diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2024-03-16 00:02:02 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-16 00:02:02 +0000 |
commit | 7006358e6adeb5d3f31425beb35309b73bc8c80d (patch) | |
tree | c534df699eafb625b4a53cdfc45e0c4b627cef2d /nixos | |
parent | 00729a3d21641fedad8e956a37efeedc220a2499 (diff) | |
parent | bfaf0a1feb46a3ef8b17a195d52ee8d4c029e28a (diff) | |
download | nixlib-7006358e6adeb5d3f31425beb35309b73bc8c80d.tar nixlib-7006358e6adeb5d3f31425beb35309b73bc8c80d.tar.gz nixlib-7006358e6adeb5d3f31425beb35309b73bc8c80d.tar.bz2 nixlib-7006358e6adeb5d3f31425beb35309b73bc8c80d.tar.lz nixlib-7006358e6adeb5d3f31425beb35309b73bc8c80d.tar.xz nixlib-7006358e6adeb5d3f31425beb35309b73bc8c80d.tar.zst nixlib-7006358e6adeb5d3f31425beb35309b73bc8c80d.zip |
Merge master into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/nix.nix | 9 | ||||
-rw-r--r-- | nixos/modules/config/resolvconf.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/matrix/synapse.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/misc/etebase-server.nix | 1 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/nix-config.nix | 18 |
6 files changed, 32 insertions, 2 deletions
diff --git a/nixos/modules/config/nix.nix b/nixos/modules/config/nix.nix index e6a74bbb73fc..bce6fd5e5028 100644 --- a/nixos/modules/config/nix.nix +++ b/nixos/modules/config/nix.nix @@ -14,8 +14,10 @@ let concatStringsSep boolToString escape + filterAttrs floatToString getVersion + hasPrefix isBool isDerivation isFloat @@ -95,14 +97,19 @@ let mkKeyValuePairs = attrs: concatStringsSep "\n" (mapAttrsToList mkKeyValue attrs); + isExtra = key: hasPrefix "extra-" key; + in pkgs.writeTextFile { name = "nix.conf"; + # workaround for https://github.com/NixOS/nix/issues/9487 + # extra-* settings must come after their non-extra counterpart text = '' # WARNING: this file is generated from the nix.* options in # your NixOS configuration, typically # /etc/nixos/configuration.nix. Do not edit it! - ${mkKeyValuePairs cfg.settings} + ${mkKeyValuePairs (filterAttrs (key: value: !(isExtra key)) cfg.settings)} + ${mkKeyValuePairs (filterAttrs (key: value: isExtra key) cfg.settings)} ${cfg.extraOptions} ''; checkPhase = lib.optionalString cfg.checkConfig ( diff --git a/nixos/modules/config/resolvconf.nix b/nixos/modules/config/resolvconf.nix index e9ae4d651d26..3b8cc0cb8f42 100644 --- a/nixos/modules/config/resolvconf.nix +++ b/nixos/modules/config/resolvconf.nix @@ -28,6 +28,8 @@ let '' + optionalString cfg.useLocalResolver '' # This hosts runs a full-blown DNS resolver. name_servers='127.0.0.1' + '' + optionalString (cfg.useLocalResolver && config.networking.enableIPv6) '' + name_servers='::1' '' + cfg.extraConfig; in diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index e3f9c7742cc7..7291c0fcbcdd 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -1232,7 +1232,8 @@ in { ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; - ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ]; + ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ] ++ + (map (listener: dirOf listener.path) (filter (listener: listener.path != null) cfg.settings.listeners)); RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; diff --git a/nixos/modules/services/misc/etebase-server.nix b/nixos/modules/services/misc/etebase-server.nix index f5a5e8a780d4..546d52b1a3b5 100644 --- a/nixos/modules/services/misc/etebase-server.nix +++ b/nixos/modules/services/misc/etebase-server.nix @@ -177,6 +177,7 @@ in systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + "d '${builtins.dirOf cfg.unixSocket}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" ]; systemd.services.etebase-server = { diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index b2e824642092..6726b9071ef6 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -613,6 +613,7 @@ in { nginx-variants = handleTest ./nginx-variants.nix {}; nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {}; nitter = handleTest ./nitter.nix {}; + nix-config = handleTest ./nix-config.nix {}; nix-ld = handleTest ./nix-ld.nix {}; nix-serve = handleTest ./nix-serve.nix {}; nix-serve-ssh = handleTest ./nix-serve-ssh.nix {}; diff --git a/nixos/tests/nix-config.nix b/nixos/tests/nix-config.nix new file mode 100644 index 000000000000..907e886def35 --- /dev/null +++ b/nixos/tests/nix-config.nix @@ -0,0 +1,18 @@ +import ./make-test-python.nix ({ pkgs, ... }: +{ + name = "nix-config"; + nodes.machine = { pkgs, ... }: { + nix.settings = { + nix-path = [ "nonextra=/etc/value.nix" ]; + extra-nix-path = [ "extra=/etc/value.nix" ]; + }; + environment.etc."value.nix".text = "42"; + }; + testScript = '' + start_all() + machine.wait_for_unit("nix-daemon.socket") + # regression test for the workaround for https://github.com/NixOS/nix/issues/9487 + print(machine.succeed("nix-instantiate --find-file extra")) + print(machine.succeed("nix-instantiate --find-file nonextra")) + ''; +}) |