From 10f731c974a4b30b68a33f221b90d69275f51e70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Wed, 30 Jul 2025 16:43:35 +0200
Subject: [PATCH] container-test-driver: fix rebuild and make
 container-test-driver importable

---
 .../container-test-driver/nixos-module.nix    | 24 +++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/lib/test/container-test-driver/nixos-module.nix b/lib/test/container-test-driver/nixos-module.nix
index a0f8c986c..48022306c 100644
--- a/lib/test/container-test-driver/nixos-module.nix
+++ b/lib/test/container-test-driver/nixos-module.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, ... }:
+{
+  pkgs,
+  lib,
+  options,
+  ...
+}:
 {
   boot.isContainer = true;
 
@@ -7,7 +12,9 @@
 
   # undo qemu stuff
   system.build.initialRamdisk = "";
-  virtualisation.sharedDirectories = lib.mkForce { };
+  virtualisation = lib.optionalAttrs (options ? virtualisation.sharedDirectories) {
+    sharedDirectories = lib.mkForce { };
+  };
   networking.useDHCP = false;
 
   # PAM requires setuid and doesn't work in our containers
@@ -15,11 +22,14 @@
 
   # We use networkd to assign static ip addresses
   networking.useNetworkd = true;
+  networking.useHostResolvConf = false;
   services.resolved.enable = false;
 
-  # Rename the host0 interface to eth0 to match what we expect in VM tests.
+  # Rename the host0 interface to eth1 to match what we expect in VM tests.
   system.activationScripts.renameInterface = ''
-    ${pkgs.iproute2}/bin/ip link set dev host0 name eth1
+    if ${pkgs.iproute2}/bin/ip link show host0 2>/dev/null; then
+      ${pkgs.iproute2}/bin/ip link set dev host0 name eth1
+    fi
   '';
 
   systemd.services.backdoor.enable = false;
@@ -27,6 +37,12 @@
   # we don't have permission to set cpu scheduler in our container
   systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = lib.mkForce "";
 
+  # Disable suid-sgid-wrappers.service as it fails in the nix sandbox
+  systemd.services.suid-sgid-wrappers.enable = false;
+
+  # Disable resolvconf as it can cause issues in containers because it cannot apply posix acl
+  systemd.services.resolvconf.enable = false;
+
   # Adds `Include /nix/store/...` to `/etc/ssh/ssh_config`[1] which will make
   # SSH fail when running inside a container test as SSH checks the permissions
   # of the config files it reads which can't be disabled[2] and all the store