feat: NixOS tests using systemd-nspawn containers

2026-06-28 16:16:15 +02:00 · 2026-06-22 09:02:06 +08:00
parent be429dea2e
commit 8462d34ade
5 changed files with 79 additions and 6 deletions
@@ -1,8 +1,4 @@
-{
-  config,
-  lib,
-  ...
-}:
+{ lib, ... }:
 {
  # auto upgrade nix to the unstable version
  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L284
@@ -23,7 +19,20 @@

  # Manual optimise storage: nix-store --optimise
  # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
-  nix.settings.auto-optimise-store = true;
+  nix.settings = {
+    auto-optimise-store = true;
+
+    # Reference: https://github.com/NixOS/nixpkgs/pull/478109
+    # NixOS tests using systemd-nspawn containers require the Nix daemon to be
+    # configured with the following settings:
+    auto-allocate-uids = true;
+    extra-system-features = [ "uid-range" ];
+    experimental-features = [
+      "auto-allocate-uids"
+      "cgroups"
+    ];
+    sandbox-paths = [ "/dev/net" ];
+  };

  nix.channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
 }
@@ -0,0 +1,11 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) (_: {
+  autoAllocateUids = true;
+  hasUidRange = true;
+  hasAutoAllocateUidsFeature = true;
+  hasCgroupsFeature = true;
+  hasDevNetSandboxPath = true;
+})
@@ -0,0 +1,21 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) (
+  name:
+  let
+    settings = outputs.nixosConfigurations.${name}.config.nix.settings;
+    effectiveSystemFeatures =
+      (settings.system-features or [ ]) ++ (settings.extra-system-features or [ ]);
+  in
+  {
+    autoAllocateUids = settings.auto-allocate-uids or false;
+    hasUidRange = builtins.elem "uid-range" effectiveSystemFeatures;
+    hasAutoAllocateUidsFeature = builtins.elem "auto-allocate-uids" (
+      settings.experimental-features or [ ]
+    );
+    hasCgroupsFeature = builtins.elem "cgroups" (settings.experimental-features or [ ]);
+    hasDevNetSandboxPath = builtins.elem "/dev/net" (settings.sandbox-paths or [ ]);
+  }
+)
@@ -0,0 +1,11 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) (_: {
+  autoAllocateUids = true;
+  hasUidRange = true;
+  hasAutoAllocateUidsFeature = true;
+  hasCgroupsFeature = true;
+  hasDevNetSandboxPath = true;
+})
@@ -0,0 +1,21 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) (
+  name:
+  let
+    settings = outputs.nixosConfigurations.${name}.config.nix.settings;
+    effectiveSystemFeatures =
+      (settings.system-features or [ ]) ++ (settings.extra-system-features or [ ]);
+  in
+  {
+    autoAllocateUids = settings.auto-allocate-uids or false;
+    hasUidRange = builtins.elem "uid-range" effectiveSystemFeatures;
+    hasAutoAllocateUidsFeature = builtins.elem "auto-allocate-uids" (
+      settings.experimental-features or [ ]
+    );
+    hasCgroupsFeature = builtins.elem "cgroups" (settings.experimental-features or [ ]);
+    hasDevNetSandboxPath = builtins.elem "/dev/net" (settings.sandbox-paths or [ ]);
+  }
+)