movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-10 03:23:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/test-driver: move sshBackdoor cfg from test-instrumentation to driver

Browse source 
That way, we don't need to duplicate the sshBackdoor options on NixOS-level.

Suggested-by: Jacek Galowicz <jacek@galowicz.de>
This commit is contained in:
Maximilian Bosch 2025-05-10 10:38:38 +02:00
parent 12c544e008
commit b8b86834b7
No known key found for this signature in database
2 changed files with 26 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

28
nixos/lib/testing/nodes.nix
View file

@ -206,11 +206,31 @@ in
nixpkgs.pkgs = config.node.pkgs; nixpkgs.pkgs = config.node.pkgs;
imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; imports = [ ../../modules/misc/nixpkgs/read-only.nix ];
}) })
(mkIf config.sshBackdoor.enable { (mkIf config.sshBackdoor.enable (
testing.sshBackdoor = { let
inherit (config.sshBackdoor) enable vsockOffset; inherit (config.sshBackdoor) vsockOffset;
in
{ config, ... }:
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = "yes";
}; };
}) };
security.pam.services.sshd = {
allowNullPassword = true;
};
virtualisation.qemu.options = [
"-device vhost-vsock-pci,guest-cid=${
toString (config.virtualisation.test.nodeNumber + vsockOffset)
}"
];
}
))
]; ];
}; };

39
nixos/modules/testing/test-instrumentation.nix
View file

@ -86,27 +86,6 @@ in
enables commands to be sent to test and debug stage 1. Use enables commands to be sent to test and debug stage 1. Use
machine.switch_root() to leave stage 1 and proceed to stage 2 machine.switch_root() to leave stage 1 and proceed to stage 2
''; '';
sshBackdoor = {
enable = mkEnableOption "vsock-based ssh backdoor for the VM";
vsockOffset = mkOption {
default = 2;
type = types.ints.between 2 4294967296;
description = ''
This field is only relevant when multiple users run the (interactive)
driver outside the sandbox and with the SSH backdoor activated.
The typical symptom for this being a problem are error messages like this:
`vhost-vsock: unable to set guest cid: Address already in use`
This option allows to assign an offset to each vsock number to
resolve this.
This is a 32bit number. The lowest possible vsock number is `3`
(i.e. with the lowest node number being `1`, this is 2+1).
'';
};
};
}; };
config = { config = {
@ -120,18 +99,6 @@ in
} }
]; ];
services.openssh = mkIf config.testing.sshBackdoor.enable {
enable = true;
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = "yes";
};
};
security.pam.services.sshd = mkIf config.testing.sshBackdoor.enable {
allowNullPassword = true;
};
systemd.services.backdoor = lib.mkMerge [ systemd.services.backdoor = lib.mkMerge [
backdoorService backdoorService
{ {
@ -207,12 +174,6 @@ in
# we avoid defining attributes if not possible. # we avoid defining attributes if not possible.
# TODO: refactor such that test-instrumentation can import qemu-vm # TODO: refactor such that test-instrumentation can import qemu-vm
package = lib.mkDefault pkgs.qemu_test; package = lib.mkDefault pkgs.qemu_test;
options = mkIf config.testing.sshBackdoor.enable [
"-device vhost-vsock-pci,guest-cid=${
toString (config.virtualisation.test.nodeNumber + config.testing.sshBackdoor.vsockOffset)
}"
];
}; };
}; };