From fda8ac99d579133c9c9b7e792dde658dd23e418c Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 15:39:35 +0300 Subject: [PATCH] nixos/tests/firewall: use specialisations instead of multiple machines --- nixos/tests/firewall.nix | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix index ad418bb3341f..139bc3117740 100644 --- a/nixos/tests/firewall.nix +++ b/nixos/tests/firewall.nix @@ -14,17 +14,10 @@ import ./make-test-python.nix ( { pkgs, nftables, ... } : { networking.nftables.enable = nftables; services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; - }; - # Dummy configuration to check whether firewall.service will be honored - # during system activation. This only needs to be different to the - # original walled configuration so that there is a change in the service - # file. - walled2 = - { ... }: - { networking.firewall.enable = true; - networking.firewall.rejectPackets = true; - networking.nftables.enable = nftables; + specialisation.different-config.configuration = { + networking.firewall.rejectPackets = true; + }; }; attacker = @@ -36,7 +29,6 @@ import ./make-test-python.nix ( { pkgs, nftables, ... } : { }; testScript = { nodes, ... }: let - newSystem = nodes.walled2.system.build.toplevel; unit = if nftables then "nftables" else "firewall"; in '' start_all() @@ -62,7 +54,7 @@ import ./make-test-python.nix ( { pkgs, nftables, ... } : { # Check whether activation of a new configuration reloads the firewall. walled.succeed( - "${newSystem}/bin/switch-to-configuration test 2>&1 | grep -qF ${unit}.service" + "/run/booted-system/specialisation/different-config/bin/switch-to-configuration test 2>&1 | grep -qF ${unit}.service" ) ''; })