From 7771e0b9438e78b0e47574d1d09d9ec9fd5898e5 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 16:05:47 +0300 Subject: [PATCH 01/14] nixos/specialisation: add isSpecialisation option to know if we're a specialisation --- nixos/modules/system/activation/no-clone.nix | 1 + nixos/modules/system/activation/specialisation.nix | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/nixos/modules/system/activation/no-clone.nix b/nixos/modules/system/activation/no-clone.nix index 912420347dc0..32ff54688bd9 100644 --- a/nixos/modules/system/activation/no-clone.nix +++ b/nixos/modules/system/activation/no-clone.nix @@ -5,4 +5,5 @@ with lib; { boot.loader.grub.device = mkOverride 0 "nodev"; specialisation = mkOverride 0 {}; + isSpecialisation = mkOverride 0 true; } diff --git a/nixos/modules/system/activation/specialisation.nix b/nixos/modules/system/activation/specialisation.nix index fdab287802fa..41491b67ff03 100644 --- a/nixos/modules/system/activation/specialisation.nix +++ b/nixos/modules/system/activation/specialisation.nix @@ -23,6 +23,12 @@ let in { options = { + isSpecialisation = mkOption { + type = lib.types.bool; + internal = true; + default = false; + description = "Whether this system is a specialisation of another."; + }; specialisation = mkOption { default = { }; From 4cfbbb3c1ded303eccb09d53319dfb1cd862bfdc Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 08:27:28 +0300 Subject: [PATCH 02/14] nixos/tests: don't include switch-to-configuration in DUT by default --- nixos/lib/testing/nixos-test-base.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/nixos/lib/testing/nixos-test-base.nix b/nixos/lib/testing/nixos-test-base.nix index d76a25361f8c..65fe15c6162e 100644 --- a/nixos/lib/testing/nixos-test-base.nix +++ b/nixos/lib/testing/nixos-test-base.nix @@ -3,7 +3,7 @@ # even in `inheritParentConfig = false` specialisations. { lib, ... }: let - inherit (lib) mkForce; + inherit (lib) mkDefault mkForce; in { imports = [ @@ -22,6 +22,11 @@ in label = mkForce "test"; }; } - + ({ config, ... }: { + # Don't pull in switch-to-configuration by default, except when specialisations are involved. + # This is mostly a Hydra optimization, so we don't rebuild all the tests every time switch-to-configuration-ng changes. + key = "no-switch-to-configuration"; + system.switch.enable = mkDefault (config.isSpecialisation || config.specialisation != {}); + }) ]; } From 8a41d0f9923e95c095c7f96592d47bb435fab1b2 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 08:27:28 +0300 Subject: [PATCH 03/14] nixos/tests/installer: add newly missing switch-to-configuration dependencies --- nixos/tests/installer.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 8467220942ac..d4caf3ceaf1f 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -635,6 +635,7 @@ let (python3.withPackages (p: [ p.mistune ])) shared-mime-info sudo + switch-to-configuration-ng texinfo unionfs-fuse xorg.lndir @@ -648,6 +649,10 @@ let in [ (pkgs.grub2.override { inherit zfsSupport; }) (pkgs.grub2_efi.override { inherit zfsSupport; }) + pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader + pkgs.perlPackages.FileCopyRecursive + pkgs.perlPackages.XMLSAX + pkgs.perlPackages.XMLSAXBase ]) ++ optionals (bootLoader == "systemd-boot") [ pkgs.zstd.bin From 7dd3489daba39a590dc9e535aa09314f115819a0 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 15:15:51 +0300 Subject: [PATCH 04/14] nixos/tests/chrony: use specializations instead of multiple machines --- nixos/tests/chrony.nix | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/nixos/tests/chrony.nix b/nixos/tests/chrony.nix index 578b1e32d50c..ff8bb271f237 100644 --- a/nixos/tests/chrony.nix +++ b/nixos/tests/chrony.nix @@ -7,25 +7,23 @@ import ./make-test-python.nix ({ lib, ... }: }; nodes = { - default = { + machine = { services.chrony.enable = true; - }; - graphene-hardened = { - services.chrony.enable = true; - services.chrony.enableMemoryLocking = true; - environment.memoryAllocator.provider = "graphene-hardened"; - # dhcpcd privsep is incompatible with graphene-hardened - networking.useNetworkd = true; + + specialisation.hardened.configuration = { + services.chrony.enableMemoryLocking = true; + environment.memoryAllocator.provider = "graphene-hardened"; + # dhcpcd privsep is incompatible with graphene-hardened + networking.useNetworkd = true; + }; }; }; - testScript = {nodes, ...} : let - graphene-hardened = nodes.graphene-hardened.system.build.toplevel; - in '' - default.start() - default.wait_for_unit('multi-user.target') - default.succeed('systemctl is-active chronyd.service') - default.succeed('${graphene-hardened}/bin/switch-to-configuration test') - default.succeed('systemctl is-active chronyd.service') + testScript = '' + machine.start() + machine.wait_for_unit('multi-user.target') + machine.succeed('systemctl is-active chronyd.service') + machine.succeed('/run/current-system/specialisation/hardened/bin/switch-to-configuration test') + machine.succeed('systemctl is-active chronyd.service') ''; }) From 97a449ee8f51295505141b7843dbf269d68cb2fe Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 15:20:24 +0300 Subject: [PATCH 05/14] nixos/tests/chrony: actually restart chrony when switching to hardened config This breaks the test. Fun. --- nixos/tests/chrony.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nixos/tests/chrony.nix b/nixos/tests/chrony.nix index ff8bb271f237..2dcc363728be 100644 --- a/nixos/tests/chrony.nix +++ b/nixos/tests/chrony.nix @@ -23,7 +23,8 @@ import ./make-test-python.nix ({ lib, ... }: machine.start() machine.wait_for_unit('multi-user.target') machine.succeed('systemctl is-active chronyd.service') - machine.succeed('/run/current-system/specialisation/hardened/bin/switch-to-configuration test') - machine.succeed('systemctl is-active chronyd.service') + machine.succeed('/run/booted-system/specialisation/hardened/bin/switch-to-configuration test') + machine.succeed('systemctl restart chronyd.service') + machine.wait_for_unit('chronyd.service') ''; }) From a6bba7fbbc16aefa71ac723c961397be41b403b8 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 15:20:52 +0300 Subject: [PATCH 06/14] nixos/tests/containers-reloadable: use specializations instead of multiple machines --- nixos/tests/containers-reloadable.nix | 74 +++++++++++---------------- 1 file changed, 30 insertions(+), 44 deletions(-) diff --git a/nixos/tests/containers-reloadable.nix b/nixos/tests/containers-reloadable.nix index 876e62c1da9e..00d850cae2a1 100644 --- a/nixos/tests/containers-reloadable.nix +++ b/nixos/tests/containers-reloadable.nix @@ -1,71 +1,57 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: -let - client_base = { - containers.test1 = { - autoStart = true; - config = { - environment.etc.check.text = "client_base"; - }; - }; - - # prevent make-test-python.nix to change IP - networking.interfaces = { - eth1.ipv4.addresses = lib.mkOverride 0 [ ]; - }; - }; -in { +{ name = "containers-reloadable"; meta = { maintainers = with lib.maintainers; [ danbst ]; }; nodes = { - client = { ... }: { - imports = [ client_base ]; - }; - - client_c1 = { lib, ... }: { - imports = [ client_base ]; - - containers.test1.config = { - environment.etc.check.text = lib.mkForce "client_c1"; - services.httpd.enable = true; - services.httpd.adminAddr = "nixos@example.com"; + machine = { lib, ... }: { + containers.test1 = { + autoStart = true; + config.environment.etc.check.text = "client_base"; }; - }; - client_c2 = { lib, ... }: { - imports = [ client_base ]; - containers.test1.config = { - environment.etc.check.text = lib.mkForce "client_c2"; - services.nginx.enable = true; + # prevent make-test-python.nix to change IP + networking.interfaces.eth1.ipv4.addresses = lib.mkOverride 0 [ ]; + + specialisation.c1.configuration = { + containers.test1.config = { + environment.etc.check.text = lib.mkForce "client_c1"; + services.httpd.enable = true; + services.httpd.adminAddr = "nixos@example.com"; + }; + }; + + specialisation.c2.configuration = { + containers.test1.config = { + environment.etc.check.text = lib.mkForce "client_c2"; + services.nginx.enable = true; + }; }; }; }; - testScript = {nodes, ...}: let - c1System = nodes.client_c1.config.system.build.toplevel; - c2System = nodes.client_c2.config.system.build.toplevel; - in '' - client.start() - client.wait_for_unit("default.target") + testScript = '' + machine.start() + machine.wait_for_unit("default.target") - assert "client_base" in client.succeed("nixos-container run test1 cat /etc/check") + assert "client_base" in machine.succeed("nixos-container run test1 cat /etc/check") with subtest("httpd is available after activating config1"): - client.succeed( - "${c1System}/bin/switch-to-configuration test >&2", + machine.succeed( + "/run/booted-system/specialisation/c1/bin/switch-to-configuration test >&2", "[[ $(nixos-container run test1 cat /etc/check) == client_c1 ]] >&2", "systemctl status httpd -M test1 >&2", ) with subtest("httpd is not available any longer after switching to config2"): - client.succeed( - "${c2System}/bin/switch-to-configuration test >&2", + machine.succeed( + "/run/booted-system/specialisation/c2/bin/switch-to-configuration test >&2", "[[ $(nixos-container run test1 cat /etc/check) == client_c2 ]] >&2", "systemctl status nginx -M test1 >&2", ) - client.fail("systemctl status httpd -M test1 >&2") + machine.fail("systemctl status httpd -M test1 >&2") ''; }) From 58ef00c5f7244fb2a424b079d212b6d9af69634b Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 15:29:45 +0300 Subject: [PATCH 07/14] nixos/tests/containers-restart_networking: use specialisations instead of multiple machines The test is still broken. --- nixos/tests/containers-restart_networking.nix | 89 +++++++++---------- 1 file changed, 41 insertions(+), 48 deletions(-) diff --git a/nixos/tests/containers-restart_networking.nix b/nixos/tests/containers-restart_networking.nix index e1ad8157b288..568ca5ee3fed 100644 --- a/nixos/tests/containers-restart_networking.nix +++ b/nixos/tests/containers-restart_networking.nix @@ -1,20 +1,4 @@ -let - client_base = { - networking.firewall.enable = false; - - containers.webserver = { - autoStart = true; - privateNetwork = true; - hostBridge = "br0"; - config = { - networking.firewall.enable = false; - networking.interfaces.eth0.ipv4.addresses = [ - { address = "192.168.1.122"; prefixLength = 24; } - ]; - }; - }; - }; -in import ./make-test-python.nix ({ pkgs, lib, ... }: +import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "containers-restart_networking"; meta = { @@ -22,46 +6,55 @@ in import ./make-test-python.nix ({ pkgs, lib, ... }: }; nodes = { - client = { lib, ... }: client_base // { + client = { virtualisation.vlans = [ 1 ]; + networking.firewall.enable = false; + + containers.webserver = { + autoStart = true; + privateNetwork = true; + hostBridge = "br0"; + config = { + networking.firewall.enable = false; + networking.interfaces.eth0.ipv4.addresses = [ + { address = "192.168.1.122"; prefixLength = 24; } + ]; + }; + }; + networking.bridges.br0 = { interfaces = []; rstp = false; }; - networking.interfaces = { - eth1.ipv4.addresses = lib.mkOverride 0 [ ]; - br0.ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ]; + + networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ]; + + specialisation.eth1.configuration = { + networking.bridges.br0.interfaces = [ "eth1" ]; + networking.interfaces = { + eth1.ipv4.addresses = lib.mkForce [ ]; + eth1.ipv6.addresses = lib.mkForce [ ]; + br0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; + }; }; - }; - client_eth1 = { lib, ... }: client_base // { - networking.bridges.br0 = { - interfaces = [ "eth1" ]; - rstp = false; - }; - networking.interfaces = { - eth1.ipv4.addresses = lib.mkOverride 0 [ ]; - br0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; - }; - }; - client_eth1_rstp = { lib, ... }: client_base // { - networking.bridges.br0 = { - interfaces = [ "eth1" ]; - rstp = true; - }; - networking.interfaces = { - eth1.ipv4.addresses = lib.mkOverride 0 [ ]; - br0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; + specialisation.eth1-rstp.configuration = { + networking.bridges.br0 = { + interfaces = [ "eth1" ]; + rstp = lib.mkForce true; + }; + + networking.interfaces = { + eth1.ipv4.addresses = lib.mkForce [ ]; + eth1.ipv6.addresses = lib.mkForce [ ]; + br0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; + }; }; }; }; - testScript = {nodes, ...}: let - originalSystem = nodes.client.config.system.build.toplevel; - eth1_bridged = nodes.client_eth1.config.system.build.toplevel; - eth1_rstp = nodes.client_eth1_rstp.config.system.build.toplevel; - in '' + testScript = '' client.start() client.wait_for_unit("default.target") @@ -75,7 +68,7 @@ in import ./make-test-python.nix ({ pkgs, lib, ... }: with subtest("Bridged configuration without STP preserves connectivity"): client.succeed( - "${eth1_bridged}/bin/switch-to-configuration test >&2" + "/run/booted-system/specialisation/eth1/bin/switch-to-configuration test >&2" ) client.succeed( @@ -87,7 +80,7 @@ in import ./make-test-python.nix ({ pkgs, lib, ... }: # activating rstp needs another service, therefore the bridge will restart and the container will lose its connectivity # with subtest("Bridged configuration with STP"): - # client.succeed("${eth1_rstp}/bin/switch-to-configuration test >&2") + # client.succeed("/run/booted-system/specialisation/eth1-rstp/bin/switch-to-configuration test >&2") # client.execute("ip -4 a >&2") # client.execute("ip l >&2") # @@ -100,7 +93,7 @@ in import ./make-test-python.nix ({ pkgs, lib, ... }: with subtest("Reverting to initial configuration preserves connectivity"): client.succeed( - "${originalSystem}/bin/switch-to-configuration test >&2" + "/run/booted-system/bin/switch-to-configuration test >&2" ) client.succeed("ping 192.168.1.122 -c 1 -n >&2") From fda8ac99d579133c9c9b7e792dde658dd23e418c Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 15:39:35 +0300 Subject: [PATCH 08/14] nixos/tests/firewall: use specialisations instead of multiple machines --- nixos/tests/firewall.nix | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix index ad418bb3341f..139bc3117740 100644 --- a/nixos/tests/firewall.nix +++ b/nixos/tests/firewall.nix @@ -14,17 +14,10 @@ import ./make-test-python.nix ( { pkgs, nftables, ... } : { networking.nftables.enable = nftables; services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; - }; - # Dummy configuration to check whether firewall.service will be honored - # during system activation. This only needs to be different to the - # original walled configuration so that there is a change in the service - # file. - walled2 = - { ... }: - { networking.firewall.enable = true; - networking.firewall.rejectPackets = true; - networking.nftables.enable = nftables; + specialisation.different-config.configuration = { + networking.firewall.rejectPackets = true; + }; }; attacker = @@ -36,7 +29,6 @@ import ./make-test-python.nix ( { pkgs, nftables, ... } : { }; testScript = { nodes, ... }: let - newSystem = nodes.walled2.system.build.toplevel; unit = if nftables then "nftables" else "firewall"; in '' start_all() @@ -62,7 +54,7 @@ import ./make-test-python.nix ( { pkgs, nftables, ... } : { # Check whether activation of a new configuration reloads the firewall. walled.succeed( - "${newSystem}/bin/switch-to-configuration test 2>&1 | grep -qF ${unit}.service" + "/run/booted-system/specialisation/different-config/bin/switch-to-configuration test 2>&1 | grep -qF ${unit}.service" ) ''; }) From cc536b4cb8692a56f617f929eb6c4dfd1ad5c4bf Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 15:42:47 +0300 Subject: [PATCH 09/14] nixos/tests/mutable-users: use specialisations instead of multiple machines --- nixos/tests/mutable-users.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/nixos/tests/mutable-users.nix b/nixos/tests/mutable-users.nix index ebe32e6487ef..ef83923f3e23 100644 --- a/nixos/tests/mutable-users.nix +++ b/nixos/tests/mutable-users.nix @@ -7,19 +7,19 @@ import ./make-test-python.nix ({ pkgs, ...} : { }; nodes = { - machine = { ... }: { - users.mutableUsers = false; - }; - mutable = { ... }: { - users.mutableUsers = true; - users.users.dry-test.isNormalUser = true; + machine = { + specialisation.immutable.configuration = { + users.mutableUsers = false; + }; + + specialisation.mutable.configuration = { + users.mutableUsers = true; + users.users.dry-test.isNormalUser = true; + }; }; }; - testScript = {nodes, ...}: let - immutableSystem = nodes.machine.config.system.build.toplevel; - mutableSystem = nodes.mutable.config.system.build.toplevel; - in '' + testScript = '' machine.start() machine.wait_for_unit("default.target") @@ -30,7 +30,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { machine.succeed("sudo useradd foobar") assert "foobar" in machine.succeed("cat /etc/passwd") machine.succeed( - "${immutableSystem}/bin/switch-to-configuration test" + "/run/booted-system/specialisation/immutable/bin/switch-to-configuration test" ) assert "foobar" not in machine.succeed("cat /etc/passwd") @@ -39,7 +39,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { with subtest("Password is wrapped in mutable mode"): assert "/run/current-system/" in machine.succeed("which passwd") machine.succeed( - "${mutableSystem}/bin/switch-to-configuration test" + "/run/booted-system/specialisation/mutable/bin/switch-to-configuration test" ) assert "/run/wrappers/" in machine.succeed("which passwd") @@ -63,7 +63,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { expected_hashes[file] = machine.succeed(f"sha256sum {file}") expected_stats[file] = machine.succeed(f"stat {file}") - machine.succeed("/run/current-system/bin/switch-to-configuration dry-activate") + machine.succeed("/run/booted-system/specialisation/mutable/bin/switch-to-configuration dry-activate") machine.fail('test -e /home/dry-test') # home was not recreated for file in files_to_check: From fe0a640a85fa1ce6b2c3ef6ce05a8bf6bb0d3e12 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 16:08:31 +0300 Subject: [PATCH 10/14] nixos/tests/nat: use specialisations instead of multiple machines --- nixos/tests/nat.nix | 59 +++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 37 deletions(-) diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index 550c5a2d14f3..507e0fd72e2a 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -6,17 +6,6 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ... }: let unit = if nftables then "nftables" else (if withFirewall then "firewall" else "nat"); - - routerBase = - lib.mkMerge [ - { virtualisation.vlans = [ 2 1 ]; - networking.firewall.enable = withFirewall; - networking.firewall.filterForward = nftables; - networking.nftables.enable = nftables; - networking.nat.internalIPs = [ "192.168.1.0/24" ]; - networking.nat.externalInterface = "eth1"; - } - ]; in { name = "nat" + (lib.optionalString nftables "Nftables") @@ -26,27 +15,27 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ... }; nodes = - { client = - { pkgs, nodes, ... }: - lib.mkMerge [ - { virtualisation.vlans = [ 1 ]; - networking.defaultGateway = - (pkgs.lib.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address; - networking.nftables.enable = nftables; - } - ]; + { + client = { lib, nodes, ... }: { + virtualisation.vlans = [ 1 ]; + networking.defaultGateway = + (lib.head nodes.router.networking.interfaces.eth2.ipv4.addresses).address; + networking.nftables.enable = nftables; + }; - router = - { ... }: lib.mkMerge [ - routerBase - { networking.nat.enable = true; } - ]; + router = { lib, ... }: { + virtualisation.vlans = [ 2 1 ]; + networking.firewall.enable = withFirewall; + networking.firewall.filterForward = nftables; + networking.nftables.enable = nftables; + networking.nat.enable = true; + networking.nat.internalIPs = [ "192.168.1.0/24" ]; + networking.nat.externalInterface = "eth1"; - routerDummyNoNat = - { ... }: lib.mkMerge [ - routerBase - { networking.nat.enable = false; } - ]; + specialisation.no-nat.configuration = { + networking.nat.enable = lib.mkForce false; + }; + }; server = { ... }: @@ -59,11 +48,7 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ... }; }; - testScript = - { nodes, ... }: let - routerDummyNoNatClosure = nodes.routerDummyNoNat.system.build.toplevel; - routerClosure = nodes.router.system.build.toplevel; - in '' + testScript = '' client.start() router.start() server.start() @@ -94,14 +79,14 @@ import ./make-test-python.nix ({ pkgs, lib, withFirewall, nftables ? false, ... # If we turn off NAT, the client shouldn't be able to reach the server. router.succeed( - "${routerDummyNoNatClosure}/bin/switch-to-configuration test 2>&1" + "/run/booted-system/specialisation/no-nat/bin/switch-to-configuration test 2>&1" ) client.fail("curl -4 --fail --connect-timeout 5 http://server/ >&2") client.fail("ping -4 -c 1 server >&2") # And make sure that reloading the NAT job works. router.succeed( - "${routerClosure}/bin/switch-to-configuration test 2>&1" + "/run/booted-system/bin/switch-to-configuration test 2>&1" ) # FIXME: this should not be necessary, but nat.service is not started because # network.target is not triggered From b51a77b77f9c9da05cfb2f6f807478a85c7069d0 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 16:10:22 +0300 Subject: [PATCH 11/14] nixos/tests/restart-by-activation-script: enable switch-to-configuration --- nixos/tests/restart-by-activation-script.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/tests/restart-by-activation-script.nix b/nixos/tests/restart-by-activation-script.nix index 0ac079e0101e..fdab892b7218 100644 --- a/nixos/tests/restart-by-activation-script.nix +++ b/nixos/tests/restart-by-activation-script.nix @@ -7,6 +7,8 @@ import ./make-test-python.nix ({ pkgs, ...} : { nodes.machine = { pkgs, ... }: { imports = [ ../modules/profiles/minimal.nix ]; + system.switch.enable = true; + systemd.services.restart-me = { wantedBy = [ "multi-user.target" ]; serviceConfig = { From 932903acffa8f22aee23581a037f1f6289c026b8 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 16:10:39 +0300 Subject: [PATCH 12/14] nixos/tests/switch-test: enable switch-to-configuration --- nixos/tests/switch-test.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/tests/switch-test.nix b/nixos/tests/switch-test.nix index 462f4247789e..84c6e90689b3 100644 --- a/nixos/tests/switch-test.nix +++ b/nixos/tests/switch-test.nix @@ -591,6 +591,7 @@ in { }; other = { + system.switch.enable = true; users.mutableUsers = true; }; }; From efaf9c3645ae40936b14d57e063d7fa3d8d391d3 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 16:30:44 +0300 Subject: [PATCH 13/14] nixos/tests/systemd-boot: enable switch-to-configuration --- nixos/tests/systemd-boot.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/tests/systemd-boot.nix b/nixos/tests/systemd-boot.nix index 17edfb06f670..79bfcb84ebd7 100644 --- a/nixos/tests/systemd-boot.nix +++ b/nixos/tests/systemd-boot.nix @@ -13,6 +13,7 @@ let boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; environment.systemPackages = [ pkgs.efibootmgr ]; + system.switch.enable = true; }; commonXbootldr = { config, lib, pkgs, ... }: From b683d4dbbd1b0dd8cc482f98cacf3b29e9e42277 Mon Sep 17 00:00:00 2001 From: K900 Date: Sun, 8 Sep 2024 16:40:45 +0300 Subject: [PATCH 14/14] nixos/tests/user-activation-scripts: enable switch-to-configuration --- nixos/tests/user-activation-scripts.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/tests/user-activation-scripts.nix b/nixos/tests/user-activation-scripts.nix index ebd96b019e92..2e1840a8460f 100644 --- a/nixos/tests/user-activation-scripts.nix +++ b/nixos/tests/user-activation-scripts.nix @@ -3,6 +3,7 @@ import ./make-test-python.nix ({ lib, ... }: { meta = with lib.maintainers; { maintainers = [ chkno ]; }; nodes.machine = { + system.switch.enable = true; system.userActivationScripts.foo = "mktemp ~/user-activation-ran.XXXXXX"; users.users.alice = { initialPassword = "pass1";