{ system ? builtins.currentSystem, config ? { }, pkgs ? import ../.. { inherit system config; }, systemdStage1 ? false, }: with import ../lib/testing-python.nix { inherit system pkgs; }; with pkgs.lib; let # The configuration to install. makeConfig = { bootLoader, grubDevice, grubIdentifier, grubUseEfi, extraConfig, forceGrubReinstallCount ? 0, withTestInstrumentation ? true, clevisTest, }: pkgs.writeText "configuration.nix" '' { config, lib, pkgs, modulesPath, ... }: { imports = [ ./hardware-configuration.nix ${ if !withTestInstrumentation then "" # Still included, but via installer/flake.nix else "" } ]; networking.hostName = "thatworked"; documentation.enable = false; # To ensure that we can rebuild the grub configuration on the nixos-rebuild system.extraDependencies = with pkgs; [ stdenvNoCC ]; ${optionalString systemdStage1 "boot.initrd.systemd.enable = true;"} ${optionalString (bootLoader == "grub") '' boot.loader.grub.extraConfig = "serial; terminal_output serial"; ${ if grubUseEfi then '' boot.loader.grub.device = "nodev"; boot.loader.grub.efiSupport = true; boot.loader.grub.efiInstallAsRemovable = true; # XXX: needed for OVMF? '' else '' boot.loader.grub.device = "${grubDevice}"; boot.loader.grub.fsIdentifier = "${grubIdentifier}"; '' } boot.loader.grub.configurationLimit = 100 + ${toString forceGrubReinstallCount}; ''} ${optionalString (bootLoader == "systemd-boot") '' boot.loader.systemd-boot.enable = true; ''} boot.initrd.secrets."/etc/secret" = "/etc/nixos/secret"; ${optionalString clevisTest '' boot.kernelParams = [ "console=tty0" "ip=192.168.1.1:::255.255.255.0::eth1:none" ]; boot.initrd = { availableKernelModules = [ "tpm_tis" ]; clevis = { enable = true; useTang = true; }; network.enable = true; }; ''} users.users.alice = { isNormalUser = true; home = "/home/alice"; description = "Alice Foobar"; }; hardware.enableAllFirmware = lib.mkForce false; ${replaceStrings [ "\n" ] [ "\n " ] extraConfig} } ''; # The test script boots a NixOS VM, installs NixOS on an empty hard # disk, and then reboot from the hard disk. It's parameterized with # a test script fragment `createPartitions', which must create # partitions and filesystems. testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi, grubIdentifier, postInstallCommands, postBootCommands, extraConfig, testSpecialisationConfig, testFlakeSwitch, testByAttrSwitch, clevisTest, clevisFallbackTest, disableFileSystems, }: let startTarget = '' ${optionalString clevisTest "tpm.start()"} target.start() ${postBootCommands} target.wait_for_unit("multi-user.target") ''; in '' ${optionalString clevisTest '' import os import subprocess tpm_folder = os.environ['NIX_BUILD_TOP'] class Tpm: def __init__(self): self.start() def start(self): self.proc = subprocess.Popen(["${pkgs.swtpm}/bin/swtpm", "socket", "--tpmstate", f"dir={tpm_folder}/swtpm", "--ctrl", f"type=unixio,path={tpm_folder}/swtpm-sock", "--tpm2" ]) # Check whether starting swtpm failed try: exit_code = self.proc.wait(timeout=0.2) if exit_code is not None and exit_code != 0: raise Exception("failed to start swtpm") except subprocess.TimeoutExpired: pass """Check whether the swtpm process exited due to an error""" def check(self): exit_code = self.proc.poll() if exit_code is not None and exit_code != 0: raise Exception("swtpm process died") os.mkdir(f"{tpm_folder}/swtpm") tpm = Tpm() tpm.check() ''} installer.start() ${optionalString clevisTest '' tang.start() tang.wait_for_unit("sockets.target") tang.systemctl("start network-online.target") tang.wait_for_unit("network-online.target") installer.systemctl("start network-online.target") installer.wait_for_unit("network-online.target") ''} installer.wait_for_unit("multi-user.target") with subtest("Assert readiness of login prompt"): installer.succeed("echo hello") with subtest("Wait for hard disks to appear in /dev"): installer.succeed("udevadm settle") ${createPartitions} with subtest("Create the NixOS configuration"): installer.succeed("nixos-generate-config ${optionalString disableFileSystems "--no-filesystems"} --root /mnt") installer.succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2") installer.copy_from_host( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest ; } }", "/mnt/etc/nixos/configuration.nix", ) installer.copy_from_host("${pkgs.writeText "secret" "secret"}", "/mnt/etc/nixos/secret") ${optionalString clevisTest '' with subtest("Create the Clevis secret with Tang"): installer.systemctl("start network-online.target") installer.wait_for_unit("network-online.target") installer.succeed('echo -n password | clevis encrypt sss \'{"t": 2, "pins": {"tpm2": {}, "tang": {"url": "http://192.168.1.2"}}}\' -y > /mnt/etc/nixos/clevis-secret.jwe')''} ${optionalString clevisFallbackTest '' with subtest("Shutdown Tang to check fallback to interactive prompt"): tang.shutdown() ''} with subtest("Perform the installation"): installer.succeed("nixos-install < /dev/null >&2") with subtest("Do it again to make sure it's idempotent"): installer.succeed("nixos-install < /dev/null >&2") with subtest("Check that we can build things in nixos-enter"): installer.succeed( """ nixos-enter -- nix-build --option substitute false -E 'derivation { name = "t"; builder = "/bin/sh"; args = ["-c" "echo nixos-enter build > $out"]; system = builtins.currentSystem; preferLocalBuild = true; }' """ ) ${postInstallCommands} with subtest("Shutdown system after installation"): installer.succeed("umount -R /mnt") installer.succeed("sync") installer.shutdown() # We're actually the same machine, just booting differently this time. target.state_dir = installer.state_dir # Now see if we can boot the installation. ${startTarget} with subtest("Assert that /boot get mounted"): target.wait_for_unit("local-fs.target") ${ if bootLoader == "grub" then ''target.succeed("test -e /boot/grub")'' else ''target.succeed("test -e /boot/loader/loader.conf")'' } with subtest("Check whether /root has correct permissions"): assert "700" in target.succeed("stat -c '%a' /root") with subtest("Assert swap device got activated"): # uncomment once https://bugs.freedesktop.org/show_bug.cgi?id=86930 is resolved target.wait_for_unit("swap.target") target.succeed("cat /proc/swaps | grep -q /dev") with subtest("Check that the store is in good shape"): target.succeed("nix-store --verify --check-contents >&2") with subtest("Check whether the channel works"): target.succeed("nix-env -iA nixos.procps >&2") assert ".nix-profile" in target.succeed("type -tP ps | tee /dev/stderr") with subtest( "Check that the daemon works, and that non-root users can run builds " "(this will build a new profile generation through the daemon)" ): target.succeed("su alice -l -c 'nix-env -iA nixos.procps' >&2") with subtest("Configure system with writable Nix store on next boot"): # we're not using copy_from_host here because the installer image # doesn't know about the host-guest sharing mechanism. target.copy_from_host_via_shell( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest ; forceGrubReinstallCount = 1; } }", "/etc/nixos/configuration.nix", ) with subtest("Check whether nixos-rebuild works"): target.succeed("nixos-rebuild switch >&2") with subtest("Test nixos-option"): kernel_modules = target.succeed("nixos-option boot.initrd.kernelModules") assert "virtio_console" in kernel_modules assert "List of modules" in kernel_modules assert "qemu-guest.nix" in kernel_modules target.shutdown() # Check whether a writable store build works ${startTarget} # we're not using copy_from_host here because the installer image # doesn't know about the host-guest sharing mechanism. target.copy_from_host_via_shell( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest ; forceGrubReinstallCount = 2; } }", "/etc/nixos/configuration.nix", ) target.succeed("nixos-rebuild boot >&2") target.shutdown() # And just to be sure, check that the target still boots after "nixos-rebuild switch". ${startTarget} target.wait_for_unit("network.target") # Sanity check, is it the configuration.nix we generated? hostname = target.succeed("hostname").strip() assert hostname == "thatworked" target.shutdown() # Tests for validating clone configuration entries in grub menu '' + optionalString testSpecialisationConfig '' # Reboot target ${startTarget} with subtest("Booted configuration name should be 'Home'"): # This is not the name that shows in the grub menu. # The default configuration is always shown as "Default" target.succeed("cat /run/booted-system/configuration-name >&2") assert "Home" in target.succeed("cat /run/booted-system/configuration-name") with subtest("We should **not** find a file named /etc/gitconfig"): target.fail("test -e /etc/gitconfig") with subtest("Set grub to boot the second configuration"): target.succeed("grub-reboot 1") target.shutdown() # Reboot target ${startTarget} with subtest("Booted configuration name should be Work"): target.succeed("cat /run/booted-system/configuration-name >&2") assert "Work" in target.succeed("cat /run/booted-system/configuration-name") with subtest("We should find a file named /etc/gitconfig"): target.succeed("test -e /etc/gitconfig") target.shutdown() '' + optionalString testByAttrSwitch '' with subtest("Configure system with attribute set"): target.succeed(""" mkdir /root/my-config mv /etc/nixos/hardware-configuration.nix /root/my-config/ rm /etc/nixos/configuration.nix """) target.copy_from_host_via_shell( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest ; forceGrubReinstallCount = 1; withTestInstrumentation = false; } }", "/root/my-config/configuration.nix", ) target.copy_from_host_via_shell( "${./installer/byAttrWithChannel.nix}", "/root/my-config/default.nix", ) with subtest("Switch to attribute set based config with channels"): target.succeed("nixos-rebuild switch --file /root/my-config/default.nix") target.shutdown() ${startTarget} target.succeed(""" rm /root/my-config/default.nix """) target.copy_from_host_via_shell( "${./installer/byAttrNoChannel.nix}", "/root/my-config/default.nix", ) target.succeed(""" pkgs=$(readlink -f /nix/var/nix/profiles/per-user/root/channels)/nixos if ! [[ -e $pkgs/pkgs/top-level/default.nix ]]; then echo 1>&2 "$pkgs does not seem to be a nixpkgs source. Please fix the test so that pkgs points to a nixpkgs source."; exit 1; fi sed -e s^@nixpkgs@^$pkgs^ -i /root/my-config/default.nix """) with subtest("Switch to attribute set based config without channels"): target.succeed("nixos-rebuild switch --file /root/my-config/default.nix") target.shutdown() ${startTarget} with subtest("nix-channel command is not available anymore"): target.succeed("! which nix-channel") with subtest("builtins.nixPath is now empty"): target.succeed(""" [[ "[ ]" == "$(nix-instantiate builtins.nixPath --eval --expr)" ]] """) with subtest(" does not resolve"): target.succeed(""" ! nix-instantiate '' --eval --expr """) with subtest("Evaluate attribute set based config in fresh env without nix-channel"): target.succeed("nixos-rebuild switch --file /root/my-config/default.nix") with subtest("Evaluate attribute set based config in fresh env without channel profiles"): target.succeed(""" ( exec 1>&2 mkdir -p /root/restore mv -v /root/.nix-channels /root/restore/ mv -v ~/.nix-defexpr /root/restore/ mkdir -p /root/restore/channels mv -v /nix/var/nix/profiles/per-user/root/channels* /root/restore/channels/ ) """) target.succeed("nixos-rebuild switch --file /root/my-config/default.nix") '' + optionalString (testByAttrSwitch && testFlakeSwitch) '' with subtest("Restore channel profiles"): target.succeed(""" ( exec 1>&2 mv -v /root/restore/.nix-channels /root/ mv -v /root/restore/.nix-defexpr ~/.nix-defexpr mv -v /root/restore/channels/* /nix/var/nix/profiles/per-user/root/ rm -vrf /root/restore ) """) with subtest("Restore /etc/nixos"): target.succeed(""" mv -v /root/my-config/hardware-configuration.nix /etc/nixos/ """) target.copy_from_host_via_shell( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest ; forceGrubReinstallCount = 1; } }", "/etc/nixos/configuration.nix", ) with subtest("Restore /root/my-config"): target.succeed(""" rm -vrf /root/my-config """) '' + optionalString (testByAttrSwitch && !testFlakeSwitch) '' target.shutdown() '' + optionalString testFlakeSwitch '' ${startTarget} with subtest("Configure system with flake"): # TODO: evaluate as user? target.succeed(""" mkdir /root/my-config mv /etc/nixos/hardware-configuration.nix /root/my-config/ rm /etc/nixos/configuration.nix """) target.copy_from_host_via_shell( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest ; forceGrubReinstallCount = 1; withTestInstrumentation = false; } }", "/root/my-config/configuration.nix", ) target.copy_from_host_via_shell( "${./installer/flake.nix}", "/root/my-config/flake.nix", ) target.succeed(""" # for some reason the image does not have `pkgs.path`, so # we use readlink to find a Nixpkgs source. pkgs=$(readlink -f /nix/var/nix/profiles/per-user/root/channels)/nixos if ! [[ -e $pkgs/pkgs/top-level/default.nix ]]; then echo 1>&2 "$pkgs does not seem to be a nixpkgs source. Please fix the test so that pkgs points to a nixpkgs source."; exit 1; fi sed -e s^@nixpkgs@^$pkgs^ -i /root/my-config/flake.nix """) with subtest("Switch to flake based config"): target.succeed("nixos-rebuild switch --flake /root/my-config#xyz 2>&1 | tee activation-log >&2") target.succeed(""" cat -n activation-log >&2 """) target.succeed(""" grep -F '/root/.nix-defexpr/channels exists, but channels have been disabled.' activation-log """) target.succeed(""" grep -F '/nix/var/nix/profiles/per-user/root/channels exists, but channels have been disabled.' activation-log """) target.succeed(""" grep -F '/root/.nix-defexpr/channels exists, but channels have been disabled.' activation-log """) target.succeed(""" grep -F 'Due to https://github.com/NixOS/nix/issues/9574, Nix may still use these channels when NIX_PATH is unset.' activation-log """) target.succeed("rm activation-log") # Perform the suggested cleanups we've just seen in the log # TODO after https://github.com/NixOS/nix/issues/9574: don't remove them yet target.succeed(""" rm -rf /root/.nix-defexpr/channels /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels """) target.shutdown() ${startTarget} with subtest("nix-channel command is not available anymore"): target.succeed("! which nix-channel") # Note that the channel profile is still present on disk, but configured # not to be used. # TODO after issue https://github.com/NixOS/nix/issues/9574: re-enable this assertion # I believe what happens is # - because of the issue, we've removed the `nix-path =` line from nix.conf # - the "backdoor" shell is not a proper session and does not have `NIX_PATH=""` set # - seeing no nix path settings at all, Nix loads its hardcoded default value, # which is unfortunately non-empty # Or maybe it's the new default NIX_PATH?? :( # with subtest("builtins.nixPath is now empty"): # target.succeed(""" # ( # set -x; # [[ "[ ]" == "$(nix-instantiate builtins.nixPath --eval --expr)" ]]; # ) # """) with subtest(" does not resolve"): target.succeed(""" ! nix-instantiate '' --eval --expr """) with subtest("Evaluate flake config in fresh env without nix-channel"): target.succeed("nixos-rebuild switch --flake /root/my-config#xyz") with subtest("Evaluate flake config in fresh env without channel profiles"): target.succeed(""" ( exec 1>&2 rm -vf /root/.nix-channels rm -vrf ~/.nix-defexpr rm -vrf /nix/var/nix/profiles/per-user/root/channels* ) """) target.succeed("nixos-rebuild switch --flake /root/my-config#xyz | tee activation-log >&2") target.succeed("cat -n activation-log >&2") target.succeed("! grep -F '/root/.nix-defexpr/channels' activation-log") target.succeed("! grep -F 'but channels have been disabled' activation-log") target.succeed("! grep -F 'https://github.com/NixOS/nix/issues/9574' activation-log") target.shutdown() ''; makeInstallerTest = name: { createPartitions, postInstallCommands ? "", postBootCommands ? "", extraConfig ? "", extraInstallerConfig ? { }, bootLoader ? "grub", # either "grub" or "systemd-boot" grubDevice ? "/dev/vda", grubIdentifier ? "uuid", grubUseEfi ? false, enableOCR ? false, meta ? { }, testSpecialisationConfig ? false, testFlakeSwitch ? false, testByAttrSwitch ? false, clevisTest ? false, clevisFallbackTest ? false, disableFileSystems ? false, }: let isEfi = bootLoader == "systemd-boot" || (bootLoader == "grub" && grubUseEfi); in makeTest { inherit enableOCR; name = "installer-" + name; meta = { # put global maintainers here, individuals go into makeInstallerTest fkt call maintainers = (meta.maintainers or [ ]); # non-EFI tests can only run on x86 platforms = if isEfi then platforms.linux else [ "x86_64-linux" "i686-linux" ]; }; nodes = let commonConfig = { # builds stuff in the VM, needs more juice virtualisation.diskSize = 8 * 1024; virtualisation.cores = 8; virtualisation.memorySize = 2048; # both installer and target need to use the same drive virtualisation.diskImage = "./target.qcow2"; # and the same TPM options virtualisation.qemu.options = mkIf (clevisTest) [ "-chardev socket,id=chrtpm,path=$NIX_BUILD_TOP/swtpm-sock" "-tpmdev emulator,id=tpm0,chardev=chrtpm" "-device tpm-tis,tpmdev=tpm0" ]; }; in { # The configuration of the system used to run "nixos-install". installer = { imports = [ commonConfig ../modules/profiles/installation-device.nix ../modules/profiles/base.nix extraInstallerConfig ./common/auto-format-root-device.nix ]; # In systemdStage1, also automatically format the device backing the # root filesystem. virtualisation.fileSystems."/".autoFormat = systemdStage1; boot.initrd.systemd.enable = systemdStage1; # Use a small /dev/vdb as the root disk for the # installer. This ensures the target disk (/dev/vda) is # the same during and after installation. virtualisation.emptyDiskImages = [ 512 ]; virtualisation.rootDevice = "/dev/vdb"; hardware.enableAllFirmware = mkForce false; # The test cannot access the network, so any packages we # need must be included in the VM. system.extraDependencies = with pkgs; [ bintools brotli brotli.dev brotli.lib desktop-file-utils docbook5 docbook_xsl_ns kbd.dev kmod.dev libarchive.dev libxml2.bin libxslt.bin nixos-artwork.wallpapers.simple-dark-gray-bottom ntp perlPackages.ConfigIniFiles perlPackages.FileSlurp perlPackages.JSON perlPackages.ListCompare perlPackages.XMLLibXML # make-options-doc/default.nix (python3.withPackages (p: [ p.mistune ])) shared-mime-info sudo switch-to-configuration-ng texinfo unionfs-fuse xorg.lndir # add curl so that rather than seeing the test attempt to download # curl's tarball, we see what it's trying to download curl ] ++ optionals (bootLoader == "grub") ( let zfsSupport = extraInstallerConfig.boot.supportedFilesystems.zfs or false; in [ (pkgs.grub2.override { inherit zfsSupport; }) (pkgs.grub2_efi.override { inherit zfsSupport; }) pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader pkgs.perlPackages.FileCopyRecursive pkgs.perlPackages.XMLSAX pkgs.perlPackages.XMLSAXBase ] ) ++ optionals (bootLoader == "systemd-boot") [ pkgs.zstd.bin pkgs.mypy pkgs.bootspec ] ++ optionals clevisTest [ pkgs.klibc ]; nix.settings = { substituters = mkForce [ ]; hashed-mirrors = null; connect-timeout = 1; }; }; target = { imports = [ commonConfig ]; virtualisation.useBootLoader = true; virtualisation.useEFIBoot = isEfi; virtualisation.useDefaultFilesystems = false; virtualisation.efi.keepVariables = false; virtualisation.fileSystems."/" = { device = "/dev/disk/by-label/this-is-not-real-and-will-never-be-used"; fsType = "ext4"; }; }; } // optionalAttrs clevisTest { tang = { services.tang = { enable = true; listenStream = [ "80" ]; ipAddressAllow = [ "192.168.1.0/24" ]; }; networking.firewall.allowedTCPPorts = [ 80 ]; }; }; testScript = testScriptFun { inherit bootLoader createPartitions postInstallCommands postBootCommands grubDevice grubIdentifier grubUseEfi extraConfig testSpecialisationConfig testFlakeSwitch testByAttrSwitch clevisTest clevisFallbackTest disableFileSystems ; }; }; makeLuksRootTest = name: luksFormatOpts: makeInstallerTest name { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" + " mkpart primary 1024M -1s", # LUKS "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "modprobe dm_mod dm_crypt", "echo -n supersecret | cryptsetup luksFormat ${luksFormatOpts} -q /dev/vda3 -", "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda3 cryptroot", "mkfs.ext3 -L nixos /dev/mapper/cryptroot", "mount LABEL=nixos /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=boot /mnt/boot", ) ''; extraConfig = '' boot.kernelParams = lib.mkAfter [ "console=tty0" ]; ''; enableOCR = true; postBootCommands = '' target.wait_for_text("[Pp]assphrase for") target.send_chars("supersecret\n") ''; }; # The (almost) simplest partitioning scheme: a swap partition and # one big filesystem partition. simple-test-config = { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary linux-swap 1M 1024M" + " mkpart primary ext2 1024M -1s", "udevadm settle", "mkswap /dev/vda1 -L swap", "swapon -L swap", "mkfs.ext3 -L nixos /dev/vda2", "mount LABEL=nixos /mnt", ) ''; }; simple-test-config-flake = simple-test-config // { testFlakeSwitch = true; }; simple-test-config-by-attr = simple-test-config // { testByAttrSwitch = true; }; simple-test-config-from-by-attr-to-flake = simple-test-config // { testByAttrSwitch = true; testFlakeSwitch = true; }; simple-uefi-grub-config = { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel gpt" + " mkpart ESP fat32 1M 100MiB" # /boot + " set 1 boot on" + " mkpart primary linux-swap 100MiB 1024MiB" + " mkpart primary ext2 1024MiB -1MiB", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.ext3 -L nixos /dev/vda3", "mount LABEL=nixos /mnt", "mkfs.vfat -n BOOT /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=BOOT /mnt/boot", ) ''; bootLoader = "grub"; grubUseEfi = true; }; specialisation-test-extraconfig = { extraConfig = '' environment.systemPackages = [ pkgs.grub2 ]; boot.loader.grub.configurationName = "Home"; specialisation.work.configuration = { boot.loader.grub.configurationName = lib.mkForce "Work"; environment.etc = { "gitconfig".text = " [core] gitproxy = none for work.com "; }; }; ''; testSpecialisationConfig = true; }; # disable zfs so we can support latest kernel if needed no-zfs-module = { nixpkgs.overlays = [ (final: super: { zfs = super.zfs.overrideAttrs (_: { meta.platforms = [ ]; }); }) ]; }; mkClevisBcachefsTest = { fallback ? false, }: makeInstallerTest "clevis-bcachefs${optionalString fallback "-fallback"}" { clevisTest = true; clevisFallbackTest = fallback; enableOCR = fallback; extraInstallerConfig = { imports = [ no-zfs-module ]; boot.supportedFilesystems = [ "bcachefs" ]; environment.systemPackages = with pkgs; [ keyutils clevis ]; }; createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" + " mkpart primary linux-swap 100M 1024M" + " mkpart primary 1024M -1s", "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "keyctl link @u @s", "echo -n password | mkfs.bcachefs -L root --encrypted /dev/vda3", "echo -n password | bcachefs unlock /dev/vda3", "echo -n password | mount -t bcachefs /dev/vda3 /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=boot /mnt/boot", "udevadm settle") ''; extraConfig = '' boot.initrd.clevis.devices."/dev/vda3".secretFile = "/etc/nixos/clevis-secret.jwe"; # We override what nixos-generate-config has generated because we do # not know the UUID in advance. fileSystems."/" = lib.mkForce { device = "/dev/vda3"; fsType = "bcachefs"; }; ''; postBootCommands = optionalString fallback '' target.wait_for_text("enter passphrase for") target.send_chars("password\n") ''; }; mkClevisLuksTest = { fallback ? false, }: makeInstallerTest "clevis-luks${optionalString fallback "-fallback"}" { clevisTest = true; clevisFallbackTest = fallback; enableOCR = fallback; extraInstallerConfig = { environment.systemPackages = with pkgs; [ clevis ]; }; createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" + " mkpart primary linux-swap 100M 1024M" + " mkpart primary 1024M -1s", "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "modprobe dm_mod dm_crypt", "echo -n password | cryptsetup luksFormat -q /dev/vda3 -", "echo -n password | cryptsetup luksOpen --key-file - /dev/vda3 crypt-root", "mkfs.ext3 -L nixos /dev/mapper/crypt-root", "mount LABEL=nixos /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=boot /mnt/boot", "udevadm settle") ''; extraConfig = '' boot.initrd.clevis.devices."crypt-root".secretFile = "/etc/nixos/clevis-secret.jwe"; ''; postBootCommands = optionalString fallback '' ${ if systemdStage1 then '' target.wait_for_text("Please enter") '' else '' target.wait_for_text("Passphrase for") '' } target.send_chars("password\n") ''; }; mkClevisZfsTest = { fallback ? false, parentDataset ? false, }: makeInstallerTest "clevis-zfs${optionalString parentDataset "-parent-dataset"}${optionalString fallback "-fallback"}" { clevisTest = true; clevisFallbackTest = fallback; enableOCR = fallback; extraInstallerConfig = { boot.supportedFilesystems = [ "zfs" ]; environment.systemPackages = with pkgs; [ clevis ]; }; createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" + " mkpart primary linux-swap 100M 1024M" + " mkpart primary 1024M -1s", "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", '' + optionalString (!parentDataset) '' "zpool create -O mountpoint=legacy rpool /dev/vda3", "echo -n password | zfs create" + " -o encryption=aes-256-gcm -o keyformat=passphrase rpool/root", '' + optionalString (parentDataset) '' "echo -n password | zpool create -O mountpoint=none -O encryption=on -O keyformat=passphrase rpool /dev/vda3", "zfs create -o mountpoint=legacy rpool/root", '' + '' "mount -t zfs rpool/root /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=boot /mnt/boot", "udevadm settle") ''; extraConfig = optionalString (!parentDataset) '' boot.initrd.clevis.devices."rpool/root".secretFile = "/etc/nixos/clevis-secret.jwe"; '' + optionalString (parentDataset) '' boot.initrd.clevis.devices."rpool".secretFile = "/etc/nixos/clevis-secret.jwe"; '' + '' boot.zfs.requestEncryptionCredentials = true; # Using by-uuid overrides the default of by-id, and is unique # to the qemu disks, as they don't produce by-id paths for # some reason. boot.zfs.devNodes = "/dev/disk/by-uuid/"; networking.hostId = "00000000"; ''; postBootCommands = optionalString fallback '' ${ if systemdStage1 then '' target.wait_for_text("Enter key for rpool/root") '' else '' target.wait_for_text("Key load error") '' } target.send_chars("password\n") ''; }; in { # !!! `parted mkpart' seems to silently create overlapping partitions. # The (almost) simplest partitioning scheme: a swap partition and # one big filesystem partition. simple = makeInstallerTest "simple" simple-test-config; switchToFlake = makeInstallerTest "switch-to-flake" simple-test-config-flake; switchToByAttr = makeInstallerTest "switch-to-by-attr" simple-test-config-by-attr; switchFromByAttrToFlake = makeInstallerTest "switch-from-by-attr-to-flake" simple-test-config-from-by-attr-to-flake; # Test cloned configurations with the simple grub configuration simpleSpecialised = makeInstallerTest "simpleSpecialised" ( simple-test-config // specialisation-test-extraconfig ); # Simple GPT/UEFI configuration using systemd-boot with 3 partitions: ESP, swap & root filesystem simpleUefiSystemdBoot = makeInstallerTest "simpleUefiSystemdBoot" { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel gpt" + " mkpart ESP fat32 1M 100MiB" # /boot + " set 1 boot on" + " mkpart primary linux-swap 100MiB 1024MiB" + " mkpart primary ext2 1024MiB -1MiB", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.ext3 -L nixos /dev/vda3", "mount LABEL=nixos /mnt", "mkfs.vfat -n BOOT /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=BOOT /mnt/boot", ) ''; bootLoader = "systemd-boot"; }; simpleUefiGrub = makeInstallerTest "simpleUefiGrub" simple-uefi-grub-config; # Test cloned configurations with the uefi grub configuration simpleUefiGrubSpecialisation = makeInstallerTest "simpleUefiGrubSpecialisation" ( simple-uefi-grub-config // specialisation-test-extraconfig ); # Same as the previous, but now with a separate /boot partition. separateBoot = makeInstallerTest "separateBoot" { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100MB 1024M" + " mkpart primary ext2 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.ext3 -L nixos /dev/vda3", "mount LABEL=nixos /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=boot /mnt/boot", ) ''; }; # Same as the previous, but with fat32 /boot. separateBootFat = makeInstallerTest "separateBootFat" { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100MB 1024M" + " mkpart primary ext2 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.ext3 -L nixos /dev/vda3", "mount LABEL=nixos /mnt", "mkfs.vfat -n BOOT /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=BOOT /mnt/boot", ) ''; }; # Same as the previous, but with ZFS /boot. separateBootZfs = makeInstallerTest "separateBootZfs" { extraInstallerConfig = { boot.supportedFilesystems = [ "zfs" ]; }; extraConfig = '' # Using by-uuid overrides the default of by-id, and is unique # to the qemu disks, as they don't produce by-id paths for # some reason. boot.zfs.devNodes = "/dev/disk/by-uuid/"; networking.hostId = "00000000"; ''; createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 256MB" # /boot + " mkpart primary linux-swap 256MB 1280M" + " mkpart primary ext2 1280M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.ext4 -L nixos /dev/vda3", "mount LABEL=nixos /mnt", # Use as many ZFS features as possible to verify that GRUB can handle them "zpool create" " -o compatibility=grub2" " -O utf8only=on" " -O normalization=formD" " -O compression=lz4" # Activate the lz4_compress feature " -O xattr=sa" " -O acltype=posixacl" " bpool /dev/vda1", "zfs create" " -o recordsize=1M" # Prepare activating the large_blocks feature " -o mountpoint=legacy" " -o relatime=on" " -o quota=1G" " -o filesystem_limit=100" # Activate the filesystem_limits features " bpool/boot", # Snapshotting the top-level dataset would trigger a bug in GRUB2: https://github.com/openzfs/zfs/issues/13873 "zfs snapshot bpool/boot@snap-1", # Prepare activating the livelist and bookmarks features "zfs clone bpool/boot@snap-1 bpool/test", # Activate the livelist feature "zfs bookmark bpool/boot@snap-1 bpool/boot#bookmark", # Activate the bookmarks feature "zpool checkpoint bpool", # Activate the zpool_checkpoint feature "mkdir -p /mnt/boot", "mount -t zfs bpool/boot /mnt/boot", "touch /mnt/boot/empty", # Activate zilsaxattr feature "dd if=/dev/urandom of=/mnt/boot/test bs=1M count=1", # Activate the large_blocks feature # Print out all enabled and active ZFS features (and some other stuff) "sync /mnt/boot", "zpool get all bpool >&2", # Abort early if GRUB2 doesn't like the disks "grub-probe --target=device /mnt/boot >&2", ) ''; # umount & export bpool before shutdown # this is a fix for "cannot import 'bpool': pool was previously in use from another system." postInstallCommands = '' installer.succeed("umount /mnt/boot") installer.succeed("zpool export bpool") ''; }; # zfs on / with swap zfsroot = makeInstallerTest "zfs-root" { extraInstallerConfig = { boot.supportedFilesystems = [ "zfs" ]; }; extraConfig = '' boot.supportedFilesystems = [ "zfs" ]; # Using by-uuid overrides the default of by-id, and is unique # to the qemu disks, as they don't produce by-id paths for # some reason. boot.zfs.devNodes = "/dev/disk/by-uuid/"; networking.hostId = "00000000"; ''; createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" + " mkpart primary 1024M -1s", # rpool "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "zpool create rpool /dev/vda3", "zfs create -o mountpoint=legacy rpool/root", "mount -t zfs rpool/root /mnt", "zfs create -o mountpoint=legacy rpool/root/usr", "mkdir /mnt/usr", "mount -t zfs rpool/root/usr /mnt/usr", "mkfs.vfat -n BOOT /dev/vda1", "mkdir /mnt/boot", "mount LABEL=BOOT /mnt/boot", "udevadm settle", ) ''; }; # Create two physical LVM partitions combined into one volume group # that contains the logical swap and root partitions. lvm = makeInstallerTest "lvm" { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary 1M 2048M" # PV1 + " set 1 lvm on" + " mkpart primary 2048M -1s" # PV2 + " set 2 lvm on", "udevadm settle", "pvcreate /dev/vda1 /dev/vda2", "vgcreate MyVolGroup /dev/vda1 /dev/vda2", "lvcreate --size 1G --name swap MyVolGroup", "lvcreate --size 6G --name nixos MyVolGroup", "mkswap -f /dev/MyVolGroup/swap -L swap", "swapon -L swap", "mkfs.xfs -L nixos /dev/MyVolGroup/nixos", "mount LABEL=nixos /mnt", ) ''; extraConfig = optionalString systemdStage1 '' boot.initrd.services.lvm.enable = true; ''; }; # Boot off an encrypted root partition with the default LUKS header format luksroot = makeLuksRootTest "luksroot-format1" ""; # Boot off an encrypted root partition with LUKS1 format luksroot-format1 = makeLuksRootTest "luksroot-format1" "--type=LUKS1"; # Boot off an encrypted root partition with LUKS2 format luksroot-format2 = makeLuksRootTest "luksroot-format2" "--type=LUKS2"; # Test whether opening encrypted filesystem with keyfile # Checks for regression of missing cryptsetup, when no luks device without # keyfile is configured encryptedFSWithKeyfile = makeInstallerTest "encryptedFSWithKeyfile" { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" + " mkpart primary 1024M 1280M" # LUKS with keyfile + " mkpart primary 1280M -1s", "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.ext3 -L nixos /dev/vda4", "mount LABEL=nixos /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount LABEL=boot /mnt/boot", "modprobe dm_mod dm_crypt", "echo -n supersecret > /mnt/keyfile", "cryptsetup luksFormat -q /dev/vda3 --key-file /mnt/keyfile", "cryptsetup luksOpen --key-file /mnt/keyfile /dev/vda3 crypt", "mkfs.ext3 -L test /dev/mapper/crypt", "cryptsetup luksClose crypt", "mkdir -p /mnt/test", ) ''; extraConfig = '' fileSystems."/test" = { device = "/dev/disk/by-label/test"; fsType = "ext3"; encrypted.enable = true; encrypted.blkDev = "/dev/vda3"; encrypted.label = "crypt"; encrypted.keyFile = "/${if systemdStage1 then "sysroot" else "mnt-root"}/keyfile"; }; ''; }; # Full disk encryption (root, kernel and initrd encrypted) using GRUB, GPT/UEFI, # LVM-on-LUKS and a keyfile in initrd.secrets to enter the passphrase once fullDiskEncryption = makeInstallerTest "fullDiskEncryption" { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel gpt" + " mkpart ESP fat32 1M 100MiB" # /boot/efi + " set 1 boot on" + " mkpart primary ext2 1024MiB -1MiB", # LUKS "udevadm settle", "modprobe dm_mod dm_crypt", "dd if=/dev/random of=luks.key bs=256 count=1", "echo -n supersecret | cryptsetup luksFormat -q --pbkdf-force-iterations 1000 --type luks1 /dev/vda2 -", "echo -n supersecret | cryptsetup luksAddKey -q --pbkdf-force-iterations 1000 --key-file - /dev/vda2 luks.key", "echo -n supersecret | cryptsetup luksOpen --key-file - /dev/vda2 crypt", "pvcreate /dev/mapper/crypt", "vgcreate crypt /dev/mapper/crypt", "lvcreate -L 100M -n swap crypt", "lvcreate -l '100%FREE' -n nixos crypt", "mkfs.vfat -n efi /dev/vda1", "mkfs.ext4 -L nixos /dev/crypt/nixos", "mkswap -L swap /dev/crypt/swap", "mount LABEL=nixos /mnt", "mkdir -p /mnt/{etc/nixos,boot/efi}", "mount LABEL=efi /mnt/boot/efi", "swapon -L swap", "mv luks.key /mnt/etc/nixos/" ) ''; bootLoader = "grub"; grubUseEfi = true; extraConfig = '' boot.loader.grub.enableCryptodisk = true; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.initrd.secrets."/luks.key" = "/etc/nixos/luks.key"; boot.initrd.luks.devices.crypt = { device = "/dev/vda2"; keyFile = "/luks.key"; }; ''; enableOCR = true; postBootCommands = '' target.wait_for_text("Enter passphrase for") target.send_chars("supersecret\n") ''; }; swraid = makeInstallerTest "swraid" { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda --" + " mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart extended 100M -1s" + " mkpart logical 102M 3102M" # md0 (root), first device + " mkpart logical 3103M 6103M" # md0 (root), second device + " mkpart logical 6104M 6360M" # md1 (swap), first device + " mkpart logical 6361M 6617M", # md1 (swap), second device "udevadm settle", "ls -l /dev/vda* >&2", "cat /proc/partitions >&2", "udevadm control --stop-exec-queue", "mdadm --create --force /dev/md0 --metadata 1.2 --level=raid1 " + "--raid-devices=2 /dev/vda5 /dev/vda6", "mdadm --create --force /dev/md1 --metadata 1.2 --level=raid1 " + "--raid-devices=2 /dev/vda7 /dev/vda8", "udevadm control --start-exec-queue", "udevadm settle", "mkswap -f /dev/md1 -L swap", "swapon -L swap", "mkfs.ext3 -L nixos /dev/md0", "mount LABEL=nixos /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir /mnt/boot", "mount LABEL=boot /mnt/boot", "udevadm settle", ) ''; postBootCommands = '' target.fail("dmesg | grep 'immediate safe mode'") ''; }; bcache = makeInstallerTest "bcache" { createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda --" + " mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary 100MB 512MB " # swap + " mkpart primary 512MB 1024MB" # Cache (typically SSD) + " mkpart primary 1024MB -1s ", # Backing device (typically HDD) "modprobe bcache", "udevadm settle", "make-bcache -B /dev/vda4 -C /dev/vda3", "udevadm settle", "mkfs.ext3 -L nixos /dev/bcache0", "mount LABEL=nixos /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir /mnt/boot", "mount LABEL=boot /mnt/boot", "mkswap -f /dev/vda2 -L swap", "swapon -L swap", ) ''; }; bcachefsSimple = makeInstallerTest "bcachefs-simple" { extraInstallerConfig = { boot.supportedFilesystems = [ "bcachefs" ]; imports = [ no-zfs-module ]; }; createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" # swap + " mkpart primary 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.bcachefs -L root /dev/vda3", "mount -t bcachefs /dev/vda3 /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount /dev/vda1 /mnt/boot", ) ''; }; bcachefsEncrypted = makeInstallerTest "bcachefs-encrypted" { extraInstallerConfig = { boot.supportedFilesystems = [ "bcachefs" ]; # disable zfs so we can support latest kernel if needed imports = [ no-zfs-module ]; environment.systemPackages = with pkgs; [ keyutils ]; }; extraConfig = '' boot.kernelParams = lib.mkAfter [ "console=tty0" ]; ''; enableOCR = true; postBootCommands = '' # Enter it wrong once target.wait_for_text("enter passphrase for ") target.send_chars("wrong\n") # Then enter it right. target.wait_for_text("enter passphrase for ") target.send_chars("password\n") ''; createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" # swap + " mkpart primary 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "echo password | mkfs.bcachefs -L root --encrypted /dev/vda3", "echo password | bcachefs unlock -k session /dev/vda3", "echo password | mount -t bcachefs /dev/vda3 /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount /dev/vda1 /mnt/boot", ) ''; }; bcachefsMulti = makeInstallerTest "bcachefs-multi" { extraInstallerConfig = { boot.supportedFilesystems = [ "bcachefs" ]; # disable zfs so we can support latest kernel if needed imports = [ no-zfs-module ]; }; createPartitions = '' installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" # swap + " mkpart primary 1024M 4096M" # / + " mkpart primary 4096M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.bcachefs -L root --metadata_replicas 2 --foreground_target ssd --promote_target ssd --background_target hdd --label ssd /dev/vda3 --label hdd /dev/vda4", "mount -t bcachefs /dev/vda3:/dev/vda4 /mnt", "mkfs.ext3 -L boot /dev/vda1", "mkdir -p /mnt/boot", "mount /dev/vda1 /mnt/boot", ) ''; }; # Test using labels to identify volumes in grub simpleLabels = makeInstallerTest "simpleLabels" { createPartitions = '' installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.ext4 -L root /dev/vda3", "mount LABEL=root /mnt", ) ''; grubIdentifier = "label"; }; # Test using the provided disk name within grub # TODO: Fix udev so the symlinks are unneeded in /dev/disks simpleProvided = makeInstallerTest "simpleProvided" { createPartitions = '' uuid = "$(blkid -s UUID -o value /dev/vda2)" installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+100M -n 3:0:+1G -N 4 -t 1:ef02 -t 2:8300 " + "-t 3:8200 -t 4:8300 -c 2:boot -c 4:root /dev/vda", "mkswap /dev/vda3 -L swap", "swapon -L swap", "mkfs.ext4 -L boot /dev/vda2", "mkfs.ext4 -L root /dev/vda4", ) installer.execute(f"ln -s ../../vda2 /dev/disk/by-uuid/{uuid}") installer.execute("ln -s ../../vda4 /dev/disk/by-label/root") installer.succeed( "mount /dev/disk/by-label/root /mnt", "mkdir /mnt/boot", f"mount /dev/disk/by-uuid/{uuid} /mnt/boot", ) ''; grubIdentifier = "provided"; }; # Simple btrfs grub testing btrfsSimple = makeInstallerTest "btrfsSimple" { createPartitions = '' installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.btrfs -L root /dev/vda3", "mount LABEL=root /mnt", ) ''; }; # Test to see if we can detect /boot and /nix on subvolumes btrfsSubvols = makeInstallerTest "btrfsSubvols" { createPartitions = '' installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.btrfs -L root /dev/vda3", "btrfs device scan", "mount LABEL=root /mnt", "btrfs subvol create /mnt/boot", "btrfs subvol create /mnt/nixos", "btrfs subvol create /mnt/nixos/default", "umount /mnt", "mount -o defaults,subvol=nixos/default LABEL=root /mnt", "mkdir /mnt/boot", "mount -o defaults,subvol=boot LABEL=root /mnt/boot", ) ''; }; # Test to see if we can detect default and aux subvolumes correctly btrfsSubvolDefault = makeInstallerTest "btrfsSubvolDefault" { createPartitions = '' installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.btrfs -L root /dev/vda3", "btrfs device scan", "mount LABEL=root /mnt", "btrfs subvol create /mnt/badpath", "btrfs subvol create /mnt/badpath/boot", "btrfs subvol create /mnt/nixos", "btrfs subvol set-default " + "$(btrfs subvol list /mnt | grep 'nixos' | awk '{print $2}') /mnt", "umount /mnt", "mount -o defaults LABEL=root /mnt", "mkdir -p /mnt/badpath/boot", # Help ensure the detection mechanism # is actually looking up subvolumes "mkdir /mnt/boot", "mount -o defaults,subvol=badpath/boot LABEL=root /mnt/boot", ) ''; }; # Test to see if we can deal with subvols that need to be escaped in fstab btrfsSubvolEscape = makeInstallerTest "btrfsSubvolEscape" { createPartitions = '' installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.btrfs -L root /dev/vda3", "btrfs device scan", "mount LABEL=root /mnt", "btrfs subvol create '/mnt/nixos in space'", "btrfs subvol create /mnt/boot", "umount /mnt", "mount -o 'defaults,subvol=nixos in space' LABEL=root /mnt", "mkdir /mnt/boot", "mount -o defaults,subvol=boot LABEL=root /mnt/boot", ) ''; }; } // { clevisBcachefs = mkClevisBcachefsTest { }; clevisBcachefsFallback = mkClevisBcachefsTest { fallback = true; }; clevisLuks = mkClevisLuksTest { }; clevisLuksFallback = mkClevisLuksTest { fallback = true; }; clevisZfs = mkClevisZfsTest { }; clevisZfsFallback = mkClevisZfsTest { fallback = true; }; clevisZfsParentDataset = mkClevisZfsTest { parentDataset = true; }; clevisZfsParentDatasetFallback = mkClevisZfsTest { parentDataset = true; fallback = true; }; } // optionalAttrs systemdStage1 { stratisRoot = makeInstallerTest "stratisRoot" { createPartitions = '' installer.succeed( "sgdisk --zap-all /dev/vda", "sgdisk --new=1:0:+100M --typecode=0:ef00 /dev/vda", # /boot "sgdisk --new=2:0:+1G --typecode=0:8200 /dev/vda", # swap "sgdisk --new=3:0:+5G --typecode=0:8300 /dev/vda", # / "udevadm settle", "mkfs.vfat /dev/vda1", "mkswap /dev/vda2 -L swap", "swapon -L swap", "stratis pool create my-pool /dev/vda3", "stratis filesystem create my-pool nixos", "udevadm settle", "mount /dev/stratis/my-pool/nixos /mnt", "mkdir -p /mnt/boot", "mount /dev/vda1 /mnt/boot" ) ''; bootLoader = "systemd-boot"; extraInstallerConfig = { modulesPath, ... }: { config = { services.stratis.enable = true; environment.systemPackages = [ pkgs.stratis-cli pkgs.thin-provisioning-tools pkgs.lvm2.bin pkgs.stratisd.initrd ]; }; }; }; gptAutoRoot = let rootPartType = { ia32 = "44479540-F297-41B2-9AF7-D131D5F0458A"; x64 = "4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709"; arm = "69DAD710-2CE4-4E3C-B16C-21A1D49ABED3"; aa64 = "B921B045-1DF0-41C3-AF44-4C6F280D3FAE"; } .${pkgs.stdenv.hostPlatform.efiArch}; in makeInstallerTest "gptAutoRoot" { disableFileSystems = true; createPartitions = '' installer.succeed( "sgdisk --zap-all /dev/vda", "sgdisk --new=1:0:+100M --typecode=0:ef00 /dev/vda", # /boot "sgdisk --new=2:0:+1G --typecode=0:8200 /dev/vda", # swap "sgdisk --new=3:0:+5G --typecode=0:${rootPartType} /dev/vda", # / "udevadm settle", "mkfs.vfat /dev/vda1", "mkswap /dev/vda2 -L swap", "swapon -L swap", "mkfs.ext4 -L root /dev/vda3", "udevadm settle", "mount /dev/vda3 /mnt", "mkdir -p /mnt/boot", "mount /dev/vda1 /mnt/boot" ) ''; bootLoader = "systemd-boot"; extraConfig = '' boot.initrd.systemd.root = "gpt-auto"; boot.initrd.supportedFilesystems = ["ext4"]; ''; }; }