{ lib, nixpkgs, nixpkgsFor, self }: let nixos-lib = import (nixpkgs + "/nixos/lib") { }; noTests = pkg: pkg.overrideAttrs ( finalAttrs: prevAttrs: { doCheck = false; doInstallCheck = false; }); # https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests runNixOSTestFor = system: test: (nixos-lib.runTest { imports = [ test ]; hostPkgs = nixpkgsFor.${system}.native; defaults = { nixpkgs.pkgs = nixpkgsFor.${system}.native; nix.checkAllErrors = false; # TODO: decide which packaging stage to use. `nix-cli` is efficient, but not the same as the user-facing `everything.nix` package (`default`). Perhaps a good compromise is `everything.nix` + `noTests` defined above? nix.package = nixpkgsFor.${system}.native.nixComponents.nix-cli; }; _module.args.nixpkgs = nixpkgs; _module.args.system = system; }) // { # allow running tests against older nix versions via `nix eval --apply` # Example: # nix build "$(nix eval --raw --impure .#hydraJobs.tests.fetch-git --apply 't: (t.forNix "2.19.2").drvPath')^*" forNix = nixVersion: runNixOSTestFor system { imports = [test]; defaults.nixpkgs.overlays = [(curr: prev: { nix = let packages = (builtins.getFlake "nix/${nixVersion}").packages.${system}; in packages.nix-cli or packages.nix; })]; }; }; # Checks that a NixOS configuration does not contain any references to our # locally defined Nix version. checkOverrideNixVersion = { pkgs, lib, ... }: { # pkgs.nix: The new Nix in this repo # We disallow it, to make sure we don't accidentally use it. system.forbiddenDependenciesRegexes = [ (lib.strings.escapeRegex "nix-${pkgs.nix.version}") ]; }; otherNixes.nix_2_3.setNixPackage = { lib, pkgs, ... }: { imports = [ checkOverrideNixVersion ]; nix.package = lib.mkForce pkgs.nixVersions.nix_2_3; }; otherNixes.nix_2_13.setNixPackage = { lib, pkgs, ... }: { imports = [ checkOverrideNixVersion ]; nix.package = lib.mkForce ( self.inputs.nixpkgs-23-11.legacyPackages.${pkgs.stdenv.hostPlatform.system}.nixVersions.nix_2_13.overrideAttrs (o: { meta = o.meta // { knownVulnerabilities = []; }; }) ); }; otherNixes.nix_2_18.setNixPackage = { lib, pkgs, ... }: { imports = [ checkOverrideNixVersion ]; nix.package = lib.mkForce pkgs.nixVersions.nix_2_18; }; in { authorization = runNixOSTestFor "x86_64-linux" ./authorization.nix; remoteBuilds = runNixOSTestFor "x86_64-linux" ./remote-builds.nix; remoteBuildsSshNg = runNixOSTestFor "x86_64-linux" ./remote-builds-ssh-ng.nix; } // lib.concatMapAttrs ( nixVersion: { setNixPackage, ... }: { "remoteBuilds_remote_${nixVersion}" = runNixOSTestFor "x86_64-linux" { name = "remoteBuilds_remote_${nixVersion}"; imports = [ ./remote-builds.nix ]; builders.config = { lib, pkgs, ... }: { imports = [ setNixPackage ]; }; }; "remoteBuilds_local_${nixVersion}" = runNixOSTestFor "x86_64-linux" { name = "remoteBuilds_local_${nixVersion}"; imports = [ ./remote-builds.nix ]; nodes.client = { lib, pkgs, ... }: { imports = [ setNixPackage ]; }; }; "remoteBuildsSshNg_remote_${nixVersion}" = runNixOSTestFor "x86_64-linux" { name = "remoteBuildsSshNg_remote_${nixVersion}"; imports = [ ./remote-builds-ssh-ng.nix ]; builders.config = { lib, pkgs, ... }: { imports = [ setNixPackage ]; }; }; # FIXME: these tests don't work yet # "remoteBuildsSshNg_local_${nixVersion}" = runNixOSTestFor "x86_64-linux" { # name = "remoteBuildsSshNg_local_${nixVersion}"; # imports = [ ./remote-builds-ssh-ng.nix ]; # nodes.client = { lib, pkgs, ... }: { # imports = [ overridingModule ]; # }; # }; } ) otherNixes // { nix-copy-closure = runNixOSTestFor "x86_64-linux" ./nix-copy-closure.nix; nix-copy = runNixOSTestFor "x86_64-linux" ./nix-copy.nix; nssPreload = runNixOSTestFor "x86_64-linux" ./nss-preload.nix; githubFlakes = runNixOSTestFor "x86_64-linux" ./github-flakes.nix; gitSubmodules = runNixOSTestFor "x86_64-linux" ./git-submodules.nix; sourcehutFlakes = runNixOSTestFor "x86_64-linux" ./sourcehut-flakes.nix; tarballFlakes = runNixOSTestFor "x86_64-linux" ./tarball-flakes.nix; containers = runNixOSTestFor "x86_64-linux" ./containers/containers.nix; setuid = lib.genAttrs ["x86_64-linux"] (system: runNixOSTestFor system ./setuid.nix); fetch-git = runNixOSTestFor "x86_64-linux" ./fetch-git; ca-fd-leak = runNixOSTestFor "x86_64-linux" ./ca-fd-leak; gzip-content-encoding = runNixOSTestFor "x86_64-linux" ./gzip-content-encoding.nix; functional_user = runNixOSTestFor "x86_64-linux" ./functional/as-user.nix; functional_trusted = runNixOSTestFor "x86_64-linux" ./functional/as-trusted-user.nix; functional_root = runNixOSTestFor "x86_64-linux" ./functional/as-root.nix; user-sandboxing = runNixOSTestFor "x86_64-linux" ./user-sandboxing; s3-binary-cache-store = runNixOSTestFor "x86_64-linux" ./s3-binary-cache-store.nix; fsync = runNixOSTestFor "x86_64-linux" ./fsync.nix; cgroups = runNixOSTestFor "x86_64-linux" ./cgroups; fetchurl = runNixOSTestFor "x86_64-linux" ./fetchurl.nix; chrootStore = runNixOSTestFor "x86_64-linux" ./chroot-store.nix; }