nixpkgs/nixos/tests/chrony.nix

import ./make-test-python.nix ({ lib, ... }:
{
  name = "chrony";

  meta = {
    maintainers = with lib.maintainers; [ fpletz ];
  };

  nodes = {
    machine = {
      services.chrony.enable = true;

      specialisation.hardened.configuration = {
        services.chrony.enableMemoryLocking = true;
        environment.memoryAllocator.provider = "graphene-hardened";
        # dhcpcd privsep is incompatible with graphene-hardened
        networking.useNetworkd = true;
      };
    };
  };

  testScript = ''
    machine.start()
    machine.wait_for_unit('multi-user.target')
    machine.succeed('systemctl is-active chronyd.service')
    machine.succeed('/run/booted-system/specialisation/hardened/bin/switch-to-configuration test')
    machine.succeed('systemctl restart chronyd.service')
    machine.wait_for_unit('chronyd.service')
  '';
})