diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2020-06-15 08:07:00 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2020-06-15 08:07:00 +0200 |
commit | 59dda0a42aa88005dab38cbdf1c39267431756a5 (patch) | |
tree | fc1635b48ef7c57623d7400ee6274cecc9da03dc /nixos | |
parent | 6857bccf12e1b55b75e22342368feef22c78d7b9 (diff) | |
parent | 9d0c3ffe6783d59b427d018e8341e0084737fde9 (diff) | |
download | nixlib-59dda0a42aa88005dab38cbdf1c39267431756a5.tar nixlib-59dda0a42aa88005dab38cbdf1c39267431756a5.tar.gz nixlib-59dda0a42aa88005dab38cbdf1c39267431756a5.tar.bz2 nixlib-59dda0a42aa88005dab38cbdf1c39267431756a5.tar.lz nixlib-59dda0a42aa88005dab38cbdf1c39267431756a5.tar.xz nixlib-59dda0a42aa88005dab38cbdf1c39267431756a5.tar.zst nixlib-59dda0a42aa88005dab38cbdf1c39267431756a5.zip |
Merge master into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/installation/installing-from-other-distro.xml | 2 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 8 | ||||
-rw-r--r-- | nixos/lib/make-iso9660-image.sh | 2 | ||||
-rw-r--r-- | nixos/modules/installer/cd-dvd/sd-image.nix | 2 | ||||
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/corerad.nix | 45 | ||||
-rw-r--r-- | nixos/modules/services/networking/dnschain.nix | 184 | ||||
-rw-r--r-- | nixos/modules/services/networking/namecoind.nix | 5 | ||||
-rw-r--r-- | nixos/modules/system/boot/networkd.nix | 10 | ||||
-rw-r--r-- | nixos/modules/system/boot/resolved.nix | 1 | ||||
-rw-r--r-- | nixos/modules/system/boot/timesyncd.nix | 1 | ||||
-rw-r--r-- | nixos/tests/corerad.nix | 35 |
13 files changed, 91 insertions, 207 deletions
diff --git a/nixos/doc/manual/installation/installing-from-other-distro.xml b/nixos/doc/manual/installation/installing-from-other-distro.xml index 8ed45899fd7f..45d68f8787f1 100644 --- a/nixos/doc/manual/installation/installing-from-other-distro.xml +++ b/nixos/doc/manual/installation/installing-from-other-distro.xml @@ -89,7 +89,7 @@ nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen> NixOS partition. They are installed by default on NixOS, but you don't have NixOS yet.. </para> -<screen><prompt>$ </prompt>nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen> +<screen><prompt>$ </prompt>nix-env -f '<nixpkgs/nixos>' --arg configuration {} -iA config.system.build.{nixos-generate-config,nixos-install,nixos-enter,manual.manpages}</screen> </listitem> <listitem> <note> diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index ccb83f39acb2..f2485f7395c8 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -466,6 +466,14 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; initrd file has not been deleted. </para> </listitem> + <listitem> + <para> + The <link xlink:href="https://github.com/okTurtles/dnschain">DNSChain</link> + package and NixOS module have been removed from Nixpkgs as the software is + unmaintained and can't be built. For more information see issue + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/89205">#89205</link>. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/lib/make-iso9660-image.sh b/nixos/lib/make-iso9660-image.sh index eb9edcd70269..d64fe9a365e7 100644 --- a/nixos/lib/make-iso9660-image.sh +++ b/nixos/lib/make-iso9660-image.sh @@ -129,7 +129,7 @@ fi if test -n "$compressImage"; then echo "Compressing image..." - zstd -T$NIX_BUILD_CORES $out/iso/$isoName + zstd -T$NIX_BUILD_CORES --rm $out/iso/$isoName fi mkdir -p $out/nix-support diff --git a/nixos/modules/installer/cd-dvd/sd-image.nix b/nixos/modules/installer/cd-dvd/sd-image.nix index 589bf74263b9..98c12e30633c 100644 --- a/nixos/modules/installer/cd-dvd/sd-image.nix +++ b/nixos/modules/installer/cd-dvd/sd-image.nix @@ -190,7 +190,7 @@ in fsck.vfat -vn firmware_part.img dd conv=notrunc if=firmware_part.img of=$img seek=$START count=$SECTORS if test -n "$compressImage"; then - zstd -T$NIX_BUILD_CORES $img + zstd -T$NIX_BUILD_CORES --rm $img fi ''; }) {}; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 85e5534e906f..3409e7ba22ea 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -239,7 +239,6 @@ in shout = 206; gateone = 207; namecoin = 208; - dnschain = 209; #lxd = 210; # unused kibana = 211; xtreemfs = 212; @@ -549,7 +548,6 @@ in #shout = 206; #unused gateone = 207; namecoin = 208; - #dnschain = 209; #unused lxd = 210; # unused #kibana = 211; xtreemfs = 212; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 5c5281b730f3..321fec5fb517 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -602,7 +602,6 @@ ./services/networking/dhcpcd.nix ./services/networking/dhcpd.nix ./services/networking/dnscache.nix - ./services/networking/dnschain.nix ./services/networking/dnscrypt-proxy2.nix ./services/networking/dnscrypt-wrapper.nix ./services/networking/dnsdist.nix diff --git a/nixos/modules/services/networking/corerad.nix b/nixos/modules/services/networking/corerad.nix index 1a2c4aec6651..5d73c0a0d779 100644 --- a/nixos/modules/services/networking/corerad.nix +++ b/nixos/modules/services/networking/corerad.nix @@ -4,14 +4,50 @@ with lib; let cfg = config.services.corerad; + + writeTOML = name: x: + pkgs.runCommandNoCCLocal name { + passAsFile = ["config"]; + config = builtins.toJSON x; + buildInputs = [ pkgs.go-toml ]; + } "jsontoml < $configPath > $out"; + in { - meta = { - maintainers = with maintainers; [ mdlayher ]; - }; + meta.maintainers = with maintainers; [ mdlayher ]; options.services.corerad = { enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; + settings = mkOption { + type = types.uniq types.attrs; + example = literalExample '' + { + interfaces = [ + # eth0 is an upstream interface monitoring for IPv6 router advertisements. + { + name = "eth0"; + monitor = true; + } + # eth1 is a downstream interface advertising IPv6 prefixes for SLAAC. + { + name = "eth1"; + advertise = true; + prefix = [{ prefix = "::/64"; }]; + } + ]; + # Optionally enable Prometheus metrics. + debug = { + address = "localhost:9430"; + prometheus = true; + }; + } + ''; + description = '' + Configuration for CoreRAD, see <link xlink:href="https://github.com/mdlayher/corerad/blob/master/internal/config/default.toml"/> + for supported values. Ignored if configFile is set. + ''; + }; + configFile = mkOption { type = types.path; example = literalExample "\"\${pkgs.corerad}/etc/corerad/corerad.toml\""; @@ -27,6 +63,9 @@ in { }; config = mkIf cfg.enable { + # Prefer the config file over settings if both are set. + services.corerad.configFile = mkDefault (writeTOML "corerad.toml" cfg.settings); + systemd.services.corerad = { description = "CoreRAD IPv6 NDP RA daemon"; after = [ "network.target" ]; diff --git a/nixos/modules/services/networking/dnschain.nix b/nixos/modules/services/networking/dnschain.nix deleted file mode 100644 index 003609ea7054..000000000000 --- a/nixos/modules/services/networking/dnschain.nix +++ /dev/null @@ -1,184 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfgs = config.services; - cfg = cfgs.dnschain; - - dataDir = "/var/lib/dnschain"; - username = "dnschain"; - - configFile = pkgs.writeText "dnschain.conf" '' - [log] - level = info - - [dns] - host = ${cfg.dns.address} - port = ${toString cfg.dns.port} - oldDNSMethod = NO_OLD_DNS - externalIP = ${cfg.dns.externalAddress} - - [http] - host = ${cfg.api.hostname} - port = ${toString cfg.api.port} - tlsPort = ${toString cfg.api.tlsPort} - - ${cfg.extraConfig} - ''; - -in - -{ - - ###### interface - - options = { - - services.dnschain = { - - enable = mkEnableOption '' - DNSChain, a blockchain based DNS + HTTP server. - To resolve .bit domains set <literal>services.namecoind.enable = true;</literal> - and an RPC username/password. - ''; - - dns.address = mkOption { - type = types.str; - default = "127.0.0.1"; - description = '' - The IP address the DNSChain resolver will bind to. - Leave this unchanged if you do not wish to directly expose the resolver. - ''; - }; - - dns.externalAddress = mkOption { - type = types.str; - default = cfg.dns.address; - description = '' - The IP address used by clients to reach the resolver and the value of - the <literal>namecoin.dns</literal> record. Set this in case the bind address - is not the actual IP address (e.g. the machine is behind a NAT). - ''; - }; - - dns.port = mkOption { - type = types.int; - default = 5333; - description = '' - The port the DNSChain resolver will bind to. - ''; - }; - - api.hostname = mkOption { - type = types.str; - default = "0.0.0.0"; - description = '' - The hostname (or IP address) the DNSChain API server will bind to. - ''; - }; - - api.port = mkOption { - type = types.int; - default = 8080; - description = '' - The port the DNSChain API server (HTTP) will bind to. - ''; - }; - - api.tlsPort = mkOption { - type = types.int; - default = 4433; - description = '' - The port the DNSChain API server (HTTPS) will bind to. - ''; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - example = '' - [log] - level = debug - ''; - description = '' - Additional options that will be appended to the configuration file. - ''; - }; - - }; - - services.dnsmasq.resolveDNSChainQueries = mkOption { - type = types.bool; - default = false; - description = '' - Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin. - ''; - }; - - services.pdns-recursor.resolveDNSChainQueries = mkOption { - type = types.bool; - default = false; - description = '' - Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin. - ''; - }; - - }; - - - ###### implementation - - config = mkIf cfg.enable { - - services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries - [ "/.bit/127.0.0.1#${toString cfg.dns.port}" - "/.dns/127.0.0.1#${toString cfg.dns.port}" - ]; - - services.pdns-recursor = mkIf cfgs.pdns-recursor.resolveDNSChainQueries { - forwardZonesRecurse = - { bit = "127.0.0.1:${toString cfg.dns.port}"; - dns = "127.0.0.1:${toString cfg.dns.port}"; - }; - luaConfig ='' - addNTA("bit", "namecoin doesn't support DNSSEC") - addNTA("dns", "namecoin doesn't support DNSSEC") - ''; - }; - - users.users.${username} = { - description = "DNSChain daemon user"; - home = dataDir; - createHome = true; - uid = config.ids.uids.dnschain; - extraGroups = optional cfgs.namecoind.enable "namecoin"; - }; - - systemd.services.dnschain = { - description = "DNSChain daemon"; - after = optional cfgs.namecoind.enable "namecoind.target"; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - User = "dnschain"; - Restart = "on-failure"; - ExecStart = "${pkgs.nodePackages.dnschain}/bin/dnschain"; - }; - - preStart = '' - # Link configuration file into dnschain home directory - configPath=${dataDir}/.dnschain/dnschain.conf - mkdir -p ${dataDir}/.dnschain - if [ "$(realpath $configPath)" != "${configFile}" ]; then - rm -f $configPath - ln -s ${configFile} $configPath - fi - ''; - }; - - }; - - meta.maintainers = with lib.maintainers; [ rnhmjoj ]; - -} diff --git a/nixos/modules/services/networking/namecoind.nix b/nixos/modules/services/networking/namecoind.nix index ead7f0859434..6ca99e1321bd 100644 --- a/nixos/modules/services/networking/namecoind.nix +++ b/nixos/modules/services/networking/namecoind.nix @@ -149,11 +149,6 @@ in config = mkIf cfg.enable { - services.dnschain.extraConfig = '' - [namecoin] - config = ${configFile} - ''; - users.users.namecoin = { uid = config.ids.uids.namecoin; description = "Namecoin daemon user"; diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 9b34b12e73a5..b0545363b330 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1178,14 +1178,22 @@ in users.users.systemd-network.group = "systemd-network"; systemd.additionalUpstreamSystemUnits = [ - "systemd-networkd.service" "systemd-networkd-wait-online.service" + "systemd-networkd-wait-online.service" + "systemd-networkd.service" + "systemd-networkd.socket" ]; systemd.network.units = mapAttrs' (n: v: nameValuePair "${n}.netdev" (netdevToUnit n v)) cfg.netdevs // mapAttrs' (n: v: nameValuePair "${n}.network" (networkToUnit n v)) cfg.networks; + # systemd-networkd is socket-activated by kernel netlink route change + # messages. It is important to have systemd buffer those on behalf of + # networkd. + systemd.sockets.systemd-networkd.wantedBy = [ "sockets.target" ]; + systemd.services.systemd-networkd = { wantedBy = [ "multi-user.target" ]; + aliases = [ "dbus-org.freedesktop.network1.service" ]; restartTriggers = map (x: x.source) (attrValues unitFiles); # prevent race condition with interface renaming (#39069) requires = [ "systemd-udev-settle.service" ]; diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index b7aaef575ac1..b024f9cf5ee9 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -148,6 +148,7 @@ in systemd.services.systemd-resolved = { wantedBy = [ "multi-user.target" ]; + aliases = [ "dbus-org.freedesktop.resolve1.service" ]; restartTriggers = [ config.environment.etc."systemd/resolved.conf".source ]; }; diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix index 9e2f36ca01f8..35fb5578b070 100644 --- a/nixos/modules/system/boot/timesyncd.nix +++ b/nixos/modules/system/boot/timesyncd.nix @@ -41,6 +41,7 @@ with lib; systemd.services.systemd-timesyncd = { wantedBy = [ "sysinit.target" ]; + aliases = [ "dbus-org.freedesktop.timesync1.service" ]; restartTriggers = [ config.environment.etc."systemd/timesyncd.conf".source ]; }; diff --git a/nixos/tests/corerad.nix b/nixos/tests/corerad.nix index 741fa448f680..72ab255b1916 100644 --- a/nixos/tests/corerad.nix +++ b/nixos/tests/corerad.nix @@ -3,7 +3,7 @@ import ./make-test-python.nix ( nodes = { router = {config, pkgs, ...}: { config = { - # This machines simulates a router with IPv6 forwarding and a static IPv6 address. + # This machine simulates a router with IPv6 forwarding and a static IPv6 address. boot.kernel.sysctl = { "net.ipv6.conf.all.forwarding" = true; }; @@ -14,13 +14,25 @@ import ./make-test-python.nix ( enable = true; # Serve router advertisements to the client machine with prefix information matching # any IPv6 /64 prefixes configured on this interface. - configFile = pkgs.writeText "corerad.toml" '' - [[interfaces]] - name = "eth1" - advertise = true - [[interfaces.prefix]] - prefix = "::/64" - ''; + # + # This configuration is identical to the example in the CoreRAD NixOS module. + settings = { + interfaces = [ + { + name = "eth0"; + monitor = true; + } + { + name = "eth1"; + advertise = true; + prefix = [{ prefix = "::/64"; }]; + } + ]; + debug = { + address = "localhost:9430"; + prometheus = true; + }; + }; }; }; }; @@ -66,5 +78,12 @@ import ./make-test-python.nix ( assert ( "/64 scope global temporary" in addrs ), "SLAAC temporary address was not configured on client after router advertisement" + + with subtest("Verify HTTP debug server is configured"): + out = router.succeed("curl localhost:9430/metrics") + + assert ( + "corerad_build_info" in out + ), "Build info metric was not found in Prometheus output" ''; }) |