lix/tests/nixos/containers/containers.nix

# Test whether we can run a NixOS container inside a Nix build using systemd-nspawn.
{ lib, nixpkgs, ... }:

{
  name = "containers";

  nodes =
    {
      host =
        { config, lib, pkgs, nodes, ... }:
        { virtualisation.writableStore = true;
          virtualisation.diskSize = 2048;
          virtualisation.additionalPaths =
            [ pkgs.stdenvNoCC
              (import ./systemd-nspawn.nix { inherit nixpkgs; }).toplevel
            ];
          virtualisation.memorySize = 4096;
          nix.settings.substituters = lib.mkForce [ ];
          nix.extraOptions =
            ''
              extra-experimental-features = nix-command auto-allocate-uids cgroups
              extra-system-features = uid-range
            '';
          nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
        };
    };

  testScript = { nodes }: ''
    start_all()

    host.succeed("nix --version >&2")

    # Test that 'id' gives the expected result in various configurations.

    # Existing UIDs, sandbox.
    host.succeed("nix build -v --no-auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-1")
    host.succeed("[[ $(cat ./result) = 'uid=1000(nixbld) gid=100(nixbld) groups=100(nixbld)' ]]")

    # Existing UIDs, no sandbox.
    host.succeed("nix build -v --no-auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-2")
    host.succeed("[[ $(cat ./result) = 'uid=30001(nixbld1) gid=30000(nixbld) groups=30000(nixbld)' ]]")

    # Auto-allocated UIDs, sandbox.
    host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-3")
    host.succeed("[[ $(cat ./result) = 'uid=1000(nixbld) gid=100(nixbld) groups=100(nixbld)' ]]")

    # Auto-allocated UIDs, no sandbox.
    host.succeed("nix build -v --auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-4")
    host.succeed("[[ $(cat ./result) = 'uid=872415232 gid=30000(nixbld) groups=30000(nixbld)' ]]")

    # Auto-allocated UIDs, UID range, sandbox.
    host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-5 --arg uidRange true")
    host.succeed("[[ $(cat ./result) = 'uid=0(root) gid=0(root) groups=0(root)' ]]")

    # Auto-allocated UIDs, UID range, no sandbox.
    host.fail("nix build -v --auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-6 --arg uidRange true")

    # Run systemd-nspawn in a Nix build.
    host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./systemd-nspawn.nix} --argstr nixpkgs ${nixpkgs}")
    host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")
  '';

}
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`# Test whether we can run a NixOS container inside a Nix build using systemd-nspawn.`
Use the official, documented NixOS runTest interface 2023-01-20 14:32:31 +00:00			`{ lib, nixpkgs, ... }:`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00
Use the official, documented NixOS runTest interface 2023-01-20 14:32:31 +00:00			`{`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`name = "containers";`

			`nodes =`
			`{`
			`host =`
			`{ config, lib, pkgs, nodes, ... }:`
			`{ virtualisation.writableStore = true;`
			`virtualisation.diskSize = 2048;`
			`virtualisation.additionalPaths =`
tests: fix for nixpkgs 22.11 runCommand now uses stdenvNoCC by default, so that needs to be included instead of the regular stdenv. 2023-01-08 13:38:34 +00:00			`[ pkgs.stdenvNoCC`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`(import ./systemd-nspawn.nix { inherit nixpkgs; }).toplevel`
			`];`
			`virtualisation.memorySize = 4096;`
tests: switch to non-deprecated nix.settings.* module parameters Without the change checks issue the fllowing warning: $ nix flake check trace: warning: The option `nix.useSandbox' defined in `makeTest parameters' has been renamed to `nix.settings.sandbox'. trace: warning: The option `nix.useSandbox' defined in `makeTest parameters' has been renamed to `nix.settings.sandbox'. trace: warning: The option `nix.maxJobs' defined in `makeTest parameters' has been renamed to `nix.settings.max-jobs'. ... 2022-12-24 09:14:09 +00:00			`nix.settings.substituters = lib.mkForce [ ];`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`nix.extraOptions =`
			`''`
Add a setting for enabling cgroups 2022-11-28 20:54:02 +00:00			`extra-experimental-features = nix-command auto-allocate-uids cgroups`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`extra-system-features = uid-range`
			`'';`
			`nix.nixPath = [ "nixpkgs=${nixpkgs}" ];`
			`};`
			`};`

			`testScript = { nodes }: ''`
			`start_all()`

			`host.succeed("nix --version >&2")`

			`# Test that 'id' gives the expected result in various configurations.`

			`# Existing UIDs, sandbox.`
tests: fix for nixpkgs 22.11 runCommand now uses stdenvNoCC by default, so that needs to be included instead of the regular stdenv. 2023-01-08 13:38:34 +00:00			`host.succeed("nix build -v --no-auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-1")`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`host.succeed("[[ $(cat ./result) = 'uid=1000(nixbld) gid=100(nixbld) groups=100(nixbld)' ]]")`

			`# Existing UIDs, no sandbox.`
tests: fix for nixpkgs 22.11 runCommand now uses stdenvNoCC by default, so that needs to be included instead of the regular stdenv. 2023-01-08 13:38:34 +00:00			`host.succeed("nix build -v --no-auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-2")`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`host.succeed("[[ $(cat ./result) = 'uid=30001(nixbld1) gid=30000(nixbld) groups=30000(nixbld)' ]]")`

			`# Auto-allocated UIDs, sandbox.`
tests: fix for nixpkgs 22.11 runCommand now uses stdenvNoCC by default, so that needs to be included instead of the regular stdenv. 2023-01-08 13:38:34 +00:00			`host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-3")`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`host.succeed("[[ $(cat ./result) = 'uid=1000(nixbld) gid=100(nixbld) groups=100(nixbld)' ]]")`

			`# Auto-allocated UIDs, no sandbox.`
tests: fix for nixpkgs 22.11 runCommand now uses stdenvNoCC by default, so that needs to be included instead of the regular stdenv. 2023-01-08 13:38:34 +00:00			`host.succeed("nix build -v --auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-4")`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`host.succeed("[[ $(cat ./result) = 'uid=872415232 gid=30000(nixbld) groups=30000(nixbld)' ]]")`

			`# Auto-allocated UIDs, UID range, sandbox.`
tests: fix for nixpkgs 22.11 runCommand now uses stdenvNoCC by default, so that needs to be included instead of the regular stdenv. 2023-01-08 13:38:34 +00:00			`host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-5 --arg uidRange true")`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`host.succeed("[[ $(cat ./result) = 'uid=0(root) gid=0(root) groups=0(root)' ]]")`

			`# Auto-allocated UIDs, UID range, no sandbox.`
tests: fix for nixpkgs 22.11 runCommand now uses stdenvNoCC by default, so that needs to be included instead of the regular stdenv. 2023-01-08 13:38:34 +00:00			`host.fail("nix build -v --auto-allocate-uids --no-sandbox -L --offline --impure --file ${./id-test.nix} --argstr name id-test-6 --arg uidRange true")`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00
			`# Run systemd-nspawn in a Nix build.`
Re-enable systemd-nspawn test It was disabled in c6953d1ff62fb6dc4fbd89c03e7949c552c19382 because a recent Nixpkgs bump brought in a new systemd which changed how systemd-nspawn worked. As far as I can tell, the issue was caused by this upstream systemd commit: https://github.com/systemd/systemd/commit/b71a0192c040f585397cfc6fc2ca025bf839733d Bind-mounting the host's `/sys` and `/proc` into the container's `/run/host/{sys,proc}` fixes the issue and allows the test to succeed. (cherry picked from commit 883092e3f78d4efb1066a2e24e343b307035a04c) 2023-09-20 16:09:01 +00:00			`host.succeed("nix build -v --auto-allocate-uids --sandbox -L --offline --impure --file ${./systemd-nspawn.nix} --argstr nixpkgs ${nixpkgs}")`
			`host.succeed("[[ $(cat ./result/msg) = 'Hello World' ]]")`
Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 15:38:34 +00:00			`'';`

Use the official, documented NixOS runTest interface 2023-01-20 14:32:31 +00:00			`}`