From 8462d34ade858704d0114741aaf1d1e574e5041e Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Mon, 22 Jun 2026 09:02:06 +0800
Subject: [PATCH] feat: NixOS tests using systemd-nspawn containers

---
 modules/nixos/base/nix.nix                    | 21 +++++++++++++------
 .../tests/nix-system-features/expected.nix    | 11 ++++++++++
 .../tests/nix-system-features/expr.nix        | 21 +++++++++++++++++++
 .../tests/nix-system-features/expected.nix    | 11 ++++++++++
 .../tests/nix-system-features/expr.nix        | 21 +++++++++++++++++++
 5 files changed, 79 insertions(+), 6 deletions(-)
 create mode 100644 outputs/aarch64-linux/tests/nix-system-features/expected.nix
 create mode 100644 outputs/aarch64-linux/tests/nix-system-features/expr.nix
 create mode 100644 outputs/x86_64-linux/tests/nix-system-features/expected.nix
 create mode 100644 outputs/x86_64-linux/tests/nix-system-features/expr.nix

diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix
index 5c78e2de..3c770733 100644
--- a/modules/nixos/base/nix.nix
+++ b/modules/nixos/base/nix.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  lib,
-  ...
-}:
+{ lib, ... }:
 {
   # auto upgrade nix to the unstable version
   # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L284
@@ -23,7 +19,20 @@
 
   # Manual optimise storage: nix-store --optimise
   # https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-auto-optimise-store
-  nix.settings.auto-optimise-store = true;
+  nix.settings = {
+    auto-optimise-store = true;
+
+    # Reference: https://github.com/NixOS/nixpkgs/pull/478109
+    # NixOS tests using systemd-nspawn containers require the Nix daemon to be
+    # configured with the following settings:
+    auto-allocate-uids = true;
+    extra-system-features = [ "uid-range" ];
+    experimental-features = [
+      "auto-allocate-uids"
+      "cgroups"
+    ];
+    sandbox-paths = [ "/dev/net" ];
+  };
 
   nix.channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
 }
diff --git a/outputs/aarch64-linux/tests/nix-system-features/expected.nix b/outputs/aarch64-linux/tests/nix-system-features/expected.nix
new file mode 100644
index 00000000..36454a33
--- /dev/null
+++ b/outputs/aarch64-linux/tests/nix-system-features/expected.nix
@@ -0,0 +1,11 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) (_: {
+  autoAllocateUids = true;
+  hasUidRange = true;
+  hasAutoAllocateUidsFeature = true;
+  hasCgroupsFeature = true;
+  hasDevNetSandboxPath = true;
+})
diff --git a/outputs/aarch64-linux/tests/nix-system-features/expr.nix b/outputs/aarch64-linux/tests/nix-system-features/expr.nix
new file mode 100644
index 00000000..c21138c3
--- /dev/null
+++ b/outputs/aarch64-linux/tests/nix-system-features/expr.nix
@@ -0,0 +1,21 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) (
+  name:
+  let
+    settings = outputs.nixosConfigurations.${name}.config.nix.settings;
+    effectiveSystemFeatures =
+      (settings.system-features or [ ]) ++ (settings.extra-system-features or [ ]);
+  in
+  {
+    autoAllocateUids = settings.auto-allocate-uids or false;
+    hasUidRange = builtins.elem "uid-range" effectiveSystemFeatures;
+    hasAutoAllocateUidsFeature = builtins.elem "auto-allocate-uids" (
+      settings.experimental-features or [ ]
+    );
+    hasCgroupsFeature = builtins.elem "cgroups" (settings.experimental-features or [ ]);
+    hasDevNetSandboxPath = builtins.elem "/dev/net" (settings.sandbox-paths or [ ]);
+  }
+)
diff --git a/outputs/x86_64-linux/tests/nix-system-features/expected.nix b/outputs/x86_64-linux/tests/nix-system-features/expected.nix
new file mode 100644
index 00000000..36454a33
--- /dev/null
+++ b/outputs/x86_64-linux/tests/nix-system-features/expected.nix
@@ -0,0 +1,11 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) (_: {
+  autoAllocateUids = true;
+  hasUidRange = true;
+  hasAutoAllocateUidsFeature = true;
+  hasCgroupsFeature = true;
+  hasDevNetSandboxPath = true;
+})
diff --git a/outputs/x86_64-linux/tests/nix-system-features/expr.nix b/outputs/x86_64-linux/tests/nix-system-features/expr.nix
new file mode 100644
index 00000000..c21138c3
--- /dev/null
+++ b/outputs/x86_64-linux/tests/nix-system-features/expr.nix
@@ -0,0 +1,21 @@
+{
+  lib,
+  outputs,
+}:
+lib.genAttrs (builtins.attrNames outputs.nixosConfigurations) (
+  name:
+  let
+    settings = outputs.nixosConfigurations.${name}.config.nix.settings;
+    effectiveSystemFeatures =
+      (settings.system-features or [ ]) ++ (settings.extra-system-features or [ ]);
+  in
+  {
+    autoAllocateUids = settings.auto-allocate-uids or false;
+    hasUidRange = builtins.elem "uid-range" effectiveSystemFeatures;
+    hasAutoAllocateUidsFeature = builtins.elem "auto-allocate-uids" (
+      settings.experimental-features or [ ]
+    );
+    hasCgroupsFeature = builtins.elem "cgroups" (settings.experimental-features or [ ]);
+    hasDevNetSandboxPath = builtins.elem "/dev/net" (settings.sandbox-paths or [ ]);
+  }
+)