Merge remote-tracking branch 'origin/master' into staging-next

Conflicts: pkgs/tools/networking/xh/default.nix
2025-07-14 06:00:33 +03:00 · 2021-05-22 18:19:10 -07:00 · 2021-05-22 18:19:10 -07:00 · 11a9ac00fc
commit 11a9ac00fc
parent 563389a7fd 6543c61311
157 changed files with 1479 additions and 591 deletions
--- a/nixos/doc/manual/contributing-to-this-manual.chapter.md
+++ b/nixos/doc/manual/contributing-to-this-manual.chapter.md
@ -0,0 +1,13 @@
+# Contributing to this manual {#chap-contributing}
+
+The DocBook and CommonMark sources of NixOS' manual are in the [nixos/doc/manual](https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual) subdirectory of the [Nixpkgs](https://github.com/NixOS/nixpkgs) repository.
+
+You can quickly check your edits with the following:
+
+```ShellSession
+$ cd /path/to/nixpkgs
+$ ./nixos/doc/manual/md-to-db.sh
+$ nix-build nixos/release.nix -A manual.x86_64-linux
+```
+
+If the build succeeds, the manual will be in `./result/share/doc/nixos/index.html`.
--- a/nixos/doc/manual/contributing-to-this-manual.xml
+++ b/nixos/doc/manual/contributing-to-this-manual.xml
@ -1,22 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xml:id="chap-contributing">
- <title>Contributing to this manual</title>
- <para>
-  The DocBook sources of NixOS' manual are in the <filename
-xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual">
-nixos/doc/manual</filename> subdirectory of the <link
-xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link> repository.
- </para>
- <para>
-  You can quickly check your edits with the following:
- </para>
-<screen>
-<prompt>$ </prompt>cd /path/to/nixpkgs
-<prompt>$ </prompt>nix-build nixos/release.nix -A manual.x86_64-linux
-</screen>
- <para>
-  If the build succeeds, the manual will be in
-  <filename>./result/share/doc/nixos/index.html</filename>.
- </para>
-</chapter>
--- a/nixos/doc/manual/development/building-nixos.chapter.md
+++ b/nixos/doc/manual/development/building-nixos.chapter.md
@ -0,0 +1,18 @@
+# Building Your Own NixOS CD {#sec-building-cd}
+Building a NixOS CD is as easy as configuring your own computer. The idea is to use another module which will replace your `configuration.nix` to configure the system that would be installed on the CD.
+
+Default CD/DVD configurations are available inside `nixos/modules/installer/cd-dvd`
+
+```ShellSession
+$ git clone https://github.com/NixOS/nixpkgs.git
+$ cd nixpkgs/nixos
+$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix
+```
+
+Before burning your CD/DVD, you can check the content of the image by mounting anywhere like suggested by the following command:
+
+```ShellSession
+# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen>
+```
+
+If you want to customize your NixOS CD in more detail, or generate other kinds of images, you might want to check out [nixos-generators](https://github.com/nix-community/nixos-generators). This can also be a good starting point when you want to use Nix to build a 'minimal' image that doesn't include a NixOS installation.
--- a/nixos/doc/manual/development/building-nixos.xml
+++ b/nixos/doc/manual/development/building-nixos.xml
@ -1,33 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-        xmlns:xlink="http://www.w3.org/1999/xlink"
-        xmlns:xi="http://www.w3.org/2001/XInclude"
-        version="5.0"
-        xml:id="sec-building-cd">
- <title>Building Your Own NixOS CD</title>
- <para>
-  Building a NixOS CD is as easy as configuring your own computer. The idea is
-  to use another module which will replace your
-  <filename>configuration.nix</filename> to configure the system that would be
-  installed on the CD.
- </para>
- <para>
-  Default CD/DVD configurations are available inside
-  <filename>nixos/modules/installer/cd-dvd</filename>.
-<screen>
-<prompt>$ </prompt>git clone https://github.com/NixOS/nixpkgs.git
-<prompt>$ </prompt>cd nixpkgs/nixos
-<prompt>$ </prompt>nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix</screen>
- </para>
- <para>
-  Before burning your CD/DVD, you can check the content of the image by
-  mounting anywhere like suggested by the following command:
-<screen>
-<prompt># </prompt>mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen>
- </para>
- <para>
- If you want to customize your NixOS CD in more detail, or generate other kinds
- of images, you might want to check out <link
- xlink:href="https://github.com/nix-community/nixos-generators">nixos-generators</link>. This can also be a good starting point when you want to use Nix to build a
- 'minimal' image that doesn't include a NixOS installation.
- </para>
-</chapter>
--- a/nixos/doc/manual/development/development.xml
+++ b/nixos/doc/manual/development/development.xml
@ -13,7 +13,7 @@
 <xi:include href="writing-modules.xml" />
 <xi:include href="building-parts.xml" />
 <xi:include href="writing-documentation.xml" />
- <xi:include href="building-nixos.xml" />
+ <xi:include href="../from_md/development/building-nixos.chapter.xml" />
 <xi:include href="nixos-tests.xml" />
 <xi:include href="testing-installer.xml" />
 <xi:include href="releases.xml" />
--- a/nixos/doc/manual/from_md/README.md
+++ b/nixos/doc/manual/from_md/README.md
@ -0,0 +1,5 @@
+This directory is temporarily needed while we transition the manual to CommonMark. It stores the output of the ../md-to-db.sh script that converts CommonMark files back to DocBook.
+
+We are choosing to convert the Markdown to DocBook at authoring time instead of manual building time, because we do not want the pandoc toolchain to become part of the NixOS closure.
+
+Do not edit the DocBook files inside this directory or its subdirectories. Instead, edit the corresponding .md file in the normal manual directories, and run ../md-to-db.sh to update the file here.
--- a/nixos/doc/manual/from_md/contributing-to-this-manual.chapter.xml
+++ b/nixos/doc/manual/from_md/contributing-to-this-manual.chapter.xml
@ -0,0 +1,22 @@
+<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="chap-contributing">
+  <title>Contributing to this manual</title>
+  <para>
+    The DocBook and CommonMark sources of NixOS’ manual are in the
+    <link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual">nixos/doc/manual</link>
+    subdirectory of the
+    <link xlink:href="https://github.com/NixOS/nixpkgs">Nixpkgs</link>
+    repository.
+  </para>
+  <para>
+    You can quickly check your edits with the following:
+  </para>
+  <programlisting>
+$ cd /path/to/nixpkgs
+$ ./nixos/doc/manual/md-to-db.sh
+$ nix-build nixos/release.nix -A manual.x86_64-linux
+</programlisting>
+  <para>
+    If the build succeeds, the manual will be in
+    <literal>./result/share/doc/nixos/index.html</literal>.
+  </para>
+</chapter>
--- a/nixos/doc/manual/from_md/development/building-nixos.chapter.xml
+++ b/nixos/doc/manual/from_md/development/building-nixos.chapter.xml
@ -0,0 +1,33 @@
+<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-building-cd">
+  <title>Building Your Own NixOS CD</title>
+  <para>
+    Building a NixOS CD is as easy as configuring your own computer. The
+    idea is to use another module which will replace your
+    <literal>configuration.nix</literal> to configure the system that
+    would be installed on the CD.
+  </para>
+  <para>
+    Default CD/DVD configurations are available inside
+    <literal>nixos/modules/installer/cd-dvd</literal>
+  </para>
+  <programlisting>
+$ git clone https://github.com/NixOS/nixpkgs.git
+$ cd nixpkgs/nixos
+$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix
+</programlisting>
+  <para>
+    Before burning your CD/DVD, you can check the content of the image
+    by mounting anywhere like suggested by the following command:
+  </para>
+  <programlisting>
+# mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso&lt;/screen&gt;
+</programlisting>
+  <para>
+    If you want to customize your NixOS CD in more detail, or generate
+    other kinds of images, you might want to check out
+    <link xlink:href="https://github.com/nix-community/nixos-generators">nixos-generators</link>.
+    This can also be a good starting point when you want to use Nix to
+    build a <quote>minimal</quote> image that doesn’t include a NixOS
+    installation.
+  </para>
+</chapter>
--- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
@ -0,0 +1,15 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="release-21.11">
+  <title>Release 21.11 (<quote>?</quote>, 2021.11/??)</title>
+  <para>
+    In addition to numerous new and upgraded packages, this release has
+    the following highlights:
+  </para>
+  <itemizedlist spacing="compact">
+    <listitem>
+      <para>
+        Support is planned until the end of April 2022, handing over to
+        22.05.
+      </para>
+    </listitem>
+  </itemizedlist>
+</section>
--- a/nixos/doc/manual/manual.xml
+++ b/nixos/doc/manual/manual.xml
@ -19,6 +19,6 @@
  <xi:include href="./generated/options-db.xml"
                xpointer="configuration-variable-list" />
 </appendix>
- <xi:include href="contributing-to-this-manual.xml" />
+ <xi:include href="./from_md/contributing-to-this-manual.chapter.xml" />
 <xi:include href="release-notes/release-notes.xml" />
 </book>
--- a/nixos/doc/manual/md-to-db.sh
+++ b/nixos/doc/manual/md-to-db.sh
@ -0,0 +1,33 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -I nixpkgs=channel:nixpkgs-unstable -i bash -p pandoc
+
+# This script is temporarily needed while we transition the manual to
+# CommonMark. It converts the .md files in the regular manual folder
+# into DocBook files in the from_md folder.
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+pushd $DIR
+
+OUT="$DIR/from_md"
+mapfile -t MD_FILES < <(find . -type f -regex '.*\.md$')
+
+for mf in ${MD_FILES[*]}; do
+  if [ "${mf: -11}" == ".section.md" ]; then
+    mkdir -p $(dirname "$OUT/$mf")
+    pandoc "$mf" -t docbook \
+      --extract-media=media \
+      -f markdown+smart \
+    | cat  > "$OUT/${mf%".section.md"}.section.xml"
+  fi
+
+  if [ "${mf: -11}" == ".chapter.md" ]; then
+    mkdir -p $(dirname "$OUT/$mf")
+    pandoc "$mf" -t docbook \
+      --top-level-division=chapter \
+      --extract-media=media \
+      -f markdown+smart \
+    | cat  > "$OUT/${mf%".chapter.md"}.chapter.xml"
+  fi
+done
+
+popd
--- a/nixos/doc/manual/release-notes/release-notes.xml
+++ b/nixos/doc/manual/release-notes/release-notes.xml
@ -8,6 +8,7 @@
  This section lists the release notes for each stable version of NixOS and
  current unstable revision.
 </para>
+ <xi:include href="../from_md/release-notes/rl-2111.section.xml" />
 <xi:include href="rl-2105.xml" />
 <xi:include href="rl-2009.xml" />
 <xi:include href="rl-2003.xml" />
--- a/nixos/doc/manual/release-notes/rl-2111.section.md
+++ b/nixos/doc/manual/release-notes/rl-2111.section.md
@ -0,0 +1,5 @@
+# Release 21.11 (“?”, 2021.11/??) {#release-21.11}
+
+In addition to numerous new and upgraded packages, this release has the following highlights:
+
+* Support is planned until the end of April 2022, handing over to 22.05.
--- a/nixos/modules/hardware/xpadneo.nix
+++ b/nixos/modules/hardware/xpadneo.nix
@ -24,6 +24,6 @@ in
  };

  meta = {
-    maintainers = with maintainers; [ metadark ];
+    maintainers = with maintainers; [ kira-bruneau ];
  };
 }
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -238,6 +238,7 @@
  ./services/amqp/activemq/default.nix
  ./services/amqp/rabbitmq.nix
  ./services/audio/alsa.nix
+  ./services/audio/botamusique.nix
  ./services/audio/jack.nix
  ./services/audio/icecast.nix
  ./services/audio/jmusicbot.nix
--- a/nixos/modules/programs/bash/undistract-me.nix
+++ b/nixos/modules/programs/bash/undistract-me.nix
@ -31,6 +31,6 @@ in
  };

  meta = {
-    maintainers = with maintainers; [ metadark ];
+    maintainers = with maintainers; [ kira-bruneau ];
  };
 }
--- a/nixos/modules/services/audio/botamusique.nix
+++ b/nixos/modules/services/audio/botamusique.nix
@ -0,0 +1,114 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.botamusique;
+
+  format = pkgs.formats.ini {};
+  configFile = format.generate "botamusique.ini" cfg.settings;
+in
+{
+  meta.maintainers = with lib.maintainers; [ hexa ];
+
+  options.services.botamusique = {
+    enable = mkEnableOption "botamusique, a bot to play audio streams on mumble";
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.botamusique;
+      description = "The botamusique package to use.";
+    };
+
+    settings = mkOption {
+      type = with types; submodule {
+        freeformType = format.type;
+        options = {
+          server.host = mkOption {
+            type = types.str;
+            default = "localhost";
+            example = "mumble.example.com";
+            description = "Hostname of the mumble server to connect to.";
+          };
+
+          server.port = mkOption {
+            type = types.port;
+            default = 64738;
+            description = "Port of the mumble server to connect to.";
+          };
+
+          bot.username = mkOption {
+            type = types.str;
+            default = "botamusique";
+            description = "Name the bot should appear with.";
+          };
+
+          bot.comment = mkOption {
+            type = types.str;
+            default = "Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!";
+            description = "Comment displayed for the bot.";
+          };
+        };
+      };
+      default = {};
+      description = ''
+        Your <filename>configuration.ini</filename> as a Nix attribute set. Look up
+        possible options in the <link xlink:href="https://github.com/azlux/botamusique/blob/master/configuration.example.ini">configuration.example.ini</link>.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.botamusique = {
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      unitConfig.Documentation = "https://github.com/azlux/botamusique/wiki";
+
+      environment.HOME = "/var/lib/botamusique";
+
+      serviceConfig = {
+        ExecStart = "${cfg.package}/bin/botamusique --config ${configFile}";
+        Restart = "always"; # the bot exits when the server connection is lost
+
+        # Hardening
+        CapabilityBoundingSet = [ "" ];
+        DynamicUser = true;
+        IPAddressDeny = [
+          "link-local"
+          "multicast"
+        ];
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        ProcSubset = "pid";
+        PrivateDevices = true;
+        PrivateUsers = true;
+        PrivateTmp = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        ProtectSystem = "strict";
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+        ];
+        StateDirectory = "botamusique";
+        SystemCallArchitectures = "native";
+        SystemCallFilter = [
+          "@system-service"
+          "~@privileged"
+          "~@resources"
+        ];
+        UMask = "0077";
+        WorkingDirectory = "/var/lib/botamusique";
+      };
+    };
+  };
+}
--- a/nixos/modules/services/backup/syncoid.nix
+++ b/nixos/modules/services/backup/syncoid.nix
@ -197,14 +197,14 @@ in {
               ])) (attrValues cfg.commands);
        after = [ "zfs.target" ];
        serviceConfig = {
-          ExecStartPre = (map (pool: lib.escapeShellArgs [
-            "+/run/booted-system/sw/bin/zfs" "allow"
-            cfg.user "hold,send" pool
-          ]) (getPools "source")) ++
-          (map (pool: lib.escapeShellArgs [
-            "+/run/booted-system/sw/bin/zfs" "allow"
-            cfg.user "create,mount,receive,rollback" pool
-          ]) (getPools "target"));
+          ExecStartPre = let
+            allowCmd = permissions: pool: lib.escapeShellArgs [
+              "+/run/booted-system/sw/bin/zfs" "allow"
+              cfg.user (concatStringsSep "," permissions) pool
+            ];
+          in
+            (map (allowCmd [ "hold" "send" "snapshot" "destroy" ]) (getPools "source")) ++
+            (map (allowCmd [ "create" "mount" "receive" "rollback" ]) (getPools "target"));
          User = cfg.user;
          Group = cfg.group;
        };
--- a/nixos/modules/services/misc/matrix-synapse.nix
+++ b/nixos/modules/services/misc/matrix-synapse.nix
@ -699,12 +699,12 @@ in {
    ];

    users.users.matrix-synapse = {
-        group = "matrix-synapse";
-        home = cfg.dataDir;
-        createHome = true;
-        shell = "${pkgs.bash}/bin/bash";
-        uid = config.ids.uids.matrix-synapse;
-      };
+      group = "matrix-synapse";
+      home = cfg.dataDir;
+      createHome = true;
+      shell = "${pkgs.bash}/bin/bash";
+      uid = config.ids.uids.matrix-synapse;
+    };

    users.groups.matrix-synapse = {
      gid = config.ids.gids.matrix-synapse;
@ -726,6 +726,10 @@ in {
        User = "matrix-synapse";
        Group = "matrix-synapse";
        WorkingDirectory = cfg.dataDir;
+        ExecStartPre = [ ("+" + (pkgs.writeShellScript "matrix-synapse-fix-permissions" ''
+          chown matrix-synapse:matrix-synapse ${cfg.dataDir}/homeserver.signing.key
+          chmod 0600 ${cfg.dataDir}/homeserver.signing.key
+        '')) ];
        ExecStart = ''
          ${cfg.package}/bin/homeserver \
            ${ concatMapStringsSep "\n  " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
@ -733,6 +737,7 @@ in {
        '';
        ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
        Restart = "on-failure";
+        UMask = "0077";
      };
    };
  };
--- a/nixos/modules/services/x11/desktop-managers/cinnamon.nix
+++ b/nixos/modules/services/x11/desktop-managers/cinnamon.nix
@ -128,6 +128,7 @@ in
        cinnamon-session
        cinnamon-desktop
        cinnamon-menus
+        cinnamon-translations

        # utils needed by some scripts
        killall
@ -137,6 +138,9 @@ in
        # cinnamon-killer-daemon: provided by cinnamon-common
        gnome.networkmanagerapplet # session requirement - also nm-applet not needed

+        # For a polkit authentication agent
+        polkit_gnome
+
        # packages
        nemo
        cinnamon-control-center
--- a/nixos/modules/services/x11/desktop-managers/plasma5.nix
+++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix
@ -316,6 +316,7 @@ in
        ++ lib.optionals config.hardware.bluetooth.enable [ bluedevil bluez-qt pkgs.openobex pkgs.obexftp ]
        ++ lib.optional config.networking.networkmanager.enable plasma-nm
        ++ lib.optional config.hardware.pulseaudio.enable plasma-pa
+        ++ lib.optional config.services.pipewire.pulse.enable plasma-pa
        ++ lib.optional config.powerManagement.enable powerdevil
        ++ lib.optional config.services.colord.enable pkgs.colord-kde
        ++ lib.optionals config.services.samba.enable [ kdenetwork-filesharing pkgs.samba ]
--- a/nixos/modules/virtualisation/nixos-containers.nix
+++ b/nixos/modules/virtualisation/nixos-containers.nix
@ -428,7 +428,7 @@ let
      extraVeths = {};
      additionalCapabilities = [];
      ephemeral = false;
-      timeoutStartSec = "15s";
+      timeoutStartSec = "1min";
      allowedDevices = [];
      hostAddress = null;
      hostAddress6 = null;
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -47,6 +47,7 @@ in
  boot = handleTestOn ["x86_64-linux"] ./boot.nix {}; # syslinux is unsupported on aarch64
  boot-stage1 = handleTest ./boot-stage1.nix {};
  borgbackup = handleTest ./borgbackup.nix {};
+  botamusique = handleTest ./botamusique.nix {};
  buildbot = handleTest ./buildbot.nix {};
  buildkite-agents = handleTest ./buildkite-agents.nix {};
  caddy = handleTest ./caddy.nix {};
--- a/nixos/tests/botamusique.nix
+++ b/nixos/tests/botamusique.nix
@ -0,0 +1,47 @@
+import ./make-test-python.nix ({ pkgs, lib, ...} :
+
+{
+  name = "botamusique";
+  meta.maintainers = with lib.maintainers; [ hexa ];
+
+  nodes = {
+    machine = { config, ... }: {
+      services.murmur = {
+        enable = true;
+        registerName = "NixOS tests";
+      };
+
+      services.botamusique = {
+        enable = true;
+        settings = {
+          server = {
+            channel = "NixOS tests";
+          };
+          bot = {
+            version = false;
+            auto_check_update = false;
+          };
+        };
+      };
+    };
+  };
+
+  testScript = ''
+    start_all()
+
+    machine.wait_for_unit("murmur.service")
+    machine.wait_for_unit("botamusique.service")
+
+    machine.sleep(10)
+
+    machine.wait_until_succeeds(
+        "journalctl -u murmur.service -e | grep -q '<1:botamusique(-1)> Authenticated'"
+    )
+
+    with subtest("Check systemd hardening"):
+        output = machine.execute("systemctl show botamusique.service")[1]
+        machine.log(output)
+        output = machine.execute("systemd-analyze security botamusique.service")[1]
+        machine.log(output)
+  '';
+})
--- a/nixos/tests/sanoid.nix
+++ b/nixos/tests/sanoid.nix
@ -33,14 +33,22 @@ in {

          autosnap = true;
        };
-        datasets."pool/test".useTemplate = [ "test" ];
+        datasets."pool/sanoid".useTemplate = [ "test" ];
+        extraArgs = [ "--verbose" ];
      };

      services.syncoid = {
        enable = true;
        sshKey = "/var/lib/syncoid/id_ecdsa";
-        commonArgs = [ "--no-sync-snap" ];
-        commands."pool/test".target = "root@target:pool/test";
+        commands = {
+          # Sync snapshot taken by sanoid
+          "pool/sanoid" = {
+            target = "root@target:pool/sanoid";
+            extraArgs = [ "--no-sync-snap" ];
+          };
+          # Take snapshot and sync
+          "pool/syncoid".target = "root@target:pool/syncoid";
+        };
      };
    };
    target = { ... }: {
@ -54,18 +62,19 @@ in {

  testScript = ''
    source.succeed(
-        "mkdir /tmp/mnt",
+        "mkdir /mnt",
        "parted --script /dev/vdb -- mklabel msdos mkpart primary 1024M -1s",
        "udevadm settle",
-        "zpool create pool /dev/vdb1",
-        "zfs create -o mountpoint=legacy pool/test",
-        "mount -t zfs pool/test /tmp/mnt",
+        "zpool create pool -R /mnt /dev/vdb1",
+        "zfs create pool/sanoid",
+        "zfs create pool/syncoid",
        "udevadm settle",
    )
    target.succeed(
+        "mkdir /mnt",
        "parted --script /dev/vdb -- mklabel msdos mkpart primary 1024M -1s",
        "udevadm settle",
-        "zpool create pool /dev/vdb1",
+        "zpool create pool -R /mnt /dev/vdb1",
        "udevadm settle",
    )

@ -76,16 +85,15 @@ in {
        "chown -R syncoid:syncoid /var/lib/syncoid/",
    )

-    source.succeed("touch /tmp/mnt/test.txt")
+    # Take snapshot with sanoid
+    source.succeed("touch /mnt/pool/sanoid/test.txt")
    source.systemctl("start --wait sanoid.service")

+    # Sync snapshots
    target.wait_for_open_port(22)
+    source.succeed("touch /mnt/pool/syncoid/test.txt")
    source.systemctl("start --wait syncoid.service")
-    target.succeed(
-        "mkdir /tmp/mnt",
-        "zfs set mountpoint=legacy pool/test",
-        "mount -t zfs pool/test /tmp/mnt",
-    )
-    target.succeed("cat /tmp/mnt/test.txt")
+    target.succeed("cat /mnt/pool/sanoid/test.txt")
+    target.succeed("cat /mnt/pool/syncoid/test.txt")
  '';
 })