edolstra/container-test.nix Secret

## container-test.nix
with import <nixpkgs> {};

let

  machine = { config, pkgs, ... }:
    {
      boot.isContainer = true;
      systemd.services.console-getty.enable = false;
      networking.dhcpcd.enable = false;

      services.httpd = {
        enable = true;
        adminAddr = "nixos@example.org";
      };

      systemd.services.test = {
        wantedBy = [ "multi-user.target" ];
        after = [ "httpd.service" ];
        script = ''
          source /.env
          echo "Hello World" > $out/msg
          ls -lR /dev > $out/msg
          ${pkgs.curl}/bin/curl -sS --fail http://localhost/ > $out/page.html
        '';
        unitConfig = {
          FailureAction = "exit-force";
          FailureActionExitStatus = 42;
          SuccessAction = "exit-force";
        };
      };
    };

  config = (import <nixpkgs/nixos/lib/eval-config.nix> {
    modules = [ machine ];
  }).config;

in

runCommand "test"
  { buildInputs = [ utillinux dbus ];
    requiredSystemFeatures = [ "uid-range" "systemd-cgroup" ];
  }
  ''
    echo a5ea3f98dedc0278b6f3cc8c37eeaeac > /etc/machine-id

    root=$(pwd)/root
    mkdir -p $root $root/etc

    export > $root/.env

    # Make /run a tmpfs to shut up a systemd warning.
    mkdir /run
    mount -t tmpfs none /run

    mount -t tmpfs none /sys/fs/cgroup
    mkdir /sys/fs/cgroup/systemd
    #mount -t cgroup2 none /sys/fs/cgroup/unified -o nsdelegate
    mount -t cgroup none /sys/fs/cgroup/systemd -o none,name=systemd

    mkdir $out

    #${pkgs.strace}/bin/strace -f \
    ${config.systemd.package}/bin/systemd-nspawn \
      --keep-unit \
      -M ${config.networking.hostName} -D "$root" \
      --register=no \
      --resolv-conf=off \
      --bind-ro=/nix/store \
      --bind=$out \
      --private-network \
      ${config.system.build.toplevel}/init
  ''
	with import <nixpkgs> {};

	let

	machine = { config, pkgs, ... }:
	{
	boot.isContainer = true;
	systemd.services.console-getty.enable = false;
	networking.dhcpcd.enable = false;

	services.httpd = {
	enable = true;
	adminAddr = "nixos@example.org";
	};

	systemd.services.test = {
	wantedBy = [ "multi-user.target" ];
	after = [ "httpd.service" ];
	script = ''
	source /.env
	echo "Hello World" > $out/msg
	ls -lR /dev > $out/msg
	${pkgs.curl}/bin/curl -sS --fail http://localhost/ > $out/page.html
	'';
	unitConfig = {
	FailureAction = "exit-force";
	FailureActionExitStatus = 42;
	SuccessAction = "exit-force";
	};
	};
	};

	config = (import <nixpkgs/nixos/lib/eval-config.nix> {
	modules = [ machine ];
	}).config;

	in

	runCommand "test"
	{ buildInputs = [ utillinux dbus ];
	requiredSystemFeatures = [ "uid-range" "systemd-cgroup" ];
	}
	''
	echo a5ea3f98dedc0278b6f3cc8c37eeaeac > /etc/machine-id

	root=$(pwd)/root
	mkdir -p $root $root/etc

	export > $root/.env

	# Make /run a tmpfs to shut up a systemd warning.
	mkdir /run
	mount -t tmpfs none /run

	mount -t tmpfs none /sys/fs/cgroup
	mkdir /sys/fs/cgroup/systemd
	#mount -t cgroup2 none /sys/fs/cgroup/unified -o nsdelegate
	mount -t cgroup none /sys/fs/cgroup/systemd -o none,name=systemd

	mkdir $out

	#${pkgs.strace}/bin/strace -f \
	${config.systemd.package}/bin/systemd-nspawn \
	--keep-unit \
	-M ${config.networking.hostName} -D "$root" \
	--register=no \
	--resolv-conf=off \
	--bind-ro=/nix/store \
	--bind=$out \
	--private-network \
	${config.system.build.toplevel}/init
	''