From 5879c48616087f12c696265d40d53a7513a98bb2 Mon Sep 17 00:00:00 2001
From: Michael Hoang <enzime@users.noreply.github.com>
Date: Tue, 29 Apr 2025 15:02:50 +1000
Subject: [PATCH] container-test-driver: fix SSH not working inside container
 tests

---
 lib/test/container-test-driver/nixos-module.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/test/container-test-driver/nixos-module.nix b/lib/test/container-test-driver/nixos-module.nix
index 090279c06..c7e1dd32e 100644
--- a/lib/test/container-test-driver/nixos-module.nix
+++ b/lib/test/container-test-driver/nixos-module.nix
@@ -23,4 +23,13 @@
 
   # we don't have permission to set cpu scheduler in our container
   systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = lib.mkForce "";
+
+  # Adds `Include /nix/store/...` to `/etc/ssh/ssh_config`[1] which will make
+  # SSH fail when running inside a container test as SSH checks the permissions
+  # of the config files it reads which can't be disabled[2] and all the store
+  # paths inside the build sandbox (and the container by extension) are owned
+  # by `nobody:nogroup` rather than `root:nixbld`.
+  # [1]: https://github.com/NixOS/nixpkgs/blob/29335f23bea5e34228349ea739f31ee79e267b88/nixos/modules/programs/ssh.nix#L344-L347
+  # [2]: https://github.com/openssh/openssh-portable/blob/b5b405fee7f3e79d44e2d2971a4b6b4cc53f112e/readconf.c#L2579-L2587
+  programs.ssh.systemd-ssh-proxy.enable = false;
 }