openssh: test that startWhenNeeded works

NixOS · Dec 29, 2016 · bf65912 · bf65912
1 parent 8ed4c8b
commit bf65912
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix
@@ -35,6 +35,18 @@ in {
         ];
       };
 
+    server_lazy =
+      { config, pkgs, ... }:
+
+      {
+        services.openssh = { enable = true; startWhenNeeded = true; };
+        security.pam.services.sshd.limits =
+          [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ];
+        users.extraUsers.root.openssh.authorizedKeys.keys = [
+          snakeOilPublicKey
+        ];
+      };
+
     client =
       { config, pkgs, ... }: { };
 
@@ -50,6 +62,8 @@ in {
     subtest "manual-authkey", sub {
       $server->succeed("mkdir -m 700 /root/.ssh");
       $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
+      $server_lazy->succeed("mkdir -m 700 /root/.ssh");
+      $server_lazy->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
 
       $client->succeed("mkdir -m 700 /root/.ssh");
       $client->copyFileFromHost("key", "/root/.ssh/id_ed25519");
@@ -58,6 +72,10 @@ in {
       $client->waitForUnit("network.target");
       $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
       $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
+
+      $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server_lazy 'echo hello world' >&2");
+      $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server_lazy 'ulimit -l' | grep 1024");
+
     };
 
     subtest "configured-authkey", sub {
@@ -66,6 +84,11 @@ in {
       $client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
                        " -o StrictHostKeyChecking=no -i privkey.snakeoil" .
                        " server true");
+
+      $client->succeed("ssh -o UserKnownHostsFile=/dev/null" .
+                       " -o StrictHostKeyChecking=no -i privkey.snakeoil" .
+                       " server_lazy true");
+
     };
   '';
 })