The typo creates an empty directory 0755 in initrd rootfs rather than
create the Nix store directories with mode 0755.
I guess setting the mode is not strictly necessary if it worked before
this change, but I'll leave the `-m 0755` in just in case.
...for explicitly named network interfaces
This reverts commit 6ae3e7695e27a4f7afb1d2017f5967d5e82f4c00.
(and evaluation fixups 08d26bbb726 7aed90a969c)
Some of the tests fail or time out after the merge.
Adds a new option to the virtualisation modules that enables specifying
explicitly named network interfaces in QEMU VMs. The existing
`virtualisation.vlans` is still supported for cases where the name of
the network interface is irrelevant.
Previously, secrets were named according to the initrd they were
associated with. This created a problem: If secrets were changed whilst
the initrd remained the same, there were two versions of the secrets
with one initrd. The result was that only one version of the secrets would
by recorded into the /boot partition and get used. AFAICT this would
only be the oldest version of the secrets for the given initrd version.
This manifests as #114594, which I found frustrating while trying to use
initrd secrets for the first time. While developing the secrets I found
I could not get new versions of the secrets to take effect.
Additionally, it's a nasty issue to run into if you had cause to change
the initrd secrets for credential rotation, etc, if you change them and
discover you cannot, or alternatively that you can't roll back as you
would expect.
Additional changes in this patch.
* Add a regression test that switching to another grub configuration
with the alternate secrets works. This test relies on the fact that it
is not changing the initrd. I have checked that the test fails if I
undo my change.
* Persist the useBootLoader disk state, similarly to other boot state.
* I had to do this, otherwise I could not find a route to testing the
alternate boot configuration. I did attempt a few different ways of
testing this, including directly running install-grub.pl, but what
I've settled on is most like what a user would do and avoids
depending on lots of internal details.
* Making tests that test the boot are a bit tricky (see hibernate.nix
and installer.nix for inspiration), I found that in addition to
having to copy quite a bit of code I still couldn't get things to
work as desired since the bootloader state was being clobbered.
My change to persist the useBootLoader state could break things,
conceptually. I need some help here discovering if that is the case,
possibly by letting this run through a staging CI if there is one.
Fix#114594.
cc potential reviewers:
@lopsided98 (original implementer) @joachifm (original reviewer),
@wkennington (numerous fixes to grub-install.pl), @lheckemann (wrote
original secrets test).
The aarch64-linux kernel and initrd recently eclipsed 60M, causing the
boot disk image build to run out of space and fail. Double the size of
the image to 120M to fix the issue.
The disk image is stored in expandable qcow2 format, so only the space
actually used by files in the image is consumed. Therefore, other
architectures are not unfairly penalized, and the output size does not
suddenly double.
This also fixes NixOS tests which use this option, like systemd-boot's.
Add a section on ordering option definitions.
Also mention `mkDefault` in the section on `mkOverride`.
Clarify the code a bit by renaming `defaultPriority` to
`defaultOverridePriority` and introducing `defaultOrderPriority`.
This adds an option to the qemu virtualisation module to isolate the
guest's from the host's and outside networks.
This is particularly useful for development sandboxes for example.
The option is disabled by default to preserve the current behaviour.
this mostly means marking options that use markdown already
appropriately and making a few adjustments so they still render
correctly. notable for nftables we have to transform the md links
because the manpage would not render them correctly otherwise.
this renders the same in the manpage and a little more clearly in the
html manual. in the manpage there continues to be no distinction from
regular text, the html manual gets code-type markup (which was probably
the intention for most of these uses anyway).
we can't embed syntactic annotations of this kind in markdown code
blocks without yet another extension. replaceable is rare enough to make
this not much worth it, so we'll go with «thing» instead. the module
system already uses this format for its placeholder names in attrsOf
paths.
This avoids putting a large disk image in the store (and possibly
in a binary cache), while improving runtime performance.
Assuming you're running an SSD, and/or with plenty of cache (?)
it is feasible to preempt the virtualization overhead before
VM start, in single-digit seconds.
For some tests that perform many reads on the store, the improved
performance of EROFS is sufficient that not only the image creation
overhead is compensated for, but is actually faster.
Stats for nixosTests.gitlab:
Baseline without useNixStoreImage: >1000s
Baseline with useNixStoreImage without writableStore = false
ext4 image in store: 277 seconds
+ significant image build time and/or disk space
Disposable erofs image: 249 seconds _including_ image build time
Custom erofs overlay on 9p host store: 391 seconds; presumably
because the overlay still performs too many 9p accesses, or perhaps
some other overhead. This solution had no obvious performance
advantage, while requiring extra options to work, so it was
discarded.
Potential use cases for disabling `useDefaultFilesystems` include:
- Testing with uncommon filesystem layouts
- Testing scenarios where swapping occurs
- Testing with LUKS-encrypted disks
Closes#177963
While doing kernel development with the nixos testing infrastructure, it
is useful to quickly compile the kernel on the side and boot it in the testing VM.
This patch allows overriding the kernel through the environment
variable. For example, the following:
$ NIXPKGS_QEMU_KERNEL_testvm=$LINUX_SRC/arch/x86/boot/bzImage $VM/bin/nixos-test-driver
runs testvm testing VM with the fresh kernel compiled in $LINUX_SRC.
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
most modules can be evaluated for their documentation in a very
restricted environment that doesn't include all of nixpkgs. this
evaluation can then be cached and reused for subsequent builds, merging
only documentation that has changed into the cached set. since nixos
ships with a large number of modules of which only a few are used in any
given config this can save evaluation a huge percentage of nixos
options available in any given config.
in tests of this caching, despite having to copy most of nixos/, saves
about 80% of the time needed to build the system manual, or about two
second on the machine used for testing. build time for a full system
config shrank from 9.4s to 7.4s, while turning documentation off
entirely shortened the build to 7.1s.
by default a ps/2 keyboard input is used which seems to cause issues
on aarch64-linux when the machine is used high load, causing the keymap
qwertz test to always fail and azerty to sometimes fail
See https://github.com/NixOS/nixpkgs/issues/147294
