nixos/tests/hardened: add latestKernel argument
This commit is contained in:
parent
b0d5032ee4
commit
fe031d07f8
2 changed files with 7 additions and 2 deletions
|
@ -160,6 +160,7 @@ in
|
|||
# kubernetes.e2e should eventually replace kubernetes.rbac when it works
|
||||
#kubernetes.e2e = handleTestOn ["x86_64-linux"] ./kubernetes/e2e.nix {};
|
||||
kubernetes.rbac = handleTestOn ["x86_64-linux"] ./kubernetes/rbac.nix {};
|
||||
latestKernel.hardened = handleTest ./hardened.nix { latestKernel = true; };
|
||||
latestKernel.login = handleTest ./login.nix { latestKernel = true; };
|
||||
ldap = handleTest ./ldap.nix {};
|
||||
leaps = handleTest ./leaps.nix {};
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import ./make-test.nix ({ pkgs, ...} : {
|
||||
import ./make-test.nix ({ pkgs, latestKernel ? false, ... } : {
|
||||
name = "hardened";
|
||||
meta = with pkgs.stdenv.lib.maintainers; {
|
||||
maintainers = [ joachifm ];
|
||||
|
@ -10,6 +10,8 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
{ users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
|
||||
users.users.sybil = { isNormalUser = true; group = "wheel"; };
|
||||
imports = [ ../modules/profiles/hardened.nix ];
|
||||
boot.kernelPackages =
|
||||
lib.mkIf latestKernel pkgs.linuxPackages_latest_hardened;
|
||||
environment.memoryAllocator.provider = "graphene-hardened";
|
||||
nix.useSandbox = false;
|
||||
virtualisation.emptyDiskImages = [ 4096 ];
|
||||
|
@ -23,7 +25,9 @@ import ./make-test.nix ({ pkgs, ...} : {
|
|||
options = [ "noauto" ];
|
||||
};
|
||||
};
|
||||
boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
|
||||
boot.extraModulePackages =
|
||||
optional (versionOlder config.boot.kernelPackages.kernel.version "5.6")
|
||||
config.boot.kernelPackages.wireguard;
|
||||
boot.kernelModules = [ "wireguard" ];
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue