nixos/tests/systemd-nspawn-configfile.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / systemd-nspawn-configfile.nix
at 25.11-pre 2.9 kB view raw
  1import ./make-test-python.nix (
  2  { lib, ... }:
  3  let
  4    execOptions = [
  5      "Boot"
  6      "ProcessTwo"
  7      "Parameters"
  8      "Environment"
  9      "User"
 10      "WorkingDirectory"
 11      "PivotRoot"
 12      "Capability"
 13      "DropCapability"
 14      "NoNewPrivileges"
 15      "KillSignal"
 16      "Personality"
 17      "MachineID"
 18      "PrivateUsers"
 19      "NotifyReady"
 20      "SystemCallFilter"
 21      "LimitCPU"
 22      "LimitFSIZE"
 23      "LimitDATA"
 24      "LimitSTACK"
 25      "LimitCORE"
 26      "LimitRSS"
 27      "LimitNOFILE"
 28      "LimitAS"
 29      "LimitNPROC"
 30      "LimitMEMLOCK"
 31      "LimitLOCKS"
 32      "LimitSIGPENDING"
 33      "LimitMSGQUEUE"
 34      "LimitNICE"
 35      "LimitRTPRIO"
 36      "LimitRTTIME"
 37      "OOMScoreAdjust"
 38      "CPUAffinity"
 39      "Hostname"
 40      "ResolvConf"
 41      "Timezone"
 42      "LinkJournal"
 43      "Ephemeral"
 44      "AmbientCapability"
 45    ];
 46
 47    filesOptions = [
 48      "ReadOnly"
 49      "Volatile"
 50      "Bind"
 51      "BindReadOnly"
 52      "TemporaryFileSystem"
 53      "Overlay"
 54      "OverlayReadOnly"
 55      "PrivateUsersChown"
 56      "BindUser"
 57      "Inaccessible"
 58      "PrivateUsersOwnership"
 59    ];
 60
 61    networkOptions = [
 62      "Private"
 63      "VirtualEthernet"
 64      "VirtualEthernetExtra"
 65      "Interface"
 66      "MACVLAN"
 67      "IPVLAN"
 68      "Bridge"
 69      "Zone"
 70      "Port"
 71    ];
 72
 73    optionsToConfig = opts: builtins.listToAttrs (map (n: lib.nameValuePair n "testdata") opts);
 74
 75    grepForOptions = opts: ''
 76      node.succeed(
 77          "for o in ${builtins.concatStringsSep " " opts} ; do grep --quiet $o ${configFile} || exit 1 ; done"
 78        )'';
 79
 80    unitName = "options-test";
 81    configFile = "/etc/systemd/nspawn/${unitName}.nspawn";
 82
 83  in
 84  {
 85    name = "systemd-nspawn-configfile";
 86
 87    nodes = {
 88      node =
 89        { pkgs, ... }:
 90        {
 91          systemd.nspawn."${unitName}" = {
 92            enable = true;
 93
 94            execConfig = optionsToConfig execOptions // {
 95              Boot = true;
 96              ProcessTwo = true;
 97              NotifyReady = true;
 98            };
 99
100            filesConfig = optionsToConfig filesOptions // {
101              ReadOnly = true;
102              Volatile = "state";
103              PrivateUsersChown = true;
104              PrivateUsersOwnership = "auto";
105            };
106
107            networkConfig = optionsToConfig networkOptions // {
108              Private = true;
109              VirtualEthernet = true;
110            };
111          };
112        };
113    };
114
115    testScript = ''
116      start_all()
117
118      node.wait_for_file("${configFile}")
119
120      with subtest("Test for presence of all specified options in config file"):
121        ${grepForOptions execOptions}
122        ${grepForOptions filesOptions}
123        ${grepForOptions networkOptions}
124
125      with subtest("Test for absence of misspelled option 'MachineId' (instead of 'MachineID')"):
126        node.fail("grep --quiet MachineId ${configFile}")
127    '';
128
129    meta.maintainers = [
130      lib.maintainers.zi3m5f
131    ];
132  }
133)