From bc24f2e510e045c70203cff80d34a8a024c38dec Mon Sep 17 00:00:00 2001
From: Ryan Mulligan <ryan@ryantm.com>
Date: Sat, 23 Dec 2023 14:43:03 -0800
Subject: [PATCH] Revert "Revert "contrib: add direct tests for agenix ""

This reverts commit 08dc5068e6b5f8c985dba6490c219ea439f48ac1.
---
 .github/workflows/ci.yaml |  4 ++-
 pkgs/agenix.nix           | 66 +++++++++++++++++++++++++--------------
 2 files changed, 46 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6345634..e48411b 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -9,7 +9,9 @@ jobs:
     - uses: actions/checkout@v3
     - uses: cachix/install-nix-action@v22
       with:
-        extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
+        extra_nix_config: |
+          system-features = nixos-test recursive-nix benchmark big-parallel kvm
+          extra-experimental-features = recursive-nix nix-command flakes
     - run: nix build
     - run: nix build .#doc
     - run: nix fmt . -- --check
diff --git a/pkgs/agenix.nix b/pkgs/agenix.nix
index 7ce6de2..e8f59ae 100644
--- a/pkgs/agenix.nix
+++ b/pkgs/agenix.nix
@@ -9,29 +9,49 @@
   substituteAll,
   ageBin ? "${age}/bin/age",
   shellcheck,
-}:
-stdenv.mkDerivation rec {
-  pname = "agenix";
-  version = "0.15.0";
-  src = substituteAll {
-    inherit ageBin version;
-    jqBin = "${jq}/bin/jq";
-    nixInstantiate = "${nix}/bin/nix-instantiate";
-    mktempBin = "${mktemp}/bin/mktemp";
-    diffBin = "${diffutils}/bin/diff";
-    src = ./agenix.sh;
-  };
-  dontUnpack = true;
+}: let
+  bin = "${placeholder "out"}/bin/agenix";
+in
+  stdenv.mkDerivation rec {
+    pname = "agenix";
+    version = "0.15.0";
+    src = substituteAll {
+      inherit ageBin version;
+      jqBin = "${jq}/bin/jq";
+      nixInstantiate = "${nix}/bin/nix-instantiate";
+      mktempBin = "${mktemp}/bin/mktemp";
+      diffBin = "${diffutils}/bin/diff";
+      src = ./agenix.sh;
+    };
+    dontUnpack = true;
+    doInstallCheck = true;
+    installCheckInputs = [shellcheck];
+    postInstallCheck = ''
+      shellcheck ${bin}
+      ${bin} -h | grep ${version}
 
-  doCheck = true;
-  checkInputs = [shellcheck];
-  postCheck = ''
-    shellcheck $src
-  '';
+      mkdir -p /tmp/home/.ssh
+      cp -r "${../example}" /tmp/home/secrets
+      chmod -R u+rw /tmp/home/secrets
+      export HOME=/tmp/home
+      (
+      umask u=rw,g=r,o=r
+      cp ${../example_keys/user1.pub} $HOME/.ssh/id_ed25519.pub
+      chown $UID $HOME/.ssh/id_ed25519.pub
+      )
+      (
+      umask u=rw,g=,o=
+      cp ${../example_keys/user1} $HOME/.ssh/id_ed25519
+      chown $UID $HOME/.ssh/id_ed25519
+      )
 
-  installPhase = ''
-    install -D $src ${placeholder "out"}/bin/agenix
-  '';
+      cd /tmp/home/secrets
+      test $(${bin} -d secret1.age) = "hello"
+    '';
 
-  meta.description = "age-encrypted secrets for NixOS";
-}
+    installPhase = ''
+      install -D $src ${bin}
+    '';
+
+    meta.description = "age-encrypted secrets for NixOS";
+  }