diff options
| author | Frederik Rietdijk <fridh@fridh.nl> | 2020-10-13 19:34:34 +0200 |
|---|---|---|
| committer | Frederik Rietdijk <fridh@fridh.nl> | 2020-10-13 19:34:34 +0200 |
| commit | 9e1943edc03c14854295d47001c2b46d7d2472de (patch) | |
| tree | 3a7b08aa961782c4a8e77837e6532502c891bc5d /nixos | |
| parent | aabcf2d8f52c68ad37d72bf80d90608831450af5 (diff) | |
| parent | c5a41da563485db7e34475321e22d45941de23d0 (diff) | |
Merge master into staging-next
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 51 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2103.xml | 11 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/security/acme.nix | 5 | ||||
| -rw-r--r-- | nixos/modules/services/misc/domoticz.nix | 51 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 38 | ||||
| -rw-r--r-- | nixos/modules/services/misc/klipper.nix | 59 | ||||
| -rw-r--r-- | nixos/modules/services/networking/avahi-daemon.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/dnsdist.nix | 23 | ||||
| -rw-r--r-- | nixos/modules/services/x11/desktop-managers/gnome3.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/services/x11/window-managers/xmonad.nix | 65 | ||||
| -rw-r--r-- | nixos/modules/services/x11/xserver.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/acme.nix | 41 | ||||
| -rw-r--r-- | nixos/tests/agda.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/avahi.nix | 13 | ||||
| -rw-r--r-- | nixos/tests/cagebreak.nix | 19 | ||||
| -rw-r--r-- | nixos/tests/common/acme/server/default.nix | 2 | ||||
| -rw-r--r-- | nixos/tests/ft2-clone.nix | 35 | ||||
| -rw-r--r-- | nixos/tests/xmonad.nix | 18 |
20 files changed, 348 insertions, 97 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 72e77ad76e11..d9ff51ae3df0 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -232,29 +232,7 @@ GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION; <filename>testing-python.nix</filename> respectively. </para> </listitem> - <listitem> - <para> - The Mediatomb service declares new options. It also adapts existing - options to make the configuration generation lazy. The existing option - <literal>customCfg</literal> (defaults to false), when enabled, stops - the service configuration generation completely. It then expects the - users to provide their own correct configuration at the right location - (whereas the configuration was generated and not used at all before). - The new option <literal>transcodingOption</literal> (defaults to no) - allows a generated configuration. It makes the mediatomb service pulls - the necessary runtime dependencies in the nix store (whereas it was - generated with hardcoded values before). The new option - <literal>mediaDirectories</literal> allows the users to declare autoscan - media directories from their nixos configuration: - <programlisting> - services.mediatomb.mediaDirectories = [ - { path = "/var/lib/mediatomb/pictures"; recursive = false; hidden-files = false; } - { path = "/var/lib/mediatomb/audio"; recursive = true; hidden-files = false; } - ]; - </programlisting> - </para> - </listitem> - </itemizedlist> + </itemizedlist> </section> <section xmlns="http://docbook.org/ns/docbook" @@ -873,6 +851,13 @@ CREATE ROLE postgres LOGIN SUPERUSER; </listitem> <listitem> <para> + The <literal>hardware.nvidia.optimus_prime.enable</literal> service has been renamed to + <literal>hardware.nvidia.prime.sync.enable</literal> and has many new enhancements. + Related nvidia prime settings may have also changed. + </para> + </listitem> + <listitem> + <para> The package <package>nextcloud17</package> has been removed and <package>nextcloud18</package> was marked as insecure since both of them will <link xlink:href="https://docs.nextcloud.com/server/19/admin_manual/release_schedule.html"> will be EOL (end of life) within the lifetime of 20.09</link>. @@ -897,21 +882,11 @@ CREATE ROLE postgres LOGIN SUPERUSER; </para> </listitem> <listitem> - <para> - The mediatomb service is now using the new and maintained <literal>gerbera</literal> - <literal>gerbera</literal> fork instead of the unmaintained - <literal>mediatomb</literal> package. If you want to keep the old - behavior, you must declare it with: - <programlisting> - services.mediatomb.package = pkgs.mediatomb; - </programlisting> - One new option <literal>openFirewall</literal> has been introduced which - defaults to false. If you relied on the service declaration to add the - firewall rules itself before, you should now declare it with: - <programlisting> - services.mediatomb.openFirewall = true; - </programlisting> - </para> + <para> + The GNOME desktop manager no longer default installs <package>gnome3.epiphany</package>. + It was chosen to do this as it has a usability breaking issue (see issue <link xlink:href="https://github.com/NixOS/nixpkgs/issues/98819">#98819</link>) + that makes it unsuitable to be a default app. + </para> </listitem> </itemizedlist> </section> diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 8ce6219625ce..fb1d50434b80 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -82,6 +82,17 @@ for consistency with other X11 resources. </para> </listitem> + <listitem> + <para> + A number of options have been renamed in the kicad interface. <literal>oceSupport</literal> + has been renamed to <literal>withOCE</literal>, <literal>withOCCT</literal> has been renamed + to <literal>withOCC</literal>, <literal>ngspiceSupport</literal> has been renamed to + <literal>withNgspice</literal>, and <literal>scriptingSupport</literal> has been renamed to + <literal>withScripting</literal>. Additionally, <literal>kicad/base.nix</literal> no longer + provides default argument values since these are provided by + <literal>kicad/default.nix</literal>. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 39f28773eab0..78cfb7371770 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -442,6 +442,7 @@ ./services/misc/dysnomia.nix ./services/misc/disnix.nix ./services/misc/docker-registry.nix + ./services/misc/domoticz.nix ./services/misc/errbot.nix ./services/misc/etcd.nix ./services/misc/ethminer.nix @@ -466,6 +467,7 @@ ./services/misc/irkerd.nix ./services/misc/jackett.nix ./services/misc/jellyfin.nix + ./services/misc/klipper.nix ./services/misc/logkeys.nix ./services/misc/leaps.nix ./services/misc/lidarr.nix diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 31fbc3614744..5732620f2908 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -122,19 +122,22 @@ let "--email" data.email "--key-type" data.keyType ] ++ protocolOpts - ++ optionals data.ocspMustStaple [ "--must-staple" ] ++ optionals (acmeServer != null) [ "--server" acmeServer ] ++ concatMap (name: [ "-d" name ]) extraDomains ++ data.extraLegoFlags; + # Although --must-staple is common to both modes, it is not declared as a + # mode-agnostic argument in lego and thus must come after the mode. runOpts = escapeShellArgs ( commonOpts ++ [ "run" ] + ++ optionals data.ocspMustStaple [ "--must-staple" ] ++ data.extraLegoRunFlags ); renewOpts = escapeShellArgs ( commonOpts ++ [ "renew" "--reuse-key" ] + ++ optionals data.ocspMustStaple [ "--must-staple" ] ++ data.extraLegoRenewFlags ); diff --git a/nixos/modules/services/misc/domoticz.nix b/nixos/modules/services/misc/domoticz.nix new file mode 100644 index 000000000000..b1353d484048 --- /dev/null +++ b/nixos/modules/services/misc/domoticz.nix @@ -0,0 +1,51 @@ +{ lib, pkgs, config, ... }: + +with lib; + +let + + cfg = config.services.domoticz; + pkgDesc = "Domoticz home automation"; + +in { + + options = { + + services.domoticz = { + enable = mkEnableOption pkgDesc; + + bind = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "IP address to bind to."; + }; + + port = mkOption { + type = types.int; + default = 8080; + description = "Port to bind to for HTTP, set to 0 to disable HTTP."; + }; + + }; + + }; + + config = mkIf cfg.enable { + + systemd.services."domoticz" = { + description = pkgDesc; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + DynamicUser = true; + StateDirectory = "domoticz"; + Restart = "always"; + ExecStart = '' + ${pkgs.domoticz}/bin/domoticz -noupdates -www ${toString cfg.port} -wwwbind ${cfg.bind} -sslwww 0 -userdata /var/lib/domoticz -approot ${pkgs.domoticz}/share/domoticz/ -pidfile /var/run/domoticz.pid + ''; + }; + }; + + }; + +} diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 9896b8023e44..122bc3000b41 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -73,6 +73,11 @@ let redisConfig.production.url = cfg.redisUrl; + pagesArgs = [ + "-pages-domain" gitlabConfig.production.pages.host + "-pages-root" "${gitlabConfig.production.shared.path}/pages" + ] ++ cfg.pagesExtraArgs; + gitlabConfig = { # These are the default settings from config/gitlab.example.yml production = flip recursiveUpdate cfg.extraConfig { @@ -236,6 +241,13 @@ in { description = "Reference to the gitaly package"; }; + packages.pages = mkOption { + type = types.package; + default = pkgs.gitlab-pages; + defaultText = "pkgs.gitlab-pages"; + description = "Reference to the gitlab-pages package"; + }; + statePath = mkOption { type = types.str; default = "/var/gitlab/state"; @@ -451,6 +463,12 @@ in { }; }; + pagesExtraArgs = mkOption { + type = types.listOf types.str; + default = [ "-listen-proxy" "127.0.0.1:8090" ]; + description = "Arguments to pass to the gitlab-pages daemon"; + }; + secrets.secretFile = mkOption { type = with types; nullOr path; default = null; @@ -754,6 +772,26 @@ in { }; }; + systemd.services.gitlab-pages = mkIf (gitlabConfig.production.pages.enabled or false) { + description = "GitLab static pages daemon"; + after = [ "network.target" "redis.service" "gitlab.service" ]; # gitlab.service creates configs + wantedBy = [ "multi-user.target" ]; + + path = [ pkgs.unzip ]; + + serviceConfig = { + Type = "simple"; + TimeoutSec = "infinity"; + Restart = "on-failure"; + + User = cfg.user; + Group = cfg.group; + + ExecStart = "${cfg.packages.pages}/bin/gitlab-pages ${escapeShellArgs pagesArgs}"; + WorkingDirectory = gitlabEnv.HOME; + }; + }; + systemd.services.gitlab-workhorse = { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/services/misc/klipper.nix b/nixos/modules/services/misc/klipper.nix new file mode 100644 index 000000000000..2f04c011a650 --- /dev/null +++ b/nixos/modules/services/misc/klipper.nix @@ -0,0 +1,59 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.services.klipper; + package = pkgs.klipper; + format = pkgs.formats.ini { mkKeyValue = generators.mkKeyValueDefault {} ":"; }; +in +{ + ##### interface + options = { + services.klipper = { + enable = mkEnableOption "Klipper, the 3D printer firmware"; + + octoprintIntegration = mkOption { + type = types.bool; + default = false; + description = "Allows Octoprint to control Klipper."; + }; + + settings = mkOption { + type = format.type; + default = { }; + description = '' + Configuration for Klipper. See the <link xlink:href="https://www.klipper3d.org/Overview.html#configuration-and-tuning-guides">documentation</link> + for supported values. + ''; + }; + }; + }; + + ##### implementation + config = mkIf cfg.enable { + assertions = [{ + assertion = cfg.octoprintIntegration -> config.services.octoprint.enable; + message = "Option klipper.octoprintIntegration requires Octoprint to be enabled on this system. Please enable services.octoprint to use it."; + }]; + + environment.etc."klipper.cfg".source = format.generate "klipper.cfg" cfg.settings; + + systemd.services.klipper = { + description = "Klipper 3D Printer Firmware"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${package}/lib/klipper/klippy.py --input-tty=/run/klipper/tty /etc/klipper.cfg"; + RuntimeDirectory = "klipper"; + SupplementaryGroups = [ "dialout" ]; + WorkingDirectory = "${package}/lib"; + } // (if cfg.octoprintIntegration then { + Group = config.services.octoprint.group; + User = config.services.octoprint.user; + } else { + DynamicUser = true; + User = "klipper"; + }); + }; + }; +} diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index c876b252e8cd..2900c37f990f 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -239,7 +239,7 @@ in system.nssModules = optional cfg.nssmdns pkgs.nssmdns; system.nssDatabases.hosts = optionals cfg.nssmdns (mkMerge [ - [ "mdns_minimal [NOTFOUND=return]" ] + (mkOrder 900 [ "mdns_minimal [NOTFOUND=return]" ]) # must be before resolve (mkOrder 1501 [ "mdns" ]) # 1501 to ensure it's after dns ]); diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix index 8249da69bc1a..c48835e73612 100644 --- a/nixos/modules/services/networking/dnsdist.nix +++ b/nixos/modules/services/networking/dnsdist.nix @@ -7,7 +7,7 @@ let configFile = pkgs.writeText "dndist.conf" '' setLocal('${cfg.listenAddress}:${toString cfg.listenPort}') ${cfg.extraConfig} - ''; + ''; in { options = { services.dnsdist = { @@ -35,25 +35,18 @@ in { }; }; - config = mkIf config.services.dnsdist.enable { + config = mkIf cfg.enable { + systemd.packages = [ pkgs.dnsdist ]; + systemd.services.dnsdist = { - description = "dnsdist load balancer"; wantedBy = [ "multi-user.target" ]; - after = ["network.target"]; serviceConfig = { - Restart="on-failure"; - RestartSec="1"; DynamicUser = true; - StartLimitInterval="0"; - PrivateDevices=true; - AmbientCapabilities="CAP_NET_BIND_SERVICE"; - CapabilityBoundingSet="CAP_NET_BIND_SERVICE"; - ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}"; - ProtectHome=true; - RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; - LimitNOFILE="16384"; - TasksMax="8192"; + + # upstream overrides for better nixos compatibility + ExecStartPre = [ "" "${pkgs.dnsdist}/bin/dnsdist --check-config --config ${configFile}" ]; + ExecStart = [ "" "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}" ]; }; }; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index a4edcca72c97..acccbdb9950a 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -374,7 +374,9 @@ in baobab cheese eog - epiphany + /* Not in good standing on nixos: + * https://github.com/NixOS/nixpkgs/issues/98819 + /* epiphany */ gedit gnome-calculator gnome-calendar diff --git a/nixos/modules/services/x11/window-managers/xmonad.nix b/nixos/modules/services/x11/window-managers/xmonad.nix index dba25da8260c..b9013ca1ff9f 100644 --- a/nixos/modules/services/x11/window-managers/xmonad.nix +++ b/nixos/modules/services/x11/window-managers/xmonad.nix @@ -4,13 +4,15 @@ with lib; let inherit (lib) mkOption mkIf optionals literalExample; cfg = config.services.xserver.windowManager.xmonad; - xmonad = pkgs.xmonad-with-packages.override { + + xmonad-vanilla = pkgs.xmonad-with-packages.override { ghcWithPackages = cfg.haskellPackages.ghcWithPackages; packages = self: cfg.extraPackages self ++ optionals cfg.enableContribAndExtras [ self.xmonad-contrib self.xmonad-extras ]; }; - xmonadBin = pkgs.writers.writeHaskell "xmonad" { + + xmonad-config = pkgs.writers.writeHaskellBin "xmonad" { ghc = cfg.haskellPackages.ghc; libraries = [ cfg.haskellPackages.xmonad ] ++ cfg.extraPackages cfg.haskellPackages ++ @@ -19,8 +21,10 @@ let inherit (cfg) ghcArgs; } cfg.config; -in -{ + xmonad = if (cfg.config != null) then xmonad-config else xmonad-vanilla; +in { + meta.maintainers = with maintainers; [ lassulus xaverdh ]; + options = { services.xserver.windowManager.xmonad = { enable = mkEnableOption "xmonad"; @@ -62,19 +66,50 @@ in default = null; type = with lib.types; nullOr (either path str); description = '' - Configuration from which XMonad gets compiled. If no value - is specified, the xmonad config from $HOME/.xmonad is taken. - If you use xmonad --recompile, $HOME/.xmonad will be taken as - the configuration, but on the next restart of display-manager - this config will be reapplied. + Configuration from which XMonad gets compiled. If no value is + specified, a vanilla xmonad binary is put in PATH, which will + attempt to recompile and exec your xmonad config from $HOME/.xmonad. + This setup is then analogous to other (non-NixOS) linux distributions. + + If you do set this option, you likely want to use "launch" as your + entry point for xmonad (as in the example), to avoid xmonads + recompilation logic on startup. Doing so will render the default + "mod+q" restart key binding dysfunctional though, because that attempts + to call your binary with the "--restart" command line option, unless + you implement that yourself. You way mant to bind "mod+q" to + <literal>(restart "xmonad" True)</literal> instead, which will just restart + xmonad from PATH. This allows e.g. switching to the new xmonad binary, + after rebuilding your system with nixos-rebuild. + + If you actually want to run xmonad with a config specified here, but + also be able to recompile and restart it from a copy of that source in + $HOME/.xmonad on the fly, you will have to implement that yourself + using something like "compileRestart" from the example. + This should allow you to switch at will between the local xmonad and + the one NixOS puts in your PATH. ''; example = '' import XMonad + import XMonad.Util.EZConfig (additionalKeys) + import Text.Printf (printf) + import System.Posix.Process (executeFile) + import System.Info (arch,os) + import System.Environment (getArgs) + import System.FilePath ((</>)) + + compiledConfig = printf "xmonad-%s-%s" arch os + + compileRestart = whenX (recompile True) . catchIO $ do + dir <- getXMonadDataDir + args <- getArgs + executeFile (dir </> compiledConfig) False args Nothing main = launch defaultConfig - { modMask = mod4Mask -- Use Super instead of Alt - , terminal = "urxvt" - } + { modMask = mod4Mask -- Use Super instead of Alt + , terminal = "urxvt" } + `additionalKeys` + [ ( (mod4Mask,xK_r), compileRestart ) + , ( (mod4Mask,xK_q), restart "xmonad" True ) ] ''; }; @@ -101,10 +136,8 @@ in services.xserver.windowManager = { session = [{ name = "xmonad"; - start = let - xmonadCommand = if (cfg.config != null) then xmonadBin else "${xmonad}/bin/xmonad"; - in '' - systemd-cat -t xmonad -- ${xmonadCommand} ${lib.escapeShellArgs cfg.xmonadCliArgs} & + start = '' + systemd-cat -t xmonad -- ${xmonad}/bin/xmonad ${lib.escapeShellArgs cfg.xmonadCliArgs} & waitPID=$! ''; }]; diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix index 70716a354858..55d3e742ef7c 100644 --- a/nixos/modules/services/x11/xserver.nix +++ b/nixos/modules/services/x11/xserver.nix @@ -711,7 +711,7 @@ in system.extraDependencies = singleton (pkgs.runCommand "xkb-validated" { inherit (cfg) xkbModel layout xkbVariant xkbOptions; - nativeBuildInputs = [ pkgs.xkbvalidate ]; + nativeBuildInputs = with pkgs.buildPackages; [ xkbvalidate ]; preferLocalBuild = true; } '' xkbvalidate "$xkbModel" "$layout" "$xkbVariant" "$xkbOptions" diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index 64193ed8498c..eb152cf51a6a 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -97,6 +97,19 @@ in import ./make-test-python.nix ({ lib, ... }: { }; }; + # Test OCSP Stapling + specialisation.ocsp-stapling.configuration = { pkgs, ... }: { + security.acme.certs."a.example.test" = { + ocspMustStaple = true; + }; + services.nginx.virtualHosts."a.example.com" = { + extraConfig = '' + ssl_stapling on; + ssl_stapling_verify on; + ''; + }; + }; + # Test using Apache HTTPD specialisation.httpd-aliases.configuration = { pkgs, config, lib, ... }: { services.nginx.enable = lib.mkForce false; @@ -163,6 +176,7 @@ in import ./make-test-python.nix ({ lib, ... }: { testScript = {nodes, ...}: let + caDomain = nodes.acme.config.test-support.acme.caDomain; newServerSystem = nodes.webserver.config.system.build.toplevel; switchToNewServer = "${newServerSystem}/bin/switch-to-configuration test"; in @@ -246,6 +260,22 @@ in import ./make-test-python.nix ({ lib, ... }: { return check_connection_key_bits(node, domain, bits, retries - 1) + def check_stapling(node, domain, retries=3): + assert retries >= 0 + + # Pebble doesn't provide a full OCSP responder, so just check the URL + result = node.succeed( + "openssl s_client -CAfile /tmp/ca.crt" + f" -servername {domain} -connect {domain}:443 < /dev/null" + " | openssl x509 -noout -ocsp_uri" + ) + print("OCSP Responder URL:", result) + + if "${caDomain}:4002" not in result.lower(): + time.sleep(1) + return check_stapling(node, domain, retries - 1) + + client.start() dnsserver.start() @@ -253,7 +283,7 @@ in import ./make-test-python.nix ({ lib, ... }: { client.wait_for_unit("default.target") client.succeed( - 'curl --data \'{"host": "acme.test", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${dnsServerIP nodes}:8055/add-a' + 'curl --data \'{"host": "${caDomain}", "addresses": ["${nodes.acme.config.networking.primaryIPAddress}"]}\' http://${dnsServerIP nodes}:8055/add-a' ) acme.start() @@ -262,8 +292,8 @@ in import ./make-test-python.nix ({ lib, ... }: { acme.wait_for_unit("default.target") acme.wait_for_unit("pebble.service") - client.succeed("curl https://acme.test:15000/roots/0 > /tmp/ca.crt") - client.succeed("curl https://acme.test:15000/intermediate-keys/0 >> /tmp/ca.crt") + client.succeed("curl https://${caDomain}:15000/roots/0 > /tmp/ca.crt") + client.succeed("curl https://${caDomain}:15000/intermediate-keys/0 >> /tmp/ca.crt") with subtest("Can request certificate with HTTPS-01 challenge"): webserver.wait_for_unit("acme-finished-a.example.test.target") @@ -290,6 +320,11 @@ in import ./make-test-python.nix ({ lib, ... }: { check_connection_key_bits(client, "a.example.test", "384") webserver.succeed("grep testing /var/lib/acme/a.example.test/test") + with subtest("Correctly implements OCSP stapling"): + switch_to(webserver, "ocsp-stapling") + webserver.wait_for_unit("acme-finished-a.example.test.target") + check_stapling(client, "a.example.test") + with subtest("Can request certificate with HTTPS-01 when nginx startup is delayed"): switch_to(webserver, "slow-startup") webserver.wait_for_unit("acme-finished-slow.example.com.target") diff --git a/nixos/tests/agda.nix b/nixos/tests/agda.nix index e158999e57d1..3b3eb2803bdd 100644 --- a/nixos/tests/agda.nix +++ b/nixos/tests/agda.nix @@ -31,7 +31,7 @@ in machine.succeed('echo "import IO" > TestIO.agda') machine.succeed("agda -l standard-library -i . TestIO.agda") - # # Hello world + # Hello world machine.succeed( "cp ${hello-world} HelloWorld.agda" ) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 0dc14e527d12..6564a958d5b4 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -26,6 +26,7 @@ in agda = handleTest ./agda.nix {}; atd = handleTest ./atd.nix {}; avahi = handleTest ./avahi.nix {}; + avahi-with-resolved = handleTest ./avahi.nix { networkd = true; }; babeld = handleTest ./babeld.nix {}; bazarr = handleTest ./bazarr.nix {}; bcachefs = handleTestOn ["x86_64-linux"] ./bcachefs.nix {}; # linux-4.18.2018.10.12 is unsupported on aarch64 @@ -112,6 +113,7 @@ in fontconfig-default-fonts = handleTest ./fontconfig-default-fonts.nix {}; freeswitch = handleTest ./freeswitch.nix {}; fsck = handleTest ./fsck.nix {}; + ft2-clone = handleTest ./ft2-clone.nix {}; gerrit = handleTest ./gerrit.nix {}; gotify-server = handleTest ./gotify-server.nix {}; grocy = handleTest ./grocy.nix {}; diff --git a/nixos/tests/avahi.nix b/nixos/tests/avahi.nix index fe027c14d5a8..66cff3009f7d 100644 --- a/nixos/tests/avahi.nix +++ b/nixos/tests/avahi.nix @@ -1,5 +1,11 @@ +{ system ? builtins.currentSystem +, config ? {} +, pkgs ? import ../.. { inherit system config; } +# bool: whether to use networkd in the tests +, networkd ? false }: + # Test whether `avahi-daemon' and `libnss-mdns' work as expected. -import ./make-test-python.nix ({ pkgs, ... } : { +import ./make-test-python.nix ({ ... } : { name = "avahi"; meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ eelco ]; @@ -17,6 +23,11 @@ import ./make-test-python.nix ({ pkgs, ... } : { publish.workstation = true; extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; }; + } // pkgs.lib.optionalAttrs (networkd) { + networking = { + useNetworkd = true; + useDHCP = false; + }; }; in { one = cfg; diff --git a/nixos/tests/cagebreak.nix b/nixos/tests/cagebreak.nix index ecbb69646a93..e5f9a29fb18d 100644 --- a/nixos/tests/cagebreak.nix +++ b/nixos/tests/cagebreak.nix @@ -5,7 +5,6 @@ let workspaces 1 escape C-t bind t exec env DISPLAY=:0 ${pkgs.xterm}/bin/xterm -cm -pc - bind a exec ${pkgs.alacritty}/bin/alacritty ''; in { @@ -20,7 +19,7 @@ in in { imports = [ ./common/user-account.nix ]; - environment.systemPackages = [ pkgs.cagebreak ]; + environment.systemPackages = [ pkgs.cagebreak pkgs.wallutils ]; services.xserver = { enable = true; displayManager.autoLogin = { @@ -32,7 +31,7 @@ in manage = "desktop"; name = "cagebreak"; start = '' - export XDG_RUNTIME_DIR=/run/user/${toString alice.uid} + export XDG_RUNTIME_DIR="/run/user/${toString alice.uid}" ${pkgs.cagebreak}/bin/cagebreak & waitPID=$! ''; @@ -74,24 +73,20 @@ in testScript = { nodes, ... }: let user = nodes.machine.config.users.users.alice; + XDG_RUNTIME_DIR = "/run/user/${toString user.uid}"; in '' start_all() machine.wait_for_unit("multi-user.target") - machine.wait_for_file("/run/user/${toString user.uid}/wayland-0") + machine.wait_for_file("${XDG_RUNTIME_DIR}/wayland-0") - with subtest("ensure wayland works with alacritty"): - machine.send_key("ctrl-t") - machine.send_key("a") - machine.wait_until_succeeds("pgrep alacritty") - machine.wait_for_text("alice@machine") - machine.screenshot("screen") - machine.send_key("ctrl-d") + with subtest("ensure wayland works with wayinfo from wallutils"): + machine.succeed("env XDG_RUNTIME_DIR=${XDG_RUNTIME_DIR} wayinfo") with subtest("ensure xwayland works with xterm"): machine.send_key("ctrl-t") machine.send_key("t") machine.wait_until_succeeds("pgrep xterm") - machine.wait_for_text("alice@machine") + machine.wait_for_text("${user.name}@machine") machine.screenshot("screen") machine.send_key("ctrl-d") ''; diff --git a/nixos/tests/common/acme/server/default.nix b/nixos/tests/common/acme/server/default.nix index 4d8e664c4e17..cea10c16900d 100644 --- a/ |