The ACME module has long been an important part of every nixos server
deployment and we should therefore make sure the tests are working as
expected before allowing a channel bump to happen.
Related: #197443
With Go 1.19 calls to setrlimit are required for lego to run.
While we could allow setrlimit alone, I think it is not unreasonable to
allow @resources in general.
Closes: #197513
I haven't had time to look into this yet but it looks like opening chrome://gpu
doesn't work anymore without proper GPU rendering (we use software rendering
due to the virtualisation).
According to the console output the new window never opens (at least with
Google Chrome - I couldn't test it with Chromium yet due to the failing builds
for M107 and M108):
```
(finished: sending keys ‘chrome://gpu
‘, in 0.14 seconds)
machine: waiting for a window to appear
machine: must succeed: xwininfo -root -tree | sed 's/.*0x[0-9a-f]* \"\([^\"]*\)\".*/\1/; t; d'
(finished: must succeed: xwininfo -root -tree | sed 's/.*0x[0-9a-f]* \"\([^\"]*\)\".*/\1/; t; d', in 0.05 seconds)
machine # Error: eglChooseConfig returned zero configs
machine # at Create (../../third_party/dawn/src/dawn/native/opengl/ContextEGL.cpp:53)
machine #
machine: must succeed: xwininfo -root -tree | sed 's/.*0x[0-9a-f]* \"\([^\"]*\)\".*/\1/; t; d'
machine # WARNING: lavapipe is not a conformant vulkan implementation, testing use only.
(finished: must succeed: xwininfo -root -tree | sed 's/.*0x[0-9a-f]* \"\([^\"]*\)\".*/\1/; t; d', in 0.06 seconds)
machine: must succeed: xwininfo -root -tree | sed 's/.*0x[0-9a-f]* \"\([^\"]*\)\".*/\1/; t; d'
(finished: must succeed: xwininfo -root -tree | sed 's/.*0x[0-9a-f]* \"\([^\"]*\)\".*/\1/; t; d', in 0.09 seconds)
[...]
```
The meta attribute "timeout" is only set for Chromium (might still be required
due to the long build duration). The Google Chrome tests were failing with:
error: attribute 'timeout' missing
According to nixos/lib/testing/meta.nix "null values are filtered out by
`meta`" so `timeout = chromiumPkg.meta.timeout or null` might be fine as
well.
