commit b8b86834b74b0b350be3ff3b2d1cdf5146db9dfa · pyrox.dev/nixpkgs

+26 -6

nixos/lib/testing/nodes.nix

···

       88
       88
        
               default = 2;

     

       89
       89
        
               type = types.ints.between 2 4294967296;

     

       90
       90
        
               description = ''

     

       91
       91
       -
                 This field is only relevant when multiple users run the (interactive) 

     

       91
       91
       +
                 This field is only relevant when multiple users run the (interactive)

     

       92
       92
        
                 driver outside the sandbox and with the SSH backdoor activated.

     

       93
       93
        
                 The typical symptom for this being a problem are error messages like this:

     

       94
       94
        
                 `vhost-vsock: unable to set guest cid: Address already in use`

     
···

       206
       206
        
               nixpkgs.pkgs = config.node.pkgs;

     

       207
       207
        
               imports = [ ../../modules/misc/nixpkgs/read-only.nix ];

     

       208
       208
        
             })

     

       209
       209
       -
             (mkIf config.sshBackdoor.enable {

     

       210
       210
       -
               testing.sshBackdoor = {

     

       211
       211
       -
                 inherit (config.sshBackdoor) enable vsockOffset;

     

       212
       212
       -
               };

     

       213
       213
       -
             })

     

       209
       209
       +
             (mkIf config.sshBackdoor.enable (

     

       210
       210
       +
               let

     

       211
       211
       +
                 inherit (config.sshBackdoor) vsockOffset;

     

       212
       212
       +
               in

     

       213
       213
       +
               { config, ... }:

     

       214
       214
       +
               {

     

       215
       215
       +
                 services.openssh = {

     

       216
       216
       +
                   enable = true;

     

       217
       217
       +
                   settings = {

     

       218
       218
       +
                     PermitRootLogin = "yes";

     

       219
       219
       +
                     PermitEmptyPasswords = "yes";

     

       220
       220
       +
                   };

     

       221
       221
       +
                 };

     

       222
       222
       +
       

     

       223
       223
       +
                 security.pam.services.sshd = {

     

       224
       224
       +
                   allowNullPassword = true;

     

       225
       225
       +
                 };

     

       226
       226
       +
       

     

       227
       227
       +
                 virtualisation.qemu.options = [

     

       228
       228
       +
                   "-device vhost-vsock-pci,guest-cid=${

     

       229
       229
       +
                     toString (config.virtualisation.test.nodeNumber + vsockOffset)

     

       230
       230
       +
                   }"

     

       231
       231
       +
                 ];

     

       232
       232
       +
               }

     

       233
       233
       +
             ))

     

       214
       234
        
           ];

     

       215
       235
        
       

     

       216
       236
        
         };

-39

nixos/modules/testing/test-instrumentation.nix

···

       86
       86
        
             enables commands to be sent to test and debug stage 1. Use

     

       87
       87
        
             machine.switch_root() to leave stage 1 and proceed to stage 2

     

       88
       88
        
           '';

     

       89
       89
       -
       

     

       90
       90
       -
           sshBackdoor = {

     

       91
       91
       -
             enable = mkEnableOption "vsock-based ssh backdoor for the VM";

     

       92
       92
       -
             vsockOffset = mkOption {

     

       93
       93
       -
               default = 2;

     

       94
       94
       -
               type = types.ints.between 2 4294967296;

     

       95
       95
       -
               description = ''

     

       96
       96
       -
                 This field is only relevant when multiple users run the (interactive)

     

       97
       97
       -
                 driver outside the sandbox and with the SSH backdoor activated.

     

       98
       98
       -
                 The typical symptom for this being a problem are error messages like this:

     

       99
       99
       -
                 `vhost-vsock: unable to set guest cid: Address already in use`

     

       100
       100
       -
       

     

       101
       101
       -
                 This option allows to assign an offset to each vsock number to

     

       102
       102
       -
                 resolve this.

     

       103
       103
       -
       

     

       104
       104
       -
                 This is a 32bit number. The lowest possible vsock number is `3`

     

       105
       105
       -
                 (i.e. with the lowest node number being `1`, this is 2+1).

     

       106
       106
       -
               '';

     

       107
       107
       -
             };

     

       108
       108
       -
           };

     

       109
       109
       -
       

     

       110
       89
        
         };

     

       111
       90
        
       

     

       112
       91
        
         config = {

     
···

       119
       98
        
               '';

     

       120
       99
        
             }

     

       121
       100
        
           ];

     

       122
       122
       -
       

     

       123
       123
       -
           services.openssh = mkIf config.testing.sshBackdoor.enable {

     

       124
       124
       -
             enable = true;

     

       125
       125
       -
             settings = {

     

       126
       126
       -
               PermitRootLogin = "yes";

     

       127
       127
       -
               PermitEmptyPasswords = "yes";

     

       128
       128
       -
             };

     

       129
       129
       -
           };

     

       130
       130
       -
       

     

       131
       131
       -
           security.pam.services.sshd = mkIf config.testing.sshBackdoor.enable {

     

       132
       132
       -
             allowNullPassword = true;

     

       133
       133
       -
           };

     

       134
       101
        
       

     

       135
       102
        
           systemd.services.backdoor = lib.mkMerge [

     

       136
       103
        
             backdoorService

     
···

       207
       174
        
               #       we avoid defining attributes if not possible.

     

       208
       175
        
               # TODO: refactor such that test-instrumentation can import qemu-vm

     

       209
       176
        
               package = lib.mkDefault pkgs.qemu_test;

     

       210
       210
       -
       

     

       211
       211
       -
               options = mkIf config.testing.sshBackdoor.enable [

     

       212
       212
       -
                 "-device vhost-vsock-pci,guest-cid=${

     

       213
       213
       -
                   toString (config.virtualisation.test.nodeNumber + config.testing.sshBackdoor.vsockOffset)

     

       214
       214
       -
                 }"

     

       215
       215
       -
               ];

     

       216
       177
        
             };

     

       217
       178
        
           };

     

       218
       179