From 16d594a0e2017bfa8b24051f4697d8debc240bfb Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:27:05 +0200 Subject: lib.types.pkgs: init A nominal type. --- lib/types.nix | 8 ++++++++ nixos/doc/manual/development/option-types.section.md | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/lib/types.nix b/lib/types.nix index e0da18a2febb9..373d0ce7876f9 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -476,6 +476,14 @@ rec { check = x: isDerivation x && hasAttr "shellPath" x; }; + pkgs = addCheck + (unique { message = "A Nixpkgs pkgs set can not be merged with another pkgs set."; } attrs // { + name = "pkgs"; + descriptionClass = "noun"; + description = "Nixpkgs package set"; + }) + (x: (x._type or null) == "pkgs"); + path = mkOptionType { name = "path"; descriptionClass = "noun"; diff --git a/nixos/doc/manual/development/option-types.section.md b/nixos/doc/manual/development/option-types.section.md index 9e2ecb8e35626..9e156ebff9d3e 100644 --- a/nixos/doc/manual/development/option-types.section.md +++ b/nixos/doc/manual/development/option-types.section.md @@ -99,6 +99,10 @@ merging is handled. problems. ::: +`types.pkgs` + +: A type for the top level Nixpkgs package set. + ### Numeric types {#sec-option-types-numeric} `types.int` -- cgit 1.4.1 From 6e594fedb353d8c75e0ee0527e2d821d30568c82 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:32:10 +0200 Subject: nixos/nixpkgs: Use types.pkgs --- nixos/modules/misc/nixpkgs.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix index 7f44c3f6f3f0e..55ec08acf4453 100644 --- a/nixos/modules/misc/nixpkgs.nix +++ b/nixos/modules/misc/nixpkgs.nix @@ -49,10 +49,10 @@ let merge = lib.mergeOneOption; }; - pkgsType = mkOptionType { - name = "nixpkgs"; + pkgsType = types.pkgs // { + # This type is only used by itself, so let's elaborate the description a bit + # for the purpose of documentation. description = "An evaluation of Nixpkgs; the top level attribute set of packages"; - check = builtins.isAttrs; }; # Whether `pkgs` was constructed by this module - not if nixpkgs.pkgs or -- cgit 1.4.1 From 693e2c32871dcea7fe2ef455ee77571d3a117499 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:33:47 +0200 Subject: nixos/eval-config: Remove statically known mkIf mkIf is unnecessary when the condition is statically known - that is knowable before entering the module evaluation. By changing this to a precomputed module, we support changing the defined options to readOnly options. --- nixos/lib/eval-config.nix | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix index 1e086271e5236..058ab7280ccc3 100644 --- a/nixos/lib/eval-config.nix +++ b/nixos/lib/eval-config.nix @@ -38,6 +38,8 @@ let pkgs_ = pkgs; in let + inherit (lib) optional; + evalModulesMinimal = (import ./default.nix { inherit lib; # Implicit use of feature is noted in implementation. @@ -47,15 +49,19 @@ let pkgsModule = rec { _file = ./eval-config.nix; key = _file; - config = { - # Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override - # this. Since the latter defaults to the former, the former should - # default to the argument. That way this new default could propagate all - # they way through, but has the last priority behind everything else. - nixpkgs.system = lib.mkIf (system != null) (lib.mkDefault system); - - _module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_); - }; + config = lib.mkMerge ( + (optional (system != null) { + # Explicit `nixpkgs.system` or `nixpkgs.localSystem` should override + # this. Since the latter defaults to the former, the former should + # default to the argument. That way this new default could propagate all + # they way through, but has the last priority behind everything else. + nixpkgs.system = lib.mkDefault system; + }) + ++ + (optional (pkgs_ != null) { + _module.args.pkgs = lib.mkForce pkgs_; + }) + ); }; withWarnings = x: -- cgit 1.4.1 From e5db80ae487b59b4e9f950d68983ffb0575e26c6 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:37:28 +0200 Subject: nixosModules.pkgsReadOnly: init --- flake.nix | 13 ++++++ nixos/modules/misc/nixpkgs/read-only.nix | 74 ++++++++++++++++++++++++++++++++ nixos/modules/misc/nixpkgs/test.nix | 59 +++++++++++++++++++++++++ 3 files changed, 146 insertions(+) create mode 100644 nixos/modules/misc/nixpkgs/read-only.nix diff --git a/flake.nix b/flake.nix index f9442d8ea2d2c..fa00bffcdf92f 100644 --- a/flake.nix +++ b/flake.nix @@ -57,6 +57,19 @@ nixosModules = { notDetected = ./nixos/modules/installer/scan/not-detected.nix; + + /* + Make the `nixpkgs.*` configuration read-only. Guarantees that `pkgs` + is the way you initialize it. + + Example: + + { + imports = [ nixpkgs.nixosModules.readOnlyPkgs ]; + nixpkgs.pkgs = nixpkgs.legacyPackages.x86_64-linux; + } + */ + readOnlyPkgs = ./nixos/modules/misc/nixpkgs/read-only.nix; }; }; } diff --git a/nixos/modules/misc/nixpkgs/read-only.nix b/nixos/modules/misc/nixpkgs/read-only.nix new file mode 100644 index 0000000000000..2a783216a9d54 --- /dev/null +++ b/nixos/modules/misc/nixpkgs/read-only.nix @@ -0,0 +1,74 @@ +# A replacement for the traditional nixpkgs module, such that none of the modules +# can add their own configuration. This ensures that the Nixpkgs configuration is +# exactly as the user intends. +# This may also be used as a performance optimization when evaluating multiple +# configurations at once, with a shared `pkgs`. + +# This is a separate module, because merging this logic into the nixpkgs module +# is too burdensome, considering that it is already burdened with legacy. +# Moving this logic into a module does not lose any composition benefits, because +# its purpose is not something that composes anyway. + +{ lib, config, ... }: + +let + cfg = config.nixpkgs; + inherit (lib) mkOption types; + +in +{ + disabledModules = [ + ../nixpkgs.nix + ]; + options = { + nixpkgs = { + pkgs = mkOption { + type = lib.types.pkgs; + description = lib.mdDoc ''The pkgs module argument.''; + }; + config = mkOption { + internal = true; + type = types.unique { message = "nixpkgs.config is set to read-only"; } types.anything; + description = lib.mdDoc '' + The Nixpkgs `config` that `pkgs` was initialized with. + ''; + }; + overlays = mkOption { + internal = true; + type = types.unique { message = "nixpkgs.overlays is set to read-only"; } types.anything; + description = lib.mdDoc '' + The Nixpkgs overlays that `pkgs` was initialized with. + ''; + }; + hostPlatform = mkOption { + internal = true; + readOnly = true; + description = lib.mdDoc '' + The platform of the machine that is running the NixOS configuration. + ''; + }; + buildPlatform = mkOption { + internal = true; + readOnly = true; + description = lib.mdDoc '' + The platform of the machine that built the NixOS configuration. + ''; + }; + # NOTE: do not add the legacy options such as localSystem here. Let's keep + # this module simple and let module authors upgrade their code instead. + }; + }; + config = { + _module.args.pkgs = + # find mistaken definitions + builtins.seq cfg.config + builtins.seq cfg.overlays + builtins.seq cfg.hostPlatform + builtins.seq cfg.buildPlatform + cfg.pkgs; + nixpkgs.config = cfg.pkgs.config; + nixpkgs.overlays = cfg.pkgs.overlays; + nixpkgs.hostPlatform = cfg.pkgs.stdenv.hostPlatform; + nixpkgs.buildPlatform = cfg.pkgs.stdenv.buildPlatform; + }; +} diff --git a/nixos/modules/misc/nixpkgs/test.nix b/nixos/modules/misc/nixpkgs/test.nix index a6d8877ae0700..0536cfc9624a2 100644 --- a/nixos/modules/misc/nixpkgs/test.nix +++ b/nixos/modules/misc/nixpkgs/test.nix @@ -1,3 +1,5 @@ +# [nixpkgs]$ nix-build -A nixosTests.nixpkgs --show-trace + { evalMinimalConfig, pkgs, lib, stdenv }: let eval = mod: evalMinimalConfig { @@ -27,6 +29,47 @@ let let uncheckedEval = lib.evalModules { modules = [ ../nixpkgs.nix module ]; }; in map (ass: ass.message) (lib.filter (ass: !ass.assertion) uncheckedEval.config.assertions); + + readOnlyUndefined = evalMinimalConfig { + imports = [ ./read-only.nix ]; + }; + + readOnlyBad = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = { }; + }; + + readOnly = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + }; + + readOnlyBadConfig = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + nixpkgs.config.allowUnfree = true; # do in pkgs instead! + }; + + readOnlyBadOverlays = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + nixpkgs.overlays = [ (_: _: {}) ]; # do in pkgs instead! + }; + + readOnlyBadHostPlatform = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + nixpkgs.hostPlatform = "foo-linux"; # do in pkgs instead! + }; + + readOnlyBadBuildPlatform = evalMinimalConfig { + imports = [ ./read-only.nix ]; + nixpkgs.pkgs = pkgs; + nixpkgs.buildPlatform = "foo-linux"; # do in pkgs instead! + }; + + throws = x: ! (builtins.tryEval x).success; + in lib.recurseIntoAttrs { invokeNixpkgsSimple = @@ -65,5 +108,21 @@ lib.recurseIntoAttrs { nixpkgs.pkgs = pkgs; } == []; + + # Tests for the read-only.nix module + assert readOnly._module.args.pkgs.stdenv.hostPlatform.system == pkgs.stdenv.hostPlatform.system; + assert throws readOnlyBad._module.args.pkgs.stdenv; + assert throws readOnlyUndefined._module.args.pkgs.stdenv; + assert throws readOnlyBadConfig._module.args.pkgs.stdenv; + assert throws readOnlyBadOverlays._module.args.pkgs.stdenv; + assert throws readOnlyBadHostPlatform._module.args.pkgs.stdenv; + assert throws readOnlyBadBuildPlatform._module.args.pkgs.stdenv; + # read-only.nix does not provide legacy options, for the sake of simplicity + # If you're bothered by this, upgrade your configs to use the new *Platform + # options. + assert !readOnly.options.nixpkgs?system; + assert !readOnly.options.nixpkgs?localSystem; + assert !readOnly.options.nixpkgs?crossSystem; + pkgs.emptyFile; } -- cgit 1.4.1 From cd358fe24eb50358ef5a72c35c92adc62f984ff3 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:38:58 +0200 Subject: nixos/all-tests.nix: Set nixpkgs.system --- nixos/lib/testing/nodes.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index c538ab468c526..e9649e724c359 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -3,11 +3,9 @@ testModuleArgs@{ config, lib, hostPkgs, nodes, ... }: let inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mdDoc; - system = hostPkgs.stdenv.hostPlatform.system; - baseOS = import ../eval-config.nix { - inherit system; + system = null; # use modularly defined system inherit (config.node) specialArgs; modules = [ config.defaults ]; baseModules = (import ../../modules/module-list.nix) ++ @@ -17,11 +15,16 @@ let ({ config, ... }: { virtualisation.qemu.package = testModuleArgs.config.qemu.package; - + }) + ({ + config = { # Ensure we do not use aliases. Ideally this is only set # when the test framework is used by Nixpkgs NixOS tests. nixpkgs.config.allowAliases = false; - }) + # TODO: switch to nixpkgs.hostPlatform and make sure containers-imperative test still evaluates. + nixpkgs.system = hostPkgs.stdenv.hostPlatform.system; + }; + }) testModuleArgs.config.extraBaseModules ]; }; -- cgit 1.4.1 From b213791e7e85ced036ac1f8c41ef07e53d89e83a Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:44:54 +0200 Subject: nixos/all-tests.nix: Add readOnlyPkgs module --- nixos/lib/testing/nodes.nix | 1 + nixos/tests/all-tests.nix | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index e9649e724c359..5a6b30b8f8d5f 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -17,6 +17,7 @@ let virtualisation.qemu.package = testModuleArgs.config.qemu.package; }) ({ + key = "nodes.nix-pkgs"; config = { # Ensure we do not use aliases. Ideally this is only set # when the test framework is used by Nixpkgs NixOS tests. diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 5dd39c9b142fe..643162a2d8636 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -65,6 +65,27 @@ let runTestOn ; + # Using a single instance of nixpkgs makes test evaluation faster. + # To make sure we don't accidentally depend on a modified pkgs, we make the + # related options read-only. We need to test the right configuration. + # + # If your service depends on a nixpkgs setting, first try to avoid that, but + # otherwise, you can remove the readOnlyPkgs import and test your service as + # usual. + readOnlyPkgs = + # TODO: We currently accept this for nixosTests, so that the `pkgs` argument + # is consistent with `pkgs` in `pkgs.nixosTests`. Can we reinitialize + # it with `allowAliases = false`? + # warnIf pkgs.config.allowAliases "nixosTests: pkgs includes aliases." + { + _class = "nixosTest"; + defaults = { + nixpkgs.pkgs = pkgs; + imports = [ ../modules/misc/nixpkgs/read-only.nix ]; + disabledModules = [{ key = "nodes.nix-pkgs"; }]; + }; + }; + in { # Testing the test driver -- cgit 1.4.1 From d0b0f9e441c70253ea4ba42162b5e60057ba6883 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 15:45:11 +0200 Subject: nixosTests.acme: Use a read-only pkgs This speeds up evaluation by a factor 2. Ballpark figures from my machine: ``` $ time nix-build nixos/release.nix -A tests.acme /nix/store/q4fxp55k64clcarsx8xc8f6s10szlfvz-vm-test-run-acme /nix/store/lnfqg051sxx05hclva84bcbnjfc71c8x-vm-test-run-acme real 1m28.142s user 1m7.474s sys 0m7.932s $ time nix-build nixos/release.nix -A tests.acme /nix/store/q4fxp55k64clcarsx8xc8f6s10szlfvz-vm-test-run-acme /nix/store/lnfqg051sxx05hclva84bcbnjfc71c8x-vm-test-run-acme real 0m38.235s user 0m33.814s sys 0m2.283s ``` --- nixos/tests/all-tests.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 643162a2d8636..9abe419b1c03d 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -98,7 +98,7 @@ in { _3proxy = runTest ./3proxy.nix; aaaaxy = runTest ./aaaaxy.nix; - acme = runTest ./acme.nix; + acme = runTest { imports = [ ./acme.nix readOnlyPkgs ]; }; adguardhome = runTest ./adguardhome.nix; aesmd = runTestOn ["x86_64-linux"] ./aesmd.nix; agate = runTest ./web-servers/agate.nix; -- cgit 1.4.1 From f659db7ba28e8474df72cb505c790ff2cf92c1a4 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 17:10:40 +0200 Subject: nixos/testing: Add node.pkgs option By factoring out this logic, it's easier for other projects to make use of it this optimization too (and do it correctly). --- nixos/lib/testing/nodes.nix | 22 +++++++++++++++++++++- nixos/tests/all-tests.nix | 6 +----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index 5a6b30b8f8d5f..d1238a374f248 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -1,7 +1,7 @@ testModuleArgs@{ config, lib, hostPkgs, nodes, ... }: let - inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mdDoc; + inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mkIf mdDoc; baseOS = import ../eval-config.nix { @@ -72,6 +72,19 @@ in default = { }; }; + node.pkgs = mkOption { + description = mdDoc '' + The Nixpkgs to use for the nodes. + + Setting this will make the `nixpkgs.*` options read-only, to avoid mistakenly testing with a Nixpkgs configuration that diverges from regular use. + ''; + type = types.nullOr types.pkgs; + default = null; + defaultText = literalMD '' + `null`, so construct `pkgs` according to the `nixpkgs.*` options as usual. + ''; + }; + node.specialArgs = mkOption { type = types.lazyAttrsOf types.raw; default = { }; @@ -104,5 +117,12 @@ in config.nodes; passthru.nodes = config.nodesCompat; + + defaults = mkIf (config.node.pkgs != null) { + nixpkgs.pkgs = config.node.pkgs; + imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; + disabledModules = [{ key = "nodes.nix-pkgs"; }]; + }; + }; } diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 9abe419b1c03d..ccdd572e5ece5 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -79,11 +79,7 @@ let # warnIf pkgs.config.allowAliases "nixosTests: pkgs includes aliases." { _class = "nixosTest"; - defaults = { - nixpkgs.pkgs = pkgs; - imports = [ ../modules/misc/nixpkgs/read-only.nix ]; - disabledModules = [{ key = "nodes.nix-pkgs"; }]; - }; + node.pkgs = pkgs; }; in { -- cgit 1.4.1 From 0f83261f0e2ccfa116076d1848550d1b6bccc852 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 17:39:08 +0200 Subject: nixos/testing: Add node.pkgsReadOnly escape hatch By adding this option indirection, a test can declare all by itself that it needs a custom nixpkgs. This is a more convenient way of going about this when the caller of the test framework receives a `node.pkgs` unconditionally. --- nixos/lib/testing/nodes.nix | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index d1238a374f248..0197097e8884b 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -1,7 +1,17 @@ testModuleArgs@{ config, lib, hostPkgs, nodes, ... }: let - inherit (lib) mkOption mkForce optional types mapAttrs mkDefault mkIf mdDoc; + inherit (lib) + literalExpression + literalMD + mapAttrs + mdDoc + mkDefault + mkIf + mkOption mkForce + optional + types + ; baseOS = import ../eval-config.nix { @@ -85,6 +95,17 @@ in ''; }; + node.pkgsReadOnly = mkOption { + description = mdDoc '' + Whether to make the `nixpkgs.*` options read-only. This is only relevant when [`node.pkgs`](#test-opt-node.pkgs) is set. + + Set this to `false` when any of the [`nodes`](#test-opt-nodes) needs to configure any of the `nixpkgs.*` options. This will slow down evaluation of your test a bit. + ''; + type = types.bool; + default = config.node.pkgs != null; + defaultText = literalExpression ''node.pkgs != null''; + }; + node.specialArgs = mkOption { type = types.lazyAttrsOf types.raw; default = { }; @@ -118,7 +139,7 @@ in passthru.nodes = config.nodesCompat; - defaults = mkIf (config.node.pkgs != null) { + defaults = mkIf config.node.pkgsReadOnly { nixpkgs.pkgs = config.node.pkgs; imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; disabledModules = [{ key = "nodes.nix-pkgs"; }]; -- cgit 1.4.1 From b0e17891f2d27c2661a5b7a03d77bfec64b508e4 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 17:47:29 +0200 Subject: nixos/testing/nodes.nix: Do not rely on disabledModules It's just not necessary. --- nixos/lib/testing/nodes.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/lib/testing/nodes.nix b/nixos/lib/testing/nodes.nix index 0197097e8884b..6e439fd814db7 100644 --- a/nixos/lib/testing/nodes.nix +++ b/nixos/lib/testing/nodes.nix @@ -10,6 +10,7 @@ let mkIf mkOption mkForce optional + optionalAttrs types ; @@ -26,7 +27,7 @@ let { virtualisation.qemu.package = testModuleArgs.config.qemu.package; }) - ({ + (optionalAttrs (!config.node.pkgsReadOnly) { key = "nodes.nix-pkgs"; config = { # Ensure we do not use aliases. Ideally this is only set @@ -142,7 +143,6 @@ in defaults = mkIf config.node.pkgsReadOnly { nixpkgs.pkgs = config.node.pkgs; imports = [ ../../modules/misc/nixpkgs/read-only.nix ]; - disabledModules = [{ key = "nodes.nix-pkgs"; }]; }; }; -- cgit 1.4.1 From 16e3647337b4cacb8f9200d4e2dfbf2f0ba87a98 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Sun, 7 May 2023 19:25:33 +0200 Subject: nixos/all-tests: Enable readOnlyPkgs by default for runTest Most tests are not affected by this because they use the `handleTest` function instead. --- nixos/tests/all-tests.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index ccdd572e5ece5..ae21f60c03dcf 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -46,7 +46,7 @@ let inherit (rec { doRunTest = arg: ((import ../lib/testing-python.nix { inherit system pkgs; }).evalTest { - imports = [ arg ]; + imports = [ arg readOnlyPkgs ]; }).config.result; findTests = tree: if tree?recurseForDerivations && tree.recurseForDerivations @@ -94,7 +94,7 @@ in { _3proxy = runTest ./3proxy.nix; aaaaxy = runTest ./aaaaxy.nix; - acme = runTest { imports = [ ./acme.nix readOnlyPkgs ]; }; + acme = runTest ./acme.nix; adguardhome = runTest ./adguardhome.nix; aesmd = runTestOn ["x86_64-linux"] ./aesmd.nix; agate = runTest ./web-servers/agate.nix; -- cgit 1.4.1