movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/test-driver: move sshBackdoor cfg from test-instrumentation to driver

Browse source 
That way, we don't need to duplicate the sshBackdoor options on NixOS-level.

Suggested-by: Jacek Galowicz <jacek@galowicz.de>
This commit is contained in:
Maximilian Bosch 2025-05-10 10:38:38 +02:00
parent 12c544e008
commit b8b86834b7
No known key found for this signature in database
2 changed files with 26 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

32
nixos/lib/testing/nodes.nix
View file

@ -88,7 +88,7 @@ in
default = 2; default = 2;
type = types.ints.between 2 4294967296; type = types.ints.between 2 4294967296;
description = '' description = ''
This field is only relevant when multiple users run the (interactive) This field is only relevant when multiple users run the (interactive)
driver outside the sandbox and with the SSH backdoor activated. driver outside the sandbox and with the SSH backdoor activated.
The typical symptom for this being a problem are error messages like this: The typical symptom for this being a problem are error messages like this:
`vhost-vsock: unable to set guest cid: Address already in use` `vhost-vsock: unable to set guest cid: Address already in use`
@ -206,11 +206,31 @@ in
nixpkgs.pkgs = config.node.pkgs; nixpkgs.pkgs = config.node.pkgs;
imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; imports = [ ../../modules/misc/nixpkgs/read-only.nix ];
}) })
(mkIf config.sshBackdoor.enable { (mkIf config.sshBackdoor.enable (
testing.sshBackdoor = { let
inherit (config.sshBackdoor) enable vsockOffset; inherit (config.sshBackdoor) vsockOffset;
}; in
}) { config, ... }:
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = "yes";
};
};
security.pam.services.sshd = {
allowNullPassword = true;
};
virtualisation.qemu.options = [
"-device vhost-vsock-pci,guest-cid=${
toString (config.virtualisation.test.nodeNumber + vsockOffset)
}"
];
}
))
]; ];
}; };

39
nixos/modules/testing/test-instrumentation.nix
View file

@ -86,27 +86,6 @@ in
enables commands to be sent to test and debug stage 1. Use enables commands to be sent to test and debug stage 1. Use
machine.switch_root() to leave stage 1 and proceed to stage 2 machine.switch_root() to leave stage 1 and proceed to stage 2
''; '';
sshBackdoor = {
enable = mkEnableOption "vsock-based ssh backdoor for the VM";
vsockOffset = mkOption {
default = 2;
type = types.ints.between 2 4294967296;
description = ''
This field is only relevant when multiple users run the (interactive)
driver outside the sandbox and with the SSH backdoor activated.
The typical symptom for this being a problem are error messages like this:
`vhost-vsock: unable to set guest cid: Address already in use`
This option allows to assign an offset to each vsock number to
resolve this.
This is a 32bit number. The lowest possible vsock number is `3`
(i.e. with the lowest node number being `1`, this is 2+1).
'';
};
};
}; };
config = { config = {
@ -120,18 +99,6 @@ in
} }
]; ];
services.openssh = mkIf config.testing.sshBackdoor.enable {
enable = true;
settings = {
PermitRootLogin = "yes";
PermitEmptyPasswords = "yes";
};
};
security.pam.services.sshd = mkIf config.testing.sshBackdoor.enable {
allowNullPassword = true;
};
systemd.services.backdoor = lib.mkMerge [ systemd.services.backdoor = lib.mkMerge [
backdoorService backdoorService
{ {
@ -207,12 +174,6 @@ in
# we avoid defining attributes if not possible. # we avoid defining attributes if not possible.
# TODO: refactor such that test-instrumentation can import qemu-vm # TODO: refactor such that test-instrumentation can import qemu-vm
package = lib.mkDefault pkgs.qemu_test; package = lib.mkDefault pkgs.qemu_test;
options = mkIf config.testing.sshBackdoor.enable [
"-device vhost-vsock-pci,guest-cid=${
toString (config.virtualisation.test.nodeNumber + config.testing.sshBackdoor.vsockOffset)
}"
];
}; };
}; };