From b8b86834b74b0b350be3ff3b2d1cdf5146db9dfa Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sat, 10 May 2025 10:38:38 +0200 Subject: [PATCH] nixos/test-driver: move sshBackdoor cfg from test-instrumentation to driver That way, we don't need to duplicate the sshBackdoor options on NixOS-level. Suggested-by: Jacek Galowicz --- nixos/lib/testing/nodes.nix | 32 ++++++++++++--- .../modules/testing/test-instrumentation.nix | 39 ------------------- 2 files changed, 26 insertions(+), 45 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index 2afafe52952e..b2352c478110 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -88,7 +88,7 @@ in default = 2; type = types.ints.between 2 4294967296; description = '' - This field is only relevant when multiple users run the (interactive) + This field is only relevant when multiple users run the (interactive) driver outside the sandbox and with the SSH backdoor activated. The typical symptom for this being a problem are error messages like this: `vhost-vsock: unable to set guest cid: Address already in use` @@ -206,11 +206,31 @@ in nixpkgs.pkgs = config.node.pkgs; imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; }) - (mkIf config.sshBackdoor.enable { - testing.sshBackdoor = { - inherit (config.sshBackdoor) enable vsockOffset; - }; - }) + (mkIf config.sshBackdoor.enable ( + let + inherit (config.sshBackdoor) vsockOffset; + in + { config, ... }: + { + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + PermitEmptyPasswords = "yes"; + }; + }; + + security.pam.services.sshd = { + allowNullPassword = true; + }; + + virtualisation.qemu.options = [ + "-device vhost-vsock-pci,guest-cid=${ + toString (config.virtualisation.test.nodeNumber + vsockOffset) + }" + ]; + } + )) ]; }; diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix index 72098f76ddc5..80852be51f1d 100644 --- a/nixos/modules/testing/test-instrumentation.nix +++ b/nixos/modules/testing/test-instrumentation.nix @@ -86,27 +86,6 @@ in enables commands to be sent to test and debug stage 1. Use machine.switch_root() to leave stage 1 and proceed to stage 2 ''; - - sshBackdoor = { - enable = mkEnableOption "vsock-based ssh backdoor for the VM"; - vsockOffset = mkOption { - default = 2; - type = types.ints.between 2 4294967296; - description = '' - This field is only relevant when multiple users run the (interactive) - driver outside the sandbox and with the SSH backdoor activated. - The typical symptom for this being a problem are error messages like this: - `vhost-vsock: unable to set guest cid: Address already in use` - - This option allows to assign an offset to each vsock number to - resolve this. - - This is a 32bit number. The lowest possible vsock number is `3` - (i.e. with the lowest node number being `1`, this is 2+1). - ''; - }; - }; - }; config = { @@ -120,18 +99,6 @@ in } ]; - services.openssh = mkIf config.testing.sshBackdoor.enable { - enable = true; - settings = { - PermitRootLogin = "yes"; - PermitEmptyPasswords = "yes"; - }; - }; - - security.pam.services.sshd = mkIf config.testing.sshBackdoor.enable { - allowNullPassword = true; - }; - systemd.services.backdoor = lib.mkMerge [ backdoorService { @@ -207,12 +174,6 @@ in # we avoid defining attributes if not possible. # TODO: refactor such that test-instrumentation can import qemu-vm package = lib.mkDefault pkgs.qemu_test; - - options = mkIf config.testing.sshBackdoor.enable [ - "-device vhost-vsock-pci,guest-cid=${ - toString (config.virtualisation.test.nodeNumber + config.testing.sshBackdoor.vsockOffset) - }" - ]; }; };