An iso containing metadatas is created and attached as a cdrom to the
qemu VM used for this test.
The cloudinit service is enabled. The test case ensures the root
authorized_keys file is populated and the cloudinit write_file module is
working well.
This test exercises the linux_hardened kernel along with the various
hardening features (enabled via the hardened profile).
Move hidepid test from misc, so that misc can go back to testing a vanilla
configuration.
Upstream has decided to make -testing patches private, effectively ceasing
free support for grsecurity/PaX [1]. Consequently, we can no longer
responsibly support grsecurity on NixOS.
This patch turns the kernel and patch expressions into build errors and
adds a warning to the manual, but retains most of the infrastructure, in
an effort to make the transition smoother. For 17.09 all of it should
probably be pruned.
[1]: https://grsecurity.net/passing_the_baton.php
This is currently our default display manager, so I'm adding this to the
"tested" job as well to ensure we don't ship broken revisions where X is
most likely not working.
The test uses a custom SLiM theme that's specifically tailored for good
OCR results (mainly white background and black fonts without anything
else), because our default NixOS theme has a very small contrast between
background and fonts in some places.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
And adopt the tests to add an interface and remove it again.
It should work when deactivating rstp, it will not work when activating
rstp for the first bridge as then the userspace daemon is not yet
available. But once one bridge is active with stp, it should work with
the reload for any further bridge.
Fixes #21745. Also see #22547.
This reverts commit b806e25d65.
This seems to push Hydra's memory usage out of the roof fail nixos
evaluating with:
Too many heap sections: Increase MAXHINCR or MAX_HEAP_SECTS
Let's revert this for now. It's not a big deal at all since the
nixpkgs-unstable jobset is still building the packages.
The test starts the glance service, creates a nixos image and ensures Glance
list it.
Note the test also starts the Keystone service since it is required
by Glance.
Since 8180922d23, the cjdns module
imports from a derivation, which is very bad. It causes all of stdenv
to be built at evaluation time. Since we have a hard 3600 second limit
on Hydra evaluations, this was causing NixOS jobsets to time out.
@joachifm
Test that adding physical devices to containers works, find that network setup
then doesn't work because there is no udev in the container to tell systemd
that the device is present.
Fixed by not depending on the device in the container.
Activate the new container test for release
Bonds, bridges and other network devices need the underlying not as
dependency when used inside the container. Because the device is already
there.
But the address configuration needs the aggregated device itself.
It uses import-from-derivation, which is a bad thing, because this
causes hydra-evaluator to build Cassandra at evaluation time.
$ nix-instantiate nixos/release.nix -A tests.cassandra.i686-linux --dry-run
error: cannot read ‘/nix/store/c41blyjz6pfvk9fnvrn6miihq5w3j0l4-cassandra-2.0.16/conf/cassandra-env.sh’, since path ‘/nix/store/0j9ax4z8xhaz5lhrwl3bwj10waxs3hgy-cassandra-2.0.16.drv’ is not valid, at /home/eelco/Dev/nixpkgs/nixos/modules/services/databases/cassandra.nix:373:11
Also, the module is a mess (bad option descriptions, poor indentation,
a gazillion options where a generic "config" option would suffice, it
opens ports in the firewall, it sets vm.swappiness, ...).
The module will configure a Cassandra server with common options being
tweakable. Included is also a test which will spin up 3 nodes and
verify that the cluster can be formed, broken, and repaired.
With these changes, a container can have more then one veth-pair. This allows for example to have LAN and DMZ as bridges on the host and add dedicated containers for proxies, ipv4-firewall and ipv6-firewall. Or to have a bridge for normal WAN, one bridge for administration and one bridge for customer-internal communication. So that web-server containers can be reached from outside per http, from the management via ssh and can talk to their database via the customer network.
The scripts to set up the containers are now rendered several times instead of just one template. The scripts now contain per-container code to configure the extra veth interfaces. The default template without support for extra-veths is still rendered for the imperative containers.
Also a test is there to see if extra veths can be placed into host-bridges or can be reached via routing.