diff --git a/nixos/tests/initrd-luks-empty-passphrase.nix b/nixos/tests/initrd-luks-empty-passphrase.nix index d2805f2f173..521456e7e0b 100644 --- a/nixos/tests/initrd-luks-empty-passphrase.nix +++ b/nixos/tests/initrd-luks-empty-passphrase.nix @@ -18,6 +18,11 @@ in { emptyDiskImages = [ 512 ]; useBootLoader = true; useEFIBoot = true; + # This requires to have access + # to a host Nix store as + # the new root device is /dev/vdb + # an empty 512MiB drive, containing no Nix store. + mountHostNixStore = true; }; boot.loader.systemd-boot.enable = true; diff --git a/nixos/tests/luks.nix b/nixos/tests/luks.nix index c2b95c6a95f..d5ac550a3c5 100644 --- a/nixos/tests/luks.nix +++ b/nixos/tests/luks.nix @@ -7,6 +7,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { emptyDiskImages = [ 512 512 ]; useBootLoader = true; useEFIBoot = true; + # To boot off the encrypted disk, we need to have a init script which comes from the Nix store + mountHostNixStore = true; }; boot.loader.systemd-boot.enable = true; diff --git a/nixos/tests/lvm2/systemd-stage-1.nix b/nixos/tests/lvm2/systemd-stage-1.nix index b711cd22d7f..b581f2b2350 100644 --- a/nixos/tests/lvm2/systemd-stage-1.nix +++ b/nixos/tests/lvm2/systemd-stage-1.nix @@ -65,6 +65,8 @@ in import ../make-test-python.nix ({ pkgs, ... }: { emptyDiskImages = [ 8192 8192 ]; useBootLoader = true; useEFIBoot = true; + # To boot off the LVM disk, we need to have a init script which comes from the Nix store. + mountHostNixStore = true; }; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/nixos/tests/systemd-initrd-btrfs-raid.nix b/nixos/tests/systemd-initrd-btrfs-raid.nix index c9cdf0060b1..9196033789c 100644 --- a/nixos/tests/systemd-initrd-btrfs-raid.nix +++ b/nixos/tests/systemd-initrd-btrfs-raid.nix @@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { virtualisation = { emptyDiskImages = [ 512 512 ]; useBootLoader = true; + # Booting off the BTRFS RAID requires an available init script from the Nix store + mountHostNixStore = true; useEFIBoot = true; }; boot.loader.systemd-boot.enable = true; diff --git a/nixos/tests/systemd-initrd-luks-fido2.nix b/nixos/tests/systemd-initrd-luks-fido2.nix index e80d95f79c7..32c79b731d8 100644 --- a/nixos/tests/systemd-initrd-luks-fido2.nix +++ b/nixos/tests/systemd-initrd-luks-fido2.nix @@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { virtualisation = { emptyDiskImages = [ 512 ]; useBootLoader = true; + # Booting off the encrypted disk requires having a Nix store available for the init script + mountHostNixStore = true; useEFIBoot = true; qemu.package = lib.mkForce (pkgs.qemu_test.override { canokeySupport = true; }); qemu.options = [ "-device canokey,file=/tmp/canokey-file" ]; diff --git a/nixos/tests/systemd-initrd-luks-keyfile.nix b/nixos/tests/systemd-initrd-luks-keyfile.nix index 257243d92a1..5ca0f48c333 100644 --- a/nixos/tests/systemd-initrd-luks-keyfile.nix +++ b/nixos/tests/systemd-initrd-luks-keyfile.nix @@ -14,6 +14,8 @@ in { virtualisation = { emptyDiskImages = [ 512 ]; useBootLoader = true; + # Necessary to boot off the encrypted disk because it requires a init script coming from the Nix store + mountHostNixStore = true; useEFIBoot = true; }; boot.loader.systemd-boot.enable = true; diff --git a/nixos/tests/systemd-initrd-luks-password.nix b/nixos/tests/systemd-initrd-luks-password.nix index 2dd3f304e82..a90a59feed6 100644 --- a/nixos/tests/systemd-initrd-luks-password.nix +++ b/nixos/tests/systemd-initrd-luks-password.nix @@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { virtualisation = { emptyDiskImages = [ 512 512 ]; useBootLoader = true; + # Booting off the encrypted disk requires an available init script + mountHostNixStore = true; useEFIBoot = true; }; boot.loader.systemd-boot.enable = true; diff --git a/nixos/tests/systemd-initrd-luks-tpm2.nix b/nixos/tests/systemd-initrd-luks-tpm2.nix index 734ef38579f..73aa190ad62 100644 --- a/nixos/tests/systemd-initrd-luks-tpm2.nix +++ b/nixos/tests/systemd-initrd-luks-tpm2.nix @@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { virtualisation = { emptyDiskImages = [ 512 ]; useBootLoader = true; + # Booting off the TPM2-encrypted device requires an available init script + mountHostNixStore = true; useEFIBoot = true; qemu.options = ["-chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"]; }; diff --git a/nixos/tests/systemd-initrd-networkd-ssh.nix b/nixos/tests/systemd-initrd-networkd-ssh.nix index 943552613be..46dbdf53739 100644 --- a/nixos/tests/systemd-initrd-networkd-ssh.nix +++ b/nixos/tests/systemd-initrd-networkd-ssh.nix @@ -10,13 +10,15 @@ import ./make-test-python.nix ({ lib, ... }: { virtualisation = { emptyDiskImages = [ 4096 ]; useBootLoader = true; + # Booting off the encrypted disk requires an available init script from the Nix store + mountHostNixStore = true; useEFIBoot = true; }; specialisation.encrypted-root.configuration = { - virtualisation.bootDevice = "/dev/mapper/root"; + virtualisation.rootDevice = "/dev/mapper/root"; boot.initrd.luks.devices = lib.mkVMOverride { - root.device = "/dev/vdc"; + root.device = "/dev/vdb"; }; boot.initrd.systemd.enable = true; boot.initrd.network = { @@ -61,7 +63,7 @@ import ./make-test-python.nix ({ lib, ... }: { server.wait_for_unit("multi-user.target") server.succeed( - "echo somepass | cryptsetup luksFormat --type=luks2 /dev/vdc", + "echo somepass | cryptsetup luksFormat --type=luks2 /dev/vdb", "bootctl set-default nixos-generation-1-specialisation-encrypted-root.conf", "sync", ) diff --git a/nixos/tests/systemd-initrd-swraid.nix b/nixos/tests/systemd-initrd-swraid.nix index d201ba99a20..0d5a1c6354d 100644 --- a/nixos/tests/systemd-initrd-swraid.nix +++ b/nixos/tests/systemd-initrd-swraid.nix @@ -6,6 +6,8 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { virtualisation = { emptyDiskImages = [ 512 512 ]; useBootLoader = true; + # Booting off the RAID requires an available init script + mountHostNixStore = true; useEFIBoot = true; }; boot.loader.systemd-boot.enable = true;