From 91ac1d2bb7774a364ed88799c7e0d7aef7e8c7b6 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 28 Apr 2021 14:38:43 +0700 Subject: [PATCH 1/7] improve bwrap usage (no / / bind) --- default.nix | 60 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 45 insertions(+), 15 deletions(-) diff --git a/default.nix b/default.nix index 2a20592..47578f2 100644 --- a/default.nix +++ b/default.nix @@ -207,36 +207,64 @@ let else existingGit="\$(PATH="\$PATH_OLD:\$PATH" which git 2>&3)" || existingGit= - # if git doesn't exist or if we're on a nixos, we need to install git - # in the wrapped environment. + # if git doesn't exist or resides in /nix/store/*, we need to install git + # inside the wrapped environment. if [ -z "\$existingGit" ] || [[ "\$(realpath \$existingGit)" == /nix/store/* ]] ; then doInstallGit=true else doInstallGit=false - # bind the old git to \$NP_LOCATION/.nix-portable/git/bin fi fi - collectProotBinds(){ + storePathOfFile(){ + file=\$(realpath \$1) + sPath="\$(echo \$file | awk -F "/" 'BEGIN{OFS="/";}{print \$2,\$3,\$4}')" + echo "/\$sPath" + } + + + collectBinds(){ ### gather paths to bind for proot # we cannot bind / to / without running into a lot of trouble, therefore # we need to collect all top level directories and bind them inside an empty root - paths="\$(find / -mindepth 1 -maxdepth 1)" - paths="\$paths /etc/host.conf /etc/hosts /etc/hosts.equiv /etc/mtab /etc/netgroup /etc/networks /etc/passwd /etc/group /etc/nsswitch.conf /etc/resolv.conf /etc/localtime $HOME" + pathsTopLevel="\$(find / -mindepth 1 -maxdepth 1 -not -name nix -not -name dev)" + toBind="" + for p in \$pathsTopLevel; do + if [ -e "\$p" ]; then + real=\$(realpath \$p) + if [ -e "\$real" ]; then + if [[ "\$real" == /nix/store/* ]]; then + storePath=\$(storePathOfFile \$real) + toBind="\$toBind \$storePath \$storePath" + else + toBind="\$toBind \$real \$p" + fi + fi + fi + done + + + # TODO: add /var/run/dbus/system_bus_socket + paths="/etc/host.conf /etc/hosts /etc/hosts.equiv /etc/mtab /etc/netgroup /etc/networks /etc/passwd /etc/group /etc/nsswitch.conf /etc/resolv.conf /etc/localtime \$HOME" + for p in \$paths; do if [ -e "\$p" ]; then real=\$(realpath \$p) - [ -e "\$real" ] && toBind="\$toBind \$real \$p" + if [ -e "\$real" ]; then + if [[ "\$real" == /nix/store/* ]]; then + storePath=\$(storePathOfFile \$real) + toBind="\$toBind \$storePath \$storePath" + else + toBind="\$toBind \$real \$real" + fi + fi fi done - } - collectBwrapBinds(){ - toBind="" # if we're on a nixos, the /bin/sh symlink will point # to a /nix/store path which doesn't exit inside the wrapped env # we fix this by binding busybox/bin to /bin @@ -245,6 +273,7 @@ let fi } + makeBindArgs(){ arg=\$1; shift sep=\$1; shift @@ -272,7 +301,7 @@ let debug "proot executable: \$NP_PROOT" if [ -z "\$NP_RUNTIME" ]; then # check if bwrap works properly - if \$NP_BWRAP --bind / / --bind \$dir/ /nix --bind \$dir/busybox/bin/busybox "\$dir/true" "\$dir/true" 2>&3 ; then + if \$NP_BWRAP --bind \$dir/emptyroot / --bind \$dir/ /nix --bind \$dir/busybox/bin/busybox "\$dir/true" "\$dir/true" 2>&3 ; then debug "bwrap seems to work on this system -> will use bwrap" NP_RUNTIME=bwrap else @@ -283,20 +312,21 @@ let debug "runtime selected via NP_RUNTIME : \$NP_RUNTIME" fi if [ "\$NP_RUNTIME" == "bwrap" ]; then - collectBwrapBinds + collectBinds makeBindArgs --bind " " \$toBind \$sslBind run="\$NP_BWRAP \$BWRAP_ARGS \\ - --bind / /\\ + --bind \$dir/emptyroot /\\ --dev-bind /dev /dev\\ --bind \$dir/ /nix\\ \$binds" # --bind \$dir/busybox/bin/busybox /bin/sh\\ else # proot - collectProotBinds + collectBinds makeBindArgs -b ":" \$toBind \$sslBind run="\$NP_PROOT \$PROOT_ARGS\\ - -R \$dir/emptyroot\\ + -r \$dir/emptyroot\\ + -b /dev:/dev\\ -b \$dir/store:/nix/store\\ \$binds" # -b \$dir/busybox/bin/busybox:/bin/sh\\ From c2ff4440d6512cc94f69d1c03372bd99df7fba30 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 28 Apr 2021 14:39:05 +0700 Subject: [PATCH 2/7] prepare for parallel testing --- flake.nix | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index b999093..5ecc784 100644 --- a/flake.nix +++ b/flake.nix @@ -94,9 +94,11 @@ (inp.flake-utils.lib.eachDefaultSystem (system: let pkgs = inp.nixpkgs.legacyPackages."${system}"; in rec { devShell = pkgs.mkShell { buildInputs = with pkgs; [ + bashInteractive libguestfs-with-appliance + parallel + proot qemu - bashInteractive ]; }; packages.nix-portable = nixPortableForSystem { inherit system; }; @@ -112,17 +114,25 @@ #!/usr/bin/env bash set -e + if [ -n "$RAND_PORT" ]; then + # derive ssh port number from os name, to gain ability to run this in parallel without collision + osHash=$((0x"$(echo ${os} | sha256sum | cut -d " " -f 1)")) && [ "$r" -lt 0 ] && ((r *= -1)) + port=$(( ($osHash % 55535) + 10000 )) + else + port=10022 + fi + img=${fetchurl { inherit (testImages."${os}") url sha256 ;}} pubKey=${./testing}/id_ed25519.pub privKey=${./testing}/id_ed25519 nixPortable=${packages.nix-portable}/bin/nix-portable - ssh="${pkgs.openssh}/bin/ssh -p 10022 -i $privKey -o StrictHostKeyChecking=no test@localhost" - sshRoot="${pkgs.openssh}/bin/ssh -p 10022 -i $privKey -o StrictHostKeyChecking=no root@localhost" + ssh="${pkgs.openssh}/bin/ssh -p $port -i $privKey -o StrictHostKeyChecking=no test@localhost" + sshRoot="${pkgs.openssh}/bin/ssh -p $port -i $privKey -o StrictHostKeyChecking=no root@localhost" setup_and_start_vm() { - cat $img > /tmp/img + cat $img > /tmp/${os}-img - ${pkgs.libguestfs-with-appliance}/bin/virt-customize -a /tmp/img \ + ${pkgs.libguestfs-with-appliance}/bin/virt-customize -a /tmp/${os}-img \ --run-command 'useradd test && mkdir -p /home/test && chown test.test /home/test' \ --run-command 'ssh-keygen -A' \ --ssh-inject test:file:$pubKey \ @@ -133,10 +143,10 @@ --selinux-relabel ${pkgs.qemu}/bin/qemu-kvm \ - -hda /tmp/img \ - -m 2048 \ + -hda /tmp/${os}-img \ + -m 1500 \ -cpu max \ - -netdev user,hostfwd=tcp::10022-:22,id=n1 \ + -netdev user,hostfwd=tcp::$port-:22,id=n1 \ -device virtio-net-pci,netdev=n1 \ ${optionalString (! debug) "-nographic"} \ & @@ -155,7 +165,7 @@ ${optionalString debug '' $sshRoot "rm -rf /home/test/nix-portable" - scp -P 10022 -i $privKey -o StrictHostKeyChecking=no ${packages.nix-portable}/bin/nix-portable test@localhost:/home/test/nix-portable + scp -P $port -i $privKey -o StrictHostKeyChecking=no ${packages.nix-portable}/bin/nix-portable test@localhost:/home/test/nix-portable ''} echo -e "\n\nstarting to test nix-portable" @@ -175,6 +185,16 @@ makeQemuPipelines true // makeQemuPipelines false # add // { + job-qemu-all.type = "app"; + job-qemu-all.program = let + jobs = (mapAttrsToList (n: v: v.program) (filterAttrs (n: v: + hasPrefix "job-qemu" n && ! hasSuffix "debug" n && ! hasSuffix "all" n + ) apps)); + in + toString (pkgs.writeScript "job-docker-debian" '' + #!/usr/bin/env bash + RAND_PORT=y ${pkgs.parallel}/bin/parallel bash ::: ${toString jobs} + ''); job-docker-debian.type = "app"; job-docker-debian.program = toString (pkgs.writeScript "job-docker-debian" '' #!/usr/bin/env bash @@ -209,7 +229,7 @@ job-local.program = toString (pkgs.writeScript "job-local" '' #!/usr/bin/env bash set -e - export NP_DEBUG=1 + export NP_DEBUG=''${NP_DEBUG:-1} ${concatStringsSep "\n" (map (cmd: ''${packages.nix-portable}/bin/nix-portable ${cmd}'' ) commandsToTest)} From 478658e9f1e63cda5e9c3f91c9d46a8d548cba45 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 28 Apr 2021 15:38:09 +0700 Subject: [PATCH 3/7] always test all runtimes --- flake.nix | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 5ecc784..9bc9115 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,8 @@ centos7 = { url = "https://cloud.centos.org/altarch/7/images/CentOS-7-x86_64-GenericCloud-2009.qcow2c"; sha256 = "09wqzlhb858qm548ak4jj4adchxn7rgf5fq778hrc52rjqym393v"; + # user namespaces are disabled on centos 7 + excludeRuntimes = [ "bwrap" ]; }; centos8 = { url = "https://cloud.centos.org/altarch/8/x86_64/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.x86_64.qcow2"; @@ -48,10 +50,12 @@ # test git ''nix eval --impure --expr 'builtins.fetchGit {url="https://github.com/davhau/nix-portable"; rev="7ebf4ca972c6613983b2698ab7ecda35308e9886";}' '' # test importing and building hello works - "nix build -L --impure --expr '(import {}).hello.overrideAttrs(_:{change=1;})'" + ''nix build -L --impure --expr '(import {}).hello.overrideAttrs(_:{change="_var_";})' '' # test running a program from the nix store "nix-shell -p hello --run hello" ]; + + varyCommands = anyStr: forEach commandsToTest (cmd: replaceStrings [ "_var_" ] [ anyStr ] cmd); nixPortableForSystem = { system, crossSystem ? null, }: let @@ -105,7 +109,9 @@ defaultPackage = packages.nix-portable; apps = let - makeQemuPipelines = debug: mapAttrs' (os: img: + makeQemuPipelines = debug: mapAttrs' (os: img: let + runtimes = filter (runtime: ! elem runtime (testImages."${os}".excludeRuntimes or []) ) [ "bwrap" "proot" ]; + in nameValuePair "job-qemu-${os}${optionalString debug "-debug"}" { @@ -115,7 +121,7 @@ set -e if [ -n "$RAND_PORT" ]; then - # derive ssh port number from os name, to gain ability to run this in parallel without collision + # derive ssh port number from os name, to gain ability to run these jobs in parallel without collision osHash=$((0x"$(echo ${os} | sha256sum | cut -d " " -f 1)")) && [ "$r" -lt 0 ] && ((r *= -1)) port=$(( ($osHash % 55535) + 10000 )) else @@ -172,9 +178,11 @@ # test some nix commands NP_DEBUG=''${NP_DEBUG:-1} - ${concatStringsSep "\n" (map (cmd: - ''$ssh "NP_DEBUG=$NP_DEBUG NP_MINIMAL=$NP_MINIMAL /home/test/nix-portable ${replaceStrings [''"''] [''\"''] cmd} " '' - ) commandsToTest)} + ${concatStringsSep "\n\n" (forEach runtimes (runtime: + concatStringsSep "\n" (map (cmd: + ''$ssh "NP_RUNTIME=${runtime} NP_DEBUG=$NP_DEBUG NP_MINIMAL=$NP_MINIMAL /home/test/nix-portable ${replaceStrings [''"''] [''\"''] cmd} " '' + ) (varyCommands runtime)) + ))} echo "all tests succeeded" ''); @@ -207,6 +215,7 @@ -e NP_DEBUG \ -e NP_MINIMAL" ${concatStringsSep "\n" (map (cmd: "$baseCmd debian /nix-portable ${cmd}") commandsToTest)} + echo "all tests succeeded" ''); job-docker-debian-debug.type = "app"; job-docker-debian-debug.program = toString (pkgs.writeScript "job-docker-debian-debug" '' @@ -224,15 +233,19 @@ else ${concatStringsSep "\n" (map (cmd: "$baseCmd -it debian /nix-portable ${cmd}") commandsToTest)} fi + echo "all tests succeeded" ''); job-local.type = "app"; job-local.program = toString (pkgs.writeScript "job-local" '' #!/usr/bin/env bash set -e export NP_DEBUG=''${NP_DEBUG:-1} - ${concatStringsSep "\n" (map (cmd: - ''${packages.nix-portable}/bin/nix-portable ${cmd}'' - ) commandsToTest)} + ${concatStringsSep "\n\n" (forEach [ "bwrap" "proot" ] (runtime: + concatStringsSep "\n" (map (cmd: + ''${packages.nix-portable}/bin/nix-portable ${cmd}'' + ) commandsToTest) + ))} + echo "all tests succeeded" ''); }; })) From dfe84db8bd397c64161ee78ac132b318c1a0f68a Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 28 Apr 2021 16:33:04 +0700 Subject: [PATCH 4/7] add test for nixos; disable bwrap for debian --- .github/workflows/nix-portable.yml | 2 +- flake.nix | 33 +++++++++++++++++++++--------- testing/nixos-qcow2.nix | 23 +++++++++++++++++++++ 3 files changed, 47 insertions(+), 11 deletions(-) create mode 100644 testing/nixos-qcow2.nix diff --git a/.github/workflows/nix-portable.yml b/.github/workflows/nix-portable.yml index 9fd48b3..a3e6618 100644 --- a/.github/workflows/nix-portable.yml +++ b/.github/workflows/nix-portable.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - qemu_os: [ arch, centos7, centos8, debian, ubuntu ] + qemu_os: [ arch, centos7, centos8, debian, nixos, ubuntu ] steps: - uses: actions/checkout@v2 diff --git a/flake.nix b/flake.nix index 9bc9115..bfa1be9 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,14 @@ debian = { url = "https://cdimage.debian.org/cdimage/openstack/archive/10.9.0/debian-10.9.0-openstack-amd64.qcow2"; sha256 = "0mf9k3pgzighibly1sy3cjq7c761r3akp8mlgd878lwf006vqrky"; + # permissions for user namespaces not enabled by default + excludeRuntimes = [ "bwrap" ]; + }; + nixos = { + img = (toString (nixosSystem { + system = "x86_64-linux"; + modules = [(import ./testing/nixos-qcow2.nix)]; + }).config.system.build.qcow) + "/nixos.qcow2"; }; ubuntu = { url = "https://cloud-images.ubuntu.com/focal/20210415/focal-server-cloudimg-amd64.img"; @@ -111,6 +119,9 @@ let makeQemuPipelines = debug: mapAttrs' (os: img: let runtimes = filter (runtime: ! elem runtime (testImages."${os}".excludeRuntimes or []) ) [ "bwrap" "proot" ]; + img = + if testImages."${os}" ? img then testImages."${os}".img + else fetchurl { inherit (testImages."${os}") url sha256 ;}; in nameValuePair "job-qemu-${os}${optionalString debug "-debug"}" @@ -128,7 +139,7 @@ port=10022 fi - img=${fetchurl { inherit (testImages."${os}") url sha256 ;}} + img=${img} pubKey=${./testing}/id_ed25519.pub privKey=${./testing}/id_ed25519 nixPortable=${packages.nix-portable}/bin/nix-portable @@ -138,15 +149,17 @@ setup_and_start_vm() { cat $img > /tmp/${os}-img - ${pkgs.libguestfs-with-appliance}/bin/virt-customize -a /tmp/${os}-img \ - --run-command 'useradd test && mkdir -p /home/test && chown test.test /home/test' \ - --run-command 'ssh-keygen -A' \ - --ssh-inject test:file:$pubKey \ - --ssh-inject root:file:$pubKey \ - --copy-in $nixPortable:/home/test/ \ - ${concatStringsSep " " (testImages."${os}".extraVirtCustomizeCommands or [])} \ - ${optionalString debug "--root-password file:${pkgs.writeText "pw" "root"}"} \ - --selinux-relabel + if [ "${os}" != "nixos" ]; then + ${pkgs.libguestfs-with-appliance}/bin/virt-customize -a /tmp/${os}-img \ + --run-command 'useradd test && mkdir -p /home/test && chown test.test /home/test' \ + --run-command 'ssh-keygen -A' \ + --ssh-inject test:file:$pubKey \ + --ssh-inject root:file:$pubKey \ + --copy-in $nixPortable:/home/test/ \ + ${concatStringsSep " " (testImages."${os}".extraVirtCustomizeCommands or [])} \ + ${optionalString debug "--root-password file:${pkgs.writeText "pw" "root"}"} \ + --selinux-relabel + fi ${pkgs.qemu}/bin/qemu-kvm \ -hda /tmp/${os}-img \ diff --git a/testing/nixos-qcow2.nix b/testing/nixos-qcow2.nix new file mode 100644 index 0000000..f4f1c4c --- /dev/null +++ b/testing/nixos-qcow2.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, modulesPath, ... }: +with builtins; +{ + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + autoResize = true; + fsType = "ext4"; + }; + + boot.loader.grub.device = lib.mkDefault "/dev/vda"; + boot.loader.timeout = 0; + + users.users.test.isNormalUser = true; + users.users.test.openssh.authorizedKeys.keys = [ (readFile ./id_ed25519.pub) ]; + users.users.root.openssh.authorizedKeys.keys = config.users.users.test.openssh.authorizedKeys.keys; + services.openssh.enable = true; + + system.build.qcow = import "${toString modulesPath}/../lib/make-disk-image.nix" { + inherit lib config pkgs; + diskSize = 8192; + format = "qcow2"; + }; +} \ No newline at end of file From 22dc4244ab13933d0036548d0dcfd26bb89b7c2c Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 28 Apr 2021 16:49:32 +0700 Subject: [PATCH 5/7] fake KVM capability for action --- .github/workflows/nix-portable.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/nix-portable.yml b/.github/workflows/nix-portable.yml index a3e6618..da58e36 100644 --- a/.github/workflows/nix-portable.yml +++ b/.github/workflows/nix-portable.yml @@ -58,6 +58,7 @@ jobs: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install extra_nix_config: | experimental-features = nix-command flakes + system-features = benchmark big-parallel kvm nixos-test recursive-nix - uses: cachix/cachix-action@v8 with: From a0ea21aff4afc8e4aeec89c241b60e9fde32e1ab Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 28 Apr 2021 17:02:10 +0700 Subject: [PATCH 6/7] use scp to uplaod nix-portable to vm --- flake.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index bfa1be9..b4fd4f3 100644 --- a/flake.nix +++ b/flake.nix @@ -155,7 +155,6 @@ --run-command 'ssh-keygen -A' \ --ssh-inject test:file:$pubKey \ --ssh-inject root:file:$pubKey \ - --copy-in $nixPortable:/home/test/ \ ${concatStringsSep " " (testImages."${os}".extraVirtCustomizeCommands or [])} \ ${optionalString debug "--root-password file:${pkgs.writeText "pw" "root"}"} \ --selinux-relabel @@ -182,10 +181,9 @@ sleep 1 done - ${optionalString debug '' - $sshRoot "rm -rf /home/test/nix-portable" - scp -P $port -i $privKey -o StrictHostKeyChecking=no ${packages.nix-portable}/bin/nix-portable test@localhost:/home/test/nix-portable - ''} + # upload the nix-portable executable + ${pkgs.openssh}/bin/scp -P $port -i $privKey -o StrictHostKeyChecking=no ${packages.nix-portable}/bin/nix-portable test@localhost:/home/test/nix-portable + echo -e "\n\nstarting to test nix-portable" From 98e1acc253ee7abd21d3a71ed31cb8cc0b43e764 Mon Sep 17 00:00:00 2001 From: DavHau Date: Wed, 28 Apr 2021 17:27:05 +0700 Subject: [PATCH 7/7] use iso image for nixos qemu test --- .github/workflows/nix-portable.yml | 1 - flake.nix | 5 +++-- testing/nixos-iso.nix | 29 +++++++++++++++++++++++++++++ testing/nixos-qcow2.nix | 23 ----------------------- 4 files changed, 32 insertions(+), 26 deletions(-) create mode 100644 testing/nixos-iso.nix delete mode 100644 testing/nixos-qcow2.nix diff --git a/.github/workflows/nix-portable.yml b/.github/workflows/nix-portable.yml index da58e36..a3e6618 100644 --- a/.github/workflows/nix-portable.yml +++ b/.github/workflows/nix-portable.yml @@ -58,7 +58,6 @@ jobs: install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install extra_nix_config: | experimental-features = nix-command flakes - system-features = benchmark big-parallel kvm nixos-test recursive-nix - uses: cachix/cachix-action@v8 with: diff --git a/flake.nix b/flake.nix index b4fd4f3..6ab82e1 100644 --- a/flake.nix +++ b/flake.nix @@ -40,10 +40,11 @@ excludeRuntimes = [ "bwrap" ]; }; nixos = { + # use iso image for nixos because building a qcow2 would require KVM img = (toString (nixosSystem { system = "x86_64-linux"; - modules = [(import ./testing/nixos-qcow2.nix)]; - }).config.system.build.qcow) + "/nixos.qcow2"; + modules = [(import ./testing/nixos-iso.nix)]; + }).config.system.build.isoImage) + "/iso/nixos.iso"; }; ubuntu = { url = "https://cloud-images.ubuntu.com/focal/20210415/focal-server-cloudimg-amd64.img"; diff --git a/testing/nixos-iso.nix b/testing/nixos-iso.nix new file mode 100644 index 0000000..a66740e --- /dev/null +++ b/testing/nixos-iso.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, modulesPath, ... }: +with builtins; +with lib; +{ + imports = [ + "${toString modulesPath}/installer/cd-dvd/iso-image.nix" + ]; + + boot.loader.timeout = mkForce 0; + + fileSystems."/" = { + fsType = "tmpfs"; + options = [ "mode=0755" "size=2G" ]; + }; + + # EFI booting + isoImage.makeEfiBootable = true; + + # USB booting + isoImage.makeUsbBootable = true; + + isoImage.squashfsCompression = "zstd -Xcompression-level 5"; + + users.users.test.isNormalUser = true; + users.users.test.openssh.authorizedKeys.keys = [ (readFile ./id_ed25519.pub) ]; + users.users.root.openssh.authorizedKeys.keys = config.users.users.test.openssh.authorizedKeys.keys; + services.openssh.enable = true; + +} \ No newline at end of file diff --git a/testing/nixos-qcow2.nix b/testing/nixos-qcow2.nix deleted file mode 100644 index f4f1c4c..0000000 --- a/testing/nixos-qcow2.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -with builtins; -{ - fileSystems."/" = { - device = "/dev/disk/by-label/nixos"; - autoResize = true; - fsType = "ext4"; - }; - - boot.loader.grub.device = lib.mkDefault "/dev/vda"; - boot.loader.timeout = 0; - - users.users.test.isNormalUser = true; - users.users.test.openssh.authorizedKeys.keys = [ (readFile ./id_ed25519.pub) ]; - users.users.root.openssh.authorizedKeys.keys = config.users.users.test.openssh.authorizedKeys.keys; - services.openssh.enable = true; - - system.build.qcow = import "${toString modulesPath}/../lib/make-disk-image.nix" { - inherit lib config pkgs; - diskSize = 8192; - format = "qcow2"; - }; -} \ No newline at end of file