From 993f4cdecc81cd516c5281624345498bb7a8090d Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Sat, 18 Oct 2025 01:33:11 +0900
Subject: [PATCH] nixos/tests/sks: init

---
 nixos/tests/all-tests.nix    |  1 +
 nixos/tests/sks.nix          | 57 ++++++++++++++++++++++++++++++++++++
 pkgs/servers/sks/default.nix |  3 ++
 3 files changed, 61 insertions(+)
 create mode 100644 nixos/tests/sks.nix

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 1f1f5ae5e043..f54418db494c 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1359,6 +1359,7 @@ in
   silverbullet = runTest ./silverbullet.nix;
   simple = runTest ./simple.nix;
   sing-box = runTest ./sing-box.nix;
+  sks = runTest ./sks.nix;
   slimserver = runTest ./slimserver.nix;
   slipshow = runTest ./slipshow.nix;
   slurm = runTest ./slurm.nix;
diff --git a/nixos/tests/sks.nix b/nixos/tests/sks.nix
new file mode 100644
index 000000000000..d56da6e8fe9e
--- /dev/null
+++ b/nixos/tests/sks.nix
@@ -0,0 +1,57 @@
+{ lib, pkgs, ... }:
+let
+  gpgKeyring = (
+    pkgs.runCommand "gpg-keyring" { buildInputs = [ pkgs.gnupg ]; } ''
+      mkdir -p $out
+      export GNUPGHOME=$out
+      cat > foo <<EOF
+        %echo Generating a basic OpenPGP key
+        %no-protection
+        Key-Type: DSA
+        Key-Length: 1024
+        Subkey-Type: ELG-E
+        Subkey-Length: 1024
+        Name-Real: Foo Example
+        Name-Email: foo@example.org
+        Expire-Date: 0
+        # Do a commit here, so that we can later print "done"
+        %commit
+        %echo done
+      EOF
+      gpg --batch --generate-key foo
+      rm $out/S.gpg-agent $out/S.gpg-agent.*
+    ''
+  );
+in
+{
+  name = "sks";
+  meta.maintainers = with lib.maintainers; [ h7x4 ];
+
+  nodes.machine =
+    { pkgs, ... }:
+    {
+      environment.systemPackages = [ pkgs.gnupg ];
+
+      services.sks.enable = true;
+    };
+
+  testScript = ''
+    machine.wait_for_unit("sks-db.service")
+    machine.wait_for_open_port(11371)
+
+    response = machine.succeed("curl -f -s http://127.0.0.1:11371/")
+    assert "<title>SKS OpenPGP Public Key Server</title>" in response, "HTML title not found"
+
+    # Copy the keyring
+    machine.succeed("cp -R ${gpgKeyring} /tmp/GNUPGHOME")
+
+    # Extract our GPG key id
+    keyId = machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --list-keys | grep dsa1024 --after-context=1 | grep -v dsa1024").strip()
+
+    # Send the key to our local keyserver
+    machine.succeed("GNUPGHOME=/tmp/GNUPGHOME gpg --keyserver hkp://127.0.0.1:11371 --send-keys " + keyId)
+
+    # Receive the key from our local keyserver to a separate directory
+    machine.succeed("GNUPGHOME=$(mktemp -d) gpg --keyserver hkp://127.0.0.1:11371 --recv-keys " + keyId)
+  '';
+}
diff --git a/pkgs/servers/sks/default.nix b/pkgs/servers/sks/default.nix
index e93d3e4cd950..7042b1d6c015 100644
--- a/pkgs/servers/sks/default.nix
+++ b/pkgs/servers/sks/default.nix
@@ -6,6 +6,7 @@
   perl,
   zlib,
   db,
+  nixosTests,
 }:
 
 let
@@ -69,6 +70,8 @@ stdenv.mkDerivation rec {
   # Copy the web examples for the NixOS module
   postInstall = "cp -R sampleWeb $webSamples";
 
+  passthru.tests.nixos = nixosTests.sks;
+
   meta = with lib; {
     description = "Easily deployable & decentralized OpenPGP keyserver";
     longDescription = ''