nixos/test-driver: add backdoor based on systemd-ssh-proxy & AF_VSOCK

With this it's possible to trivially SSH into running machines from the test-driver. This is especially useful when running VM tests interactively on a remote system. This is based on `systemd-ssh-proxy(1)`, so there's no need to configure any additional networking on the host-side. Suggested-by: Ryan Lahfa <masterancpp@gmail.com>
2025-06-10 03:23:29 +03:00 · 2025-03-21 17:14:23 +00:00 · 2025-03-21 17:14:23 +00:00 · 1bd8073958
commit 1bd8073958
parent cb74a2a15e
4 changed files with 73 additions and 4 deletions
--- a/nixos/lib/testing/nodes.nix
+++ b/nixos/lib/testing/nodes.nix
@ -13,6 +13,7 @@ let
    mapAttrs
    mkDefault
    mkIf
+    mkMerge
    mkOption
    mkForce
    optional
@ -77,6 +78,14 @@ in
 {

  options = {
+    sshBackdoor = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = "Whether to turn on the vsock-based SSH backdoor for all VMs.";
+      };
+    };
+
    node.type = mkOption {
      type = types.raw;
      default = baseOS.type;
@ -172,10 +181,15 @@ in

    passthru.nodes = config.nodesCompat;

-    defaults = mkIf config.node.pkgsReadOnly {
-      nixpkgs.pkgs = config.node.pkgs;
-      imports = [ ../../modules/misc/nixpkgs/read-only.nix ];
-    };
+    defaults = mkMerge [
+      (mkIf config.node.pkgsReadOnly {
+        nixpkgs.pkgs = config.node.pkgs;
+        imports = [ ../../modules/misc/nixpkgs/read-only.nix ];
+      })
+      (mkIf config.sshBackdoor.enable {
+        testing.sshBackdoor.enable = true;
+      })
+    ];

  };
 }