import ./make-test-python.nix ({ lib, ... }: { name = "chrony"; meta = { maintainers = with lib.maintainers; [ fpletz ]; }; nodes = { default = { services.chrony.enable = true; }; graphene-hardened = { services.chrony.enable = true; services.chrony.enableMemoryLocking = true; environment.memoryAllocator.provider = "graphene-hardened"; # dhcpcd privsep is incompatible with graphene-hardened networking.useNetworkd = true; }; }; testScript = {nodes, ...} : let graphene-hardened = nodes.graphene-hardened.system.build.toplevel; in '' default.start() default.wait_for_unit('multi-user.target') default.succeed('systemctl is-active chronyd.service') default.succeed('${graphene-hardened}/bin/switch-to-configuration test') default.succeed('systemctl is-active chronyd.service') ''; })