diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-01 11:25:41 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-07-01 11:25:41 +0200 |
commit | 06fc1ec34dbae8bba4673475e64a8241026089f6 (patch) | |
tree | 3e70796a291acc704ef5382f5af4866cab64e537 /nixos | |
parent | 89f8af55f11b01e68cbfc6d10537413140261721 (diff) | |
parent | ce623950ada9e1ef721760f05b9e3a14604fd764 (diff) | |
download | nixlib-06fc1ec34dbae8bba4673475e64a8241026089f6.tar nixlib-06fc1ec34dbae8bba4673475e64a8241026089f6.tar.gz nixlib-06fc1ec34dbae8bba4673475e64a8241026089f6.tar.bz2 nixlib-06fc1ec34dbae8bba4673475e64a8241026089f6.tar.lz nixlib-06fc1ec34dbae8bba4673475e64a8241026089f6.tar.xz nixlib-06fc1ec34dbae8bba4673475e64a8241026089f6.tar.zst nixlib-06fc1ec34dbae8bba4673475e64a8241026089f6.zip |
Merge remote-tracking branch 'origin/master' into staging
Conflicts: pkgs/servers/serfdom/default.nix
Diffstat (limited to 'nixos')
56 files changed, 277 insertions, 62 deletions
diff --git a/nixos/lib/test-driver/log2html.xsl b/nixos/lib/test-driver/log2html.xsl index 8e907d85ffac..ce8a9c6de2b2 100644 --- a/nixos/lib/test-driver/log2html.xsl +++ b/nixos/lib/test-driver/log2html.xsl @@ -9,8 +9,8 @@ <xsl:template match="logfile"> <html> <head> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> - <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script> + <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> + <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script> <script type="text/javascript" src="treebits.js" /> <link rel="stylesheet" href="logfile.css" type="text/css" /> <title>Log File</title> diff --git a/nixos/lib/testing.nix b/nixos/lib/testing.nix index 942a2158b15f..063b9bf6c7af 100644 --- a/nixos/lib/testing.nix +++ b/nixos/lib/testing.nix @@ -37,7 +37,7 @@ rec { # `driver' is the script that runs the network. runTests = driver: stdenv.mkDerivation { - name = "vm-test-run"; + name = "vm-test-run-${driver.testName}"; requiredSystemFeatures = [ "kvm" "nixos-test" ]; @@ -68,9 +68,10 @@ rec { makeTest = - { testScript, makeCoverageReport ? false, ... } @ t: + { testScript, makeCoverageReport ? false, name ? "unnamed", ... } @ t: let + testDriverName = "nixos-test-driver-${name}"; nodes = buildVirtualNetwork ( t.nodes or (if t ? machine then { machine = t.machine; } else { })); @@ -88,10 +89,11 @@ rec { # Generate onvenience wrappers for running the test driver # interactively with the specified network, and for starting the # VMs from the command line. - driver = runCommand "nixos-test-driver" + driver = runCommand testDriverName { buildInputs = [ makeWrapper]; testScript = testScript'; preferLocalBuild = true; + testName = name; } '' mkdir -p $out/bin diff --git a/nixos/modules/config/krb5.nix b/nixos/modules/config/krb5.nix index bb5a95ebc844..991b5b16cc68 100644 --- a/nixos/modules/config/krb5.nix +++ b/nixos/modules/config/krb5.nix @@ -32,12 +32,12 @@ in kdc = mkOption { default = "kerberos.mit.edu"; - description = "Kerberos Domain Controller"; + description = "Kerberos Domain Controller."; }; kerberosAdminServer = mkOption { default = "kerberos.mit.edu"; - description = "Kerberos Admin Server"; + description = "Kerberos Admin Server."; }; }; diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix index 542360219193..3b6ccd380c75 100644 --- a/nixos/modules/config/sysctl.nix +++ b/nixos/modules/config/sysctl.nix @@ -6,8 +6,12 @@ let sysctlOption = mkOptionType { name = "sysctl option value"; - check = x: isBool x || isString x || isInt x || isNull x; - merge = args: defs: (last defs).value; # FIXME: hacky way to allow overriding in configuration.nix. + check = val: + let + checkType = x: isBool x || isString x || isInt x || isNull x; + in + checkType val || (val._type or "" == "override" && checkType val.content); + merge = loc: defs: mergeOneOption loc (filterOverrides defs); }; in diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh index d7b749573fa9..be37e61151aa 100644 --- a/nixos/modules/installer/tools/nixos-rebuild.sh +++ b/nixos/modules/installer/tools/nixos-rebuild.sh @@ -97,6 +97,16 @@ if [ -n "$upgrade" -a -z "$_NIXOS_REBUILD_REEXEC" ]; then nix-channel --update nixos fi +# Make sure that we use the Nix package we depend on, not something +# else from the PATH for nix-{env,instantiate,build}. This is +# important, because NixOS defaults the architecture of the rebuilt +# system to the architecture of the nix-* binaries used. So if on an +# amd64 system the user has an i686 Nix package in her PATH, then we +# would silently downgrade the whole system to be i686 NixOS on the +# next reboot. +if [ -z "$_NIXOS_REBUILD_REEXEC" ]; then + export PATH=@nix@/bin:$PATH +fi # Re-execute nixos-rebuild from the Nixpkgs tree. if [ -z "$_NIXOS_REBUILD_REEXEC" -a -n "$canRun" ]; then diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix index 5ebf05e340f9..f7fac75eb069 100644 --- a/nixos/modules/installer/tools/tools.nix +++ b/nixos/modules/installer/tools/tools.nix @@ -32,6 +32,7 @@ let nixos-rebuild = makeProg { name = "nixos-rebuild"; src = ./nixos-rebuild.sh; + nix = config.nix.package; }; nixos-generate-config = makeProg { diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index f1028a479dff..956215d9a97a 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -134,6 +134,7 @@ teamspeak = 124; influxdb = 125; nsd = 126; + gitolite = 127; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 13f2656c2873..94180372afe1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -147,6 +147,7 @@ ./services/misc/felix.nix ./services/misc/folding-at-home.nix ./services/misc/gpsd.nix + ./services/misc/gitolite.nix ./services/misc/nix-daemon.nix ./services/misc/nix-gc.nix ./services/misc/nix-ssh-serve.nix @@ -216,6 +217,7 @@ ./services/networking/prayer.nix ./services/networking/privoxy.nix ./services/networking/quassel.nix + ./services/networking/radicale.nix ./services/networking/radvd.nix ./services/networking/rdnssd.nix ./services/networking/rpcbind.nix diff --git a/nixos/modules/programs/atop.nix b/nixos/modules/programs/atop.nix index e457db22333b..b91bd98047ee 100644 --- a/nixos/modules/programs/atop.nix +++ b/nixos/modules/programs/atop.nix @@ -22,7 +22,7 @@ in interval = 5; }; description = '' - Parameters to be written to <filename>/etc/atoprc</filename> + Parameters to be written to <filename>/etc/atoprc</filename>. ''; }; diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix index 2ff1db48757d..80c3e83fe812 100644 --- a/nixos/modules/programs/environment.nix +++ b/nixos/modules/programs/environment.nix @@ -19,8 +19,8 @@ in environment.variables = { LOCATE_PATH = "/var/cache/locatedb"; NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix"; - PAGER = "less -R"; - EDITOR = "nano"; + PAGER = mkDefault "less -R"; + EDITOR = mkDefault "nano"; }; environment.sessionVariables = diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 02340fd78e8c..b1b75a0068d4 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -189,7 +189,9 @@ let session required pam_env.so envfile=${config.system.build.pamEnvironment} session required pam_unix.so ${optionalString cfg.setLoginUid - "session required pam_loginuid.so"} + "session ${ + if config.boot.isContainer then "optional" else "required" + } pam_loginuid.so"} ${optionalString cfg.updateWtmp "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"} ${optionalString config.users.ldap.enable diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix index c95238b34515..eae4c114fc12 100644 --- a/nixos/modules/services/databases/openldap.nix +++ b/nixos/modules/services/databases/openldap.nix @@ -68,7 +68,7 @@ in users.extraUsers = optionalAttrs (cfg.user == "openldap") (singleton { name = "openldap"; - group = "openldap"; + group = cfg.group; uid = config.ids.uids.openldap; }); diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 4ef48df9831c..2521e356bf39 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -50,7 +50,7 @@ in user = mkOption { default = "redis"; - description = "User account under which Redis runs"; + description = "User account under which Redis runs."; }; pidFile = mkOption { @@ -60,26 +60,26 @@ in port = mkOption { default = 6379; - description = "The port for Redis to listen to"; + description = "The port for Redis to listen to."; type = with types; int; }; bind = mkOption { default = null; # All interfaces - description = "The IP interface to bind to"; + description = "The IP interface to bind to."; example = "127.0.0.1"; }; unixSocket = mkOption { default = null; - description = "The path to the socket to bind to"; + description = "The path to the socket to bind to."; example = "/var/run/redis.sock"; }; logLevel = mkOption { default = "notice"; # debug, verbose, notice, warning example = "debug"; - description = "Specify the server verbosity level, options: debug, verbose, notice, warning"; + description = "Specify the server verbosity level, options: debug, verbose, notice, warning."; type = with types; string; }; @@ -110,19 +110,19 @@ in dbFilename = mkOption { default = "dump.rdb"; - description = "The filename where to dump the DB"; + description = "The filename where to dump the DB."; type = with types; string; }; dbpath = mkOption { default = "/var/lib/redis"; - description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration"; + description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration."; type = with types; string; }; slaveOf = mkOption { default = null; # { ip, port } - description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave"; + description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave."; example = { ip = "192.168.1.100"; port = 6379; }; }; @@ -154,26 +154,26 @@ in appendFsync = mkOption { default = "everysec"; # no, always, everysec - description = "How often to fsync the append-only log, options: no, always, everysec"; + description = "How often to fsync the append-only log, options: no, always, everysec."; type = with types; string; }; slowLogLogSlowerThan = mkOption { default = 10000; - description = "Log queries whose execution take longer than X in milliseconds"; + description = "Log queries whose execution take longer than X in milliseconds."; example = 1000; type = with types; int; }; slowLogMaxLen = mkOption { default = 128; - description = "Maximum number of items to keep in slow log"; + description = "Maximum number of items to keep in slow log."; type = with types; int; }; extraConfig = mkOption { default = ""; - description = "Extra configuration options for redis.conf"; + description = "Extra configuration options for redis.conf."; type = with types; string; }; }; diff --git a/nixos/modules/services/logging/logstash.nix b/nixos/modules/services/logging/logstash.nix index 480e35a1156d..c92c81135704 100644 --- a/nixos/modules/services/logging/logstash.nix +++ b/nixos/modules/services/logging/logstash.nix @@ -17,6 +17,11 @@ in description = "Enable logstash"; }; + enableWeb = mkOption { + default = false; + description = "Enable logstash web interface"; + }; + inputConfig = mkOption { default = ''stdin { type => "example" }''; description = "Logstash input configuration"; @@ -62,7 +67,7 @@ in config = mkIf cfg.enable { systemd.services.logstash = with pkgs; { - description = "Logstash daemon"; + description = "Logstash Daemon"; wantedBy = [ "multi-user.target" ]; serviceConfig = { @@ -78,7 +83,7 @@ in output { ${cfg.outputConfig} } - ''}"; + ''} ${optionalString cfg.enableWeb "-- web"}"; }; }; }; diff --git a/nixos/modules/services/misc/gitolite.nix b/nixos/modules/services/misc/gitolite.nix new file mode 100644 index 000000000000..84435f92c11d --- /dev/null +++ b/nixos/modules/services/misc/gitolite.nix @@ -0,0 +1,66 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.gitolite; + pubkeyFile = pkgs.writeText "gitolite-admin.pub" cfg.adminPubkey; +in +{ + options = { + services.gitolite = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable gitolite management under the + <literal>gitolite</literal> user. The Gitolite home + directory is <literal>/var/lib/gitolite</literal>. After + switching to a configuration with Gitolite enabled, you can + then run <literal>git clone + gitolite@host:gitolite-admin.git</literal> to manage it further. + ''; + }; + + adminPubkey = mkOption { + type = types.str; + description = '' + Initial administrative public key for Gitolite. This should + be an SSH Public Key. Note that this key will only be used + once, upon the first initialization of the Gitolite user. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.extraUsers.gitolite = { + description = "Gitolite user"; + home = "/var/lib/gitolite"; + createHome = true; + uid = config.ids.uids.gitolite; + useDefaultShell = true; + }; + + systemd.services."gitolite-init" = { + description = "Gitolite initialization"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig.User = "gitolite"; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = true; + + path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.openssh ]; + script = '' + cd /var/lib/gitolite + mkdir -p .gitolite/logs + if [ ! -d repositories ]; then + gitolite setup -pk ${pubkeyFile} + fi + gitolite setup # Upgrade if needed + ''; + }; + + environment.systemPackages = [ pkgs.gitolite pkgs.git ]; + }; +} diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix new file mode 100644 index 000000000000..fc9afc70aca4 --- /dev/null +++ b/nixos/modules/services/networking/radicale.nix @@ -0,0 +1,48 @@ +{config, lib, pkgs, ...}: + +with lib; + +let + + cfg = config.services.radicale; + + confFile = pkgs.writeText "radicale.conf" cfg.config; + +in + +{ + + options = { + + services.radicale.enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable Radicale CalDAV and CardDAV server + ''; + }; + + services.radicale.config = mkOption { + type = types.string; + default = ""; + description = '' + Radicale configuration, this will set the service + configuration file + ''; + }; + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.pythonPackages.radicale ]; + + jobs.radicale = { + description = "A Simple Calendar and Contact Server"; + startOn = "started network-interfaces"; + exec = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d"; + daemonType = "fork"; + }; + + }; + +} diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index 3c32e4a3dfe1..eeae11dc4ff3 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -27,37 +27,37 @@ in { options.services.elasticsearch = { enable = mkOption { - description = "Whether to enable elasticsearch"; + description = "Whether to enable elasticsearch."; default = false; type = types.uniq types.bool; }; host = mkOption { - description = "Elasticsearch listen address"; + description = "Elasticsearch listen address."; default = "127.0.0.1"; type = types.str; }; port = mkOption { - description = "Elasticsearch port to listen for HTTP traffic"; + description = "Elasticsearch port to listen for HTTP traffic."; default = 9200; type = types.int; }; tcp_port = mkOption { - description = "Elasticsearch port for the node to node communication"; + description = "Elasticsearch port for the node to node communication."; default = 9300; type = types.int; }; cluster_name = mkOption { - description = "Elasticsearch name that identifies your cluster for auto-discovery"; + description = "Elasticsearch name that identifies your cluster for auto-discovery."; default = "elasticsearch"; type = types.str; }; extraConf = mkOption { - description = "Extra configuration for elasticsearch"; + description = "Extra configuration for elasticsearch."; default = ""; type = types.str; example = '' @@ -70,7 +70,7 @@ in { }; logging = mkOption { - description = "Elasticsearch logging configuration"; + description = "Elasticsearch logging configuration."; default = '' rootLogger: INFO, console logger: @@ -95,7 +95,7 @@ in { }; extraCmdLineOptions = mkOption { - description = "Extra command line options for the elasticsearch launcher"; + description = "Extra command line options for the elasticsearch launcher."; default = []; type = types.listOf types.string; example = [ "-Djava.net.preferIPv4Stack=true" ]; @@ -107,7 +107,7 @@ in { config = mkIf cfg.enable { systemd.services.elasticsearch = { - description = "Elasticsearch daemon"; + description = "Elasticsearch Daemon"; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" ]; environment = { ES_HOME = cfg.dataDir; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index a6f856912533..729825681b57 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -594,17 +594,17 @@ in message = "SSL is enabled for HTTPD, but sslServerCert and/or sslServerKey haven't been specified."; } ]; - users.extraUsers = optional (mainCfg.user == "wwwrun") + users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") (singleton { name = "wwwrun"; - group = "wwwrun"; + group = mainCfg.group; description = "Apache httpd user"; uid = config.ids.uids.wwwrun; - }; + }); - users.extraGroups = optional (mainCfg.group == "wwwrun") + users.extraGroups = optionalAttrs (mainCfg.group == "wwwrun") (singleton { name = "wwwrun"; gid = config.ids.gids.wwwrun; - }; + }); environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices; diff --git a/nixos/modules/tasks/encrypted-devices.nix b/nixos/modules/tasks/encrypted-devices.nix index e80762a170c4..e56549149cb8 100644 --- a/nixos/modules/tasks/encrypted-devices.nix +++ b/nixos/modules/tasks/encrypted-devices.nix @@ -16,28 +16,28 @@ let enable = mkOption { default = false; type = types.bool; - description = "The block device is backed by an encrypted one, adds this device as a initrd luks entry"; + description = "The block device is backed by an encrypted one, adds this device as a initrd luks entry."; }; blkDev = mkOption { default = null; example = "/dev/sda1"; type = types.uniq (types.nullOr types.string); - description = "Location of the backing encrypted device"; + description = "Location of the backing encrypted device."; }; label = mkOption { default = null; example = "rootfs"; type = types.uniq (types.nullOr types.string); - description = "Label of the backing encrypted device"; + description = "Label of the backing encrypted device."; }; keyFile = mkOption { default = null; example = "/root/.swapkey"; type = types.uniq (types.nullOr types.string); - description = "File system location of keyfile"; + description = "File system location of keyfile."; }; }; }; diff --git a/nixos/tests/avahi.nix b/nixos/tests/avahi.nix index b6f18087c56f..3898ddb4e8e6 100644 --- a/nixos/tests/avahi.nix +++ b/nixos/tests/avahi.nix @@ -1,6 +1,7 @@ # Test whether `avahi-daemon' and `libnss-mdns' work as expected. import ./make-test.nix { + name = "avahi"; nodes = { one = diff --git a/nixos/tests/bittorrent.nix b/nixos/tests/bittorrent.nix index b58657a5ecdb..002e012f65f0 100644 --- a/nixos/tests/bittorrent.nix +++ b/nixos/tests/bittorrent.nix @@ -23,6 +23,7 @@ let in { + name = "bittorrent"; nodes = { tracker = diff --git a/nixos/tests/check-filesystems.nix b/nixos/tests/check-filesystems.nix index 09401f9a3f44..71aa9649840f 100644 --- a/nixos/tests/check-filesystems.nix +++ b/nixos/tests/check-filesystems.nix @@ -6,6 +6,8 @@ with import ../lib/build-vms.nix { inherit nixos nixpkgs system; }; rec { + name = "check-filesystems"; + nodes = { share = {pkgs, config, ...}: { services.nfs.server.enable = true; diff --git a/nixos/tests/containers.nix b/nixos/tests/containers.nix index 8ad9cd6e0d79..f7dc8eb491d6 100644 --- a/nixos/tests/containers.nix +++ b/nixos/tests/containers.nix @@ -1,6 +1,7 @@ # Test for NixOS' container support. import ./make-test.nix { + name = "containers"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix index b42d473b8025..77a6f6ac9e71 100644 --- a/nixos/tests/firefox.nix +++ b/nixos/tests/firefox.nix @@ -1,4 +1,5 @@ import ./make-test.nix ({ pkgs, ... }: { + name = "firefox"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix index d10e10b1d91c..16922508c7c5 100644 --- a/nixos/tests/firewall.nix +++ b/nixos/tests/firewall.nix @@ -1,6 +1,7 @@ # Test the firewall module. import ./make-test.nix { + name = "firewall"; nodes = { walled = diff --git a/nixos/tests/gnome3.nix b/nixos/tests/gnome3.nix index f1a6ce633313..44668f57fc1e 100644 --- a/nixos/tests/gnome3.nix +++ b/nixos/tests/gnome3.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "gnome3"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/gnome3_12.nix b/nixos/tests/gnome3_12.nix index 92a1919b8cb2..439674b69d5d 100644 --- a/nixos/tests/gnome3_12.nix +++ b/nixos/tests/gnome3_12.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "gnome3_12"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/influxdb.nix b/nixos/tests/influxdb.nix index 278b264170fa..9f8ea061b960 100644 --- a/nixos/tests/influxdb.nix +++ b/nixos/tests/influxdb.nix @@ -1,6 +1,8 @@ # This test runs influxdb and checks if influxdb is up and running import ./make-test.nix { + name = "influxdb"; + nodes = { one = { config, pkgs, ... }: { services.influxdb.enable = true; diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index 98e8142a0dfd..1cd1aa63a55b 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -215,10 +215,11 @@ let ''; - makeInstallerTest = + makeInstallerTest = name: { createPartitions, testChannel ? false, useEFI ? false, grubVersion ? 2, grubDevice ? "/dev/vda" }: makeTest { inherit iso; + name = "installer-" + name; nodes = if testChannel then { inherit webserver; } else { }; testScript = testScriptFun { inherit createPartitions testChannel useEFI grubVersion grubDevice; @@ -233,7 +234,7 @@ in { # The (almost) simplest partitioning scheme: a swap partition and # one big filesystem partition. - simple = makeInstallerTest + simple = makeInstallerTest "simple" { createPartitions = '' $machine->succeed( @@ -251,7 +252,7 @@ in { }; # Same as the previous, but now with a separate /boot partition. - separateBoot = makeInstallerTest + separateBoot = makeInstallerTest "separateBoot" { createPartitions = '' $machine->succeed( @@ -273,7 +274,7 @@ in { # Create two physical LVM partitions combined into one volume group # that contains the logical swap and root partitions. - lvm = makeInstallerTest + lvm = makeInstallerTest "lvm" { createPartitions = '' $machine->succeed( @@ -295,7 +296,7 @@ in { ''; }; - swraid = makeInstallerTest + swraid = makeInstallerTest "swraid" { createPartitions = '' $machine->succeed( @@ -328,7 +329,7 @@ in { }; # Test a basic install using GRUB 1. - grub1 = makeInstallerTest + grub1 = makeInstallerTest "grub1" { createPartitions = '' $machine->succeed( @@ -348,7 +349,7 @@ in { }; # Test an EFI install. - efi = makeInstallerTest + efi = makeInstallerTest "efi" { createPartitions = '' $machine->succeed( @@ -369,6 +370,7 @@ in { # Rebuild the CD configuration with a little modification. rebuildCD = makeTest { inherit iso; + name = "rebuild-CD"; nodes = { }; testScript = '' diff --git a/nixos/tests/ipv6.nix b/nixos/tests/ipv6.nix index eb15363d3c32..af6fec6bfbf5 100644 --- a/nixos/tests/ipv6.nix +++ b/nixos/tests/ipv6.nix @@ -2,6 +2,7 @@ # solicication/advertisement using radvd works. import ./make-test.nix { + name = "ipv6"; nodes = { client = { config, pkgs, ... }: { }; diff --git a/nixos/tests/jenkins.nix b/nixos/tests/jenkins.nix index ad7ea78ac49b..28027c294bc6 100644 --- a/nixos/tests/jenkins.nix +++ b/nixos/tests/jenkins.nix @@ -4,6 +4,7 @@ # 3. jenkins service not started on slave node import ./make-test.nix { + name = "jenkins"; nodes = { diff --git a/nixos/tests/kde4.nix b/nixos/tests/kde4.nix index 99a82a6b95df..90c37397821e 100644 --- a/nixos/tests/kde4.nix +++ b/nixos/tests/kde4.nix @@ -1,4 +1,5 @@ import ./make-test.nix ({ pkgs, ... }: { + name = "kde4"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/kexec.nix b/nixos/tests/kexec.nix index b09287682c01..0f0565a60e95 100644 --- a/nixos/tests/kexec.nix +++ b/nixos/tests/kexec.nix @@ -1,6 +1,7 @@ # Test whether fast reboots via kexec work. import ./make-test.nix { + name = "kexec"; machine = { config, pkgs, ... }: { virtualisation.vlans = [ ]; }; diff --git a/nixos/tests/login.nix b/nixos/tests/login.nix index 44c53c231c81..e8373219ca68 100644 --- a/nixos/tests/login.nix +++ b/nixos/tests/login.nix @@ -1,6 +1,7 @@ import ./make-test.nix ({ pkgs, latestKernel ? false, ... }: { + name = "login"; machine = { config, pkgs, lib, ... }: diff --git a/nixos/tests/logstash.nix b/nixos/tests/logstash.nix index e6aba7a10126..7284cde7a33c 100644 --- a/nixos/tests/logstash.nix +++ b/nixos/tests/logstash.nix @@ -2,6 +2,7 @@ # elasticsearch is started. import ./make-test.nix { + name = "logstash"; nodes = { one = diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix index 8caef146ec87..c03db6c43353 100644 --- a/nixos/tests/misc.nix +++ b/nixos/tests/misc.nix @@ -1,6 +1,7 @@ # Miscellaneous small tests that don't warrant their own VM run. import ./make-test.nix { + name = "misc"; machine = { config, lib, pkgs, ... }: diff --git a/nixos/tests/mpich.nix b/nixos/tests/mpich.nix index 13cd0960d07c..a4ef7b624267 100644 --- a/nixos/tests/mpich.nix +++ b/nixos/tests/mpich.nix @@ -1,6 +1,8 @@ # Simple example to showcase distributed tests using NixOS VMs. import ./make-test.nix { + name = "mpich"; + nodes = { master = { config, pkgs, ... }: { diff --git a/nixos/tests/mumble.nix b/nixos/tests/mumble.nix index 68ab8b642b01..32aae9161399 100644 --- a/nixos/tests/mumble.nix +++ b/nixos/tests/mumble.nix @@ -7,6 +7,8 @@ let }; in { + name = "mumble"; + nodes = { server = { config, pkgs, ... }: { services.murmur.enable = true; diff --git a/nixos/tests/munin.nix b/nixos/tests/munin.nix index acc4b949ab57..31676c10df1b 100644 --- a/nixos/tests/munin.nix +++ b/nixos/tests/munin.nix @@ -2,6 +2,7 @@ # machine. import ./make-test.nix { + name = "munin"; nodes = { one = diff --git a/nixos/tests/mysql-replication.nix b/nixos/tests/mysql-replication.nix index 7d0cf6d85a1a..5786fdbc58cd 100644 --- a/nixos/tests/mysql-replication.nix +++ b/nixos/tests/mysql-replication.nix @@ -6,6 +6,8 @@ let in { + name = "mysql-replication"; + nodes = { master = { pkgs, config, ... }: diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix index 566d03baf367..0a753b9b625b 100644 --- a/nixos/tests/mysql.nix +++ b/nixos/tests/mysql.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "mysql"; nodes = { master = diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index 02981469e106..5fdcc0e97ca9 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -5,6 +5,7 @@ # for the client. import ./make-test.nix { + name = "nat"; nodes = { client = diff --git a/nixos/tests/nfs.nix b/nixos/tests/nfs.nix index 864d05626b67..61b2431c04c7 100644 --- a/nixos/tests/nfs.nix +++ b/nixos/tests/nfs.nix @@ -17,6 +17,7 @@ let in { + name = "nfs"; nodes = { client1 = client; diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix index 0b9714c275da..692618c5a84d 100644 --- a/nixos/tests/openssh.nix +++ b/nixos/tests/openssh.nix @@ -1,4 +1,22 @@ -import ./make-test.nix ({ pkgs, ... }: { +import ./make-test.nix ({ pkgs, ... }: + +let + snakeOilPrivateKey = pkgs.writeText "privkey.snakeoil" '' + -----BEGIN EC PRIVATE KEY----- + MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49 + AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN + r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA== + -----END EC PRIVATE KEY----- + ''; + + snakeOilPublicKey = pkgs.lib.concatStrings [ + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA" + "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa" + "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= sakeoil" + ]; + +in { + name = "openssh"; nodes = { @@ -9,6 +27,9 @@ import ./make-test.nix ({ pkgs, ... }: { services.openssh.enable = true; security.pam.services.sshd.limits = [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ]; + users.extraUsers.root.openssh.authorizedKeys.keys = [ + snakeOilPublicKey + ]; }; client = @@ -23,15 +44,25 @@ import ./make-test.nix ({ pkgs, ... }: { $server->waitForUnit("sshd"); - $server->succeed("mkdir -m 700 /root/.ssh"); - $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); + subtest "manual-authkey", sub { + $server->succeed("mkdir -m 700 /root/.ssh"); + $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys"); + + $client->succeed("mkdir -m 700 /root/.ssh"); + $client->copyFileFromHost("key", "/root/.ssh/id_dsa"); + $client->succeed("chmod 600 /root/.ssh/id_dsa"); - $client->succeed("mkdir -m 700 /root/.ssh"); - $client->copyFileFromHost("key", "/root/.ssh/id_dsa"); - $client->succeed("chmod 600 /root/.ssh/id_dsa"); + $client->waitForUnit("network.target"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024"); + }; - $client->waitForUnit("network.target"); - $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2"); - $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024"); + subtest "configured-authkey", sub { + $client->succeed("cat ${snakeOilPrivateKey} > privkey.snakeoil"); + $client->succeed("chmod 600 privkey.snakeoil"); + $client->succeed("ssh -o UserKnownHostsFile=/dev/null" . + " -o StrictHostKeyChecking=no -i privkey.snakeoil" . + " server true"); + }; ''; }) diff --git a/nixos/tests/partition.nix b/nixos/tests/partition.nix index 120ecaad8812..72fd37e041e5 100644 --- a/nixos/tests/partition.nix +++ b/nixos/tests/partition.nix @@ -63,6 +63,8 @@ let logvol / --size=1000 --grow --fstype=ext4 --name=root --vgname=nixos ''; in { + name = "partitiion"; + machine = { config, pkgs, ... }: { environment.systemPackages = [ pkgs.pythonPackages.nixpart diff --git a/nixos/tests/phabricator.nix b/nixos/tests/phabricator.nix index 8a8c6cb784cc..53038474c91a 100644 --- a/nixos/tests/phabricator.nix +++ b/nixos/tests/phabricator.nix @@ -1,4 +1,5 @@ import ./make-test.nix ({ pkgs, ... }: { + name = "phabricator"; nodes = { storage = diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix index 16f9812d93b5..a55e077c2696 100644 --- a/nixos/tests/printing.nix +++ b/nixos/tests/printing.nix @@ -1,6 +1,7 @@ # Test printing via CUPS. import ./make-test.nix ({pkgs, ... }: { + name = "printing"; nodes = { diff --git a/nixos/tests/proxy.nix b/nixos/tests/proxy.nix index 88dbdb2720fb..01f0f3fe17a3 100644 --- a/nixos/tests/proxy.nix +++ b/nixos/tests/proxy.nix @@ -14,6 +14,7 @@ let in { + name = "proxy"; nodes = { proxy = diff --git a/nixos/tests/quake3.nix b/nixos/tests/quake3.nix index 3ff12fd57c06..b16cb179982a 100644 --- a/nixos/tests/quake3.nix +++ b/nixos/tests/quake3.nix @@ -13,6 +13,7 @@ let in rec { + name = "quake3"; makeCoverageReport = true; diff --git a/nixos/tests/rabbitmq.nix b/nixos/tests/rabbitmq.nix index ffcdde9d87f2..3ef3f92764c9 100644 --- a/nixos/tests/rabbitmq.nix +++ b/nixos/tests/rabbitmq.nix @@ -1,6 +1,7 @@ # This test runs rabbitmq and checks if rabbitmq is up and running. import ./make-test.nix ({ pkgs, ... }: { + name = "rabbitmq"; nodes = { one = { config, pkgs, ... }: { diff --git a/nixos/tests/simple.nix b/nixos/tests/simple.nix index e21b919cdf80..62d748d64296 100644 --- a/nixos/tests/simple.nix +++ b/nixos/tests/simple.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "simple" machine = { config, pkgs, ... }: { }; diff --git a/nixos/tests/subversion.nix b/nixos/tests/subversion.nix index e6746dc08287..50277edbdd89 100644 --- a/nixos/tests/subversion.nix +++ b/nixos/tests/subversion.nix @@ -32,6 +32,7 @@ let in { + name = "subversion"; nodes = { webserver = diff --git a/nixos/tests/tomcat.nix b/nixos/tests/tomcat.nix index 3b0b1bb79117..f3ee3477b5ac 100644 --- a/nixos/tests/tomcat.nix +++ b/nixos/tests/tomcat.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "tomcat"; nodes = { server = diff --git a/nixos/tests/trac.nix b/nixos/tests/trac.nix index 3f17dafaca15..87a2d328b4a6 100644 --- a/nixos/tests/trac.nix +++ b/nixos/tests/trac.nix @@ -1,4 +1,5 @@ import ./make-test.nix ({ pkgs, ... }: { + name = "trac"; nodes = { storage = diff --git a/nixos/tests/udisks2.nix b/nixos/tests/udisks2.nix index e0c57d7c34d6..1d2f79e4f6c1 100644 --- a/nixos/tests/udisks2.nix +++ b/nixos/tests/udisks2.nix @@ -10,6 +10,7 @@ let in { + name = "udisks2"; machine = { config, pkgs, ... }: diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix index ded37943e51d..ced0c6b9826b 100644 --- a/nixos/tests/xfce.nix +++ b/nixos/tests/xfce.nix @@ -1,4 +1,5 @@ import ./make-test.nix { + name = "xfce"; machine = { config, pkgs, ... }: |