blob: 578b1e32d50c9fb41551a4739426d587481bd8f5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
import ./make-test-python.nix ({ lib, ... }:
{
name = "chrony";
meta = {
maintainers = with lib.maintainers; [ fpletz ];
};
nodes = {
default = {
services.chrony.enable = true;
};
graphene-hardened = {
services.chrony.enable = true;
services.chrony.enableMemoryLocking = true;
environment.memoryAllocator.provider = "graphene-hardened";
# dhcpcd privsep is incompatible with graphene-hardened
networking.useNetworkd = true;
};
};
testScript = {nodes, ...} : let
graphene-hardened = nodes.graphene-hardened.system.build.toplevel;
in ''
default.start()
default.wait_for_unit('multi-user.target')
default.succeed('systemctl is-active chronyd.service')
default.succeed('${graphene-hardened}/bin/switch-to-configuration test')
default.succeed('systemctl is-active chronyd.service')
'';
})
|