diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/lib/make-options-doc/default.nix | 2 | ||||
-rw-r--r-- | nixos/modules/system/boot/networkd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/system/boot/resolved.nix | 2 | ||||
-rw-r--r-- | nixos/modules/system/boot/timesyncd.nix | 5 | ||||
-rw-r--r-- | nixos/modules/virtualisation/containers.nix | 2 | ||||
-rw-r--r-- | nixos/tests/pantheon.nix | 65 | ||||
-rw-r--r-- | nixos/tests/plasma5.nix | 68 | ||||
-rw-r--r-- | nixos/tests/syncthing-init.nix | 12 | ||||
-rw-r--r-- | nixos/tests/syncthing-relay.nix | 14 | ||||
-rw-r--r-- | nixos/tests/systemd-networkd-wireguard.nix | 11 |
10 files changed, 96 insertions, 87 deletions
diff --git a/nixos/lib/make-options-doc/default.nix b/nixos/lib/make-options-doc/default.nix index 35c8b543dece..eee8f612410d 100644 --- a/nixos/lib/make-options-doc/default.nix +++ b/nixos/lib/make-options-doc/default.nix @@ -86,7 +86,7 @@ let optionsList = lib.sort optionLess optionsListDesc; # Convert the list of options into an XML file. - optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList); + optionsXML = pkgs.writeText "options.xml" (builtins.toXML optionsList); optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList); diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index f80d5afc55fc..226769f10597 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -924,6 +924,8 @@ in config = mkIf config.systemd.network.enable { + users.users.systemd-network.group = "systemd-network"; + systemd.additionalUpstreamSystemUnits = [ "systemd-networkd.service" "systemd-networkd-wait-online.service" ]; diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index 3ea96f8e4645..da61c64faf8b 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -136,6 +136,8 @@ in } ]; + users.users.resolved.group = "systemd-resolve"; + systemd.additionalUpstreamSystemUnits = [ "systemd-resolved.service" ]; diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix index 0b1d0ff6c22b..9e2f36ca01f8 100644 --- a/nixos/modules/system/boot/timesyncd.nix +++ b/nixos/modules/system/boot/timesyncd.nix @@ -50,7 +50,10 @@ with lib; ${config.services.timesyncd.extraConfig} ''; - users.users.systemd-timesync.uid = config.ids.uids.systemd-timesync; + users.users.systemd-timesync = { + uid = config.ids.uids.systemd-timesync; + group = "systemd-timesync"; + }; users.groups.systemd-timesync.gid = config.ids.gids.systemd-timesync; system.activationScripts.systemd-timesyncd-migration = mkIf (versionOlder config.system.stateVersion "19.09") '' diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 691ee2c136ec..09678ce9ea71 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -149,7 +149,7 @@ let --setenv PATH="$PATH" \ ${optionalString cfg.ephemeral "--ephemeral"} \ ${if cfg.additionalCapabilities != null && cfg.additionalCapabilities != [] then - ''--capability="${concatStringsSep " " cfg.additionalCapabilities}"'' else "" + ''--capability="${concatStringsSep "," cfg.additionalCapabilities}"'' else "" } \ ${if cfg.tmpfs != null && cfg.tmpfs != [] then ''--tmpfs=${concatStringsSep " --tmpfs=" cfg.tmpfs}'' else "" diff --git a/nixos/tests/pantheon.nix b/nixos/tests/pantheon.nix index 9888887ee8b5..6ff19be1bb95 100644 --- a/nixos/tests/pantheon.nix +++ b/nixos/tests/pantheon.nix @@ -1,9 +1,10 @@ -import ./make-test.nix ({ pkgs, ...} : +import ./make-test-python.nix ({ pkgs, ...} : { name = "pantheon"; + meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ worldofpeace ]; + maintainers = pkgs.pantheon.maintainers; }; machine = { ... }: @@ -21,35 +22,37 @@ import ./make-test.nix ({ pkgs, ...} : testScript = { nodes, ... }: let user = nodes.machine.config.users.users.alice; + bob = nodes.machine.config.users.users.bob; in '' - startAll; - - # Wait for display manager to start - $machine->waitForText(qr/${user.description}/); - $machine->screenshot("lightdm"); - - # Log in - $machine->sendChars("${user.password}\n"); - $machine->waitForFile("/home/alice/.Xauthority"); - $machine->succeed("xauth merge ~alice/.Xauthority"); - - # Check if "pantheon-shell" components actually start - $machine->waitUntilSucceeds("pgrep gala"); - $machine->waitForWindow(qr/gala/); - $machine->waitUntilSucceeds("pgrep wingpanel"); - $machine->waitForWindow("wingpanel"); - $machine->waitUntilSucceeds("pgrep plank"); - $machine->waitForWindow(qr/plank/); - - # Check that logging in has given the user ownership of devices. - $machine->succeed("getfacl -p /dev/snd/timer | grep -q alice"); - - # Open elementary terminal - $machine->execute("su - alice -c 'DISPLAY=:0.0 io.elementary.terminal &'"); - $machine->waitForWindow(qr/io.elementary.terminal/); - - # Take a screenshot of the desktop - $machine->sleep(20); - $machine->screenshot("screen"); + machine.wait_for_unit("display-manager.service") + + with subtest("Test we can see usernames in elementary-greeter"): + machine.wait_for_text("${user.description}") + machine.wait_for_text("${bob.description}") + machine.screenshot("elementary_greeter_lightdm") + + with subtest("Login with elementary-greeter"): + machine.send_chars("${user.password}\n") + machine.wait_for_x() + machine.wait_for_file("${user.home}/.Xauthority") + machine.succeed("xauth merge ${user.home}/.Xauthority") + + with subtest("Check that logging in has given the user ownership of devices"): + machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + + # TODO: DBus API could eliminate this? Pantheon uses Bamf. + with subtest("Check if pantheon session components actually start"): + machine.wait_until_succeeds("pgrep gala") + machine.wait_for_window("gala") + machine.wait_until_succeeds("pgrep wingpanel") + machine.wait_for_window("wingpanel") + machine.wait_until_succeeds("pgrep plank") + machine.wait_for_window("plank") + + with subtest("Open elementary terminal"): + machine.execute("su - ${user.name} -c 'DISPLAY=:0 io.elementary.terminal &'") + machine.wait_for_window("io.elementary.terminal") + machine.sleep(20) + machine.screenshot("screen") ''; }) diff --git a/nixos/tests/plasma5.nix b/nixos/tests/plasma5.nix index 614fc9bf316e..6884f17aabbe 100644 --- a/nixos/tests/plasma5.nix +++ b/nixos/tests/plasma5.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ pkgs, ...} : +import ./make-test-python.nix ({ pkgs, ...} : { name = "plasma5"; @@ -7,23 +7,11 @@ import ./make-test.nix ({ pkgs, ...} : }; machine = { ... }: - let - sddm_theme = pkgs.stdenv.mkDerivation { - name = "breeze-ocr-theme"; - phases = "buildPhase"; - buildCommand = '' - mkdir -p $out/share/sddm/themes/ - cp -r ${pkgs.plasma-workspace}/share/sddm/themes/breeze $out/share/sddm/themes/breeze-ocr-theme - chmod -R +w $out/share/sddm/themes/breeze-ocr-theme - printf "[General]\ntype=color\ncolor=#1d99f3\nbackground=\n" > $out/share/sddm/themes/breeze-ocr-theme/theme.conf - ''; - }; - in + { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.displayManager.sddm.enable = true; - services.xserver.displayManager.sddm.theme = "breeze-ocr-theme"; services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.default = "plasma5"; services.xserver.displayManager.sddm.autoLogin = { @@ -32,34 +20,40 @@ import ./make-test.nix ({ pkgs, ...} : }; hardware.pulseaudio.enable = true; # needed for the factl test, /dev/snd/* exists without them but udev doesn't care then virtualisation.memorySize = 1024; - environment.systemPackages = [ sddm_theme ]; }; testScript = { nodes, ... }: let user = nodes.machine.config.users.users.alice; xdo = "${pkgs.xdotool}/bin/xdotool"; in '' - startAll; - # wait for log in - $machine->waitForFile("/home/alice/.Xauthority"); - $machine->succeed("xauth merge ~alice/.Xauthority"); - - $machine->waitUntilSucceeds("pgrep plasmashell"); - $machine->waitForWindow("^Desktop "); - - # Check that logging in has given the user ownership of devices. - $machine->succeed("getfacl -p /dev/snd/timer | grep -q alice"); - - $machine->execute("su - alice -c 'DISPLAY=:0.0 dolphin &'"); - $machine->waitForWindow(" Dolphin"); - - $machine->execute("su - alice -c 'DISPLAY=:0.0 konsole &'"); - $machine->waitForWindow("Konsole"); - - $machine->execute("su - alice -c 'DISPLAY=:0.0 systemsettings5 &'"); - $machine->waitForWindow("Settings"); - - $machine->execute("${xdo} key Alt+F1 sleep 10"); - $machine->screenshot("screen"); + with subtest("Wait for login"): + start_all() + machine.wait_for_file("${user.home}/.Xauthority") + machine.succeed("xauth merge ${user.home}/.Xauthority") + + with subtest("Check plasmashell started"): + machine.wait_until_succeeds("pgrep plasmashell") + machine.wait_for_window("^Desktop ") + + with subtest("Check that logging in has given the user ownership of devices"): + machine.succeed("getfacl -p /dev/snd/timer | grep -q ${user.name}") + + with subtest("Run Dolphin"): + machine.execute("su - ${user.name} -c 'DISPLAY=:0.0 dolphin &'") + machine.wait_for_window(" Dolphin") + + with subtest("Run Konsole"): + machine.execute("su - ${user.name} -c 'DISPLAY=:0.0 konsole &'") + machine.wait_for_window("Konsole") + + with subtest("Run systemsettings"): + machine.execute("su - ${user.name} -c 'DISPLAY=:0.0 systemsettings5 &'") + machine.wait_for_window("Settings") + + with subtest("Wait to get a screenshot"): + machine.execute( + "${xdo} key Alt+F1 sleep 10" + ) + machine.screenshot("screen") ''; }) diff --git a/nixos/tests/syncthing-init.nix b/nixos/tests/syncthing-init.nix index 0de76b688bdc..9c8e0a3d087e 100644 --- a/nixos/tests/syncthing-init.nix +++ b/nixos/tests/syncthing-init.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ lib, pkgs, ... }: let +import ./make-test-python.nix ({ lib, pkgs, ... }: let testId = "7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU"; @@ -22,13 +22,11 @@ in { }; testScript = '' - my $config; - - $machine->waitForUnit("syncthing-init.service"); - $config = $machine->succeed("cat /var/lib/syncthing/.config/syncthing/config.xml"); + machine.wait_for_unit("syncthing-init.service") + config = machine.succeed("cat /var/lib/syncthing/.config/syncthing/config.xml") - $config =~ /${testId}/ or die; - $config =~ /testFolder/ or die; + assert "testFolder" in config + assert "${testId}" in config ''; }) diff --git a/nixos/tests/syncthing-relay.nix b/nixos/tests/syncthing-relay.nix index f1ceb4993337..cd72ef1cbe1d 100644 --- a/nixos/tests/syncthing-relay.nix +++ b/nixos/tests/syncthing-relay.nix @@ -1,4 +1,4 @@ -import ./make-test.nix ({ lib, pkgs, ... }: { +import ./make-test-python.nix ({ lib, pkgs, ... }: { name = "syncthing-relay"; meta.maintainers = with pkgs.stdenv.lib.maintainers; [ delroth ]; @@ -14,9 +14,13 @@ import ./make-test.nix ({ lib, pkgs, ... }: { }; testScript = '' - $machine->waitForUnit("syncthing-relay.service"); - $machine->waitForOpenPort(12345); - $machine->waitForOpenPort(12346); - $machine->succeed("curl http://localhost:12346/status | jq -r '.options.\"provided-by\"'") =~ /nixos-test/ or die; + machine.wait_for_unit("syncthing-relay.service") + machine.wait_for_open_port(12345) + machine.wait_for_open_port(12346) + + out = machine.succeed( + "curl -sS http://localhost:12346/status | jq -r '.options.\"provided-by\"'" + ) + assert "nixos-test" in out ''; }) diff --git a/nixos/tests/systemd-networkd-wireguard.nix b/nixos/tests/systemd-networkd-wireguard.nix index b83e9c7ce190..be5c0da981d2 100644 --- a/nixos/tests/systemd-networkd-wireguard.nix +++ b/nixos/tests/systemd-networkd-wireguard.nix @@ -1,4 +1,4 @@ -let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ...}: { +let generateNodeConf = { lib, pkgs, config, privk, pubk, peerId, nodeId, ...}: { imports = [ common/user-account.nix ]; systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; networking.useNetworkd = true; @@ -7,13 +7,16 @@ let generateNodeConf = { lib, pkgs, config, privkpath, pubk, peerId, nodeId, ... virtualisation.vlans = [ 1 ]; environment.systemPackages = with pkgs; [ wireguard-tools ]; boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ]; + systemd.tmpfiles.rules = [ + "f /run/wg_priv 0640 root systemd-network - ${privk}" + ]; systemd.network = { enable = true; netdevs = { "90-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; }; wireguardConfig = { - PrivateKeyFile = privkpath ; + PrivateKeyFile = "/run/wg_priv"; ListenPort = 51820; FwMark = 42; }; @@ -53,7 +56,7 @@ in import ./make-test-python.nix ({pkgs, ... }: { nodes = { node1 = { pkgs, ... }@attrs: let localConf = { - privkpath = pkgs.writeText "priv.key" "GDiXWlMQKb379XthwX0haAbK6hTdjblllpjGX0heP00="; + privk = "GDiXWlMQKb379XthwX0haAbK6hTdjblllpjGX0heP00="; pubk = "iRxpqj42nnY0Qz8MAQbSm7bXxXP5hkPqWYIULmvW+EE="; nodeId = "1"; peerId = "2"; @@ -62,7 +65,7 @@ in import ./make-test-python.nix ({pkgs, ... }: { node2 = { pkgs, ... }@attrs: let localConf = { - privkpath = pkgs.writeText "priv.key" "eHxSI2jwX/P4AOI0r8YppPw0+4NZnjOxfbS5mt06K2k="; + privk = "eHxSI2jwX/P4AOI0r8YppPw0+4NZnjOxfbS5mt06K2k="; pubk = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g="; nodeId = "2"; peerId = "1"; |