32 lines
883 B
Nix
32 lines
883 B
Nix
|
import ./make-test-python.nix ({ lib, ... }:
|
||
|
{
|
||
|
name = "chrony";
|
||
|
|
||
|
meta = {
|
||
|
maintainers = with lib.maintainers; [ fpletz ];
|
||
|
};
|
||
|
|
||
|
nodes = {
|
||
|
default = {
|
||
|
services.chrony.enable = true;
|
||
|
};
|
||
|
graphene-hardened = {
|
||
|
services.chrony.enable = true;
|
||
|
services.chrony.enableMemoryLocking = true;
|
||
|
environment.memoryAllocator.provider = "graphene-hardened";
|
||
|
# dhcpcd privsep is incompatible with graphene-hardened
|
||
|
networking.useNetworkd = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
testScript = {nodes, ...} : let
|
||
|
graphene-hardened = nodes.graphene-hardened.system.build.toplevel;
|
||
|
in ''
|
||
|
default.start()
|
||
|
default.wait_for_unit('multi-user.target')
|
||
|
default.succeed('systemctl is-active chronyd.service')
|
||
|
default.succeed('${graphene-hardened}/bin/switch-to-configuration test')
|
||
|
default.succeed('systemctl is-active chronyd.service')
|
||
|
'';
|
||
|
})
|