From 50e7a02e671cc4e5af49732b53d5d26f987cb314 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Thu, 10 Aug 2023 02:02:33 +0200
Subject: [PATCH] nixos/chrony: add simple test

---
 nixos/tests/all-tests.nix                |  1 +
 nixos/tests/chrony.nix                   | 31 ++++++++++++++++++++++++
 pkgs/tools/networking/chrony/default.nix |  3 +++
 3 files changed, 35 insertions(+)
 create mode 100644 nixos/tests/chrony.nix

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index a2235b106dc6..530447b99786 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -167,6 +167,7 @@ in {
   cgit = handleTest ./cgit.nix {};
   charliecloud = handleTest ./charliecloud.nix {};
   chromium = (handleTestOn ["aarch64-linux" "x86_64-linux"] ./chromium.nix {}).stable or {};
+  chrony = handleTestOn ["aarch64-linux" "x86_64-linux"] ./chrony.nix {};
   chrony-ptp = handleTestOn ["aarch64-linux" "x86_64-linux"] ./chrony-ptp.nix {};
   cinnamon = handleTest ./cinnamon.nix {};
   cjdns = handleTest ./cjdns.nix {};
diff --git a/nixos/tests/chrony.nix b/nixos/tests/chrony.nix
new file mode 100644
index 000000000000..578b1e32d50c
--- /dev/null
+++ b/nixos/tests/chrony.nix
@@ -0,0 +1,31 @@
+import ./make-test-python.nix ({ lib, ... }:
+{
+  name = "chrony";
+
+  meta = {
+    maintainers = with lib.maintainers; [ fpletz ];
+  };
+
+  nodes = {
+    default = {
+      services.chrony.enable = true;
+    };
+    graphene-hardened = {
+      services.chrony.enable = true;
+      services.chrony.enableMemoryLocking = true;
+      environment.memoryAllocator.provider = "graphene-hardened";
+      # dhcpcd privsep is incompatible with graphene-hardened
+      networking.useNetworkd = true;
+    };
+  };
+
+  testScript = {nodes, ...} : let
+    graphene-hardened = nodes.graphene-hardened.system.build.toplevel;
+  in ''
+    default.start()
+    default.wait_for_unit('multi-user.target')
+    default.succeed('systemctl is-active chronyd.service')
+    default.succeed('${graphene-hardened}/bin/switch-to-configuration test')
+    default.succeed('systemctl is-active chronyd.service')
+  '';
+})
diff --git a/pkgs/tools/networking/chrony/default.nix b/pkgs/tools/networking/chrony/default.nix
index c85c6d9febf4..c188fbb7ccd8 100644
--- a/pkgs/tools/networking/chrony/default.nix
+++ b/pkgs/tools/networking/chrony/default.nix
@@ -1,6 +1,7 @@
 { lib, stdenv, fetchurl, pkg-config
 , gnutls, libedit, nspr, nss, readline, texinfo
 , libcap, libseccomp, pps-tools
+, nixosTests
 }:
 
 stdenv.mkDerivation rec {
@@ -36,6 +37,8 @@ stdenv.mkDerivation rec {
 
   hardeningEnable = [ "pie" ];
 
+  passthru.tests = { inherit (nixosTests) chrony chrony-ptp; };
+
   meta = with lib; {
     description = "Sets your computer's clock from time servers on the Net";
     homepage = "https://chrony.tuxfamily.org/";