diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2020-11-18 15:36:56 +0100 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2020-11-18 15:36:56 +0100 |
commit | da12fc683846f3dcac07eb353cf0ec69e907ccd0 (patch) | |
tree | 539e94f0207e8419c99dd9d9e01a800b0d55e4a7 /nixos | |
parent | 3e4afc2d9fd2ec92c72f3ad08b794c1f48164377 (diff) | |
parent | 6a78f9866f1ef2c63471ecd42a2e4c51c5bf20ef (diff) |
Merge staging-next into staging
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/lib/make-iso9660-image.nix | 2 | ||||
-rw-r--r-- | nixos/lib/make-system-tarball.nix | 2 | ||||
-rw-r--r-- | nixos/modules/misc/documentation.nix | 34 | ||||
-rw-r--r-- | nixos/modules/programs/bandwhich.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/telegraf.nix | 42 | ||||
-rw-r--r-- | nixos/modules/services/networking/kresd.nix | 12 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/codimd.nix | 17 | ||||
-rw-r--r-- | nixos/modules/tasks/lvm.nix | 4 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 1 | ||||
-rw-r--r-- | nixos/release-combined.nix | 1 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 2 | ||||
-rw-r--r-- | nixos/tests/caddy.nix | 2 | ||||
-rw-r--r-- | nixos/tests/nano.nix | 44 | ||||
-rw-r--r-- | nixos/tests/riak.nix | 2 | ||||
-rw-r--r-- | nixos/tests/telegraf.nix | 5 | ||||
-rw-r--r-- | nixos/tests/xterm.nix | 23 |
16 files changed, 152 insertions, 43 deletions
diff --git a/nixos/lib/make-iso9660-image.nix b/nixos/lib/make-iso9660-image.nix index 6a0e0e7c635a..549530965f6e 100644 --- a/nixos/lib/make-iso9660-image.nix +++ b/nixos/lib/make-iso9660-image.nix @@ -48,7 +48,7 @@ assert usbBootable -> isohybridMbrImage != ""; stdenv.mkDerivation { name = isoName; builder = ./make-iso9660-image.sh; - buildInputs = [ xorriso syslinux zstd libossp_uuid ]; + nativeBuildInputs = [ xorriso syslinux zstd libossp_uuid ]; inherit isoName bootable bootImage compressImage volumeID efiBootImage efiBootable isohybridMbrImage usbBootable; diff --git a/nixos/lib/make-system-tarball.nix b/nixos/lib/make-system-tarball.nix index dee91a6ce3f4..dab168f4a481 100644 --- a/nixos/lib/make-system-tarball.nix +++ b/nixos/lib/make-system-tarball.nix @@ -37,7 +37,7 @@ in stdenv.mkDerivation { name = "tarball"; builder = ./make-system-tarball.sh; - buildInputs = extraInputs; + nativeBuildInputs = extraInputs; inherit fileName extraArgs extraCommands compressCommand; diff --git a/nixos/modules/misc/documentation.nix b/nixos/modules/misc/documentation.nix index 71a40b4f4d6e..bc43cc33b5d4 100644 --- a/nixos/modules/misc/documentation.nix +++ b/nixos/modules/misc/documentation.nix @@ -40,9 +40,9 @@ let in scrubbedEval.options; }; - helpScript = pkgs.writeScriptBin "nixos-help" - '' - #! ${pkgs.runtimeShell} -e + + nixos-help = let + helpScript = pkgs.writeShellScriptBin "nixos-help" '' # Finds first executable browser in a colon-separated list. # (see how xdg-open defines BROWSER) browser="$( @@ -59,14 +59,22 @@ let exec "$browser" ${manual.manualHTMLIndex} ''; - desktopItem = pkgs.makeDesktopItem { - name = "nixos-manual"; - desktopName = "NixOS Manual"; - genericName = "View NixOS documentation in a web browser"; - icon = "nix-snowflake"; - exec = "${helpScript}/bin/nixos-help"; - categories = "System"; - }; + desktopItem = pkgs.makeDesktopItem { + name = "nixos-manual"; + desktopName = "NixOS Manual"; + genericName = "View NixOS documentation in a web browser"; + icon = "nix-snowflake"; + exec = "nixos-help"; + categories = "System"; + }; + + in pkgs.symlinkJoin { + name = "nixos-help"; + paths = [ + helpScript + desktopItem + ]; + }; in @@ -250,8 +258,8 @@ in environment.systemPackages = [] ++ optional cfg.man.enable manual.manpages - ++ optionals cfg.doc.enable ([ manual.manualHTML helpScript ] - ++ optionals config.services.xserver.enable [ desktopItem pkgs.nixos-icons ]); + ++ optionals cfg.doc.enable ([ manual.manualHTML nixos-help ] + ++ optionals config.services.xserver.enable [ pkgs.nixos-icons ]); services.mingetty.helpLine = mkIf cfg.doc.enable ( "\nRun 'nixos-help' for the NixOS manual." diff --git a/nixos/modules/programs/bandwhich.nix b/nixos/modules/programs/bandwhich.nix index 5413044f4614..1cffb5fa2765 100644 --- a/nixos/modules/programs/bandwhich.nix +++ b/nixos/modules/programs/bandwhich.nix @@ -4,7 +4,7 @@ with lib; let cfg = config.programs.bandwhich; in { - meta.maintainers = with maintainers; [ filalex77 ]; + meta.maintainers = with maintainers; [ Br1ght0ne ]; options = { programs.bandwhich = { diff --git a/nixos/modules/services/monitoring/telegraf.nix b/nixos/modules/services/monitoring/telegraf.nix index 5d131557e8be..1fc17ec72daf 100644 --- a/nixos/modules/services/monitoring/telegraf.nix +++ b/nixos/modules/services/monitoring/telegraf.nix @@ -5,14 +5,8 @@ with lib; let cfg = config.services.telegraf; - configFile = pkgs.runCommand "config.toml" { - buildInputs = [ pkgs.remarshal ]; - preferLocalBuild = true; - } '' - remarshal -if json -of toml \ - < ${pkgs.writeText "config.json" (builtins.toJSON cfg.extraConfig)} \ - > $out - ''; + settingsFormat = pkgs.formats.toml {}; + configFile = settingsFormat.generate "config.toml" cfg.extraConfig; in { ###### interface options = { @@ -26,10 +20,23 @@ in { type = types.package; }; + environmentFiles = mkOption { + type = types.nullOr (types.listOf types.path); + default = []; + example = "/run/keys/telegraf.env"; + description = '' + File to load as environment file. Environment variables + from this file will be interpolated into the config file + using envsubst with this syntax: + <literal>$ENVIRONMENT ''${VARIABLE}</literal> + This is useful to avoid putting secrets into the nix store. + ''; + }; + extraConfig = mkOption { default = {}; description = "Extra configuration options for telegraf"; - type = types.attrs; + type = settingsFormat.type; example = { outputs = { influxdb = { @@ -51,15 +58,28 @@ in { ###### implementation config = mkIf config.services.telegraf.enable { - systemd.services.telegraf = { + systemd.services.telegraf = let + finalConfigFile = if config.services.telegraf.environmentFiles == [] + then configFile + else "/var/run/telegraf/config.toml"; + in { description = "Telegraf Agent"; wantedBy = [ "multi-user.target" ]; after = [ "network-online.target" ]; serviceConfig = { - ExecStart=''${cfg.package}/bin/telegraf -config "${configFile}"''; + EnvironmentFile = config.services.telegraf.environmentFiles; + ExecStartPre = lib.optional (config.services.telegraf.environmentFiles != []) + (pkgs.writeShellScript "pre-start" '' + umask 077 + ${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /var/run/telegraf/config.toml + ''); + ExecStart=''${cfg.package}/bin/telegraf -config ${finalConfigFile}''; ExecReload="${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + RuntimeDirectory = "telegraf"; User = "telegraf"; Restart = "on-failure"; + # for ping probes + AmbientCapabilities = [ "CAP_NET_RAW" ]; }; }; diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix index ccb34163d5f3..6f1c4c48b430 100644 --- a/nixos/modules/services/networking/kresd.nix +++ b/nixos/modules/services/networking/kresd.nix @@ -23,18 +23,14 @@ let ''; configFile = pkgs.writeText "kresd.conf" ( - optionalString (cfg.listenDoH != []) '' - modules.load('http') - '' + "" + concatMapStrings (mkListen "dns") cfg.listenPlain + concatMapStrings (mkListen "tls") cfg.listenTLS - + concatMapStrings (mkListen "doh") cfg.listenDoH + + concatMapStrings (mkListen "doh2") cfg.listenDoH + cfg.extraConfig ); - package = if cfg.listenDoH == [] - then pkgs.knot-resolver # never force `extraFeatures = false` - else pkgs.knot-resolver.override { extraFeatures = true; }; + package = pkgs.knot-resolver; in { meta.maintainers = [ maintainers.vcunat /* upstream developer */ ]; @@ -92,7 +88,7 @@ in { default = []; example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ]; description = '' - Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 8484). + Addresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484). For detailed syntax see ListenStream in man systemd.socket. ''; }; diff --git a/nixos/modules/services/web-apps/codimd.nix b/nixos/modules/services/web-apps/codimd.nix index c787c36b877c..0fbc9ee820e6 100644 --- a/nixos/modules/services/web-apps/codimd.nix +++ b/nixos/modules/services/web-apps/codimd.nix @@ -6,8 +6,10 @@ let cfg = config.services.codimd; prettyJSON = conf: - pkgs.runCommand "codimd-config.json" { preferLocalBuild = true; } '' - echo '${builtins.toJSON conf}' | ${pkgs.jq}/bin/jq \ + pkgs.runCommandLocal "codimd-config.json" { + nativeBuildInputs = [ pkgs.jq ]; + } '' + echo '${builtins.toJSON conf}' | jq \ '{production:del(.[]|nulls)|del(.[][]?|nulls)}' > $out ''; in @@ -878,7 +880,6 @@ in }; }; - environmentFile = mkOption { type = with types; nullOr path; default = null; @@ -908,6 +909,14 @@ in <literal>CodiMD</literal> is running. ''; }; + + package = mkOption { + type = types.package; + default = pkgs.codimd; + description = '' + Package that provides CodiMD. + ''; + }; }; config = mkIf cfg.enable { @@ -938,7 +947,7 @@ in ''; serviceConfig = { WorkingDirectory = cfg.workDir; - ExecStart = "${pkgs.codimd}/bin/codimd"; + ExecStart = "${cfg.package}/bin/codimd"; EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; Environment = [ "CMD_CONFIG_FILE=${cfg.workDir}/config.json" diff --git a/nixos/modules/tasks/lvm.nix b/nixos/modules/tasks/lvm.nix index 2c3cc4c5467d..98a0e2ddef90 100644 --- a/nixos/modules/tasks/lvm.nix +++ b/nixos/modules/tasks/lvm.nix @@ -21,6 +21,10 @@ in { }; config = mkMerge [ + ({ + # minimal configuration file to make lvmconfig/lvm2-activation-generator happy + environment.etc."lvm/lvm.conf".text = "config {}"; + }) (mkIf (!config.boot.isContainer) { systemd.tmpfiles.packages = [ cfg.package.out ]; environment.systemPackages = [ cfg.package ]; diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index e5bd57753683..53c54c2e3980 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -1062,7 +1062,6 @@ in ]; boot.kernelModules = [ ] - ++ optional cfg.enableIPv6 "ipv6" ++ optional hasVirtuals "tun" ++ optional hasSits "sit" ++ optional hasBonds "bonding"; diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index 384ae5765b8c..d8b9a5f9b4bc 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -97,6 +97,7 @@ in rec { (onFullSupported "nixos.tests.login") (onFullSupported "nixos.tests.misc") (onFullSupported "nixos.tests.mutableUsers") + (onFullSupported "nixos.tests.nano") (onFullSupported "nixos.tests.nat.firewall-conntrack") (onFullSupported "nixos.tests.nat.firewall") (onFullSupported "nixos.tests.nat.standalone") diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 868f15a1da37..640cc84c8032 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -225,6 +225,7 @@ in mysql-backup = handleTest ./mysql/mysql-backup.nix {}; mysql-replication = handleTest ./mysql/mysql-replication.nix {}; nagios = handleTest ./nagios.nix {}; + nano = handleTest ./nano.nix {}; nar-serve = handleTest ./nar-serve.nix {}; nat.firewall = handleTest ./nat.nix { withFirewall = true; }; nat.firewall-conntrack = handleTest ./nat.nix { withFirewall = true; withConntrackHelpers = true; }; @@ -388,6 +389,7 @@ in xmonad = handleTest ./xmonad.nix {}; xrdp = handleTest ./xrdp.nix {}; xss-lock = handleTest ./xss-lock.nix {}; + xterm = handleTest ./xterm.nix {}; yabar = handleTest ./yabar.nix {}; yggdrasil = handleTest ./yggdrasil.nix {}; zfs = handleTest ./zfs.nix {}; diff --git a/nixos/tests/caddy.nix b/nixos/tests/caddy.nix index f2de34ff2da2..a21dbec248ab 100644 --- a/nixos/tests/caddy.nix +++ b/nixos/tests/caddy.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "caddy"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ xfix filalex77 ]; + maintainers = [ xfix Br1ght0ne ]; }; nodes = { diff --git a/nixos/tests/nano.nix b/nixos/tests/nano.nix new file mode 100644 index 000000000000..9e0a9e147f2c --- /dev/null +++ b/nixos/tests/nano.nix @@ -0,0 +1,44 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "nano"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { lib, ... }: { + environment.systemPackages = [ pkgs.nano ]; + }; + + testScript = { ... }: '' + start_all() + + with subtest("Create user and log in"): + machine.wait_for_unit("multi-user.target") + machine.wait_until_succeeds("pgrep -f 'agetty.*tty1'") + machine.succeed("useradd -m alice") + machine.succeed("(echo foobar; echo foobar) | passwd alice") + machine.wait_until_tty_matches(1, "login: ") + machine.send_chars("alice\n") + machine.wait_until_tty_matches(1, "login: alice") + machine.wait_until_succeeds("pgrep login") + machine.wait_until_tty_matches(1, "Password: ") + machine.send_chars("foobar\n") + machine.wait_until_succeeds("pgrep -u alice bash") + machine.screenshot("prompt") + + with subtest("Use nano"): + machine.send_chars("nano /tmp/foo") + machine.send_key("ret") + machine.sleep(2) + machine.send_chars("42") + machine.sleep(1) + machine.send_key("ctrl-x") + machine.sleep(1) + machine.send_key("y") + machine.sleep(1) + machine.screenshot("nano") + machine.sleep(1) + machine.send_key("ret") + machine.wait_for_file("/tmp/foo") + assert "42" in machine.succeed("cat /tmp/foo") + ''; +}) diff --git a/nixos/tests/riak.nix b/nixos/tests/riak.nix index 6915779e7e9c..3dd4e333d669 100644 --- a/nixos/tests/riak.nix +++ b/nixos/tests/riak.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { name = "riak"; meta = with lib.maintainers; { - maintainers = [ filalex77 ]; + maintainers = [ Br1ght0ne ]; }; machine = { diff --git a/nixos/tests/telegraf.nix b/nixos/tests/telegraf.nix index 73f741b11357..938bbd518b5a 100644 --- a/nixos/tests/telegraf.nix +++ b/nixos/tests/telegraf.nix @@ -6,12 +6,15 @@ import ./make-test-python.nix ({ pkgs, ...} : { machine = { ... }: { services.telegraf.enable = true; + services.telegraf.environmentFiles = [pkgs.writeText "secrets" '' + SECRET=example + '']; services.telegraf.extraConfig = { agent.interval = "1s"; agent.flush_interval = "1s"; inputs.exec = { commands = [ - "${pkgs.runtimeShell} -c 'echo example,tag=a i=42i'" + "${pkgs.runtimeShell} -c 'echo $SECRET,tag=a i=42i'" ]; timeout = "5s"; data_format = "influx"; diff --git a/nixos/tests/xterm.nix b/nixos/tests/xterm.nix new file mode 100644 index 000000000000..9f30543bf385 --- /dev/null +++ b/nixos/tests/xterm.nix @@ -0,0 +1,23 @@ +import ./make-test-python.nix ({ pkgs, ...} : { + name = "xterm"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + machine = { pkgs, ... }: + { + imports = [ ./common/x11.nix ]; + services.xserver.desktopManager.xterm.enable = false; + }; + + testScript = + '' + machine.wait_for_x() + machine.succeed("DISPLAY=:0 xterm -title testterm -class testterm -fullscreen &") + machine.sleep(2) + machine.send_chars("echo $XTERM_VERSION >> /tmp/xterm_version\n") + machine.wait_for_file("/tmp/xterm_version") + assert "${pkgs.xterm.version}" in machine.succeed("cat /tmp/xterm_version") + machine.screenshot("window") + ''; +}) |