diff options
author | Jan Tojnar <jtojnar@gmail.com> | 2020-06-10 04:10:57 +0200 |
---|---|---|
committer | Jan Tojnar <jtojnar@gmail.com> | 2020-06-10 04:10:57 +0200 |
commit | acb53e069824a0ae92e81239963e79e5e3088fb8 (patch) | |
tree | eb9a5b332350c412ef9d53ab99ed43f014c7ddcd /nixos | |
parent | 8576d24b2ac27a216b6e32b167c258ae4f8bfe69 (diff) | |
parent | c637cbe99208d1fcffc50579f5dbfe0ee0cb5c67 (diff) | |
download | nixlib-acb53e069824a0ae92e81239963e79e5e3088fb8.tar nixlib-acb53e069824a0ae92e81239963e79e5e3088fb8.tar.gz nixlib-acb53e069824a0ae92e81239963e79e5e3088fb8.tar.bz2 nixlib-acb53e069824a0ae92e81239963e79e5e3088fb8.tar.lz nixlib-acb53e069824a0ae92e81239963e79e5e3088fb8.tar.xz nixlib-acb53e069824a0ae92e81239963e79e5e3088fb8.tar.zst nixlib-acb53e069824a0ae92e81239963e79e5e3088fb8.zip |
Merge branch 'staging-next' into staging
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/programs/ssh.nix | 30 | ||||
-rw-r--r-- | nixos/modules/services/misc/matrix-synapse.nix | 12 | ||||
-rw-r--r-- | nixos/modules/services/x11/desktop-managers/gnome3.nix | 4 | ||||
-rw-r--r-- | nixos/tests/hydra/db-migration.nix | 6 |
4 files changed, 47 insertions, 5 deletions
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix index 44e65ee8a9a0..a983ffa4b890 100644 --- a/nixos/modules/programs/ssh.nix +++ b/nixos/modules/programs/ssh.nix @@ -194,6 +194,33 @@ in ''; }; + kexAlgorithms = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + example = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; + description = '' + Specifies the available KEX (Key Exchange) algorithms. + ''; + }; + + ciphers = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + example = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" ]; + description = '' + Specifies the ciphers allowed and their order of preference. + ''; + }; + + macs = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + example = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha1" ]; + description = '' + Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used + for data integrity protection. + ''; + }; }; }; @@ -232,6 +259,9 @@ in ${optionalString (cfg.pubkeyAcceptedKeyTypes != []) "PubkeyAcceptedKeyTypes ${concatStringsSep "," cfg.pubkeyAcceptedKeyTypes}"} ${optionalString (cfg.hostKeyAlgorithms != []) "HostKeyAlgorithms ${concatStringsSep "," cfg.hostKeyAlgorithms}"} + ${optionalString (cfg.kexAlgorithms != null) "KexAlgorithms ${concatStringsSep "," cfg.kexAlgorithms}"} + ${optionalString (cfg.ciphers != null) "Ciphers ${concatStringsSep "," cfg.ciphers}"} + ${optionalString (cfg.macs != null) "MACs ${concatStringsSep "," cfg.macs}"} ''; environment.etc."ssh/ssh_known_hosts".text = knownHostsText; diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix index 703bc9416f88..8ed4bbdd031c 100644 --- a/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixos/modules/services/misc/matrix-synapse.nix @@ -9,6 +9,9 @@ let logConfigFile = pkgs.writeText "log_config.yaml" cfg.logConfig; mkResource = r: ''{names: ${builtins.toJSON r.names}, compress: ${boolToString r.compress}}''; mkListener = l: ''{port: ${toString l.port}, bind_address: "${l.bind_address}", type: ${l.type}, tls: ${boolToString l.tls}, x_forwarded: ${boolToString l.x_forwarded}, resources: [${concatStringsSep "," (map mkResource l.resources)}]}''; + pluginsEnv = cfg.package.python.buildEnv.override { + extraLibs = cfg.plugins; + }; configFile = pkgs.writeText "homeserver.yaml" '' ${optionalString (cfg.tls_certificate_path != null) '' tls_certificate_path: "${cfg.tls_certificate_path}" @@ -125,6 +128,14 @@ in { Overridable attribute of the matrix synapse server package to use. ''; }; + plugins = mkOption { + type = types.listOf types.package; + default = [ ]; + defaultText = "with config.services.matrix-synapse.package.plugins [ matrix-synapse-ldap3 matrix-synapse-pam ]"; + description = '' + List of additional Matrix plugins to make available. + ''; + }; no_tls = mkOption { type = types.bool; default = false; @@ -686,6 +697,7 @@ in { --keys-directory ${cfg.dataDir} \ --generate-keys ''; + environment.PYTHONPATH = makeSearchPathOutput "lib" cfg.package.python.sitePackages [ pluginsEnv ]; serviceConfig = { Type = "notify"; User = "matrix-synapse"; diff --git a/nixos/modules/services/x11/desktop-managers/gnome3.nix b/nixos/modules/services/x11/desktop-managers/gnome3.nix index 803419f5d6c6..69cf98321720 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome3.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix @@ -320,8 +320,8 @@ in gnome-shell gnome-shell-extensions gnome-themes-extra - nixos-artwork.wallpapers.simple-dark-gray - nixos-artwork.wallpapers.simple-dark-gray-bottom + pkgs.nixos-artwork.wallpapers.simple-dark-gray + pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom pkgs.gnome-user-docs pkgs.orca pkgs.glib # for gsettings diff --git a/nixos/tests/hydra/db-migration.nix b/nixos/tests/hydra/db-migration.nix index cf74acfd67aa..ca65e2e66aa1 100644 --- a/nixos/tests/hydra/db-migration.nix +++ b/nixos/tests/hydra/db-migration.nix @@ -61,7 +61,7 @@ with pkgs.lib; 'curl -L -s http://localhost:3000/build/1 -H "Accept: application/json" | jq .buildstatus | xargs test 0 -eq' ) - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'") + out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") assert "jobset_id" not in out original.succeed( @@ -69,7 +69,7 @@ with pkgs.lib; ) original.wait_for_unit("hydra-init.service") - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'") + out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") assert "jobset_id|integer|||" in out original.succeed("hydra-backfill-ids") @@ -79,7 +79,7 @@ with pkgs.lib; ) original.wait_for_unit("hydra-init.service") - out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ jobs\" -A'") + out = original.succeed("su -l postgres -c 'psql -d hydra <<< \"\\d+ builds\" -A'") assert "jobset_id|integer||not null|" in out original.wait_until_succeeds( |