diff options
| author | Vladimír Čunát <v@cunat.cz> | 2019-09-16 19:25:54 +0200 |
|---|---|---|
| committer | Vladimír Čunát <v@cunat.cz> | 2019-09-16 19:25:54 +0200 |
| commit | 268872d996c65f96604655cb547c7544adcde83d (patch) | |
| tree | 8a64cba2ee69934669845ae723c9103d933c7e82 /nixos | |
| parent | b86f9d6d46034beebe801d278641519938ee59c0 (diff) | |
| parent | fa4a3af5a70ecc628d1467eb5c4b89a479633ce6 (diff) | |
| download | nixlib-268872d996c65f96604655cb547c7544adcde83d.tar nixlib-268872d996c65f96604655cb547c7544adcde83d.tar.gz nixlib-268872d996c65f96604655cb547c7544adcde83d.tar.bz2 nixlib-268872d996c65f96604655cb547c7544adcde83d.tar.lz nixlib-268872d996c65f96604655cb547c7544adcde83d.tar.xz nixlib-268872d996c65f96604655cb547c7544adcde83d.tar.zst nixlib-268872d996c65f96604655cb547c7544adcde83d.zip | |
Merge branch 'staging-next' into staging
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/man-nixos-rebuild.xml | 40 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1909.xml | 6 | ||||
| -rw-r--r-- | nixos/modules/rename.nix | 14 | ||||
| -rw-r--r-- | nixos/modules/services/continuous-integration/hydra/default.nix | 20 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/services/networking/networkmanager.nix | 27 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 33 | ||||
| -rw-r--r-- | nixos/modules/services/x11/redshift.nix | 16 | ||||
| -rw-r--r-- | nixos/modules/system/activation/activation-script.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/tasks/auto-upgrade.nix | 2 | ||||
| -rwxr-xr-x | nixos/tests/hydra/create-trivial-project.sh | 2 | ||||
| -rw-r--r-- | nixos/tests/hydra/default.nix | 23 | ||||
| -rw-r--r-- | nixos/tests/mumble.nix | 4 | ||||
| -rw-r--r-- | nixos/tests/xmonad.nix | 2 |
14 files changed, 146 insertions, 51 deletions
diff --git a/nixos/doc/manual/man-nixos-rebuild.xml b/nixos/doc/manual/man-nixos-rebuild.xml index 4c20cfcdd7d2..a83c4fb965eb 100644 --- a/nixos/doc/manual/man-nixos-rebuild.xml +++ b/nixos/doc/manual/man-nixos-rebuild.xml @@ -7,10 +7,12 @@ <refmiscinfo class="source">NixOS</refmiscinfo> <!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> --> </refmeta> + <refnamediv> <refname><command>nixos-rebuild</command> </refname><refpurpose>reconfigure a NixOS machine</refpurpose> </refnamediv> + <refsynopsisdiv> <cmdsynopsis> <command>nixos-rebuild</command><group choice='req'> @@ -74,6 +76,7 @@ <arg> <option>--builders</option> <replaceable>builder-spec</replaceable> </arg> + <sbr /> <arg> <group choice='req'> @@ -121,8 +124,10 @@ </arg> </cmdsynopsis> </refsynopsisdiv> + <refsection> <title>Description</title> + <para> This command updates the system so that it corresponds to the configuration specified in <filename>/etc/nixos/configuration.nix</filename>. Thus, every @@ -133,9 +138,11 @@ (re)starts any system services if needed. Please note that user services need to be started manually as they aren't detected by the activation script at the moment. </para> + <para> This command has one required argument, which specifies the desired operation. It must be one of the following: + <variablelist> <varlistentry> <term> @@ -152,6 +159,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>boot</option> @@ -165,6 +173,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>test</option> @@ -179,6 +188,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>build</option> @@ -197,6 +207,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>dry-build</option> @@ -208,6 +219,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>dry-activate</option> @@ -222,6 +234,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>edit</option> @@ -232,6 +245,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>build-vm</option> @@ -249,12 +263,14 @@ <prompt>$ </prompt>./result/bin/run-*-vm </screen> </para> + <para> The VM is implemented using the <literal>qemu</literal> package. For best performance, you should load the <literal>kvm-intel</literal> or <literal>kvm-amd</literal> kernel modules to get hardware virtualisation. </para> + <para> The VM mounts the Nix store of the host through the 9P file system. The host Nix store is read-only, so Nix commands that modify the Nix store @@ -262,6 +278,7 @@ <command>nixos-rebuild</command>; to change the VM’s configuration, you must halt the VM and re-run the commands above. </para> + <para> The VM has its own <literal>ext3</literal> root file system, which is automatically created when the VM is first started, and is persistent @@ -272,6 +289,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>build-vm-with-bootloader</option> @@ -294,11 +312,13 @@ </variablelist> </para> </refsection> + <refsection> <title>Options</title> <para> This command accepts the following options: </para> + <variablelist> <varlistentry> <term> @@ -310,6 +330,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>--install-bootloader</option> @@ -321,6 +342,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>--no-build-nix</option> @@ -336,6 +358,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>--fast</option> @@ -349,6 +372,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>--rollback</option> @@ -363,6 +387,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>--builders</option> <replaceable>builder-spec</replaceable> @@ -382,6 +407,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>--profile-name</option> @@ -412,6 +438,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>--build-host</option> @@ -437,6 +464,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <option>--target-host</option> @@ -449,6 +477,7 @@ be accessible over ssh, and for the commands <option>switch</option>, <option>boot</option> and <option>test</option> you need root access. </para> + <para> If <option>--build-host</option> is not explicitly specified, <option>--build-host</option> will implicitly be set to the same value as @@ -457,6 +486,7 @@ place remotely (and no build artifacts will be copied to the local machine). </para> + <para> You can include a remote user name in the host name (<replaceable>user@host</replaceable>). You can also set ssh options by @@ -465,6 +495,7 @@ </listitem> </varlistentry> </variablelist> + <para> In addition, <command>nixos-rebuild</command> accepts various Nix-related flags, including <option>--max-jobs</option> / <option>-j</option>, @@ -473,8 +504,10 @@ <option>-v</option>. See the Nix manual for details. </para> </refsection> + <refsection> <title>Environment</title> + <variablelist> <varlistentry> <term> @@ -487,6 +520,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <envar>NIX_SSHOPTS</envar> @@ -500,9 +534,12 @@ </varlistentry> </variablelist> </refsection> + <refsection> <title>Files</title> + <variablelist> + <varlistentry> <term> <filename>/run/current-system</filename> @@ -513,6 +550,7 @@ </para> </listitem> </varlistentry> + <varlistentry> <term> <filename>/nix/var/nix/profiles/system</filename> @@ -524,8 +562,10 @@ </para> </listitem> </varlistentry> + </variablelist> </refsection> + <refsection> <title>Bugs</title> <para> diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index f9cea242c153..58ab7207f533 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -478,6 +478,12 @@ Prometheus 2 is now configured with <literal>services.prometheus</literal>. </para> </listitem> + <listitem> + <para> + Citrix Receiver (<literal>citrix_receiver</literal>) has been dropped in favor of Citrix Workspace + (<literal>citrix_workspace</literal>). + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index d1303f90ad8d..0c7c45a4708b 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -273,20 +273,6 @@ with lib; (mkRenamedOptionModule [ "networking" "extraResolvconfConf" ] [ "networking" "resolvconf" "extraConfig" ]) (mkRenamedOptionModule [ "networking" "resolvconfOptions" ] [ "networking" "resolvconf" "extraOptions" ]) - # Redshift - (mkChangedOptionModule [ "services" "redshift" "latitude" ] [ "location" "latitude" ] - (config: - let value = getAttrFromPath [ "services" "redshift" "latitude" ] config; - in if value == null then - throw "services.redshift.latitude is set to null, you can remove this" - else builtins.fromJSON value)) - (mkChangedOptionModule [ "services" "redshift" "longitude" ] [ "location" "longitude" ] - (config: - let value = getAttrFromPath [ "services" "redshift" "longitude" ] config; - in if value == null then - throw "services.redshift.longitude is set to null, you can remove this" - else builtins.fromJSON value)) - # Redis (mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.") (mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.") diff --git a/nixos/modules/services/continuous-integration/hydra/default.nix b/nixos/modules/services/continuous-integration/hydra/default.nix index 500acb485620..2da10a9a5e2a 100644 --- a/nixos/modules/services/continuous-integration/hydra/default.nix +++ b/nixos/modules/services/continuous-integration/hydra/default.nix @@ -275,6 +275,7 @@ in ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O hydra hydra touch ${baseDir}/.db-created fi + echo "create extension if not exists pg_trgm" | ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql hydra ''} if [ ! -e ${cfg.gcRootsDir} ]; then @@ -379,6 +380,23 @@ in }; }; + systemd.services.hydra-notify = + { wantedBy = [ "multi-user.target" ]; + requires = [ "hydra-init.service" ]; + after = [ "hydra-init.service" ]; + restartTriggers = [ hydraConf ]; + environment = env // { + PGPASSFILE = "${baseDir}/pgpass-queue-runner"; + }; + serviceConfig = + { ExecStart = "@${cfg.package}/bin/hydra-notify hydra-notify"; + # FIXME: run this under a less privileged user? + User = "hydra-queue-runner"; + Restart = "always"; + RestartSec = 5; + }; + }; + # If there is less than a certain amount of free disk space, stop # the queue/evaluator to prevent builds from failing or aborting. systemd.services.hydra-check-space = @@ -416,6 +434,8 @@ in hydra-users hydra-queue-runner hydra hydra-users hydra-www hydra hydra-users root hydra + # The postgres user is used to create the pg_trgm extension for the hydra database + hydra-users postgres postgres ''; services.postgresql.authentication = optionalString haveLocalDB diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index caef4ad4ea80..66da6864fca9 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -1,7 +1,5 @@ { config, lib, pkgs, utils, ... }: -# TODO: support non-postgresql - with lib; let @@ -806,8 +804,8 @@ in { export otp="$(<'${cfg.secrets.otpFile}')" export jws="$(<'${cfg.secrets.jwsFile}')" ${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret, - otp_key_base: $ENV.db, - db_key_base: $ENV.otp, + otp_key_base: $ENV.otp, + db_key_base: $ENV.db, openid_connect_signing_key: $ENV.jws}}' \ > '${cfg.statePath}/config/secrets.yml' ) diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 6ed723e704d0..76ce40cdbc72 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -8,6 +8,8 @@ let dynamicHostsEnabled = cfg.dynamicHosts.enable && cfg.dynamicHosts.hostsDirs != {}; + delegateWireless = config.networking.wireless.enable == true && cfg.unmanaged != []; + # /var/lib/misc is for dnsmasq.leases. stateDirs = "/var/lib/NetworkManager /var/lib/dhclient /var/lib/misc"; @@ -177,10 +179,11 @@ in { basePackages = mkOption { type = types.attrsOf types.package; default = { inherit (pkgs) - networkmanager modemmanager wpa_supplicant crda + networkmanager modemmanager crda networkmanager-openvpn networkmanager-vpnc networkmanager-openconnect networkmanager-fortisslvpn - networkmanager-l2tp networkmanager-iodine; }; + networkmanager-l2tp networkmanager-iodine; } + // optionalAttrs (!delegateWireless) { inherit (pkgs) wpa_supplicant; }; internal = true; }; @@ -377,8 +380,11 @@ in { config = mkIf cfg.enable { assertions = [ - { assertion = config.networking.wireless.enable == false; - message = "You can not use networking.networkmanager with networking.wireless"; + { assertion = config.networking.wireless.enable == true -> cfg.unmanaged != []; + message = '' + You can not use networking.networkmanager with networking.wireless. + Except if you mark some interfaces as <literal>unmanaged</literal> by NetworkManager. + ''; } { assertion = !dynamicHostsEnabled || (dynamicHostsEnabled && cfg.dns == "dnsmasq"); message = '' @@ -496,18 +502,17 @@ in { aliases = [ "dbus-org.freedesktop.nm-dispatcher.service" ]; }; - # Turn off NixOS' network management - networking = { + # Turn off NixOS' network management when networking is managed entirely by NetworkManager + networking = (mkIf (!delegateWireless) { useDHCP = false; - # use mkDefault to trigger the assertion about the conflict above + # Use mkDefault to trigger the assertion about the conflict above wireless.enable = mkDefault false; - }; + }) // (mkIf cfg.enableStrongSwan { + networkmanager.packages = [ pkgs.networkmanager_strongswan ]; + }); security.polkit.extraConfig = polkitConf; - networking.networkmanager.packages = - mkIf cfg.enableStrongSwan [ pkgs.networkmanager_strongswan ]; - services.dbus.packages = optional cfg.enableStrongSwan pkgs.strongswanNM ++ cfg.packages; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 5f5469e48507..db5dc915c89f 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -120,16 +120,24 @@ in { ''; }; - poolConfig = mkOption { - type = types.lines; - default = '' - pm = dynamic - pm.max_children = 32 - pm.start_servers = 2 - pm.min_spare_servers = 2 - pm.max_spare_servers = 4 - pm.max_requests = 500 + poolSettings = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = "32"; + "pm.start_servers" = "2"; + "pm.min_spare_servers" = "2"; + "pm.max_spare_servers" = "4"; + "pm.max_requests" = "500"; + }; + description = '' + Options for nextcloud's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives. ''; + }; + + poolConfig = mkOption { + type = types.nullOr types.lines; + default = null; description = '' Options for nextcloud's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives. ''; @@ -287,6 +295,11 @@ in { message = "Please specify exactly one of adminpass or adminpassFile"; } ]; + + warnings = optional (cfg.poolConfig != null) '' + Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release. + Please migrate your configuration to config.services.nextcloud.poolSettings. + ''; } { systemd.timers.nextcloud-cron = { @@ -423,7 +436,7 @@ in { settings = mapAttrs (name: mkDefault) { "listen.owner" = "nginx"; "listen.group" = "nginx"; - }; + } // cfg.poolSettings; extraConfig = cfg.poolConfig; }; }; diff --git a/nixos/modules/services/x11/redshift.nix b/nixos/modules/services/x11/redshift.nix index 6ddb4c83764a..21b0b33553ac 100644 --- a/nixos/modules/services/x11/redshift.nix +++ b/nixos/modules/services/x11/redshift.nix @@ -9,6 +9,22 @@ let in { + imports = [ + (mkChangedOptionModule [ "services" "redshift" "latitude" ] [ "location" "latitude" ] + (config: + let value = getAttrFromPath [ "services" "redshift" "latitude" ] config; + in if value == null then + throw "services.redshift.latitude is set to null, you can remove this" + else builtins.fromJSON value)) + (mkChangedOptionModule [ "services" "redshift" "longitude" ] [ "location" "longitude" ] + (config: + let value = getAttrFromPath [ "services" "redshift" "longitude" ] config; + in if value == null then + throw "services.redshift.longitude is set to null, you can remove this" + else builtins.fromJSON value)) + (mkRenamedOptionModule [ "services" "redshift" "provider" ] [ "location" "provider" ]) + ]; + options.services.redshift = { enable = mkOption { type = types.bool; diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index 74c150a848d1..ddfd1af4a319 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -218,7 +218,7 @@ in systemd.user = { services.nixos-activation = { - description = "Run user specific NixOS activation"; + description = "Run user-specific NixOS activation"; script = config.system.userActivationScripts.script; unitConfig.ConditionUser = "!@system"; serviceConfig.Type = "oneshot"; diff --git a/nixos/modules/tasks/auto-upgrade.nix b/nixos/modules/tasks/auto-upgrade.nix index 18753ae0c1ae..7fe066991918 100644 --- a/nixos/modules/tasks/auto-upgrade.nix +++ b/nixos/modules/tasks/auto-upgrade.nix @@ -88,7 +88,7 @@ let cfg = config.system.autoUpgrade; in HOME = "/root"; } // config.networking.proxy.envVars; - path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gitMinimal config.nix.package.out ]; + path = with pkgs; [ coreutils gnutar xz.bin gzip gitMinimal config.nix.package.out ]; script = let nixos-rebuild = "${config.system.build.nixos-rebuild}/bin/nixos-rebuild"; diff --git a/nixos/tests/hydra/create-trivial-project.sh b/nixos/tests/hydra/create-trivial-project.sh index 39122c9b473a..5aae2d5bf90d 100755 --- a/nixos/tests/hydra/create-trivial-project.sh +++ b/nixos/tests/hydra/create-trivial-project.sh @@ -44,6 +44,8 @@ cat >data.json <<EOF "enabled": "1", "visible": "1", "keepnr": "1", + "enableemail": true, + "emailoverride": "hydra@localhost", "nixexprinput": "trivial", "nixexprpath": "trivial.nix", "inputs": { diff --git a/nixos/tests/hydra/default.nix b/nixos/tests/hydra/default.nix index f99b367ac9b7..6ca05a2c7797 100644 --- a/nixos/tests/hydra/default.nix +++ b/nixos/tests/hydra/default.nix @@ -8,8 +8,10 @@ let trivialJob = pkgs.writeTextDir "trivial.nix" '' { trivial = builtins.derivation { name = "trivial"; - system = "x86_64-linux"; + system = "${system}"; builder = "/bin/sh"; + allowSubstitutes = false; + preferLocalBuild = true; args = ["-c" "echo success > $out; exit 0"]; }; } @@ -53,11 +55,16 @@ let notificationSender = "example@example.com"; package = pkgs.hydra.override { inherit nix; }; + + extraConfig = '' + email_notification = 1 + ''; }; + services.postfix.enable = true; nix = { buildMachines = [{ hostName = "localhost"; - systems = [ "x86_64-linux" ]; + systems = [ system ]; }]; binaryCaches = []; @@ -68,12 +75,12 @@ let # let the system boot up $machine->waitForUnit("multi-user.target"); # test whether the database is running - $machine->succeed("systemctl status postgresql.service"); + $machine->waitForUnit("postgresql.service"); # test whether the actual hydra daemons are running - $machine->succeed("systemctl status hydra-queue-runner.service"); - $machine->succeed("systemctl status hydra-init.service"); - $machine->succeed("systemctl status hydra-evaluator.service"); - $machine->succeed("systemctl status hydra-send-stats.service"); + $machine->waitForUnit("hydra-init.service"); + $machine->requireActiveUnit("hydra-queue-runner.service"); + $machine->requireActiveUnit("hydra-evaluator.service"); + $machine->requireActiveUnit("hydra-notify.service"); $machine->succeed("hydra-create-user admin --role admin --password admin"); @@ -84,6 +91,8 @@ let $machine->succeed("create-trivial-project.sh"); $machine->waitUntilSucceeds('curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq'); + + $machine->waitUntilSucceeds('journalctl -eu hydra-notify.service -o cat | grep -q "sending mail notification to hydra@localhost"'); ''; }))); diff --git a/nixos/tests/mumble.nix b/nixos/tests/mumble.nix index dadd16fd9a0c..652d49a24b1c 100644 --- a/nixos/tests/mumble.nix +++ b/nixos/tests/mumble.nix @@ -63,8 +63,8 @@ in $client2->sendChars("y"); # Find clients in logs - $server->waitUntilSucceeds("grep -q 'client1' /var/log/murmur/murmurd.log"); - $server->waitUntilSucceeds("grep -q 'client2' /var/log/murmur/murmurd.log"); + $server->waitUntilSucceeds("journalctl -eu murmur -o cat | grep -q client1"); + $server->waitUntilSucceeds("journalctl -eu murmur -o cat | grep -q client2"); $server->sleep(5); # wait to get screenshot $client1->screenshot("screen1"); diff --git a/nixos/tests/xmonad.nix b/nixos/tests/xmonad.nix index 4d3bc28cd349..79c15ccffecd 100644 --- a/nixos/tests/xmonad.nix +++ b/nixos/tests/xmonad.nix @@ -26,7 +26,7 @@ import ./make-test.nix ({ pkgs, ...} : { $machine->waitForFile("/home/alice/.Xauthority"); $machine->succeed("xauth merge ~alice/.Xauthority"); $machine->sendKeys("alt-ctrl-x"); - $machine->waitForWindow(qr/machine.*alice/); + $machine->waitForWindow(qr/alice.*machine/); $machine->sleep(1); $machine->screenshot("terminal"); $machine->waitUntilSucceeds("xmonad --restart"); |