mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-28 07:43:43 +00:00
4f0dadbf38
After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-builda08b3a4d19
.tar.gz \ --argstr baseRevb32a094368
result/bin/apply-formatting $NIXPKGS_PATH
70 lines
2.7 KiB
Nix
70 lines
2.7 KiB
Nix
# This test verifies that systemd-timesyncd can resolve the NTP server hostname when DNSSEC validation
|
|
# fails even though it is enforced in the systemd-resolved settings. It is required in order to solve
|
|
# the chicken-and-egg problem when DNSSEC validation needs the correct time to work, but to set the
|
|
# correct time, we need to connect to an NTP server, which usually requires resolving its hostname.
|
|
#
|
|
# This test does the following:
|
|
# - Sets up a DNS server (tinydns) listening on the eth1 ip addess, serving .ntp and fake.ntp records.
|
|
# - Configures that DNS server as a resolver and enables DNSSEC in systemd-resolved settings.
|
|
# - Configures systemd-timesyncd to use fake.ntp hostname as an NTP server.
|
|
# - Performs a regular DNS lookup, to ensure it fails due to broken DNSSEC.
|
|
# - Waits until systemd-timesyncd resolves fake.ntp by checking its debug output.
|
|
# Here, we don't expect systemd-timesyncd to connect and synchronize time because there is no NTP
|
|
# server running. For this test to succeed, we only need to ensure that systemd-timesyncd
|
|
# resolves the IP address of the fake.ntp host.
|
|
|
|
import ./make-test-python.nix (
|
|
{ pkgs, ... }:
|
|
|
|
let
|
|
ntpHostname = "fake.ntp";
|
|
ntpIP = "192.0.2.1";
|
|
in
|
|
{
|
|
name = "systemd-timesyncd";
|
|
nodes.machine =
|
|
{
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
eth1IP = (lib.head config.networking.interfaces.eth1.ipv4.addresses).address;
|
|
in
|
|
{
|
|
# Setup a local DNS server for the NTP domain on the eth1 IP address
|
|
services.tinydns = {
|
|
enable = true;
|
|
ip = eth1IP;
|
|
data = ''
|
|
.ntp:${eth1IP}
|
|
+.${ntpHostname}:${ntpIP}
|
|
'';
|
|
};
|
|
|
|
# Enable systemd-resolved with DNSSEC and use the local DNS as a name server
|
|
services.resolved.enable = true;
|
|
services.resolved.dnssec = "true";
|
|
networking.nameservers = [ eth1IP ];
|
|
|
|
# Configure systemd-timesyncd to use our NTP hostname
|
|
services.timesyncd.enable = lib.mkForce true;
|
|
services.timesyncd.servers = [ ntpHostname ];
|
|
services.timesyncd.extraConfig = ''
|
|
FallbackNTP=${ntpHostname}
|
|
'';
|
|
|
|
# The debug output is necessary to determine whether systemd-timesyncd successfully resolves our NTP hostname or not
|
|
systemd.services.systemd-timesyncd.environment.SYSTEMD_LOG_LEVEL = "debug";
|
|
};
|
|
|
|
testScript = ''
|
|
machine.wait_for_unit("tinydns.service")
|
|
machine.wait_for_unit("systemd-timesyncd.service")
|
|
machine.fail("resolvectl query ${ntpHostname}")
|
|
machine.wait_until_succeeds("journalctl -u systemd-timesyncd.service --grep='Resolved address ${ntpIP}:123 for ${ntpHostname}'")
|
|
'';
|
|
}
|
|
)
|