diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2305.section.xml | 9 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 2 | ||||
| -rw-r--r-- | nixos/lib/testing/driver.nix | 4 | ||||
| -rw-r--r-- | nixos/lib/testing/network.nix | 41 | ||||
| -rw-r--r-- | nixos/modules/services/desktops/pipewire/pipewire.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/wpa_supplicant.nix | 14 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/qemu-vm.nix | 32 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/connman.nix | 77 | ||||
| -rw-r--r-- | nixos/tests/networking.nix | 135 | ||||
| -rw-r--r-- | nixos/tests/tracee.nix | 20 |
11 files changed, 190 insertions, 147 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml index 0d80824b28b..eefefa31fd7 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2305.section.xml @@ -783,15 +783,6 @@ been fixed to allow more than one plugin in the path. </para> </listitem> - <listitem> - <para> - A new option was added to the virtualisation module that - enables specifying explicitly named network interfaces in QEMU - VMs. The existing <literal>virtualisation.vlans</literal> is - still supported for cases where the name of the network - interface is irrelevant. - </para> - </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 08ebba1bbc6..14c02a0e8f2 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -198,5 +198,3 @@ In addition to numerous new and upgraded packages, this release has the followin - `nixos-version` now accepts `--configuration-revision` to display more information about the current generation revision - The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path. - -- A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing `virtualisation.vlans` is still supported for cases where the name of the network interface is irrelevant. diff --git a/nixos/lib/testing/driver.nix b/nixos/lib/testing/driver.nix index 2c2ee179fed..fb181c1d7e9 100644 --- a/nixos/lib/testing/driver.nix +++ b/nixos/lib/testing/driver.nix @@ -12,9 +12,7 @@ let }; - vlans = map (m: ( - m.virtualisation.vlans ++ - (lib.mapAttrsToList (_: v: v.vlan) m.virtualisation.interfaces))) (lib.attrValues config.nodes); + vlans = map (m: m.virtualisation.vlans) (lib.attrValues config.nodes); vms = map (m: m.system.build.vm) (lib.attrValues config.nodes); nodeHostNames = diff --git a/nixos/lib/testing/network.nix b/nixos/lib/testing/network.nix index 98a77f918e0..04ea9a2bc9f 100644 --- a/nixos/lib/testing/network.nix +++ b/nixos/lib/testing/network.nix @@ -18,40 +18,24 @@ let networkModule = { config, nodes, pkgs, ... }: let - qemu-common = import ../qemu-common.nix { inherit lib pkgs; }; - - # Convert legacy VLANs to named interfaces and merge with explicit interfaces. - vlansNumbered = forEach (zipLists config.virtualisation.vlans (range 1 255)) (v: { - name = "eth${toString v.snd}"; - vlan = v.fst; - assignIP = true; - }); - explicitInterfaces = lib.mapAttrsToList (n: v: v // { name = n; }) config.virtualisation.interfaces; - interfaces = vlansNumbered ++ explicitInterfaces; - interfacesNumbered = zipLists interfaces (range 1 255); - - # Automatically assign IP addresses to requested interfaces. - assignIPs = lib.filter (i: i.assignIP) interfaces; - ipInterfaces = forEach assignIPs (i: - nameValuePair i.name { ipv4.addresses = - [ { address = "192.168.${toString i.vlan}.${toString config.virtualisation.test.nodeNumber}"; + interfacesNumbered = zipLists config.virtualisation.vlans (range 1 255); + interfaces = forEach interfacesNumbered ({ fst, snd }: + nameValuePair "eth${toString snd}" { + ipv4.addresses = + [{ + address = "192.168.${toString fst}.${toString config.virtualisation.test.nodeNumber}"; prefixLength = 24; }]; }); - qemuOptions = lib.flatten (forEach interfacesNumbered ({ fst, snd }: - qemu-common.qemuNICFlags snd fst.vlan config.virtualisation.test.nodeNumber)); - udevRules = forEach interfacesNumbered ({ fst, snd }: - "SUBSYSTEM==\"net\",ACTION==\"add\",ATTR{address}==\"${qemu-common.qemuNicMac fst.vlan config.virtualisation.test.nodeNumber}\",NAME=\"${fst.name}\""); - networkConfig = { networking.hostName = mkDefault config.virtualisation.test.nodeName; - networking.interfaces = listToAttrs ipInterfaces; + networking.interfaces = listToAttrs interfaces; networking.primaryIPAddress = - optionalString (ipInterfaces != [ ]) (head (head ipInterfaces).value.ipv4.addresses).address; + optionalString (interfaces != [ ]) (head (head interfaces).value.ipv4.addresses).address; # Put the IP addresses of all VMs in this machine's # /etc/hosts file. If a machine has multiple @@ -67,13 +51,16 @@ let "${config.networking.hostName}.${config.networking.domain} " + "${config.networking.hostName}\n")); - virtualisation.qemu.options = qemuOptions; - boot.initrd.services.udev.rules = concatMapStrings (x: x + "\n") udevRules; + virtualisation.qemu.options = + let qemu-common = import ../qemu-common.nix { inherit lib pkgs; }; + in + flip concatMap interfacesNumbered + ({ fst, snd }: qemu-common.qemuNICFlags snd fst config.virtualisation.test.nodeNumber); }; in { - key = "network-interfaces"; + key = "ip-address"; config = networkConfig // { # Expose the networkConfig items for tests like nixops # that need to recreate the network config. diff --git a/nixos/modules/services/desktops/pipewire/pipewire.nix b/nixos/modules/services/desktops/pipewire/pipewire.nix index a4ef88a45ad..09cec9a7910 100644 --- a/nixos/modules/services/desktops/pipewire/pipewire.nix +++ b/nixos/modules/services/desktops/pipewire/pipewire.nix @@ -42,7 +42,7 @@ let in { meta = { - maintainers = teams.freedesktop.members; + maintainers = teams.freedesktop.members ++ [ lib.maintainers.k900 ]; # uses attributes of the linked package buildDocsInSandbox = false; }; diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix index 119575bdddb..0595e9e6df2 100644 --- a/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixos/modules/services/networking/wpa_supplicant.nix @@ -121,11 +121,15 @@ let ''} # substitute environment variables - ${pkgs.gawk}/bin/awk '{ - for(varname in ENVIRON) - gsub("@"varname"@", ENVIRON[varname]) - print - }' "${configFile}" > "${finalConfig}" + if [ -f "${configFile}" ]; then + ${pkgs.gawk}/bin/awk '{ + for(varname in ENVIRON) + gsub("@"varname"@", ENVIRON[varname]) + print + }' "${configFile}" > "${finalConfig}" + else + touch "${finalConfig}" + fi iface_args="-s ${optionalString cfg.dbusControlled "-u"} -D${cfg.driver} ${configStr}" diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 933a9c539e4..06210529eb8 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -545,8 +545,7 @@ in virtualisation.vlans = mkOption { type = types.listOf types.ints.unsigned; - default = if config.virtualisation.interfaces == {} then [ 1 ] else [ ]; - defaultText = lib.literalExpression ''if config.virtualisation.interfaces == {} then [ 1 ] else [ ]''; + default = [ 1 ]; example = [ 1 2 ]; description = lib.mdDoc '' @@ -561,35 +560,6 @@ in ''; }; - virtualisation.interfaces = mkOption { - default = {}; - example = { - enp1s0.vlan = 1; - }; - description = lib.mdDoc '' - Network interfaces to add to the VM. - ''; - type = with types; attrsOf (submodule { - options = { - vlan = mkOption { - type = types.ints.unsigned; - description = lib.mdDoc '' - VLAN to which the network interface is connected. - ''; - }; - - assignIP = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Automatically assign an IP address to the network interface using the same scheme as - virtualisation.vlans. - ''; - }; - }; - }); - }; - virtualisation.writableStore = mkOption { type = types.bool; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 12e386f1c2d..b4bd8ef3e0f 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -135,6 +135,7 @@ in { cntr = handleTestOn ["aarch64-linux" "x86_64-linux"] ./cntr.nix {}; cockroachdb = handleTestOn ["x86_64-linux"] ./cockroachdb.nix {}; collectd = handleTest ./collectd.nix {}; + connman = handleTest ./connman.nix {}; consul = handleTest ./consul.nix {}; containers-bridge = handleTest ./containers-bridge.nix {}; containers-custom-pkgs.nix = handleTest ./containers-custom-pkgs.nix {}; diff --git a/nixos/tests/connman.nix b/nixos/tests/connman.nix new file mode 100644 index 00000000000..348b2a895a6 --- /dev/null +++ b/nixos/tests/connman.nix @@ -0,0 +1,77 @@ +import ./make-test-python.nix ({ pkgs, lib, ...}: +{ + name = "connman"; + meta = with lib.maintainers; { + maintainers = [ rnhmjoj ]; + }; + + # Router running radvd on VLAN 1 + nodes.router = { ... }: { + imports = [ ../modules/profiles/minimal.nix ]; + + virtualisation.vlans = [ 1 ]; + + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; + + networking = { + useDHCP = false; + interfaces.eth1.ipv6.addresses = + [ { address = "fd12::1"; prefixLength = 64; } ]; + }; + + services.radvd = { + enable = true; + config = '' + interface eth1 { + AdvSendAdvert on; + AdvManagedFlag on; + AdvOtherConfigFlag on; + prefix fd12::/64 { + AdvAutonomous off; + }; + }; + ''; + }; + }; + + # Client running connman, connected to VLAN 1 + nodes.client = { ... }: { + virtualisation.vlans = [ 1 ]; + + # add a virtual wlan interface + boot.kernelModules = [ "mac80211_hwsim" ]; + boot.extraModprobeConfig = '' + options mac80211_hwsim radios=1 + ''; + + # Note: the overrides are needed because the wifi is + # disabled with mkVMOverride in qemu-vm.nix. + services.connman.enable = lib.mkOverride 0 true; + services.connman.networkInterfaceBlacklist = [ "eth0" ]; + networking.wireless.enable = lib.mkOverride 0 true; + networking.wireless.interfaces = [ "wlan0" ]; + }; + + testScript = + '' + start_all() + + with subtest("Router is ready"): + router.wait_for_unit("radvd.service") + + with subtest("Daemons are running"): + client.wait_for_unit("wpa_supplicant-wlan0.service") + client.wait_for_unit("connman.service") + client.wait_until_succeeds("connmanctl state | grep -q ready") + + with subtest("Wired interface is configured"): + client.wait_until_succeeds("ip -6 route | grep -q fd12::/64") + client.wait_until_succeeds("ping -c 1 fd12::1") + + with subtest("Can set up a wireless access point"): + client.succeed("connmanctl enable wifi") + client.wait_until_succeeds("connmanctl tether wifi on nixos-test reproducibility | grep -q 'Enabled'") + client.wait_until_succeeds("iw wlan0 info | grep -q nixos-test") + ''; +}) + diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index c720c8068c8..441d258afc0 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -93,19 +93,18 @@ let name = "Static"; nodes.router = router; nodes.client = { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; - virtualisation.interfaces.enp2s0.vlan = 2; + virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; useDHCP = false; defaultGateway = "192.168.1.1"; defaultGateway6 = "fd00:1234:5678:1::1"; - interfaces.enp1s0.ipv4.addresses = [ + interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } { address = "192.168.1.3"; prefixLength = 32; } { address = "192.168.1.10"; prefixLength = 32; } ]; - interfaces.enp2s0.ipv4.addresses = [ + interfaces.eth2.ipv4.addresses = mkOverride 0 [ { address = "192.168.2.2"; prefixLength = 24; } ]; }; @@ -171,12 +170,12 @@ let # Disable test driver default config networking.interfaces = lib.mkForce {}; networking.useNetworkd = networkd; - virtualisation.interfaces.enp1s0.vlan = 1; + virtualisation.vlans = [ 1 ]; }; testScript = '' start_all() client.wait_for_unit("multi-user.target") - client.wait_until_succeeds("ip addr show dev enp1s0 | grep '192.168.1'") + client.wait_until_succeeds("ip addr show dev eth1 | grep '192.168.1'") client.shell_interact() client.succeed("ping -c 1 192.168.1.1") router.succeed("ping -c 1 192.168.1.1") @@ -188,13 +187,20 @@ let name = "SimpleDHCP"; nodes.router = router; nodes.client = { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; - virtualisation.interfaces.enp2s0.vlan = 2; + virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; useDHCP = false; - interfaces.enp1s0.useDHCP = true; - interfaces.enp2s0.useDHCP = true; + interfaces.eth1 = { + ipv4.addresses = mkOverride 0 [ ]; + ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; + }; + interfaces.eth2 = { + ipv4.addresses = mkOverride 0 [ ]; + ipv6.addresses = mkOverride 0 [ ]; + useDHCP = true; + }; }; }; testScript = { ... }: @@ -205,10 +211,10 @@ let router.wait_for_unit("network-online.target") with subtest("Wait until we have an ip address on each interface"): - client.wait_until_succeeds("ip addr show dev enp1s0 | grep -q '192.168.1'") - client.wait_until_succeeds("ip addr show dev enp1s0 | grep -q 'fd00:1234:5678:1:'") - client.wait_until_succeeds("ip addr show dev enp2s0 | grep -q '192.168.2'") - client.wait_until_succeeds("ip addr show dev enp2s0 | grep -q 'fd00:1234:5678:2:'") + client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'") + client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'") + client.wait_until_succeeds("ip addr show dev eth2 | grep -q '192.168.2'") + client.wait_until_succeeds("ip addr show dev eth2 | grep -q 'fd00:1234:5678:2:'") with subtest("Test vlan 1"): client.wait_until_succeeds("ping -c 1 192.168.1.1") @@ -237,15 +243,16 @@ let name = "OneInterfaceDHCP"; nodes.router = router; nodes.client = { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; - virtualisation.interfaces.enp2s0.vlan = 2; + virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; useDHCP = false; - interfaces.enp1s0 = { + interfaces.eth1 = { + ipv4.addresses = mkOverride 0 [ ]; mtu = 1343; useDHCP = true; }; + interfaces.eth2.ipv4.addresses = mkOverride 0 [ ]; }; }; testScript = { ... }: @@ -257,10 +264,10 @@ let router.wait_for_unit("network.target") with subtest("Wait until we have an ip address on each interface"): - client.wait_until_succeeds("ip addr show dev enp1s0 | grep -q '192.168.1'") + client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'") with subtest("ensure MTU is set"): - assert "mtu 1343" in client.succeed("ip link show dev enp1s0") + assert "mtu 1343" in client.succeed("ip link show dev eth1") with subtest("Test vlan 1"): client.wait_until_succeeds("ping -c 1 192.168.1.1") @@ -279,15 +286,16 @@ let }; bond = let node = address: { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; - virtualisation.interfaces.enp2s0.vlan = 2; + virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; useDHCP = false; bonds.bond0 = { - interfaces = [ "enp1s0" "enp2s0" ]; + interfaces = [ "eth1" "eth2" ]; driverOptions.mode = "802.3ad"; }; + interfaces.eth1.ipv4.addresses = mkOverride 0 [ ]; + interfaces.eth2.ipv4.addresses = mkOverride 0 [ ]; interfaces.bond0.ipv4.addresses = mkOverride 0 [ { inherit address; prefixLength = 30; } ]; }; @@ -318,11 +326,12 @@ let }; bridge = let node = { address, vlan }: { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = vlan; + virtualisation.vlans = [ vlan ]; networking = { useNetworkd = networkd; useDHCP = false; - interfaces.enp1s0.ipv4.addresses = [ { inherit address; prefixLength = 24; } ]; + interfaces.eth1.ipv4.addresses = mkOverride 0 + [ { inherit address; prefixLength = 24; } ]; }; }; in { @@ -330,12 +339,11 @@ let nodes.client1 = node { address = "192.168.1.2"; vlan = 1; }; nodes.client2 = node { address = "192.168.1.3"; vlan = 2; }; nodes.router = { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; - virtualisation.interfaces.enp2s0.vlan = 2; + virtualisation.vlans = [ 1 2 ]; networking = { useNetworkd = networkd; useDHCP = false; - bridges.bridge.interfaces = [ "enp1s0" "enp2s0" ]; + bridges.bridge.interfaces = [ "eth1" "eth2" ]; interfaces.eth1.ipv4.addresses = mkOverride 0 [ ]; interfaces.eth2.ipv4.addresses = mkOverride 0 [ ]; interfaces.bridge.ipv4.addresses = mkOverride 0 @@ -369,7 +377,7 @@ let nodes.router = router; nodes.client = { pkgs, ... }: with pkgs.lib; { environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules - virtualisation.interfaces.enp1s0.vlan = 1; + virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; useDHCP = false; @@ -377,9 +385,14 @@ let # reverse path filtering rules for the macvlan interface seem # to be incorrect, causing the test to fail. Disable temporarily. firewall.checkReversePath = false; - macvlans.macvlan.interface = "enp1s0"; - interfaces.enp1s0.useDHCP = true; - interfaces.macvlan.useDHCP = true; + macvlans.macvlan.interface = "eth1"; + interfaces.eth1 = { + ipv4.addresses = mkOverride 0 [ ]; + useDHCP = true; + }; + interfaces.macvlan = { + useDHCP = true; + }; }; }; testScript = { ... }: @@ -391,7 +404,7 @@ let router.wait_for_unit("network.target") with subtest("Wait until we have an ip address on each interface"): - client.wait_until_succeeds("ip addr show dev enp1s0 | grep -q '192.168.1'") + client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'") client.wait_until_succeeds("ip addr show dev macvlan | grep -q '192.168.1'") with subtest("Print lots of diagnostic information"): @@ -418,22 +431,23 @@ let fou = { name = "foo-over-udp"; nodes.machine = { ... }: { - virtualisation.interfaces.enp1s0.vlan = 1; + virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; useDHCP = false; - interfaces.enp1s0.ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ]; + interfaces.eth1.ipv4.addresses = mkOverride 0 + [ { address = "192.168.1.1"; prefixLength = 24; } ]; fooOverUDP = { fou1 = { port = 9001; }; fou2 = { port = 9002; protocol = 41; }; fou3 = mkIf (!networkd) { port = 9003; local.address = "192.168.1.1"; }; fou4 = mkIf (!networkd) - { port = 9004; local = { address = "192.168.1.1"; dev = "enp1s0"; }; }; + { port = 9004; local = { address = "192.168.1.1"; dev = "eth1"; }; }; }; }; systemd.services = { - fou3-fou-encap.after = optional (!networkd) "network-addresses-enp1s0.service"; + fou3-fou-encap.after = optional (!networkd) "network-addresses-eth1.service"; }; }; testScript = { ... }: @@ -456,20 +470,20 @@ let "gue": None, "family": "inet", "local": "192.168.1.1", - "dev": "enp1s0", + "dev": "eth1", } in fous, "fou4 exists" ''; }; sit = let node = { address4, remote, address6 }: { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; + virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; useDHCP = false; sits.sit = { inherit remote; local = address4; - dev = "enp1s0"; + dev = "eth1"; }; interfaces.eth1.ipv4.addresses = mkOverride 0 [ { address = address4; prefixLength = 24; } ]; @@ -671,10 +685,10 @@ let vlan-ping = let baseIP = number: "10.10.10.${number}"; vlanIP = number: "10.1.1.${number}"; - baseInterface = "enp1s0"; + baseInterface = "eth1"; vlanInterface = "vlan42"; node = number: {pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; + virtualisation.vlans = [ 1 ]; networking = { #useNetworkd = networkd; useDHCP = false; @@ -771,12 +785,12 @@ let privacy = { name = "Privacy"; nodes.router = { ... }: { - virtualisation.interfaces.enp1s0.vlan = 1; + virtualisation.vlans = [ 1 ]; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; networking = { useNetworkd = networkd; useDHCP = false; - interfaces.enp1s0.ipv6.addresses = singleton { + interfaces.eth1.ipv6.addresses = singleton { address = "fd00:1234:5678:1::1"; prefixLength = 64; }; @@ -798,11 +812,11 @@ let }; }; nodes.client_with_privacy = { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; + virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; useDHCP = false; - interfaces.enp1s0 = { + interfaces.eth1 = { tempAddress = "default"; ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; @@ -811,11 +825,11 @@ let }; }; nodes.client = { pkgs, ... }: with pkgs.lib; { - virtualisation.interfaces.enp1s0.vlan = 1; + virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; useDHCP = false; - interfaces.enp1s0 = { + interfaces.eth1 = { tempAddress = "enabled"; ipv4.addresses = mkOverride 0 [ ]; ipv6.addresses = mkOverride 0 [ ]; @@ -833,9 +847,9 @@ let with subtest("Wait until we have an ip address"): client_with_privacy.wait_until_succeeds( - "ip addr show dev enp1s0 | grep -q 'fd00:1234:5678:1:'" + "ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'" ) - client.wait_until_succeeds("ip addr show dev enp1s0 | grep -q 'fd00:1234:5678:1:'") + client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'") with subtest("Test vlan 1"): client_with_privacy.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1") @@ -933,7 +947,7 @@ let ), "The IPv6 routing table has not been properly cleaned:\n{}".format(ipv6Residue) ''; }; - rename = if networkd then { + rename = { name = "RenameInterface"; nodes.machine = { pkgs, ... }: { virtualisation.vlans = [ 1 ]; @@ -941,20 +955,23 @@ let useNetworkd = networkd; useDHCP = false; }; - systemd.network.links."10-custom_name" = { - matchConfig.MACAddress = "52:54:00:12:01:01"; - linkConfig.Name = "custom_name"; - }; - }; + } // + (if networkd + then { systemd.network.links."10-custom_name" = { + matchConfig.MACAddress = "52:54:00:12:01:01"; + linkConfig.Name = "custom_name"; + }; + } + else { boot.initrd.services.udev.rules = '' + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="custom_name" + ''; + }); testScript = '' machine.succeed("udevadm settle") print(machine.succeed("ip link show dev custom_name")) ''; - } else { - name = "RenameInterface"; - nodes = { }; - testScript = ""; }; + nodes = { }; # even with disabled networkd, systemd.network.links should work # (as it's handled by udev, not networkd) link = { diff --git a/nixos/tests/tracee.nix b/nixos/tests/tracee.nix index 6ef7e5342be..1e0249056fe 100644 --- a/nixos/tests/tracee.nix +++ b/nixos/tests/tracee.nix @@ -11,19 +11,19 @@ import ./make-test-python.nix ({ pkgs, ... }: { # build the go integration tests as a binary (pkgs.tracee.overrideAttrs (oa: { pname = oa.pname + "-integration"; - patches = oa.patches or [] ++ [ - # change the prefix from /usr/bin to /run to find nix processes - ../../pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch - ]; + postPatch = oa.postPatch or "" + '' + # prepare tester.sh + patchShebangs tests/integration/tester.sh + # fix the test to look at nixos paths for running programs + substituteInPlace tests/integration/integration_test.go \ + --replace "/usr/bin" "/run" + ''; + nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ pkgs.makeWrapper ]; buildPhase = '' runHook preBuild # just build the static lib we need for the go test binary make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core ./dist/btfhub - # remove the /usr/bin prefix to work with the patch above - substituteInPlace tests/integration/integration_test.go \ - --replace "/usr/bin/ls" "ls" - # then compile the tests to be ran later CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/... runHook postBuild @@ -31,7 +31,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { doCheck = false; installPhase = '' mkdir -p $out/bin - cp $GOPATH/tracee-integration $out/bin + mv $GOPATH/tracee-integration $out/bin/ ''; doInstallCheck = false; })) @@ -44,6 +44,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { # EventFilters/trace_only_events_from_new_containers also requires a container called "alpine" machine.succeed('tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - alpine --change ENTRYPOINT=sleep') - print(machine.succeed('TRC_BIN="${pkgs.tracee}" tracee-integration -test.v')) + print(machine.succeed('tracee-integration -test.v')) ''; }) |