nixos/tests/hardened: add latestKernel argument

2020-04-05 00:29:24 +01:00 · 2020-04-05 00:29:24 +01:00 · fe031d07f8
commit fe031d07f8
parent b0d5032ee4
2 changed files with 7 additions and 2 deletions
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -160,6 +160,7 @@ in
  # kubernetes.e2e should eventually replace kubernetes.rbac when it works
  #kubernetes.e2e = handleTestOn ["x86_64-linux"] ./kubernetes/e2e.nix {};
  kubernetes.rbac = handleTestOn ["x86_64-linux"] ./kubernetes/rbac.nix {};
  latestKernel.hardened = handleTest ./hardened.nix { latestKernel = true; };
  latestKernel.login = handleTest ./login.nix { latestKernel = true; };
  ldap = handleTest ./ldap.nix {};
  leaps = handleTest ./leaps.nix {};
--- a/nixos/tests/hardened.nix
+++ b/nixos/tests/hardened.nix
@ -1,4 +1,4 @@
-import ./make-test.nix ({ pkgs, ...} : {
+import ./make-test.nix ({ pkgs, latestKernel ? false, ... } : {
  name = "hardened";
  meta = with pkgs.stdenv.lib.maintainers; {
    maintainers = [ joachifm ];
@ -10,6 +10,8 @@ import ./make-test.nix ({ pkgs, ...} : {
    { users.users.alice = { isNormalUser = true; extraGroups = [ "proc" ]; };
      users.users.sybil = { isNormalUser = true; group = "wheel"; };
      imports = [ ../modules/profiles/hardened.nix ];
      boot.kernelPackages =
        lib.mkIf latestKernel pkgs.linuxPackages_latest_hardened;
      environment.memoryAllocator.provider = "graphene-hardened";
      nix.useSandbox = false;
      virtualisation.emptyDiskImages = [ 4096 ];
@ -23,7 +25,9 @@ import ./make-test.nix ({ pkgs, ...} : {
          options = [ "noauto" ];
        };
      };
-      boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
+      boot.extraModulePackages =
        optional (versionOlder config.boot.kernelPackages.kernel.version "5.6")
          config.boot.kernelPackages.wireguard;
      boot.kernelModules = [ "wireguard" ];
    };