nixos/tests/gvisor.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / gvisor.nix
at 23.11-pre 1.4 kB view raw
 1# This test runs a container through gvisor and checks if simple container starts
 2
 3import ./make-test-python.nix ({ pkgs, ...} : {
 4  name = "gvisor";
 5  meta = with pkgs.lib.maintainers; {
 6    maintainers = [ andrew-d ];
 7  };
 8
 9  nodes = {
10    gvisor =
11      { pkgs, ... }:
12        {
13          virtualisation.docker = {
14            enable = true;
15            extraOptions = "--add-runtime runsc=${pkgs.gvisor}/bin/runsc";
16          };
17
18          networking = {
19            dhcpcd.enable = false;
20            defaultGateway = "192.168.1.1";
21            interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [
22              { address = "192.168.1.2"; prefixLength = 24; }
23            ];
24          };
25        };
26    };
27
28  testScript = ''
29    start_all()
30
31    gvisor.wait_for_unit("network.target")
32    gvisor.wait_for_unit("sockets.target")
33
34    # Start by verifying that gvisor itself works
35    output = gvisor.succeed(
36        "${pkgs.gvisor}/bin/runsc -alsologtostderr do ${pkgs.coreutils}/bin/echo hello world"
37    )
38    assert output.strip() == "hello world"
39
40    # Also test the Docker runtime
41    gvisor.succeed("tar cv --files-from /dev/null | docker import - scratchimg")
42    gvisor.succeed(
43        "docker run -d --name=sleeping --runtime=runsc -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
44    )
45    gvisor.succeed("docker ps | grep sleeping")
46    gvisor.succeed("docker stop sleeping")
47  '';
48})
49