2023-08-10 00:02:33 +00:00
|
|
|
import ./make-test-python.nix (
|
|
|
|
{ lib, ... }:
|
|
|
|
{
|
|
|
|
name = "chrony";
|
|
|
|
|
|
|
|
meta = {
|
|
|
|
maintainers = with lib.maintainers; [ fpletz ];
|
|
|
|
};
|
|
|
|
|
|
|
|
nodes = {
|
2024-09-08 12:15:51 +00:00
|
|
|
machine = {
|
2023-08-10 00:02:33 +00:00
|
|
|
services.chrony.enable = true;
|
2024-09-08 12:15:51 +00:00
|
|
|
|
|
|
|
specialisation.hardened.configuration = {
|
|
|
|
services.chrony.enableMemoryLocking = true;
|
|
|
|
environment.memoryAllocator.provider = "graphene-hardened";
|
2024-12-10 19:26:33 +00:00
|
|
|
};
|
2024-09-08 12:15:51 +00:00
|
|
|
};
|
2023-08-10 00:02:33 +00:00
|
|
|
};
|
|
|
|
|
2024-09-08 12:15:51 +00:00
|
|
|
testScript = ''
|
|
|
|
machine.start()
|
|
|
|
machine.wait_for_unit('multi-user.target')
|
|
|
|
machine.succeed('systemctl is-active chronyd.service')
|
2024-09-08 12:20:24 +00:00
|
|
|
machine.succeed('/run/booted-system/specialisation/hardened/bin/switch-to-configuration test')
|
|
|
|
machine.succeed('systemctl restart chronyd.service')
|
|
|
|
machine.wait_for_unit('chronyd.service')
|
2023-08-10 00:02:33 +00:00
|
|
|
'';
|
|
|
|
}
|
|
|
|
)
|