mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-04 12:03:21 +00:00
f86645566d
Test for presence of all specified options in the generated .nspawn config file. Additionally test for absence of misspelled and fixed option MachineID.
129 lines
2.6 KiB
Nix
129 lines
2.6 KiB
Nix
import ./make-test-python.nix ({ lib, ... }:
|
|
let
|
|
execOptions = [
|
|
"Boot"
|
|
"ProcessTwo"
|
|
"Parameters"
|
|
"Environment"
|
|
"User"
|
|
"WorkingDirectory"
|
|
"PivotRoot"
|
|
"Capability"
|
|
"DropCapability"
|
|
"NoNewPrivileges"
|
|
"KillSignal"
|
|
"Personality"
|
|
"MachineID"
|
|
"PrivateUsers"
|
|
"NotifyReady"
|
|
"SystemCallFilter"
|
|
"LimitCPU"
|
|
"LimitFSIZE"
|
|
"LimitDATA"
|
|
"LimitSTACK"
|
|
"LimitCORE"
|
|
"LimitRSS"
|
|
"LimitNOFILE"
|
|
"LimitAS"
|
|
"LimitNPROC"
|
|
"LimitMEMLOCK"
|
|
"LimitLOCKS"
|
|
"LimitSIGPENDING"
|
|
"LimitMSGQUEUE"
|
|
"LimitNICE"
|
|
"LimitRTPRIO"
|
|
"LimitRTTIME"
|
|
"OOMScoreAdjust"
|
|
"CPUAffinity"
|
|
"Hostname"
|
|
"ResolvConf"
|
|
"Timezone"
|
|
"LinkJournal"
|
|
"Ephemeral"
|
|
"AmbientCapability"
|
|
];
|
|
|
|
filesOptions = [
|
|
"ReadOnly"
|
|
"Volatile"
|
|
"Bind"
|
|
"BindReadOnly"
|
|
"TemporaryFileSystem"
|
|
"Overlay"
|
|
"OverlayReadOnly"
|
|
"PrivateUsersChown"
|
|
"BindUser"
|
|
"Inaccessible"
|
|
"PrivateUsersOwnership"
|
|
];
|
|
|
|
networkOptions = [
|
|
"Private"
|
|
"VirtualEthernet"
|
|
"VirtualEthernetExtra"
|
|
"Interface"
|
|
"MACVLAN"
|
|
"IPVLAN"
|
|
"Bridge"
|
|
"Zone"
|
|
"Port"
|
|
];
|
|
|
|
optionsToConfig = opts: builtins.listToAttrs (map (n: lib.nameValuePair n "testdata") opts);
|
|
|
|
grepForOptions = opts: ''node.succeed(
|
|
"for o in ${builtins.concatStringsSep " " opts} ; do grep --quiet $o ${configFile} || exit 1 ; done"
|
|
)'';
|
|
|
|
unitName = "options-test";
|
|
configFile = "/etc/systemd/nspawn/${unitName}.nspawn";
|
|
|
|
in
|
|
{
|
|
name = "systemd-nspawn-configfile";
|
|
|
|
nodes = {
|
|
node = { pkgs, ... }: {
|
|
systemd.nspawn."${unitName}" = {
|
|
enable = true;
|
|
|
|
execConfig = optionsToConfig execOptions // {
|
|
Boot = true;
|
|
ProcessTwo = true;
|
|
NotifyReady = true;
|
|
};
|
|
|
|
filesConfig = optionsToConfig filesOptions // {
|
|
ReadOnly = true;
|
|
Volatile = "state";
|
|
PrivateUsersChown = true;
|
|
PrivateUsersOwnership = "auto";
|
|
};
|
|
|
|
networkConfig = optionsToConfig networkOptions // {
|
|
Private = true;
|
|
VirtualEthernet = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
start_all()
|
|
|
|
node.wait_for_file("${configFile}")
|
|
|
|
with subtest("Test for presence of all specified options in config file"):
|
|
${grepForOptions execOptions}
|
|
${grepForOptions filesOptions}
|
|
${grepForOptions networkOptions}
|
|
|
|
with subtest("Test for absence of misspelled option 'MachineId' (instead of 'MachineID')"):
|
|
node.fail("grep --quiet MachineId ${configFile}")
|
|
'';
|
|
|
|
meta.maintainers = [
|
|
lib.maintainers.zi3m5f
|
|
];
|
|
})
|