Merge remote-tracking branch 'upstream/main'

* upstream/main: Fix tests (nix-community#173) Fix sudo ssh with jumpHost (nix-community#167) Fix permissions for files in /dev/pts (nix-community#166) Fix setting custom nameservers through networking.nameservers (nix-community#157) Disable timesynced (nix-community#159) Disable powerManagement (nix-community#160)
psvo · Dec 5, 2022 · 28d97bc · 28d97bc
2 parents 3607f86 + 5222192
commit 28d97bc
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 12 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -85,7 +85,7 @@ jobs:
       matrix:
         test: ${{ fromJSON(needs.find-tests.outputs.tests) }}
         os:
-          - ubuntu-latest
+          - ubuntu-20.04
           # - windows-latest # doesn't work due to lack of nested virtualization on the runners, hopefully this will work one day
     runs-on: ${{ matrix.os }}
     steps:

diff --git a/modules/wsl-distro.nix b/modules/wsl-distro.nix
@@ -51,11 +51,15 @@ with lib; {
 
           environment = {
 
-            etc = {
-              # DNS settings are managed by WSL
-              hosts.enable = !config.wsl.wslConf.network.generateHosts;
-              "resolv.conf".enable = !config.wsl.wslConf.network.generateResolvConf;
-            };
+            # Only set the options if the files are managed by WSL
+            etc = mkMerge [
+              (mkIf config.wsl.wslConf.network.generateHosts {
+                hosts.enable = false;
+              })
+              (mkIf config.wsl.wslConf.network.generateResolvConf {
+                "resolv.conf".enable = false;
+              })
+            ];
 
             systemPackages = [
               (pkgs.runCommand "wslpath" { } ''
@@ -76,6 +80,8 @@ with lib; {
           # Otherwise WSL fails to login as root with "initgroups failed 5"
           users.users.root.extraGroups = [ "root" ];
 
+          powerManagement.enable = false;
+
           security.sudo.wheelNeedsPassword = mkDefault false; # The default user will not have a password by default
 
           system.activationScripts = {
@@ -99,12 +105,16 @@ with lib; {
           systemd = {
             # Disable systemd units that don't make sense on WSL
             services = {
+              # no virtual console to switch to
               "serial-getty@ttyS0".enable = false;
               "serial-getty@hvc0".enable = false;
               "getty@tty1".enable = false;
               "autovt@".enable = false;
               firewall.enable = false;
               systemd-resolved.enable = false;
+              # system clock cannot be changed
+              systemd-timesyncd.enable = false;
+              # no udev devices can be attached
               systemd-udevd.enable = false;
             };
 
@@ -120,9 +130,17 @@ with lib; {
           # Start a systemd user session when starting a command through runuser
           security.pam.services.runuser.startSession = true;
 
-          warnings = (optional (config.systemd.services.systemd-resolved.enable && config.wsl.wslConf.network.generateResolvConf)
-            "systemd-resolved is enabled, but resolv.conf is managed by WSL"
-          );
+          warnings = flatten [
+            (optional (config.services.resolved.enable && config.wsl.wslConf.network.generateResolvConf)
+              "systemd-resolved is enabled, but resolv.conf is managed by WSL (wsl.wslConf.network.generateResolvConf)"
+            )
+            (optional ((length config.networking.nameservers) > 0 && config.wsl.wslConf.network.generateResolvConf)
+              "custom nameservers are set (networking.nameservers), but resolv.conf is managed by WSL (wsl.wslConf.network.generateResolvConf)"
+            )
+            (optional ((length config.networking.nameservers) == 0 && !config.services.resolved.enable && !config.wsl.wslConf.network.generateResolvConf)
+              "resolv.conf generation is turned off (wsl.wslConf.network.generateResolvConf), but no other nameservers are configured (networking.nameservers)"
+            )
+          ];
         }
         (mkIf (!cfg.nativeSystemd) {
           users.users.root.shell = "${syschdemd}/bin/syschdemd";

diff --git a/scripts/syschdemd.sh b/scripts/syschdemd.sh
@@ -111,7 +111,7 @@ main() {
 
   # If we're executed from inside the container, e.g. sudo
   if is_in_container; then
-    exec $command
+    eval $command
   fi
 
   # If we are currently in /root, this is probably because the directory that WSL was started is inaccessible
@@ -134,7 +134,7 @@ main() {
     --setenv=WSLPATH="$(clean_wslpath)" \
     --working-directory="$PWD" \
     --machine=.host \
-    "$(which runuser)" -u @username@ -- /bin/sh -c "$exportCmd; source /etc/set-environment; exec $command"
+    "$(which runuser)" --pty -u @username@ -- /bin/sh -c "$exportCmd; source /etc/set-environment; exec $command"
 }
 
 main "$@"
diff --git a/tests/docker/docker.Tests.ps1 b/tests/docker/docker.Tests.ps1
@@ -5,7 +5,13 @@ BeforeAll {
 Describe "Docker (native)" {
   BeforeAll {
     $distro = Install-Distro
-    $distro.InstallConfig("$PSScriptRoot/docker-native.nix")
+    try {
+      $distro.InstallConfig("$PSScriptRoot/docker-native.nix")
+    }
+    catch {
+      $distro.Launch("sudo journalctl --no-pager -u docker.service")
+      throw $_
+    }
   }
 
   It "should be possible to run a docker container" {