nixos/tests/systemd-nspawn-configfile.nix

   1 import ./make-test-python.nix ({ lib, ... }:
   2 let
   3   execOptions = [
   4     "Boot"
   5     "ProcessTwo"
   6     "Parameters"
   7     "Environment"
   8     "User"
   9     "WorkingDirectory"
  10     "PivotRoot"
  11     "Capability"
  12     "DropCapability"
  13     "NoNewPrivileges"
  14     "KillSignal"
  15     "Personality"
  16     "MachineID"
  17     "PrivateUsers"
  18     "NotifyReady"
  19     "SystemCallFilter"
  20     "LimitCPU"
  21     "LimitFSIZE"
  22     "LimitDATA"
  23     "LimitSTACK"
  24     "LimitCORE"
  25     "LimitRSS"
  26     "LimitNOFILE"
  27     "LimitAS"
  28     "LimitNPROC"
  29     "LimitMEMLOCK"
  30     "LimitLOCKS"
  31     "LimitSIGPENDING"
  32     "LimitMSGQUEUE"
  33     "LimitNICE"
  34     "LimitRTPRIO"
  35     "LimitRTTIME"
  36     "OOMScoreAdjust"
  37     "CPUAffinity"
  38     "Hostname"
  39     "ResolvConf"
  40     "Timezone"
  41     "LinkJournal"
  42     "Ephemeral"
  43     "AmbientCapability"
  44   ];
  45
  46   filesOptions = [
  47     "ReadOnly"
  48     "Volatile"
  49     "Bind"
  50     "BindReadOnly"
  51     "TemporaryFileSystem"
  52     "Overlay"
  53     "OverlayReadOnly"
  54     "PrivateUsersChown"
  55     "BindUser"
  56     "Inaccessible"
  57     "PrivateUsersOwnership"
  58   ];
  59
  60   networkOptions = [
  61     "Private"
  62     "VirtualEthernet"
  63     "VirtualEthernetExtra"
  64     "Interface"
  65     "MACVLAN"
  66     "IPVLAN"
  67     "Bridge"
  68     "Zone"
  69     "Port"
  70   ];
  71
  72   optionsToConfig = opts: builtins.listToAttrs (map (n: lib.nameValuePair n "testdata") opts);
  73
  74   grepForOptions = opts: ''node.succeed(
  75     "for o in ${builtins.concatStringsSep " " opts} ; do grep --quiet $o ${configFile} || exit 1 ; done"
  76   )'';
  77
  78   unitName = "options-test";
  79   configFile = "/etc/systemd/nspawn/${unitName}.nspawn";
  80
  81 in
  82 {
  83   name = "systemd-nspawn-configfile";
  84
  85   nodes = {
  86     node = { pkgs, ... }: {
  87       systemd.nspawn."${unitName}" = {
  88         enable = true;
  89
  90         execConfig = optionsToConfig execOptions // {
  91           Boot = true;
  92           ProcessTwo = true;
  93           NotifyReady = true;
  94         };
  95
  96         filesConfig = optionsToConfig filesOptions // {
  97           ReadOnly = true;
  98           Volatile = "state";
  99           PrivateUsersChown = true;
 100           PrivateUsersOwnership = "auto";
 101         };
 102
 103         networkConfig = optionsToConfig networkOptions // {
 104           Private = true;
 105           VirtualEthernet = true;
 106         };
 107       };
 108     };
 109   };
 110
 111   testScript = ''
 112     start_all()
 113
 114     node.wait_for_file("${configFile}")
 115
 116     with subtest("Test for presence of all specified options in config file"):
 117       ${grepForOptions execOptions}
 118       ${grepForOptions filesOptions}
 119       ${grepForOptions networkOptions}
 120
 121     with subtest("Test for absence of misspelled option 'MachineId' (instead of 'MachineID')"):
 122       node.fail("grep --quiet MachineId ${configFile}")
 123   '';
 124
 125   meta.maintainers = [
 126     lib.maintainers.zi3m5f
 127   ];
 128 })