tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-10 17:54:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
nixpkgs/nixos/tests/syncthing/folders.nix
zorrobert 7a223b2685 nixos/syncthing: add option for ignore patterns 
Syncthing can be configured to ignore certain files and
directories via ignore patterns. This PR adds a new nix option to
set these patterns declaratively.
2025-10-21 12:57:28 +02:00

188 lines
5.5 KiB
Nix
Raw Blame History

{ lib, pkgs, ... }:
let
genNodeId =
name:
pkgs.runCommand "syncthing-test-certs-${name}" { } ''
mkdir -p $out
${pkgs.syncthing}/bin/syncthing generate --home=$out
${pkgs.libxml2}/bin/xmllint --xpath 'string(configuration/device/@id)' $out/config.xml > $out/id
'';
idA = genNodeId "a";
idB = genNodeId "b";
idC = genNodeId "c";
testPassword = "it's a secret";
in
{
name = "syncthing";
meta.maintainers = with pkgs.lib.maintainers; [ zarelit ];
nodes = {
a =
{ config, ... }:
{
environment.etc.bar-encryption-password.text = testPassword;
services.syncthing = {
enable = true;
openDefaultPorts = true;
cert = "${idA}/cert.pem";
key = "${idA}/key.pem";
settings = {
devices.b.id = lib.fileContents "${idB}/id";
devices.c.id = lib.fileContents "${idC}/id";
folders.foo = {
path = "/var/lib/syncthing/foo";
devices = [ "b" ];
};
folders.bar = {
path = "/var/lib/syncthing/bar";
devices = [
{
name = "c";
encryptionPasswordFile = "/etc/${config.environment.etc.bar-encryption-password.target}";
}
];
};
folders.baz = {
path = "/var/lib/syncthing/baz";
devices = [
"b"
"c"
];
ignorePatterns = [ ];
};
};
};
};
b =
{ config, ... }:
{
environment.etc.bar-encryption-password.text = testPassword;
services.syncthing = {
enable = true;
openDefaultPorts = true;
cert = "${idB}/cert.pem";
key = "${idB}/key.pem";
settings = {
devices.a.id = lib.fileContents "${idA}/id";
devices.c.id = lib.fileContents "${idC}/id";
folders.foo = {
path = "/var/lib/syncthing/foo";
devices = [ "a" ];
};
folders.bar = {
path = "/var/lib/syncthing/bar";
devices = [
{
name = "c";
encryptionPasswordFile = "/etc/${config.environment.etc.bar-encryption-password.target}";
}
];
};
folders.baz = {
path = "/var/lib/syncthing/baz";
devices = [
"a"
"c"
];
ignorePatterns = [
"notB"
];
};
};
};
};
c = {
services.syncthing = {
enable = true;
openDefaultPorts = true;
cert = "${idC}/cert.pem";
key = "${idC}/key.pem";
settings = {
devices.a.id = lib.fileContents "${idA}/id";
devices.b.id = lib.fileContents "${idB}/id";
folders.bar = {
path = "/var/lib/syncthing/bar";
devices = [
"a"
"b"
];
type = "receiveencrypted";
};
folders.baz = {
path = "/var/lib/syncthing/baz";
devices = [
"a"
"b"
];
ignorePatterns = [
"notC"
];
};
};
};
};
};
testScript = ''
start_all()
a.wait_for_unit("syncthing.service")
b.wait_for_unit("syncthing.service")
c.wait_for_unit("syncthing.service")
a.wait_for_open_port(22000)
b.wait_for_open_port(22000)
c.wait_for_open_port(22000)
# Test foo
a.wait_for_file("/var/lib/syncthing/foo")
b.wait_for_file("/var/lib/syncthing/foo")
a.succeed("echo a2b > /var/lib/syncthing/foo/a2b")
b.succeed("echo b2a > /var/lib/syncthing/foo/b2a")
a.wait_for_file("/var/lib/syncthing/foo/b2a")
b.wait_for_file("/var/lib/syncthing/foo/a2b")
# Test bar
a.wait_for_file("/var/lib/syncthing/bar")
b.wait_for_file("/var/lib/syncthing/bar")
c.wait_for_file("/var/lib/syncthing/bar")
a.succeed("echo plaincontent > /var/lib/syncthing/bar/plainname")
# B should be able to decrypt, check that content of file matches
b.wait_for_file("/var/lib/syncthing/bar/plainname")
file_contents = b.succeed("cat /var/lib/syncthing/bar/plainname")
assert "plaincontent\n" == file_contents, f"Unexpected file contents: {file_contents=}"
# Bar on C is untrusted, check that content is not in cleartext
c.fail("grep -R plaincontent /var/lib/syncthing/bar")
# Test baz
a.wait_for_file("/var/lib/syncthing/baz")
b.wait_for_file("/var/lib/syncthing/baz")
c.wait_for_file("/var/lib/syncthing/baz")
# A creates the file notB, C should get it, B should ignore it
a.succeed("echo notB > /var/lib/syncthing/baz/notB")
a.succeed("echo controlA > /var/lib/syncthing/baz/controlA")
c.wait_for_file("/var/lib/syncthing/baz/notB")
c.wait_for_file("/var/lib/syncthing/baz/controlA")
b.wait_for_file("/var/lib/syncthing/baz/controlA")
# B creates the file notC, A should get it, C should ignore it
b.succeed("echo notC > /var/lib/syncthing/baz/notC")
b.succeed("echo controlB > /var/lib/syncthing/baz/controlB")
a.wait_for_file("/var/lib/syncthing/baz/notC")
a.wait_for_file("/var/lib/syncthing/baz/controlB")
c.wait_for_file("/var/lib/syncthing/baz/controlB")
# Check that files have been correctly ignored
b.fail("cat /var/lib/syncthing/baz/notB")
c.fail("cat /var/lib/syncthing/baz/notC")
'';
}
Reference in a new issue View git blame Copy permalink