lib/build-vms.nix contains a function `buildVirtualNetwork' that
takes a specification of a network of machines (as an attribute set
of NixOS machine configurations) and builds a script that starts
each configuration in a separate QEMU/KVM VM and connects them
together in a virtual network. This script can be run manually to
test the VMs interactively. There is also a function `runTests'
that starts and runs the virtual network in a derivation, and
then executes a test specification that tells the VMs to do certain
things (i.e., letting one VM send an HTTP request to a webserver on
another VM). The tests are written in Perl (for now).
tests/subversion.nix shows a simple example, namely a network of two
machines: a webserver that runs the Subversion subservice, and a
client. Apache, Subversion and a few other packages are built with
coverage analysis instrumentation. For instance,
$ nix-build tests/subversion.nix -A vms
$ ./result/bin/run-vms
starts two QEMU/KVM instances. When they have finished booting, the
webserver can be accessed from the host through
http://localhost:8081/.
It also has a small test suite:
$ nix-build tests/subversion.nix -A report
This runs the VMs in a derivation, runs the tests, and then produces
a distributed code coverage analysis report (i.e. it shows the
combined coverage on both machines).
The Perl test driver program is in lib/test-driver. It executes
commands on the guest machines by connecting to a root shell running
on port 514 (provided by modules/testing/test-instrumentation.nix).
The VMs are connected together in a virtual network using QEMU's
multicast feature. This isn't very secure. At the very least,
other processes on the same machine can listen to or send packets on
the virtual network. On the plus side, we don't need to be root to
set up a multicast virtual network, so we can do it from a
derivation. Maybe we can use VDE instead.
(Moved from the vario repository.)
svn path=/nixos/trunk/; revision=16899
into one argument "modules".
* release.nix: fixed the manual job.
* ISO generation: break an infinite recursion. Don't know why this
suddenly happens. Probably because of the nixpkgs.config change,
but I don't see why. Maybe the option evaluation is too strict.
svn path=/nixos/trunk/; revision=16878
be set from the NixOS configuration. For instance, you can say
nixpkgs.config.firefox.enableGeckoMediaPlayer = true;
environment.systemPackages = [ pkgs.firefox ];
but the more interesting application is to apply global overrides to
Nixpkgs throughout NixOS, e.g.
nixpkgs.config.packageOverrides = pkgs:
{ glibc = pkgs.glibc27;
gcc = pkgs.gcc42;
};
would build the whole system with Glibc 2.7 and GCC 4.2. (There are
some issues with "useFromStdenv" in all-packages.nix that need to be
fixed for packages in the stdenv bootstrap though.)
The implementation of this option is kind of evil though due to the
need to prevent a circularity between the evaluation of
nixpkgs.config and the "pkgs" module argument.
svn path=/nixos/trunk/; revision=16866
separate module, which just declares a configuration value that
causes the xinetd module to add it to xinetd.conf. Also Nixified
the service declarations to abstract over the inetd implementation.
* Renamed the services.xinetd.tftpd options to services.tftpd. The
fact that the tftpd module uses xinetd is an implementation detail.
* xinetd: use -dontfork to let Upstart monitor it, and use -syslog to
get error messages at startup.
svn path=/nixos/trunk/; revision=16803
* Let ConsoleKit track the current logins instead of pam_console.
Udev now takes care of setting the device permissions to the active
user. This works much better, since pam_console wouldn't apply
permissions to new (hot-plugged) devices. Also, the udev+ConsoleKit
approach supports user switching. (We don't have that for X yet,
but it already works for logins on virtual consoles: if you switch
between different users on differents VCs with Alt+Fn, the device
ownership will be changed automatically.)
svn path=/nixos/trunk/; revision=16743
the bus daemon can start on demand). ConsoleKit and PolicyKit need
this. This requires a setuid wrapper for dbus-daemon-launch-helper,
as well as a "messagebus" group.
svn path=/nixos/trunk/; revision=16736
mkOption argument, because then we lose them if somebody sets
security.setuidPrograms somewhere else. (Shouldn't "default" be
merged as well?)
svn path=/nixos/trunk/; revision=16734
programs require that the mode is 4550 so that execution of the
setuid program can be restricted to members of a group.
* setuid-wrappers: remove a race condition in the creation of the
wrappers if the ownership or mode was different than root:root and
4555.
* setuid-wrappers: allow the full path of the wrapped program to be
specified, rather than looking it up in $PATH.
svn path=/nixos/trunk/; revision=16733
option security.pam.services containing the list of PAM services.
For instance, the SLiM module simply declares:
security.pam.services = [ { name = "slim"; localLogin = true; } ];
svn path=/nixos/trunk/; revision=16729