nixos/test-driver: move sshBackdoor cfg from test-instrumentation to driver

That way, we don't need to duplicate the sshBackdoor options on NixOS-level. Suggested-by: Jacek Galowicz <jacek@galowicz.de>
2025-06-09 19:13:26 +03:00 · 2025-05-10 10:38:38 +02:00 · 2025-05-10 10:38:38 +02:00 · b8b86834b7
commit b8b86834b7
parent 12c544e008
2 changed files with 26 additions and 45 deletions
--- a/nixos/lib/testing/nodes.nix
+++ b/nixos/lib/testing/nodes.nix
@ -206,11 +206,31 @@ in
        nixpkgs.pkgs = config.node.pkgs;
        imports = [ ../../modules/misc/nixpkgs/read-only.nix ];
      })
-      (mkIf config.sshBackdoor.enable {
-        testing.sshBackdoor = {
-          inherit (config.sshBackdoor) enable vsockOffset;
-        };
-      })
+      (mkIf config.sshBackdoor.enable (
+        let
+          inherit (config.sshBackdoor) vsockOffset;
+        in
+        { config, ... }:
+        {
+          services.openssh = {
+            enable = true;
+            settings = {
+              PermitRootLogin = "yes";
+              PermitEmptyPasswords = "yes";
+            };
+          };
+
+          security.pam.services.sshd = {
+            allowNullPassword = true;
+          };
+
+          virtualisation.qemu.options = [
+            "-device vhost-vsock-pci,guest-cid=${
+              toString (config.virtualisation.test.nodeNumber + vsockOffset)
+            }"
+          ];
+        }
+      ))
    ];

  };
--- a/nixos/modules/testing/test-instrumentation.nix
+++ b/nixos/modules/testing/test-instrumentation.nix
@ -86,27 +86,6 @@ in
      enables commands to be sent to test and debug stage 1. Use
      machine.switch_root() to leave stage 1 and proceed to stage 2
    '';
-
-    sshBackdoor = {
-      enable = mkEnableOption "vsock-based ssh backdoor for the VM";
-      vsockOffset = mkOption {
-        default = 2;
-        type = types.ints.between 2 4294967296;
-        description = ''
-          This field is only relevant when multiple users run the (interactive)
-          driver outside the sandbox and with the SSH backdoor activated.
-          The typical symptom for this being a problem are error messages like this:
-          `vhost-vsock: unable to set guest cid: Address already in use`
-
-          This option allows to assign an offset to each vsock number to
-          resolve this.
-
-          This is a 32bit number. The lowest possible vsock number is `3`
-          (i.e. with the lowest node number being `1`, this is 2+1).
-        '';
-      };
-    };
-
  };

  config = {
@ -120,18 +99,6 @@ in
      }
    ];

-    services.openssh = mkIf config.testing.sshBackdoor.enable {
-      enable = true;
-      settings = {
-        PermitRootLogin = "yes";
-        PermitEmptyPasswords = "yes";
-      };
-    };
-
-    security.pam.services.sshd = mkIf config.testing.sshBackdoor.enable {
-      allowNullPassword = true;
-    };
-
    systemd.services.backdoor = lib.mkMerge [
      backdoorService
      {
@ -207,12 +174,6 @@ in
        #       we avoid defining attributes if not possible.
        # TODO: refactor such that test-instrumentation can import qemu-vm
        package = lib.mkDefault pkgs.qemu_test;
-
-        options = mkIf config.testing.sshBackdoor.enable [
-          "-device vhost-vsock-pci,guest-cid=${
-            toString (config.virtualisation.test.nodeNumber + config.testing.sshBackdoor.vsockOffset)
-          }"
-        ];
      };
    };