nixos/tests/systemd-nspawn-configfile.nix

   1 import ./make-test-python.nix (
   2   { lib, ... }:
   3   let
   4     execOptions = [
   5       "Boot"
   6       "ProcessTwo"
   7       "Parameters"
   8       "Environment"
   9       "User"
  10       "WorkingDirectory"
  11       "PivotRoot"
  12       "Capability"
  13       "DropCapability"
  14       "NoNewPrivileges"
  15       "KillSignal"
  16       "Personality"
  17       "MachineID"
  18       "PrivateUsers"
  19       "NotifyReady"
  20       "SystemCallFilter"
  21       "LimitCPU"
  22       "LimitFSIZE"
  23       "LimitDATA"
  24       "LimitSTACK"
  25       "LimitCORE"
  26       "LimitRSS"
  27       "LimitNOFILE"
  28       "LimitAS"
  29       "LimitNPROC"
  30       "LimitMEMLOCK"
  31       "LimitLOCKS"
  32       "LimitSIGPENDING"
  33       "LimitMSGQUEUE"
  34       "LimitNICE"
  35       "LimitRTPRIO"
  36       "LimitRTTIME"
  37       "OOMScoreAdjust"
  38       "CPUAffinity"
  39       "Hostname"
  40       "ResolvConf"
  41       "Timezone"
  42       "LinkJournal"
  43       "Ephemeral"
  44       "AmbientCapability"
  45     ];
  46
  47     filesOptions = [
  48       "ReadOnly"
  49       "Volatile"
  50       "Bind"
  51       "BindReadOnly"
  52       "TemporaryFileSystem"
  53       "Overlay"
  54       "OverlayReadOnly"
  55       "PrivateUsersChown"
  56       "BindUser"
  57       "Inaccessible"
  58       "PrivateUsersOwnership"
  59     ];
  60
  61     networkOptions = [
  62       "Private"
  63       "VirtualEthernet"
  64       "VirtualEthernetExtra"
  65       "Interface"
  66       "MACVLAN"
  67       "IPVLAN"
  68       "Bridge"
  69       "Zone"
  70       "Port"
  71     ];
  72
  73     optionsToConfig = opts: builtins.listToAttrs (map (n: lib.nameValuePair n "testdata") opts);
  74
  75     grepForOptions = opts: ''
  76       node.succeed(
  77           "for o in ${builtins.concatStringsSep " " opts} ; do grep --quiet $o ${configFile} || exit 1 ; done"
  78         )'';
  79
  80     unitName = "options-test";
  81     configFile = "/etc/systemd/nspawn/${unitName}.nspawn";
  82
  83   in
  84   {
  85     name = "systemd-nspawn-configfile";
  86
  87     nodes = {
  88       node =
  89         { pkgs, ... }:
  90         {
  91           systemd.nspawn."${unitName}" = {
  92             enable = true;
  93
  94             execConfig = optionsToConfig execOptions // {
  95               Boot = true;
  96               ProcessTwo = true;
  97               NotifyReady = true;
  98             };
  99
 100             filesConfig = optionsToConfig filesOptions // {
 101               ReadOnly = true;
 102               Volatile = "state";
 103               PrivateUsersChown = true;
 104               PrivateUsersOwnership = "auto";
 105             };
 106
 107             networkConfig = optionsToConfig networkOptions // {
 108               Private = true;
 109               VirtualEthernet = true;
 110             };
 111           };
 112         };
 113     };
 114
 115     testScript = ''
 116       start_all()
 117
 118       node.wait_for_file("${configFile}")
 119
 120       with subtest("Test for presence of all specified options in config file"):
 121         ${grepForOptions execOptions}
 122         ${grepForOptions filesOptions}
 123         ${grepForOptions networkOptions}
 124
 125       with subtest("Test for absence of misspelled option 'MachineId' (instead of 'MachineID')"):
 126         node.fail("grep --quiet MachineId ${configFile}")
 127     '';
 128
 129     meta.maintainers = [
 130       lib.maintainers.zi3m5f
 131     ];
 132   }
 133 )