First wave of unit tests, and bugfixes caused by them

2021-11-29 22:16:08 +03:00 · 2021-11-29 22:16:08 +03:00 · 245964c998
parent b185724000
commit 245964c998
40 changed files with 2190 additions and 14 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -6,3 +6,9 @@ setuptools
 portalocker
 flask-swagger
 flask-swagger-ui
+pytz
+
+pytest
+coverage
+pytest-mock
+pytest-datadir
--- a/selfprivacy_api/app.py
+++ b/selfprivacy_api/app.py
@ -16,15 +16,18 @@ swagger_blueprint = get_swaggerui_blueprint(
 )


-def create_app():
+def create_app(test_config=None):
    """Initiate Flask app and bind routes"""
    app = Flask(__name__)
    api = Api(app)

+    if test_config is None:
        app.config["AUTH_TOKEN"] = os.environ.get("AUTH_TOKEN")
        if app.config["AUTH_TOKEN"] is None:
            raise ValueError("AUTH_TOKEN is not set")
        app.config["ENABLE_SWAGGER"] = os.environ.get("ENABLE_SWAGGER", "0")
+    else:
+        app.config.update(test_config)

    # Check bearer token
    @app.before_request
--- a/selfprivacy_api/resources/services/mailserver.py
+++ b/selfprivacy_api/resources/services/mailserver.py
@ -2,6 +2,7 @@
 """Mail server management module"""
 import base64
 import subprocess
+import os
 from flask_restful import Resource

 from selfprivacy_api.resources.services import api
@ -25,8 +26,12 @@ class DKIMKey(Resource):
                description: DKIM key encoded in base64
            401:
                description: Unauthorized
+            404:
+                description: DKIM key not found
        """
        domain = get_domain()
+
+        if os.path.exists("/var/dkim/" + domain + ".selector.txt"):
            cat_process = subprocess.Popen(
                ["cat", "/var/dkim/" + domain + ".selector.txt"], stdout=subprocess.PIPE
            )
@ -34,6 +39,7 @@ class DKIMKey(Resource):
            dkim = base64.b64encode(dkim)
            dkim = str(dkim, "utf-8")
            return dkim
+        return "DKIM file not found", 404


 api.add_resource(DKIMKey, "/mailserver/dkim")
--- a/selfprivacy_api/resources/services/ssh.py
+++ b/selfprivacy_api/resources/services/ssh.py
@ -278,6 +278,12 @@ class SSHKeys(Resource):
            if username == data["username"]:
                if "sshKeys" not in data:
                    data["sshKeys"] = []
+                # Return 409 if key already in array
+                for key in data["sshKeys"]:
+                    if key == args["public_key"]:
+                        return {
+                            "error": "Key already exists",
+                        }, 409
                data["sshKeys"].append(args["public_key"])
                return {
                    "message": "New SSH key successfully written",
--- a/selfprivacy_api/utils.py
+++ b/selfprivacy_api/utils.py
@ -2,8 +2,11 @@
 """Various utility functions"""
 import json
 import portalocker
+from flask import current_app


+USERDATA_FILE = "/etc/nixos/userdata/userdata.json"
+
 def get_domain():
    """Get domain from /var/domain without trailing new line"""
    with open("/var/domain", "r", encoding="utf-8") as domain_file:
@ -16,7 +19,7 @@ class WriteUserData(object):

    def __init__(self):
        self.userdata_file = open(
-            "/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
+            USERDATA_FILE, "r+", encoding="utf-8"
        )
        portalocker.lock(self.userdata_file, portalocker.LOCK_EX)
        self.data = json.load(self.userdata_file)
@ -38,7 +41,7 @@ class ReadUserData(object):

    def __init__(self):
        self.userdata_file = open(
-            "/etc/nixos/userdata/userdata.json", "r", encoding="utf-8"
+            USERDATA_FILE, "r", encoding="utf-8"
        )
        portalocker.lock(self.userdata_file, portalocker.LOCK_SH)
        self.data = json.load(self.userdata_file)
--- a/tests/init.py
+++ b/tests/init.py
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -0,0 +1,38 @@
+import pytest
+from flask import testing
+from selfprivacy_api.app import create_app
+
+
+@pytest.fixture
+def app():
+    app = create_app({
+        "AUTH_TOKEN": "TEST_TOKEN",
+        "ENABLE_SWAGGER": "0",
+    })
+
+    yield app
+
+
+@pytest.fixture
+def client(app):
+    return app.test_client()
+
+class AuthorizedClient(testing.FlaskClient):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.token = "TEST_TOKEN"
+
+    def open(self, *args, **kwargs):
+        if "headers" not in kwargs:
+            kwargs["headers"] = {}
+        kwargs["headers"]["Authorization"] = f"Bearer {self.token}"
+        return super().open(*args, **kwargs)
+
+@pytest.fixture
+def authorized_client(app):
+    app.test_client_class = AuthorizedClient
+    return app.test_client()
+
+@pytest.fixture
+def runner(app):
+    return app.test_cli_runner()
--- a/tests/services/test_bitwarden.py
+++ b/tests/services/test_bitwarden.py
@ -0,0 +1,80 @@
+import json
+import pytest
+
+def read_json(file_path):
+    with open(file_path, "r") as f:
+        return json.load(f)
+
+###############################################################################
+
+@pytest.fixture
+def bitwarden_off(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_off.json")
+    assert read_json(datadir / "turned_off.json")["bitwarden"]["enable"] == False
+    return datadir
+
+@pytest.fixture
+def bitwarden_on(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_on.json")
+    assert read_json(datadir / "turned_on.json")["bitwarden"]["enable"] == True
+    return datadir
+
+@pytest.fixture
+def bitwarden_enable_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "enable_undefined.json")
+    assert "enable" not in read_json(datadir / "enable_undefined.json")["bitwarden"]
+    return datadir
+
+@pytest.fixture
+def bitwarden_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "undefined.json")
+    assert "bitwarden" not in read_json(datadir / "undefined.json")
+    return datadir
+
+###############################################################################
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_unauthorized(client, bitwarden_off, endpoint):
+    response = client.post(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 401
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_illegal_methods(authorized_client, bitwarden_off, endpoint):
+    response = authorized_client.get(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.put(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.delete(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 405
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_off(authorized_client, bitwarden_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(bitwarden_off / "turned_off.json") == read_json(bitwarden_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_on(authorized_client, bitwarden_on, endpoint, target_file):
+    response = authorized_client.post(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(bitwarden_on / "turned_on.json") == read_json(bitwarden_on / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_twice(authorized_client, bitwarden_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 200
+    response = authorized_client.post(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(bitwarden_off / "turned_off.json") == read_json(bitwarden_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_attribute_deleted(authorized_client, bitwarden_enable_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(bitwarden_enable_undefined / "enable_undefined.json") == read_json(bitwarden_enable_undefined / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_bitwarden_undefined(authorized_client, bitwarden_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/bitwarden/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(bitwarden_undefined / "undefined.json") == read_json(bitwarden_undefined / target_file)
--- a/tests/services/test_bitwarden/enable_undefined.json
+++ b/tests/services/test_bitwarden/enable_undefined.json
@ -0,0 +1,51 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_bitwarden/turned_off.json
+++ b/tests/services/test_bitwarden/turned_off.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_bitwarden/turned_on.json
+++ b/tests/services/test_bitwarden/turned_on.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": true
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_bitwarden/undefined.json
+++ b/tests/services/test_bitwarden/undefined.json
@ -0,0 +1,49 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_gitea.py
+++ b/tests/services/test_gitea.py
@ -0,0 +1,80 @@
+import json
+import pytest
+
+def read_json(file_path):
+    with open(file_path, "r") as f:
+        return json.load(f)
+
+###############################################################################
+
+@pytest.fixture
+def gitea_off(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_off.json")
+    assert read_json(datadir / "turned_off.json")["gitea"]["enable"] == False
+    return datadir
+
+@pytest.fixture
+def gitea_on(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_on.json")
+    assert read_json(datadir / "turned_on.json")["gitea"]["enable"] == True
+    return datadir
+
+@pytest.fixture
+def gitea_enable_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "enable_undefined.json")
+    assert "enable" not in read_json(datadir / "enable_undefined.json")["gitea"]
+    return datadir
+
+@pytest.fixture
+def gitea_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "undefined.json")
+    assert "gitea" not in read_json(datadir / "undefined.json")
+    return datadir
+
+###############################################################################
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_unauthorized(client, gitea_off, endpoint):
+    response = client.post(f"/services/gitea/{endpoint}")
+    assert response.status_code == 401
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_illegal_methods(authorized_client, gitea_off, endpoint):
+    response = authorized_client.get(f"/services/gitea/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.put(f"/services/gitea/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.delete(f"/services/gitea/{endpoint}")
+    assert response.status_code == 405
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_off(authorized_client, gitea_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/gitea/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(gitea_off / "turned_off.json") == read_json(gitea_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_on(authorized_client, gitea_on, endpoint, target_file):
+    response = authorized_client.post(f"/services/gitea/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(gitea_on / "turned_on.json") == read_json(gitea_on / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_twice(authorized_client, gitea_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/gitea/{endpoint}")
+    assert response.status_code == 200
+    response = authorized_client.post(f"/services/gitea/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(gitea_off / "turned_off.json") == read_json(gitea_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_attribute_deleted(authorized_client, gitea_enable_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/gitea/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(gitea_enable_undefined / "enable_undefined.json") == read_json(gitea_enable_undefined / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_gitea_undefined(authorized_client, gitea_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/gitea/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(gitea_undefined / "undefined.json") == read_json(gitea_undefined / target_file)
--- a/tests/services/test_gitea/enable_undefined.json
+++ b/tests/services/test_gitea/enable_undefined.json
@ -0,0 +1,51 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_gitea/turned_off.json
+++ b/tests/services/test_gitea/turned_off.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_gitea/turned_on.json
+++ b/tests/services/test_gitea/turned_on.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": true
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_gitea/undefined.json
+++ b/tests/services/test_gitea/undefined.json
@ -0,0 +1,49 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_mailserver.py
+++ b/tests/services/test_mailserver.py
@ -0,0 +1,65 @@
+import base64
+import json
+import pytest
+
+def read_json(file_path):
+    with open(file_path, "r", encoding="utf-8") as f:
+        return json.load(f)
+
+###############################################################################
+
+class ProcessMock():
+    """Mock subprocess.Popen"""
+    def __init__(self, args, **kwargs):
+        self.args = args
+        self.kwargs = kwargs
+
+    def communicate():
+        return (b"I am a DKIM key", None)
+
+class NoFileMock(ProcessMock):
+    def communicate():
+        return (b"", None)
+
+
+@pytest.fixture
+def mock_subproccess_popen(mocker):
+    mock = mocker.patch("subprocess.Popen", autospec=True, return_value=ProcessMock)
+    mocker.patch("selfprivacy_api.resources.services.mailserver.get_domain", autospec=True, return_value="example.com")
+    mocker.patch("os.path.exists", autospec=True, return_value=True)
+    return mock    
+
+@pytest.fixture
+def mock_no_file(mocker):
+    mock = mocker.patch("subprocess.Popen", autospec=True, return_value=NoFileMock)
+    mocker.patch("selfprivacy_api.resources.services.mailserver.get_domain", autospec=True, return_value="example.com")
+    mocker.patch("os.path.exists", autospec=True, return_value=False)
+    return mock
+
+###############################################################################
+
+def test_unauthorized(client, mock_subproccess_popen):
+    """Test unauthorized"""
+    response = client.get("/services/mailserver/dkim")
+    assert response.status_code == 401
+
+def test_illegal_methods(authorized_client, mock_subproccess_popen):
+    response = authorized_client.post("/services/mailserver/dkim")
+    assert response.status_code == 405
+    response = authorized_client.put("/services/mailserver/dkim")
+    assert response.status_code == 405
+    response = authorized_client.delete("/services/mailserver/dkim")
+    assert response.status_code == 405
+
+def test_dkim_key(authorized_client, mock_subproccess_popen):
+    """Test DKIM key"""
+    response = authorized_client.get("/services/mailserver/dkim")
+    assert response.status_code == 200
+    assert base64.b64decode(response.data) == b"I am a DKIM key"
+    assert mock_subproccess_popen.call_args[0][0] == ["cat", "/var/dkim/example.com.selector.txt"]
+
+def test_no_dkim_key(authorized_client, mock_no_file):
+    """Test no DKIM key"""
+    response = authorized_client.get("/services/mailserver/dkim")
+    assert response.status_code == 404
+    assert mock_no_file.called == False
--- a/tests/services/test_nextcloud.py
+++ b/tests/services/test_nextcloud.py
@ -0,0 +1,80 @@
+import json
+import pytest
+
+def read_json(file_path):
+    with open(file_path, "r") as f:
+        return json.load(f)
+
+###############################################################################
+
+@pytest.fixture
+def nextcloud_off(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_off.json")
+    assert read_json(datadir / "turned_off.json")["nextcloud"]["enable"] == False
+    return datadir
+
+@pytest.fixture
+def nextcloud_on(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_on.json")
+    assert read_json(datadir / "turned_on.json")["nextcloud"]["enable"] == True
+    return datadir
+
+@pytest.fixture
+def nextcloud_enable_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "enable_undefined.json")
+    assert "enable" not in read_json(datadir / "enable_undefined.json")["nextcloud"]
+    return datadir
+
+@pytest.fixture
+def nextcloud_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "undefined.json")
+    assert "nextcloud" not in read_json(datadir / "undefined.json")
+    return datadir
+
+###############################################################################
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_unauthorized(client, nextcloud_off, endpoint):
+    response = client.post(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 401
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_illegal_methods(authorized_client, nextcloud_off, endpoint):
+    response = authorized_client.get(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.put(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.delete(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 405
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_off(authorized_client, nextcloud_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(nextcloud_off / "turned_off.json") == read_json(nextcloud_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_on(authorized_client, nextcloud_on, endpoint, target_file):
+    response = authorized_client.post(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(nextcloud_on / "turned_on.json") == read_json(nextcloud_on / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_twice(authorized_client, nextcloud_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 200
+    response = authorized_client.post(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(nextcloud_off / "turned_off.json") == read_json(nextcloud_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_attribute_deleted(authorized_client, nextcloud_enable_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(nextcloud_enable_undefined / "enable_undefined.json") == read_json(nextcloud_enable_undefined / target_file)
+
+@pytest.mark.parametrize("endpoint,target", [("enable", True), ("disable", False)])
+def test_on_nextcloud_undefined(authorized_client, nextcloud_undefined, endpoint, target):
+    response = authorized_client.post(f"/services/nextcloud/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(nextcloud_undefined / "undefined.json")["nextcloud"]["enable"] == target
--- a/tests/services/test_nextcloud/enable_undefined.json
+++ b/tests/services/test_nextcloud/enable_undefined.json
@ -0,0 +1,51 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN"
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_nextcloud/turned_off.json
+++ b/tests/services/test_nextcloud/turned_off.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_nextcloud/turned_on.json
+++ b/tests/services/test_nextcloud/turned_on.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_nextcloud/undefined.json
+++ b/tests/services/test_nextcloud/undefined.json
@ -0,0 +1,44 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_ocserv.py
+++ b/tests/services/test_ocserv.py
@ -0,0 +1,80 @@
+import json
+import pytest
+
+def read_json(file_path):
+    with open(file_path, "r") as f:
+        return json.load(f)
+
+###############################################################################
+
+@pytest.fixture
+def ocserv_off(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_off.json")
+    assert read_json(datadir / "turned_off.json")["ocserv"]["enable"] == False
+    return datadir
+
+@pytest.fixture
+def ocserv_on(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_on.json")
+    assert read_json(datadir / "turned_on.json")["ocserv"]["enable"] == True
+    return datadir
+
+@pytest.fixture
+def ocserv_enable_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "enable_undefined.json")
+    assert "enable" not in read_json(datadir / "enable_undefined.json")["ocserv"]
+    return datadir
+
+@pytest.fixture
+def ocserv_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "undefined.json")
+    assert "ocserv" not in read_json(datadir / "undefined.json")
+    return datadir
+
+###############################################################################
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_unauthorized(client, ocserv_off, endpoint):
+    response = client.post(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 401
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_illegal_methods(authorized_client, ocserv_off, endpoint):
+    response = authorized_client.get(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.put(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.delete(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 405
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_off(authorized_client, ocserv_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(ocserv_off / "turned_off.json") == read_json(ocserv_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_on(authorized_client, ocserv_on, endpoint, target_file):
+    response = authorized_client.post(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(ocserv_on / "turned_on.json") == read_json(ocserv_on / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_twice(authorized_client, ocserv_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 200
+    response = authorized_client.post(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(ocserv_off / "turned_off.json") == read_json(ocserv_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_attribute_deleted(authorized_client, ocserv_enable_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(ocserv_enable_undefined / "enable_undefined.json") == read_json(ocserv_enable_undefined / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_ocserv_undefined(authorized_client, ocserv_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/ocserv/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(ocserv_undefined / "undefined.json") == read_json(ocserv_undefined / target_file)
--- a/tests/services/test_ocserv/enable_undefined.json
+++ b/tests/services/test_ocserv/enable_undefined.json
@ -0,0 +1,51 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_ocserv/turned_off.json
+++ b/tests/services/test_ocserv/turned_off.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": false
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_ocserv/turned_on.json
+++ b/tests/services/test_ocserv/turned_on.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_ocserv/undefined.json
+++ b/tests/services/test_ocserv/undefined.json
@ -0,0 +1,49 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_pleroma.py
+++ b/tests/services/test_pleroma.py
@ -0,0 +1,80 @@
+import json
+import pytest
+
+def read_json(file_path):
+    with open(file_path, "r") as f:
+        return json.load(f)
+
+###############################################################################
+
+@pytest.fixture
+def pleroma_off(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_off.json")
+    assert read_json(datadir / "turned_off.json")["pleroma"]["enable"] == False
+    return datadir
+
+@pytest.fixture
+def pleroma_on(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_on.json")
+    assert read_json(datadir / "turned_on.json")["pleroma"]["enable"] == True
+    return datadir
+
+@pytest.fixture
+def pleroma_enable_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "enable_undefined.json")
+    assert "enable" not in read_json(datadir / "enable_undefined.json")["pleroma"]
+    return datadir
+
+@pytest.fixture
+def pleroma_undefined(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "undefined.json")
+    assert "pleroma" not in read_json(datadir / "undefined.json")
+    return datadir
+
+###############################################################################
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_unauthorized(client, pleroma_off, endpoint):
+    response = client.post(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 401
+
+@pytest.mark.parametrize("endpoint", ["enable", "disable"])
+def test_illegal_methods(authorized_client, pleroma_off, endpoint):
+    response = authorized_client.get(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.put(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 405
+    response = authorized_client.delete(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 405
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_off(authorized_client, pleroma_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(pleroma_off / "turned_off.json") == read_json(pleroma_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_from_on(authorized_client, pleroma_on, endpoint, target_file):
+    response = authorized_client.post(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(pleroma_on / "turned_on.json") == read_json(pleroma_on / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_switch_twice(authorized_client, pleroma_off, endpoint, target_file):
+    response = authorized_client.post(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 200
+    response = authorized_client.post(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(pleroma_off / "turned_off.json") == read_json(pleroma_off / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_attribute_deleted(authorized_client, pleroma_enable_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(pleroma_enable_undefined / "enable_undefined.json") == read_json(pleroma_enable_undefined / target_file)
+
+@pytest.mark.parametrize("endpoint,target_file", [("enable", "turned_on.json"), ("disable", "turned_off.json")])
+def test_on_pleroma_undefined(authorized_client, pleroma_undefined, endpoint, target_file):
+    response = authorized_client.post(f"/services/pleroma/{endpoint}")
+    assert response.status_code == 200
+    assert read_json(pleroma_undefined / "undefined.json") == read_json(pleroma_undefined / target_file)
--- a/tests/services/test_pleroma/enable_undefined.json
+++ b/tests/services/test_pleroma/enable_undefined.json
@ -0,0 +1,51 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": false
+    },
+    "pleroma": {
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_pleroma/turned_off.json
+++ b/tests/services/test_pleroma/turned_off.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": false
+    },
+    "pleroma": {
+        "enable": false
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_pleroma/turned_on.json
+++ b/tests/services/test_pleroma/turned_on.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": false
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_pleroma/undefined.json
+++ b/tests/services/test_pleroma/undefined.json
@ -0,0 +1,49 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": false
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": false
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_services.py
+++ b/tests/services/test_services.py
@ -0,0 +1,131 @@
+import base64
+import json
+import pytest
+
+
+def read_json(file_path):
+    with open(file_path, "r", encoding="utf-8") as f:
+        return json.load(f)
+
+def call_args_asserts(mocked_object):
+    assert mocked_object.call_count == 8
+    assert mocked_object.call_args_list[0][0][0] == [
+        "systemctl",
+        "status",
+        "dovecot2.service",
+    ]
+    assert mocked_object.call_args_list[1][0][0] == [
+        "systemctl",
+        "status",
+        "postfix.service",
+    ]
+    assert mocked_object.call_args_list[2][0][0] == [
+        "systemctl",
+        "status",
+        "nginx.service",
+    ]
+    assert mocked_object.call_args_list[3][0][0] == [
+        "systemctl",
+        "status",
+        "bitwarden_rs.service",
+    ]
+    assert mocked_object.call_args_list[4][0][0] == [
+        "systemctl",
+        "status",
+        "gitea.service",
+    ]
+    assert mocked_object.call_args_list[5][0][0] == [
+        "systemctl",
+        "status",
+        "phpfpm-nextcloud.service",
+    ]
+    assert mocked_object.call_args_list[6][0][0] == [
+        "systemctl",
+        "status",
+        "ocserv.service",
+    ]
+    assert mocked_object.call_args_list[7][0][0] == [
+        "systemctl",
+        "status",
+        "pleroma.service",
+    ]
+
+class ProcessMock:
+    """Mock subprocess.Popen"""
+
+    def __init__(self, args, **kwargs):
+        self.args = args
+        self.kwargs = kwargs
+
+    def communicate():
+        return (b"", None)
+
+    returncode = 0
+
+
+class BrokenServiceMock(ProcessMock):
+    returncode = 3
+
+
+@pytest.fixture
+def mock_subproccess_popen(mocker):
+    mock = mocker.patch("subprocess.Popen", autospec=True, return_value=ProcessMock)
+    return mock
+
+
+@pytest.fixture
+def mock_broken_service(mocker):
+    mock = mocker.patch(
+        "subprocess.Popen", autospec=True, return_value=BrokenServiceMock
+    )
+    return mock
+
+
+###############################################################################
+
+
+def test_unauthorized(client, mock_subproccess_popen):
+    """Test unauthorized"""
+    response = client.get("/services/status")
+    assert response.status_code == 401
+
+
+def test_illegal_methods(authorized_client, mock_subproccess_popen):
+    response = authorized_client.post("/services/status")
+    assert response.status_code == 405
+    response = authorized_client.put("/services/status")
+    assert response.status_code == 405
+    response = authorized_client.delete("/services/status")
+    assert response.status_code == 405
+
+
+def test_dkim_key(authorized_client, mock_subproccess_popen):
+    response = authorized_client.get("/services/status")
+    assert response.status_code == 200
+    assert response.get_json() == {
+        "imap": 0,
+        "smtp": 0,
+        "http": 0,
+        "bitwarden": 0,
+        "gitea": 0,
+        "nextcloud": 0,
+        "ocserv": 0,
+        "pleroma": 0,
+    }
+    call_args_asserts(mock_subproccess_popen)
+
+
+def test_no_dkim_key(authorized_client, mock_broken_service):
+    response = authorized_client.get("/services/status")
+    assert response.status_code == 200
+    assert response.get_json() == {
+        "imap": 3,
+        "smtp": 3,
+        "http": 3,
+        "bitwarden": 3,
+        "gitea": 3,
+        "nextcloud": 3,
+        "ocserv": 3,
+        "pleroma": 3,
+    }
+    call_args_asserts(mock_broken_service)
--- a/tests/services/test_ssh.py
+++ b/tests/services/test_ssh.py
@ -0,0 +1,262 @@
+import json
+from os import read
+import pytest
+
+
+def read_json(file_path):
+    with open(file_path, "r") as f:
+        return json.load(f)
+
+
+###############################################################################
+
+
+@pytest.fixture
+def ssh_off(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_off.json")
+    assert read_json(datadir / "turned_off.json")["ssh"]["enable"] == False
+    assert (
+        read_json(datadir / "turned_off.json")["ssh"]["passwordAuthentication"] == True
+    )
+    return datadir
+
+
+@pytest.fixture
+def ssh_on(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "turned_on.json")
+    assert (
+        read_json(datadir / "turned_off.json")["ssh"]["passwordAuthentication"] == True
+    )
+    assert read_json(datadir / "turned_on.json")["ssh"]["enable"] == True
+    return datadir
+
+
+@pytest.fixture
+def all_off(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "all_off.json")
+    assert read_json(datadir / "all_off.json")["ssh"]["passwordAuthentication"] == False
+    assert read_json(datadir / "all_off.json")["ssh"]["enable"] == False
+    return datadir
+
+
+@pytest.fixture
+def undefined_settings(mocker, datadir):
+    mocker.patch("selfprivacy_api.utils.USERDATA_FILE", new=datadir / "undefined.json")
+    assert "ssh" not in read_json(datadir / "undefined.json")
+    return datadir
+
+
+@pytest.fixture
+def root_and_admin_have_keys(mocker, datadir):
+    mocker.patch(
+        "selfprivacy_api.utils.USERDATA_FILE",
+        new=datadir / "root_and_admin_have_keys.json",
+    )
+    assert read_json(datadir / "root_and_admin_have_keys.json")["ssh"]["enable"] == True
+    assert (
+        read_json(datadir / "root_and_admin_have_keys.json")["ssh"][
+            "passwordAuthentication"
+        ]
+        == True
+    )
+    assert read_json(datadir / "root_and_admin_have_keys.json")["ssh"]["rootKeys"] == [
+        "ssh-ed25519 KEY test@pc"
+    ]
+    assert read_json(datadir / "root_and_admin_have_keys.json")["sshKeys"] == [
+        "ssh-rsa KEY test@pc"
+    ]
+    return datadir
+
+
+###############################################################################
+
+
+@pytest.mark.parametrize(
+    "endpoint", ["ssh", "ssh/enable", "ssh/key/send", "ssh/keys/user"]
+)
+def test_unauthorized(client, ssh_off, endpoint):
+    response = client.post(f"/services/{endpoint}")
+    assert response.status_code == 401
+
+
+def test_legacy_enable(authorized_client, ssh_off):
+    response = authorized_client.post(f"/services/ssh/enable")
+    assert response.status_code == 200
+    assert read_json(ssh_off / "turned_off.json") == read_json(
+        ssh_off / "turned_on.json"
+    )
+
+
+def test_legacy_enable_when_enabled(authorized_client, ssh_on):
+    response = authorized_client.post(f"/services/ssh/enable")
+    assert response.status_code == 200
+    assert read_json(ssh_on / "turned_on.json") == read_json(ssh_on / "turned_on.json")
+
+
+def test_get_current_settings_ssh_off(authorized_client, ssh_off):
+    response = authorized_client.get("/services/ssh")
+    assert response.status_code == 200
+    assert response.json == {"enable": False, "passwordAuthentication": True}
+
+
+def test_get_current_settings_ssh_on(authorized_client, ssh_on):
+    response = authorized_client.get("/services/ssh")
+    assert response.status_code == 200
+    assert response.json == {"enable": True, "passwordAuthentication": True}
+
+
+def test_get_current_settings_all_off(authorized_client, all_off):
+    response = authorized_client.get("/services/ssh")
+    assert response.status_code == 200
+    assert response.json == {"enable": False, "passwordAuthentication": False}
+
+
+def test_get_current_settings_undefined(authorized_client, undefined_settings):
+    response = authorized_client.get("/services/ssh")
+    assert response.status_code == 200
+    assert response.json == {"enable": True, "passwordAuthentication": True}
+
+
+available_settings = [
+    {"enable": True, "passwordAuthentication": True},
+    {"enable": True, "passwordAuthentication": False},
+    {"enable": False, "passwordAuthentication": True},
+    {"enable": False, "passwordAuthentication": False},
+    {"enable": True},
+    {"enable": False},
+    {"passwordAuthentication": True},
+    {"passwordAuthentication": False},
+]
+
+
+@pytest.mark.parametrize("settings", available_settings)
+def test_set_settings_ssh_off(authorized_client, ssh_off, settings):
+    response = authorized_client.put(f"/services/ssh", json=settings)
+    assert response.status_code == 200
+    data = read_json(ssh_off / "turned_off.json")["ssh"]
+    if "enable" in settings:
+        assert data["enable"] == settings["enable"]
+    if "passwordAuthentication" in settings:
+        assert data["passwordAuthentication"] == settings["passwordAuthentication"]
+
+
+@pytest.mark.parametrize("settings", available_settings)
+def test_set_settings_ssh_on(authorized_client, ssh_on, settings):
+    response = authorized_client.put(f"/services/ssh", json=settings)
+    assert response.status_code == 200
+    data = read_json(ssh_on / "turned_on.json")["ssh"]
+    if "enable" in settings:
+        assert data["enable"] == settings["enable"]
+    if "passwordAuthentication" in settings:
+        assert data["passwordAuthentication"] == settings["passwordAuthentication"]
+
+
+@pytest.mark.parametrize("settings", available_settings)
+def test_set_settings_all_off(authorized_client, all_off, settings):
+    response = authorized_client.put(f"/services/ssh", json=settings)
+    assert response.status_code == 200
+    data = read_json(all_off / "all_off.json")["ssh"]
+    if "enable" in settings:
+        assert data["enable"] == settings["enable"]
+    if "passwordAuthentication" in settings:
+        assert data["passwordAuthentication"] == settings["passwordAuthentication"]
+
+
+@pytest.mark.parametrize("settings", available_settings)
+def test_set_settings_undefined(authorized_client, undefined_settings, settings):
+    response = authorized_client.put(f"/services/ssh", json=settings)
+    assert response.status_code == 200
+    data = read_json(undefined_settings / "undefined.json")["ssh"]
+    if "enable" in settings:
+        assert data["enable"] == settings["enable"]
+    if "passwordAuthentication" in settings:
+        assert data["passwordAuthentication"] == settings["passwordAuthentication"]
+
+def test_add_root_key(authorized_client, ssh_on):
+    response = authorized_client.put(f"/services/ssh/key/send", json={"public_key": "ssh-rsa KEY test@pc"})
+    assert response.status_code == 201
+    assert read_json(ssh_on / "turned_on.json")["ssh"]["rootKeys"] == [
+        "ssh-rsa KEY test@pc",
+    ]
+
+def test_add_root_key_one_more(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.put(f"/services/ssh/key/send", json={"public_key": "ssh-rsa KEY test@pc"})
+    assert response.status_code == 201
+    assert read_json(root_and_admin_have_keys / "root_and_admin_have_keys.json")["ssh"]["rootKeys"] == [
+        "ssh-ed25519 KEY test@pc",
+        "ssh-rsa KEY test@pc",
+    ]
+
+def test_add_existing_root_key(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.put(f"/services/ssh/key/send", json={"public_key": "ssh-ed25519 KEY test@pc"})
+    assert response.status_code == 409
+    assert read_json(root_and_admin_have_keys / "root_and_admin_have_keys.json")["ssh"]["rootKeys"] == [
+        "ssh-ed25519 KEY test@pc",
+    ]
+
+def test_add_invalid_root_key(authorized_client, ssh_on):
+    response = authorized_client.put(f"/services/ssh/key/send", json={"public_key": "INVALID KEY test@pc"})
+    assert response.status_code == 400
+
+def test_add_root_key_via_wrong_endpoint(authorized_client, ssh_on):
+    response = authorized_client.post(f"/services/ssh/keys/root", json={"public_key": "ssh-rsa KEY test@pc"})
+    assert response.status_code == 400
+
+def test_get_root_key(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.get(f"/services/ssh/keys/root")
+    assert response.status_code == 200
+    assert response.json == ["ssh-ed25519 KEY test@pc"]
+
+def test_get_root_key_when_none(authorized_client, ssh_on):
+    response = authorized_client.get(f"/services/ssh/keys/root")
+    assert response.status_code == 200
+    assert response.json == []
+
+def test_delete_root_key(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.delete(f"/services/ssh/keys/root", json={"public_key": "ssh-ed25519 KEY test@pc"})
+    assert response.status_code == 200
+    assert read_json(root_and_admin_have_keys / "root_and_admin_have_keys.json")["ssh"]["rootKeys"] == []
+
+def test_delete_root_nonexistent_key(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.delete(f"/services/ssh/keys/root", json={"public_key": "ssh-rsa KEY test@pc"})
+    assert response.status_code == 404
+    assert read_json(root_and_admin_have_keys / "root_and_admin_have_keys.json")["ssh"]["rootKeys"] == [
+        "ssh-ed25519 KEY test@pc",
+    ]
+
+def test_get_admin_key(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.get(f"/services/ssh/keys/tester")
+    assert response.status_code == 200
+    assert response.json == ["ssh-rsa KEY test@pc"]
+
+def test_get_admin_key_when_none(authorized_client, ssh_on):
+    response = authorized_client.get(f"/services/ssh/keys/tester")
+    assert response.status_code == 200
+    assert response.json == []
+
+def test_delete_admin_key(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.delete(f"/services/ssh/keys/tester", json={"public_key": "ssh-rsa KEY test@pc"})
+    assert response.status_code == 200
+    assert read_json(root_and_admin_have_keys / "root_and_admin_have_keys.json")["sshKeys"] == []
+
+def test_add_admin_key(authorized_client, ssh_on):
+    response = authorized_client.post(f"/services/ssh/keys/tester", json={"public_key": "ssh-rsa KEY test@pc"})
+    assert response.status_code == 201
+    assert read_json(ssh_on / "turned_on.json")["sshKeys"] == [
+        "ssh-rsa KEY test@pc",
+    ]
+
+def test_add_admin_key_one_more(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.post(f"/services/ssh/keys/tester", json={"public_key": "ssh-rsa KEY_2 test@pc"})
+    assert response.status_code == 201
+    assert read_json(root_and_admin_have_keys / "root_and_admin_have_keys.json")["sshKeys"] == [
+        "ssh-rsa KEY test@pc",
+        "ssh-rsa KEY_2 test@pc"
+    ]
+
+def test_add_existing_admin_key(authorized_client, root_and_admin_have_keys):
+    response = authorized_client.post(f"/services/ssh/keys/tester", json={"public_key": "ssh-rsa KEY test@pc"})
+    assert response.status_code == 409
+    assert read_json(root_and_admin_have_keys / "root_and_admin_have_keys.json")["sshKeys"] == [
+        "ssh-rsa KEY test@pc",
+    ]
--- a/tests/services/test_ssh/all_off.json
+++ b/tests/services/test_ssh/all_off.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": false,
+        "passwordAuthentication": false,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_ssh/root_and_admin_have_keys.json
+++ b/tests/services/test_ssh/root_and_admin_have_keys.json
@ -0,0 +1,52 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true,
+        "rootKeys": [
+            "ssh-ed25519 KEY test@pc"
+        ]
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}
--- a/tests/services/test_ssh/turned_off.json
+++ b/tests/services/test_ssh/turned_off.json
@ -0,0 +1,46 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": false,
+        "passwordAuthentication": true
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow"
+}
--- a/tests/services/test_ssh/turned_on.json
+++ b/tests/services/test_ssh/turned_on.json
@ -0,0 +1,46 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "ssh": {
+        "enable": true,
+        "passwordAuthentication": true
+    },
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow"
+}
--- a/tests/services/test_ssh/undefined.json
+++ b/tests/services/test_ssh/undefined.json
@ -0,0 +1,45 @@
+{
+    "backblaze": {
+        "accountId": "ID",
+        "accountKey": "KEY",
+        "bucket": "selfprivacy"
+    },
+    "api": {
+        "token": "TEST_TOKEN",
+        "enableSwagger": false
+    },
+    "bitwarden": {
+        "enable": false
+    },
+    "cloudflare": {
+        "apiKey": "TOKEN"
+    },
+    "databasePassword": "PASSWORD",
+    "domain": "test.tld",
+    "hashedMasterPassword": "HASHED_PASSWORD",
+    "hostname": "test-instance",
+    "nextcloud": {
+        "adminPassword": "ADMIN",
+        "databasePassword": "ADMIN",
+        "enable": true
+    },
+    "resticPassword": "PASS",
+    "username": "tester",
+    "gitea": {
+        "enable": false
+    },
+    "ocserv": {
+        "enable": true
+    },
+    "pleroma": {
+        "enable": true
+    },
+    "autoUpgrade": {
+        "enable": true,
+        "allowReboot": true
+    },
+    "timezone": "Europe/Moscow",
+    "sshKeys": [
+        "ssh-rsa KEY test@pc"
+    ]
+}