blob: 12ab21b7f9b577723999742e819cd3820caa38e6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
import ./make-test-python.nix ({ lib, ... }:
let
execOptions = [
"Boot"
"ProcessTwo"
"Parameters"
"Environment"
"User"
"WorkingDirectory"
"PivotRoot"
"Capability"
"DropCapability"
"NoNewPrivileges"
"KillSignal"
"Personality"
"MachineID"
"PrivateUsers"
"NotifyReady"
"SystemCallFilter"
"LimitCPU"
"LimitFSIZE"
"LimitDATA"
"LimitSTACK"
"LimitCORE"
"LimitRSS"
"LimitNOFILE"
"LimitAS"
"LimitNPROC"
"LimitMEMLOCK"
"LimitLOCKS"
"LimitSIGPENDING"
"LimitMSGQUEUE"
"LimitNICE"
"LimitRTPRIO"
"LimitRTTIME"
"OOMScoreAdjust"
"CPUAffinity"
"Hostname"
"ResolvConf"
"Timezone"
"LinkJournal"
"Ephemeral"
"AmbientCapability"
];
filesOptions = [
"ReadOnly"
"Volatile"
"Bind"
"BindReadOnly"
"TemporaryFileSystem"
"Overlay"
"OverlayReadOnly"
"PrivateUsersChown"
"BindUser"
"Inaccessible"
"PrivateUsersOwnership"
];
networkOptions = [
"Private"
"VirtualEthernet"
"VirtualEthernetExtra"
"Interface"
"MACVLAN"
"IPVLAN"
"Bridge"
"Zone"
"Port"
];
optionsToConfig = opts: builtins.listToAttrs (map (n: lib.nameValuePair n "testdata") opts);
grepForOptions = opts: ''node.succeed(
"for o in ${builtins.concatStringsSep " " opts} ; do grep --quiet $o ${configFile} || exit 1 ; done"
)'';
unitName = "options-test";
configFile = "/etc/systemd/nspawn/${unitName}.nspawn";
in
{
name = "systemd-nspawn-configfile";
nodes = {
node = { pkgs, ... }: {
systemd.nspawn."${unitName}" = {
enable = true;
execConfig = optionsToConfig execOptions // {
Boot = true;
ProcessTwo = true;
NotifyReady = true;
};
filesConfig = optionsToConfig filesOptions // {
ReadOnly = true;
Volatile = "state";
PrivateUsersChown = true;
PrivateUsersOwnership = "auto";
};
networkConfig = optionsToConfig networkOptions // {
Private = true;
VirtualEthernet = true;
};
};
};
};
testScript = ''
start_all()
node.wait_for_file("${configFile}")
with subtest("Test for presence of all specified options in config file"):
${grepForOptions execOptions}
${grepForOptions filesOptions}
${grepForOptions networkOptions}
with subtest("Test for absence of misspelled option 'MachineId' (instead of 'MachineID')"):
node.fail("grep --quiet MachineId ${configFile}")
'';
meta.maintainers = [
lib.maintainers.zi3m5f
];
})
|