards = [
{
# Error:
address = "/run/user/1000/gnupg/S.gpg-agent.extra";
port = 3000;
}
];
};
};
};
home.file.result.text =
builtins.toJSON
(map (a: a.message)
(filter (a: !a.assertion)
config.assertions));
nmt.script = ''
assertFileContent home-files/result ${./forwards-paths-with-ports-error.json}
'';
};
}

19
tests/modules/programs/ssh/forwards-dynamic-valid-bind-no-asserts-expected.conf Normal file
View file

@ -0,0 +1,19 @@
Host dynamicBindAddressWithPort
DynamicForward [127.0.0.1]:3000
Host dynamicBindPathNoPort
DynamicForward /run/user/1000/gnupg/S.gpg-agent.extra
Host *
ForwardAgent no
Compression no
ServerAliveInterval 0
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster no
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist no

45
tests/modules/programs/ssh/forwards-dynamic-valid-bind-no-asserts.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
programs.ssh = {
enable = true;
matchBlocks = {
dynamicBindPathNoPort = {
dynamicForwards = [
{
# OK:
address = "/run/user/1000/gnupg/S.gpg-agent.extra";
}
];
};
dynamicBindAddressWithPort = {
dynamicForwards = [
{
# OK:
address = "127.0.0.1";
port = 3000;
}
];
};
};
};
home.file.result.text =
builtins.toJSON
(map (a: a.message)
(filter (a: !a.assertion)
config.assertions));
nmt.script = ''
assertFileExists home-files/.ssh/config
assertFileContent \
home-files/.ssh/config \
${./forwards-dynamic-valid-bind-no-asserts-expected.conf}
assertFileContent home-files/result ${./no-assertions.json}
'';
};
}

36
tests/modules/programs/ssh/forwards-local-bind-path-with-port-asserts.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
programs.ssh = {
enable = true;
matchBlocks = {
localBindPathWithPort = {
localForwards = [
{
# OK:
host.address = "127.0.0.1";
host.port = 3000;
# Error:
bind.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
bind.port = 3000;
}
];
};
};
};
home.file.result.text =
builtins.toJSON
(map (a: a.message)
(filter (a: !a.assertion)
config.assertions));
nmt.script = ''
assertFileContent home-files/result ${./forwards-paths-with-ports-error.json}
'';
};
}

36
tests/modules/programs/ssh/forwards-local-host-path-with-port-asserts.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
programs.ssh = {
enable = true;
matchBlocks = {
localHostPathWithPort = {
localForwards = [
{
# OK:
bind.address = "127.0.0.1";
bind.port = 3000;
# Error:
host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
host.port = 3000;
}
];
};
};
};
home.file.result.text =
builtins.toJSON
(map (a: a.message)
(filter (a: !a.assertion)
config.assertions));
nmt.script = ''
assertFileContent home-files/result ${./forwards-paths-with-ports-error.json}
'';
};
}

1
tests/modules/programs/ssh/forwards-paths-with-ports-error.json Normal file
View file

@ -0,0 +1 @@
["Forwarded paths cannot have ports."]

36
tests/modules/programs/ssh/forwards-remote-bind-path-with-port-asserts.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
programs.ssh = {
enable = true;
matchBlocks = {
remoteBindPathWithPort = {
remoteForwards = [
{
# OK:
host.address = "127.0.0.1";
host.port = 3000;
# Error:
bind.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
bind.port = 3000;
}
];
};
};
};
home.file.result.text =
builtins.toJSON
(map (a: a.message)
(filter (a: !a.assertion)
config.assertions));
nmt.script = ''
assertFileContent home-files/result ${./forwards-paths-with-ports-error.json}
'';
};
}

36
tests/modules/programs/ssh/forwards-remote-host-path-with-port-asserts.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = {
programs.ssh = {
enable = true;
matchBlocks = {
remoteHostPathWithPort = {
remoteForwards = [
{
# OK:
bind.address = "127.0.0.1";
bind.port = 3000;
# Error:
host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
host.port = 3000;
}
];
};
};
};
home.file.result.text =
builtins.toJSON
(map (a: a.message)
(filter (a: !a.assertion)
config.assertions));
nmt.script = ''
assertFileContent home-files/result ${./forwards-paths-with-ports-error.json}
'';
};
}

3
tests/modules/programs/ssh/match-blocks-attrs-expected.conf
View file

@ -12,6 +12,9 @@ Host xyz
ServerAliveInterval 60
IdentityFile file
LocalForward [localhost]:8080 [10.0.0.1]:80
RemoteForward [localhost]:8081 [10.0.0.2]:80
RemoteForward /run/user/1000/gnupg/S.gpg-agent.extra /run/user/1000/gnupg/S.gpg-agent
DynamicForward [localhost]:2839
Host *
ForwardAgent no

23
tests/modules/programs/ssh/match-blocks-attrs.nix
View file

@ -22,6 +22,22 @@ with lib;
host.port = 80;
}
];
remoteForwards = [
{
bind.port = 8081;
host.address = "10.0.0.2";
host.port = 80;
}
{
bind.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
host.address = "/run/user/1000/gnupg/S.gpg-agent";
}
];
dynamicForwards = [
{
port = 2839;
}
];
};
"* !github.com" = {
@ -31,11 +47,18 @@ with lib;
};
};
home.file.assertions.text =
builtins.toJSON
(map (a: a.message)
(filter (a: !a.assertion)
config.assertions));
nmt.script = ''
assertFileExists home-files/.ssh/config
assertFileContent \
home-files/.ssh/config \
${./match-blocks-attrs-expected.conf}
assertFileContent home-files/assertions ${./no-assertions.json}
'';
};
}

1
tests/modules/programs/ssh/no-assertions.json Normal file
View file

@ -0,0 +1 @@
[]