nixos/tests/systemd-nspawn-configfile.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / systemd-nspawn-configfile.nix
at 24.11-pre 2.7 kB view raw
  1import ./make-test-python.nix ({ lib, ... }:
  2let
  3  execOptions = [
  4    "Boot"
  5    "ProcessTwo"
  6    "Parameters"
  7    "Environment"
  8    "User"
  9    "WorkingDirectory"
 10    "PivotRoot"
 11    "Capability"
 12    "DropCapability"
 13    "NoNewPrivileges"
 14    "KillSignal"
 15    "Personality"
 16    "MachineID"
 17    "PrivateUsers"
 18    "NotifyReady"
 19    "SystemCallFilter"
 20    "LimitCPU"
 21    "LimitFSIZE"
 22    "LimitDATA"
 23    "LimitSTACK"
 24    "LimitCORE"
 25    "LimitRSS"
 26    "LimitNOFILE"
 27    "LimitAS"
 28    "LimitNPROC"
 29    "LimitMEMLOCK"
 30    "LimitLOCKS"
 31    "LimitSIGPENDING"
 32    "LimitMSGQUEUE"
 33    "LimitNICE"
 34    "LimitRTPRIO"
 35    "LimitRTTIME"
 36    "OOMScoreAdjust"
 37    "CPUAffinity"
 38    "Hostname"
 39    "ResolvConf"
 40    "Timezone"
 41    "LinkJournal"
 42    "Ephemeral"
 43    "AmbientCapability"
 44  ];
 45
 46  filesOptions = [
 47    "ReadOnly"
 48    "Volatile"
 49    "Bind"
 50    "BindReadOnly"
 51    "TemporaryFileSystem"
 52    "Overlay"
 53    "OverlayReadOnly"
 54    "PrivateUsersChown"
 55    "BindUser"
 56    "Inaccessible"
 57    "PrivateUsersOwnership"
 58  ];
 59
 60  networkOptions = [
 61    "Private"
 62    "VirtualEthernet"
 63    "VirtualEthernetExtra"
 64    "Interface"
 65    "MACVLAN"
 66    "IPVLAN"
 67    "Bridge"
 68    "Zone"
 69    "Port"
 70  ];
 71
 72  optionsToConfig = opts: builtins.listToAttrs (map (n: lib.nameValuePair n "testdata") opts);
 73
 74  grepForOptions = opts: ''node.succeed(
 75    "for o in ${builtins.concatStringsSep " " opts} ; do grep --quiet $o ${configFile} || exit 1 ; done"
 76  )'';
 77
 78  unitName = "options-test";
 79  configFile = "/etc/systemd/nspawn/${unitName}.nspawn";
 80
 81in
 82{
 83  name = "systemd-nspawn-configfile";
 84
 85  nodes = {
 86    node = { pkgs, ... }: {
 87      systemd.nspawn."${unitName}" = {
 88        enable = true;
 89
 90        execConfig = optionsToConfig execOptions // {
 91          Boot = true;
 92          ProcessTwo = true;
 93          NotifyReady = true;
 94        };
 95
 96        filesConfig = optionsToConfig filesOptions // {
 97          ReadOnly = true;
 98          Volatile = "state";
 99          PrivateUsersChown = true;
100          PrivateUsersOwnership = "auto";
101        };
102
103        networkConfig = optionsToConfig networkOptions // {
104          Private = true;
105          VirtualEthernet = true;
106        };
107      };
108    };
109  };
110
111  testScript = ''
112    start_all()
113
114    node.wait_for_file("${configFile}")
115
116    with subtest("Test for presence of all specified options in config file"):
117      ${grepForOptions execOptions}
118      ${grepForOptions filesOptions}
119      ${grepForOptions networkOptions}
120
121    with subtest("Test for absence of misspelled option 'MachineId' (instead of 'MachineID')"):
122      node.fail("grep --quiet MachineId ${configFile}")
123  '';
124
125  meta.maintainers = [
126    lib.maintainers.zi3m5f
127  ];
128})