diff options
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/all-tests.nix | 7 | ||||
| -rw-r--r-- | nixos/tests/authelia.nix | 169 | ||||
| -rw-r--r-- | nixos/tests/consul.nix | 30 | ||||
| -rw-r--r-- | nixos/tests/fcitx/config | 12 | ||||
| -rw-r--r-- | nixos/tests/fcitx/profile | 4 | ||||
| -rw-r--r-- | nixos/tests/fcitx5/config | 11 | ||||
| -rw-r--r-- | nixos/tests/fcitx5/default.nix (renamed from nixos/tests/fcitx/default.nix) | 123 | ||||
| -rw-r--r-- | nixos/tests/fcitx5/profile | 15 | ||||
| -rw-r--r-- | nixos/tests/initrd-luks-empty-passphrase.nix | 97 | ||||
| -rw-r--r-- | nixos/tests/mattermost.nix | 16 | ||||
| -rw-r--r-- | nixos/tests/pam/test_chfn.py | 2 | ||||
| -rw-r--r-- | nixos/tests/vaultwarden.nix | 6 | ||||
| -rw-r--r-- | nixos/tests/zfs.nix | 7 |
13 files changed, 400 insertions, 99 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index f1141667ce0fc..3167a865fc9db 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -85,6 +85,7 @@ in { atop = handleTest ./atop.nix {}; atuin = handleTest ./atuin.nix {}; auth-mysql = handleTest ./auth-mysql.nix {}; + authelia = handleTest ./authelia.nix {}; avahi = handleTest ./avahi.nix {}; avahi-with-resolved = handleTest ./avahi.nix { networkd = true; }; babeld = handleTest ./babeld.nix {}; @@ -217,10 +218,12 @@ in { extra-python-packages = handleTest ./extra-python-packages.nix {}; evcc = handleTest ./evcc.nix {}; fancontrol = handleTest ./fancontrol.nix {}; - fcitx = handleTest ./fcitx {}; + fcitx5 = handleTest ./fcitx5 {}; fenics = handleTest ./fenics.nix {}; ferm = handleTest ./ferm.nix {}; firefox = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox; }; + firefox-beta = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-beta; }; + firefox-devedition = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-devedition; }; firefox-esr = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr; }; # used in `tested` job firefox-esr-102 = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-esr-102; }; firejail = handleTest ./firejail.nix {}; @@ -311,6 +314,7 @@ in { influxdb = handleTest ./influxdb.nix {}; initrd-network-openvpn = handleTest ./initrd-network-openvpn {}; initrd-network-ssh = handleTest ./initrd-network-ssh {}; + initrd-luks-empty-passphrase = handleTest ./initrd-luks-empty-passphrase.nix {}; initrdNetwork = handleTest ./initrd-network.nix {}; initrd-secrets = handleTest ./initrd-secrets.nix {}; initrd-secrets-changing = handleTest ./initrd-secrets-changing.nix {}; @@ -663,6 +667,7 @@ in { systemd-initrd-btrfs-raid = handleTest ./systemd-initrd-btrfs-raid.nix {}; systemd-initrd-luks-fido2 = handleTest ./systemd-initrd-luks-fido2.nix {}; systemd-initrd-luks-keyfile = handleTest ./systemd-initrd-luks-keyfile.nix {}; + systemd-initrd-luks-empty-passphrase = handleTest ./initrd-luks-empty-passphrase.nix { systemdStage1 = true; }; systemd-initrd-luks-password = handleTest ./systemd-initrd-luks-password.nix {}; systemd-initrd-luks-tpm2 = handleTest ./systemd-initrd-luks-tpm2.nix {}; systemd-initrd-modprobe = handleTest ./systemd-initrd-modprobe.nix {}; diff --git a/nixos/tests/authelia.nix b/nixos/tests/authelia.nix new file mode 100644 index 0000000000000..679c65fea087a --- /dev/null +++ b/nixos/tests/authelia.nix @@ -0,0 +1,169 @@ +# Test Authelia as an auth server for Traefik as a reverse proxy of a local web service +import ./make-test-python.nix ({ lib, ... }: { + name = "authelia"; + meta.maintainers = with lib.maintainers; [ jk ]; + + nodes = { + authelia = { config, pkgs, lib, ... }: { + services.authelia.instances.testing = { + enable = true; + secrets.storageEncryptionKeyFile = "/etc/authelia/storageEncryptionKeyFile"; + secrets.jwtSecretFile = "/etc/authelia/jwtSecretFile"; + settings = { + authentication_backend.file.path = "/etc/authelia/users_database.yml"; + access_control.default_policy = "one_factor"; + session.domain = "example.com"; + storage.local.path = "/tmp/db.sqlite3"; + notifier.filesystem.filename = "/tmp/notifications.txt"; + }; + }; + + # These should not be set from nix but through other means to not leak the secret! + # This is purely for testing purposes! + environment.etc."authelia/storageEncryptionKeyFile" = { + mode = "0400"; + user = "authelia-testing"; + text = "you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this"; + }; + environment.etc."authelia/jwtSecretFile" = { + mode = "0400"; + user = "authelia-testing"; + text = "a_very_important_secret"; + }; + environment.etc."authelia/users_database.yml" = { + mode = "0400"; + user = "authelia-testing"; + text = '' + users: + bob: + disabled: false + displayname: bob + # password of password + password: $argon2id$v=19$m=65536,t=3,p=4$2ohUAfh9yetl+utr4tLcCQ$AsXx0VlwjvNnCsa70u4HKZvFkC8Gwajr2pHGKcND/xs + email: bob@jim.com + groups: + - admin + - dev + ''; + }; + + services.traefik = { + enable = true; + + dynamicConfigOptions = { + tls.certificates = + let + certDir = pkgs.runCommand "selfSignedCerts" { buildInputs = [ pkgs.openssl ]; } '' + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -subj '/CN=example.com/CN=auth.example.com/CN=static.example.com' -days 36500 + mkdir -p $out + cp key.pem cert.pem $out + ''; + in + [{ + certFile = "${certDir}/cert.pem"; + keyFile = "${certDir}/key.pem"; + }]; + http.middlewares.authelia.forwardAuth = { + address = "http://localhost:9091/api/verify?rd=https%3A%2F%2Fauth.example.com%2F"; + trustForwardHeader = true; + authResponseHeaders = [ + "Remote-User" + "Remote-Groups" + "Remote-Email" + "Remote-Name" + ]; + }; + http.middlewares.authelia-basic.forwardAuth = { + address = "http://localhost:9091/api/verify?auth=basic"; + trustForwardHeader = true; + authResponseHeaders = [ + "Remote-User" + "Remote-Groups" + "Remote-Email" + "Remote-Name" + ]; + }; + + http.routers.simplehttp = { + rule = "Host(`static.example.com`)"; + tls = true; + entryPoints = "web"; + service = "simplehttp"; + }; + http.routers.simplehttp-basic-auth = { + rule = "Host(`static-basic-auth.example.com`)"; + tls = true; + entryPoints = "web"; + service = "simplehttp"; + middlewares = [ "authelia-basic@file" ]; + }; + + http.services.simplehttp = { + loadBalancer.servers = [{ + url = "http://localhost:8000"; + }]; + }; + + http.routers.authelia = { + rule = "Host(`auth.example.com`)"; + tls = true; + entryPoints = "web"; + service = "authelia@file"; + }; + + http.services.authelia = { + loadBalancer.servers = [{ + url = "http://localhost:9091"; + }]; + }; + }; + + staticConfigOptions = { + global = { + checkNewVersion = false; + sendAnonymousUsage = false; + }; + + entryPoints.web.address = ":443"; + }; + }; + + systemd.services.simplehttp = + let fakeWebPageDir = pkgs.writeTextDir "index.html" "hello"; in + { + script = "${pkgs.python3}/bin/python -m http.server --directory ${fakeWebPageDir} 8000"; + serviceConfig.Type = "simple"; + wantedBy = [ "multi-user.target" ]; + }; + }; + }; + + testScript = '' + start_all() + + authelia.wait_for_unit("simplehttp.service") + authelia.wait_for_unit("traefik.service") + authelia.wait_for_unit("authelia-testing.service") + authelia.wait_for_open_port(443) + authelia.wait_for_unit("multi-user.target") + + with subtest("Check for authelia"): + # expect the login page + assert "Login - Authelia", "could not reach authelia" in \ + authelia.succeed("curl --insecure -sSf -H Host:auth.example.com https://authelia:443/") + + with subtest("Check contacting basic http server via traefik with https works"): + assert "hello", "could not reach raw static site" in \ + authelia.succeed("curl --insecure -sSf -H Host:static.example.com https://authelia:443/") + + with subtest("Test traefik and authelia"): + with subtest("No details fail"): + authelia.fail("curl --insecure -sSf -H Host:static-basic-auth.example.com https://authelia:443/") + with subtest("Incorrect details fail"): + authelia.fail("curl --insecure -sSf -u 'bob:wordpass' -H Host:static-basic-auth.example.com https://authelia:443/") + authelia.fail("curl --insecure -sSf -u 'alice:password' -H Host:static-basic-auth.example.com https://authelia:443/") + with subtest("Correct details pass"): + assert "hello", "could not reach authed static site with valid credentials" in \ + authelia.succeed("curl --insecure -sSf -u 'bob:password' -H Host:static-basic-auth.example.com https://authelia:443/") + ''; +}) diff --git a/nixos/tests/consul.nix b/nixos/tests/consul.nix index ee85f1d0b917a..6233234ff083b 100644 --- a/nixos/tests/consul.nix +++ b/nixos/tests/consul.nix @@ -145,7 +145,7 @@ in { client2.succeed("[ $(consul kv get testkey) == 42 ]") - def rolling_reboot_test(proper_rolling_procedure=True): + def rolling_restart_test(proper_rolling_procedure=True): """ Tests that the cluster can tolearate failures of any single server, following the recommended rolling upgrade procedure from @@ -158,7 +158,13 @@ in { """ for server in servers: - server.crash() + server.block() + server.systemctl("stop consul") + + # Make sure the stopped peer is recognized as being down + client1.wait_until_succeeds( + f"[ $(consul members | grep {server.name} | grep -o -E 'failed|left' | wc -l) == 1 ]" + ) # For each client, wait until they have connection again # using `kv get -recurse` before issuing commands. @@ -170,8 +176,8 @@ in { client2.succeed("[ $(consul kv get testkey) == 43 ]") client2.succeed("consul kv delete testkey") - # Restart crashed machine. - server.start() + server.unblock() + server.systemctl("start consul") if proper_rolling_procedure: # Wait for recovery. @@ -197,10 +203,14 @@ in { """ for server in servers: - server.crash() + server.block() + server.systemctl("stop --no-block consul") for server in servers: - server.start() + # --no-block is async, so ensure it has been stopped by now + server.wait_until_fails("systemctl is-active --quiet consul") + server.unblock() + server.systemctl("start consul") # Wait for recovery. wait_for_healthy_servers() @@ -217,13 +227,13 @@ in { # Run the tests. - print("rolling_reboot_test()") - rolling_reboot_test() + print("rolling_restart_test()") + rolling_restart_test() print("all_servers_crash_simultaneously_test()") all_servers_crash_simultaneously_test() - print("rolling_reboot_test(proper_rolling_procedure=False)") - rolling_reboot_test(proper_rolling_procedure=False) + print("rolling_restart_test(proper_rolling_procedure=False)") + rolling_restart_test(proper_rolling_procedure=False) ''; }) diff --git a/nixos/tests/fcitx/config b/nixos/tests/fcitx/config deleted file mode 100644 index 169768994e280..0000000000000 --- a/nixos/tests/fcitx/config +++ /dev/null @@ -1,12 +0,0 @@ -[Hotkey] -SwitchKey=Disabled -IMSwitchHotkey=ALT_SHIFT -TimeInterval=240 - -[Program] -DelayStart=5 - -[Output] - -[Appearance] - diff --git a/nixos/tests/fcitx/profile b/nixos/tests/fcitx/profile deleted file mode 100644 index 77497a1496bd1..0000000000000 --- a/nixos/tests/fcitx/profile +++ /dev/null @@ -1,4 +0,0 @@ -[Profile] -IMName=zhengma-large -EnabledIMList=fcitx-keyboard-us:True,zhengma-large:True,m17n_sa_harvard-kyoto:True -PreeditStringInClientWindow=False diff --git a/nixos/tests/fcitx5/config b/nixos/tests/fcitx5/config new file mode 100644 index 0000000000000..cf4334639f1c0 --- /dev/null +++ b/nixos/tests/fcitx5/config @@ -0,0 +1,11 @@ +[Hotkey] +EnumerateSkipFirst=False + +[Hotkey/TriggerKeys] +0=Control+space + +[Hotkey/EnumerateForwardKeys] +0=Alt+Shift_L + +[Hotkey/EnumerateBackwardKeys] +0=Alt+Shift_R diff --git a/nixos/tests/fcitx/default.nix b/nixos/tests/fcitx5/default.nix index c132249fcb249..261a5f1f45cac 100644 --- a/nixos/tests/fcitx/default.nix +++ b/nixos/tests/fcitx5/default.nix @@ -1,64 +1,48 @@ -import ../make-test-python.nix ( +import ../make-test-python.nix ({ pkgs, ... }: +# copy_from_host works only for store paths +rec { + name = "fcitx5"; + nodes.machine = { pkgs, ... }: { - pkgs, ... - }: - # copy_from_host works only for store paths - rec { - name = "fcitx"; - meta.broken = true; # takes hours to time out since October 2021 - nodes.machine = - { - pkgs, - ... - }: - { - - imports = [ - ../common/user-account.nix - ]; - - environment.systemPackages = [ - # To avoid clashing with xfce4-terminal - pkgs.alacritty - ]; - - - services.xserver = - { - enable = true; - - displayManager = { - lightdm.enable = true; - autoLogin = { - enable = true; - user = "alice"; - }; - }; - - desktopManager.xfce.enable = true; - }; - - i18n = { - inputMethod = { - enabled = "fcitx"; - fcitx.engines = [ - pkgs.fcitx-engines.m17n - pkgs.fcitx-engines.table-extra - ]; - }; - }; - } - ; - - testScript = { nodes, ... }: - let - user = nodes.machine.config.users.users.alice; - userName = user.name; - userHome = user.home; - xauth = "${userHome}/.Xauthority"; - fcitx_confdir = "${userHome}/.config/fcitx"; - in - '' + imports = [ + ../common/user-account.nix + ]; + + environment.systemPackages = [ + # To avoid clashing with xfce4-terminal + pkgs.alacritty + ]; + + services.xserver = { + enable = true; + + displayManager = { + lightdm.enable = true; + autoLogin = { + enable = true; + user = "alice"; + }; + }; + + desktopManager.xfce.enable = true; + }; + + i18n.inputMethod = { + enabled = "fcitx5"; + fcitx5.addons = [ + pkgs.fcitx5-m17n + pkgs.fcitx5-chinese-addons + ]; + }; + }; + + testScript = { nodes, ... }: + let + user = nodes.machine.users.users.alice; + xauth = "${user.home}/.Xauthority"; + fcitx_confdir = "${user.home}/.config/fcitx5"; + in + '' # We need config files before login session # So copy first thing @@ -75,13 +59,13 @@ import ../make-test-python.nix ( start_all() - machine.wait_for_file("${xauth}") + machine.wait_for_file("${xauth}}") machine.succeed("xauth merge ${xauth}") machine.sleep(5) - machine.succeed("su - ${userName} -c 'alacritty&'") - machine.succeed("su - ${userName} -c 'fcitx&'") + machine.succeed("su - ${user.name} -c 'alacritty&'") + machine.succeed("su - ${user.name} -c 'fcitx5&'") machine.sleep(10) ### Type on terminal @@ -109,8 +93,10 @@ import ../make-test-python.nix ( machine.send_key("ctrl-spc") machine.sleep(1) - ### Default zhengma, enter 一下 - machine.send_chars("a2") + ### Default wubi, enter 一下 + machine.send_chars("gggh") + machine.sleep(1) + machine.send_key("\n") machine.sleep(1) ### Switch to Harvard Kyoto @@ -134,9 +120,8 @@ import ../make-test-python.nix ( machine.screenshot("terminal_chars") ### Verify that file contents are as expected - file_content = machine.succeed("cat ${userHome}/fcitx_test.out") + file_content = machine.succeed("cat ${user.home}/fcitx_test.out") assert file_content == "☺一下क\n" '' - ; - } -) + ; +}) diff --git a/nixos/tests/fcitx5/profile b/nixos/tests/fcitx5/profile new file mode 100644 index 0000000000000..55e7b7b459faf --- /dev/null +++ b/nixos/tests/fcitx5/profile @@ -0,0 +1,15 @@ +[Groups/0] +Name=NixOS_test +Default Layout=us +DefaultIM=wbx + +[Groups/0/Items/0] +Name=wbx +Layout=us + +[Groups/0/Items/1] +Name=m17n_sa_harvard-kyoto +Layout=us + +[GroupOrder] +0=NixOS_test diff --git a/nixos/tests/initrd-luks-empty-passphrase.nix b/nixos/tests/initrd-luks-empty-passphrase.nix new file mode 100644 index 0000000000000..41765a395ec65 --- /dev/null +++ b/nixos/tests/initrd-luks-empty-passphrase.nix @@ -0,0 +1,97 @@ +{ system ? builtins.currentSystem +, config ? {} +, pkgs ? import ../.. {inherit system config; } +, systemdStage1 ? false }: +import ./make-test-python.nix ({ lib, pkgs, ... }: let + + keyfile = pkgs.writeText "luks-keyfile" '' + MIGHAoGBAJ4rGTSo/ldyjQypd0kuS7k2OSsmQYzMH6TNj3nQ/vIUjDn7fqa3slt2 + gV6EK3TmTbGc4tzC1v4SWx2m+2Bjdtn4Fs4wiBwn1lbRdC6i5ZYCqasTWIntWn+6 + FllUkMD5oqjOR/YcboxG8Z3B5sJuvTP9llsF+gnuveWih9dpbBr7AgEC + ''; + +in { + name = "initrd-luks-empty-passphrase"; + + nodes.machine = { pkgs, ... }: { + virtualisation = { + emptyDiskImages = [ 512 ]; + useBootLoader = true; + useEFIBoot = true; + }; + + boot.loader.systemd-boot.enable = true; + boot.initrd.systemd = lib.mkIf systemdStage1 { + enable = true; + emergencyAccess = true; + }; + environment.systemPackages = with pkgs; [ cryptsetup ]; + + specialisation.boot-luks-wrong-keyfile.configuration = { + boot.initrd.luks.devices = lib.mkVMOverride { + cryptroot = { + device = "/dev/vdc"; + keyFile = "/etc/cryptroot.key"; + tryEmptyPassphrase = true; + fallbackToPassword = !systemdStage1; + }; + }; + virtualisation.bootDevice = "/dev/mapper/cryptroot"; + boot.initrd.secrets."/etc/cryptroot.key" = keyfile; + }; + + specialisation.boot-luks-missing-keyfile.configuration = { + boot.initrd.luks.devices = lib.mkVMOverride { + cryptroot = { + device = "/dev/vdc"; + keyFile = "/etc/cryptroot.key"; + tryEmptyPassphrase = true; + fallbackToPassword = !systemdStage1; + }; + }; + virtualisation.bootDevice = "/dev/mapper/cryptroot"; + }; + }; + + testScript = '' + # Encrypt key with empty key so boot should try keyfile and then fallback to empty passphrase + + + def grub_select_boot_luks_wrong_key_file(): + """ + Selects "boot-luks" from the GRUB menu + to trigger a login request. + """ + machine.send_monitor_command("sendkey down") + machine.send_monitor_command("sendkey down") + machine.send_monitor_command("sendkey ret") + + def grub_select_boot_luks_missing_key_file(): + """ + Selects "boot-luks" from the GRUB menu + to trigger a login request. + """ + machine.send_monitor_command("sendkey down") + machine.send_monitor_command("sendkey ret") + + # Create encrypted volume + machine.wait_for_unit("multi-user.target") + machine.succeed("echo "" | cryptsetup luksFormat /dev/vdc --batch-mode") + machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-wrong-keyfile.conf") + machine.succeed("sync") + machine.crash() + + # Check if rootfs is on /dev/mapper/cryptroot + machine.wait_for_unit("multi-user.target") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + + # Choose boot-luks-missing-keyfile specialisation + machine.succeed("bootctl set-default nixos-generation-1-specialisation-boot-luks-missing-keyfile.conf") + machine.succeed("sync") + machine.crash() + + # Check if rootfs is on /dev/mapper/cryptroot + machine.wait_for_unit("multi-user.target") + assert "/dev/mapper/cryptroot on / type ext4" in machine.succeed("mount") + ''; +}) diff --git a/nixos/tests/mattermost.nix b/nixos/tests/mattermost.nix index 49b418d9fff74..e11201f05357d 100644 --- a/nixos/tests/mattermost.nix +++ b/nixos/tests/mattermost.nix @@ -50,6 +50,13 @@ in mutableConfig = false; extraConfig.SupportSettings.HelpLink = "https://search.nixos.org"; }; + environmentFile = makeMattermost { + mutableConfig = false; + extraConfig.SupportSettings.AboutLink = "https://example.org"; + environmentFile = pkgs.writeText "mattermost-env" '' + MM_SUPPORTSETTINGS_ABOUTLINK=https://nixos.org + ''; + }; }; testScript = let @@ -69,6 +76,7 @@ in rm -f $mattermostConfig echo "$newConfig" > "$mattermostConfig" ''; + in '' start_all() @@ -120,5 +128,13 @@ in # Our edits should be ignored on restart immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}") + + + ## Environment File node tests ## + environmentFile.wait_for_unit("mattermost.service") + environmentFile.wait_for_open_port(8065) + + # Settings in the environment file should override settings set otherwise + environmentFile.succeed("${expectConfig ''.AboutLink == "https://nixos.org"''}") ''; }) diff --git a/nixos/tests/pam/test_chfn.py b/nixos/tests/pam/test_chfn.py index b108a9423caf2..a48438b8d305f 100644 --- a/nixos/tests/pam/test_chfn.py +++ b/nixos/tests/pam/test_chfn.py @@ -8,7 +8,7 @@ expected_lines = { "auth sufficient pam_rootok.so", "auth sufficient pam_unix.so likeauth try_first_pass", "password sufficient @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass", - "password sufficient pam_unix.so nullok sha512", + "password sufficient pam_unix.so nullok yescrypt", "session optional @@pam_krb5@@/lib/security/pam_krb5.so", "session required pam_env.so conffile=/etc/pam/environment readenv=0", "session required pam_unix.so", diff --git a/nixos/tests/vaultwarden.nix b/nixos/tests/vaultwarden.nix index d0b11e00538fd..95d00c1d8ec14 100644 --- a/nixos/tests/vaultwarden.nix +++ b/nixos/tests/vaultwarden.nix @@ -121,6 +121,8 @@ let driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_confirm-master-password').send_keys( '${userPassword}' ) + if driver.find_element(By.CSS_SELECTOR, 'input#checkForBreaches').is_selected(): + driver.find_element(By.CSS_SELECTOR, 'input#checkForBreaches').click() driver.find_element(By.XPATH, "//button[contains(., 'Create account')]").click() @@ -133,9 +135,9 @@ let ) driver.find_element(By.XPATH, "//button[contains(., 'Log in')]").click() - wait.until(EC.title_contains("Vaultwarden Web Vault")) + wait.until(EC.title_contains("Vaults")) - driver.find_element(By.XPATH, "//button[contains(., 'Add item')]").click() + driver.find_element(By.XPATH, "//button[contains(., 'New item')]").click() driver.find_element(By.CSS_SELECTOR, 'input#name').send_keys( 'secrets' diff --git a/nixos/tests/zfs.nix b/nixos/tests/zfs.nix index 3e55369daa06a..bcb9d9bcfd60d 100644 --- a/nixos/tests/zfs.nix +++ b/nixos/tests/zfs.nix @@ -12,6 +12,7 @@ let then pkgs.zfsUnstable.latestCompatibleLinuxPackages else pkgs.linuxPackages , enableUnstable ? false + , enableSystemdStage1 ? false , extraTest ? "" }: makeTest { @@ -36,6 +37,7 @@ let boot.kernelPackages = kernelPackage; boot.supportedFilesystems = [ "zfs" ]; boot.zfs.enableUnstable = enableUnstable; + boot.initrd.systemd.enable = enableSystemdStage1; environment.systemPackages = [ pkgs.parted ]; @@ -176,6 +178,11 @@ in { enableUnstable = true; }; + unstableWithSystemdStage1 = makeZfsTest "unstable" { + enableUnstable = true; + enableSystemdStage1 = true; + }; + installer = (import ./installer.nix { }).zfsroot; expand-partitions = makeTest { |