diff options
Diffstat (limited to 'nixos')
21 files changed, 247 insertions, 54 deletions
diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml index 948b35209b79..703a1b8b7f09 100644 --- a/nixos/doc/manual/configuration/x-windows.xml +++ b/nixos/doc/manual/configuration/x-windows.xml @@ -60,7 +60,7 @@ # systemctl start display-manager.service </screen> </para> - <simplesect> + <simplesect xml:id="sec-x11-graphics-cards-nvidia"> <title>NVIDIA Graphics Cards</title> <para> NVIDIA provides a proprietary driver for its graphics cards that has better @@ -86,7 +86,7 @@ </programlisting> </para> </simplesect> - <simplesect> + <simplesect xml:id="sec-x11--graphics-cards-amd"> <title>AMD Graphics Cards</title> <para> AMD provides a proprietary driver for its graphics cards that has better 3D @@ -106,7 +106,7 @@ </programlisting> </para> </simplesect> - <simplesect> + <simplesect xml:id="sec-x11-touchpads"> <title>Touchpads</title> <para> Support for Synaptics touchpads (found in many laptops such as the Dell @@ -123,7 +123,7 @@ since NixOS 17.09. </para> </simplesect> - <simplesect> + <simplesect xml:id="sec-x11-gtk-and-qt-themes"> <title>GTK/Qt themes</title> <para> GTK themes can be installed either to user profile or system-wide (via diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml index 40e61d2bd691..77d5d9632792 100644 --- a/nixos/doc/manual/configuration/xfce.xml +++ b/nixos/doc/manual/configuration/xfce.xml @@ -31,7 +31,7 @@ (system wide), put them into your <xref linkend="opt-environment.systemPackages"/>. </para> - <simplesect> + <simplesect xml:id="sec-xfce-thunar-volumes"> <title>Thunar Volume Support</title> <para> To enable <emphasis>Thunar</emphasis> volume support, put @@ -41,7 +41,7 @@ into your <emphasis>configuration.nix</emphasis>. </para> </simplesect> - <simplesect> + <simplesect xml:id="sec-xfce-polkit"> <title>Polkit Authentication Agent</title> <para> There is no authentication agent automatically installed alongside Xfce. To @@ -50,7 +50,7 @@ and login did the trick. </para> </simplesect> - <simplesect> + <simplesect xml:id="sec-xfce-troubleshooting"> <title>Troubleshooting</title> <para> Even after enabling udisks2, volume management might not work. Thunar and/or diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix index be28c2c17afd..aaa6e0da545f 100644 --- a/nixos/doc/manual/default.nix +++ b/nixos/doc/manual/default.nix @@ -90,7 +90,9 @@ let fi ${buildPackages.libxslt.bin}/bin/xsltproc \ --stringparam revision '${revision}' \ - -o $out ${./options-to-docbook.xsl} $optionsXML + -o intermediate.xml ${./options-to-docbook.xsl} $optionsXML + ${buildPackages.libxslt.bin}/bin/xsltproc \ + -o "$out" ${./postprocess-option-descriptions.xsl} intermediate.xml ''; sources = lib.sourceFilesBySuffices ./. [".xml"]; diff --git a/nixos/doc/manual/development/option-def.xml b/nixos/doc/manual/development/option-def.xml index 580a5afd58cd..50a705d0cb8e 100644 --- a/nixos/doc/manual/development/option-def.xml +++ b/nixos/doc/manual/development/option-def.xml @@ -17,7 +17,7 @@ config = { definitions in a <emphasis>property</emphasis> to achieve certain effects: </para> - <simplesect> + <simplesect xml:id="sec-option-definitions-delaying-conditionals"> <title>Delaying Conditionals</title> <para> If a set of option definitions is conditional on the value of another @@ -59,7 +59,7 @@ config = { </para> </simplesect> - <simplesect> + <simplesect xml:id="sec-option-definitions-setting-priorities"> <title>Setting Priorities</title> <para> A module can override the definitions of an option in other modules by @@ -76,7 +76,7 @@ services.openssh.enable = mkOverride 10 false; </para> </simplesect> - <simplesect> + <simplesect xml:id="sec-option-definitions-merging"> <title>Merging Configurations</title> <para> In conjunction with <literal>mkIf</literal>, it is sometimes useful for a diff --git a/nixos/doc/manual/options-to-docbook.xsl b/nixos/doc/manual/options-to-docbook.xsl index 2038b0dff63e..72ac89d4ff62 100644 --- a/nixos/doc/manual/options-to-docbook.xsl +++ b/nixos/doc/manual/options-to-docbook.xsl @@ -4,6 +4,7 @@ xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:str="http://exslt.org/strings" xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:nixos="tag:nixos.org" xmlns="http://docbook.org/ns/docbook" extension-element-prefixes="str" > @@ -30,10 +31,12 @@ <listitem> - <para> - <xsl:value-of disable-output-escaping="yes" - select="attr[@name = 'description']/string/@value" /> - </para> + <nixos:option-description> + <para> + <xsl:value-of disable-output-escaping="yes" + select="attr[@name = 'description']/string/@value" /> + </para> + </nixos:option-description> <xsl:if test="attr[@name = 'type']"> <para> diff --git a/nixos/doc/manual/postprocess-option-descriptions.xsl b/nixos/doc/manual/postprocess-option-descriptions.xsl new file mode 100644 index 000000000000..1201c7612c2e --- /dev/null +++ b/nixos/doc/manual/postprocess-option-descriptions.xsl @@ -0,0 +1,115 @@ +<?xml version="1.0"?> + +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:str="http://exslt.org/strings" + xmlns:exsl="http://exslt.org/common" + xmlns:db="http://docbook.org/ns/docbook" + xmlns:nixos="tag:nixos.org" + extension-element-prefixes="str exsl"> + <xsl:output method='xml' encoding="UTF-8" /> + + <xsl:template match="@*|node()"> + <xsl:copy> + <xsl:apply-templates select="@*|node()" /> + </xsl:copy> + </xsl:template> + + <xsl:template name="break-up-description"> + <xsl:param name="input" /> + <xsl:param name="buffer" /> + + <!-- Every time we have two newlines following each other, we want to + break it into </para><para>. --> + <xsl:variable name="parbreak" select="'

'" /> + + <!-- Similar to "(head:tail) = input" in Haskell. --> + <xsl:variable name="head" select="$input[1]" /> + <xsl:variable name="tail" select="$input[position() > 1]" /> + + <xsl:choose> + <xsl:when test="$head/self::text() and contains($head, $parbreak)"> + <!-- If the haystack provided to str:split() directly starts or + ends with $parbreak, it doesn't generate a <token/> for that, + so we are doing this here. --> + <xsl:variable name="splitted-raw"> + <xsl:if test="starts-with($head, $parbreak)"><token /></xsl:if> + <xsl:for-each select="str:split($head, $parbreak)"> + <token><xsl:value-of select="node()" /></token> + </xsl:for-each> + <!-- Something like ends-with($head, $parbreak), but there is + no ends-with() in XSLT, so we need to use substring(). --> + <xsl:if test=" + substring($head, string-length($head) - + string-length($parbreak) + 1) = $parbreak + "><token /></xsl:if> + </xsl:variable> + <xsl:variable name="splitted" + select="exsl:node-set($splitted-raw)/token" /> + <!-- The buffer we had so far didn't contain any text nodes that + contain a $parbreak, so we can put the buffer along with the + first token of $splitted into a para element. --> + <para xmlns="http://docbook.org/ns/docbook"> + <xsl:apply-templates select="exsl:node-set($buffer)" /> + <xsl:apply-templates select="$splitted[1]/node()" /> + </para> + <!-- We have already emitted the first splitted result, so the + last result is going to be set as the new $buffer later + because its contents may not be directly followed up by a + $parbreak. --> + <xsl:for-each select="$splitted[position() > 1 + and position() < last()]"> + <para xmlns="http://docbook.org/ns/docbook"> + <xsl:apply-templates select="node()" /> + </para> + </xsl:for-each> + <xsl:call-template name="break-up-description"> + <xsl:with-param name="input" select="$tail" /> + <xsl:with-param name="buffer" select="$splitted[last()]/node()" /> + </xsl:call-template> + </xsl:when> + <!-- Either non-text node or one without $parbreak, which we just + want to buffer and continue recursing. --> + <xsl:when test="$input"> + <xsl:call-template name="break-up-description"> + <xsl:with-param name="input" select="$tail" /> + <!-- This essentially appends $head to $buffer. --> + <xsl:with-param name="buffer"> + <xsl:if test="$buffer"> + <xsl:for-each select="exsl:node-set($buffer)"> + <xsl:apply-templates select="." /> + </xsl:for-each> + </xsl:if> + <xsl:apply-templates select="$head" /> + </xsl:with-param> + </xsl:call-template> + </xsl:when> + <!-- No more $input, just put the remaining $buffer in a para. --> + <xsl:otherwise> + <para xmlns="http://docbook.org/ns/docbook"> + <xsl:apply-templates select="exsl:node-set($buffer)" /> + </para> + </xsl:otherwise> + </xsl:choose> + </xsl:template> + + <xsl:template match="nixos:option-description"> + <xsl:choose> + <!-- + Only process nodes that are comprised of a single <para/> element, + because if that's not the case the description already contains + </para><para> in between and we need no further processing. + --> + <xsl:when test="count(db:para) > 1"> + <xsl:apply-templates select="node()" /> + </xsl:when> + <xsl:otherwise> + <xsl:call-template name="break-up-description"> + <xsl:with-param name="input" + select="exsl:node-set(db:para/node())" /> + </xsl:call-template> + </xsl:otherwise> + </xsl:choose> + </xsl:template> + +</xsl:stylesheet> diff --git a/nixos/doc/manual/release-notes/release-notes.xml b/nixos/doc/manual/release-notes/release-notes.xml index 94f176186b6e..a222bfa29d5a 100644 --- a/nixos/doc/manual/release-notes/release-notes.xml +++ b/nixos/doc/manual/release-notes/release-notes.xml @@ -8,6 +8,7 @@ This section lists the release notes for each stable version of NixOS and current unstable revision. </para> + <xi:include href="rl-1903.xml" /> <xi:include href="rl-1809.xml" /> <xi:include href="rl-1803.xml" /> <xi:include href="rl-1709.xml" /> diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index f6504778939b..53ffef31e3cc 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -528,6 +528,14 @@ inherit (pkgs.nixos { to <literal>true</literal>. </para> </listitem> + <listitem> + <para> + NixOS option descriptions are now automatically broken up into individual + paragraphs if the text contains two consecutive newlines, so it's no + longer necessary to use <code></para><para></code> to start + a new paragraph. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml new file mode 100644 index 000000000000..9ae34dd58ab0 --- /dev/null +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -0,0 +1,58 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-19.03"> + <title>Release 19.03 (“Koi”, 2019/03/??)</title> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-19.03-highlights"> + <title>Highlights</title> + + <para> + In addition to numerous new and upgraded packages, this release has the + following highlights: + </para> + + <itemizedlist> + <listitem> + <para /> + </listitem> + </itemizedlist> + </section> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-19.03-new-services"> + <title>New Services</title> + + <para> + The following new services were added since the last release: + </para> + + <itemizedlist> + <listitem> + <para /> + </listitem> + </itemizedlist> + </section> + + <section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-19.03-notable-changes"> + <title>Other Notable Changes</title> + + <itemizedlist> + <listitem> + <para /> + </listitem> + </itemizedlist> + </section> +</section> diff --git a/nixos/modules/config/shells-environment.nix b/nixos/modules/config/shells-environment.nix index b2bfc785f2a3..31adc9b82620 100644 --- a/nixos/modules/config/shells-environment.nix +++ b/nixos/modules/config/shells-environment.nix @@ -34,6 +34,7 @@ in environment.variables = mkOption { default = {}; + example = { EDITOR = "nvim"; VISUAL = "nvim"; }; description = '' A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index 524fbbb19e91..ab918a9fb23e 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -69,7 +69,7 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ]; as shown above, and also (after running <literal>nixos-rebuild</literal>) the input method must be added from IBus' preference dialog.</para> -<simplesect> +<simplesect xml:id="module-services-input-methods-troubleshooting"> <title>Troubleshooting</title> <para>If IBus works in some applications but not others, a likely cause of this is that IBus is depending on a different version of diff --git a/nixos/modules/installer/tools/nix-fallback-paths.nix b/nixos/modules/installer/tools/nix-fallback-paths.nix index 7c5414257b46..6611a6ca0790 100644 --- a/nixos/modules/installer/tools/nix-fallback-paths.nix +++ b/nixos/modules/installer/tools/nix-fallback-paths.nix @@ -1,6 +1,6 @@ { - x86_64-linux = "/nix/store/0d60i73mcv8z1m8d2m74yfn84980gfsa-nix-2.0.4"; - i686-linux = "/nix/store/6ssafj2s5a2g9x28yld7b70vwd6vw6lb-nix-2.0.4"; - aarch64-linux = "/nix/store/3wwch7bp7n7xsl8apgy2a4b16yzyij1z-nix-2.0.4"; - x86_64-darwin = "/nix/store/771l8i0mz4c8kry8cz3sz8rr3alalckg-nix-2.0.4"; + x86_64-linux = "/nix/store/r9i30v8nasafg2851wflg71ln49fw03y-nix-2.1"; + i686-linux = "/nix/store/dsg3pr7wwrk51f7la9wgby173j18llqh-nix-2.1"; + aarch64-linux = "/nix/store/m3qgnch4xin21pmd1azas8kkcp9rhkr6-nix-2.1"; + x86_64-darwin = "/nix/store/n7fvy0k555gwkkdszdkhi3h0aahca8h3-nix-2.1"; } diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix index 63717e0c6a81..c593adcdae6e 100644 --- a/nixos/modules/misc/version.nix +++ b/nixos/modules/misc/version.nix @@ -84,7 +84,7 @@ in versionSuffix = mkIf (pathIsDirectory gitRepo) (mkDefault (".git." + gitCommitId)); # Note: the first letter is bumped on every release. It's an animal. - codeName = "Jellyfish"; + codeName = "Koi"; }; # Generate /etc/os-release. See diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 631570d6dec2..94eb2e6a77bf 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -274,7 +274,7 @@ $ ./result/bin/emacs -q <para> The list of available packages in the various ELPA repositories can be seen with the following commands: - <example> + <example xml:id="module-services-emacs-querying-packages"> <title>Querying Emacs packages</title> <programlisting><![CDATA[ nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.elpaPackages @@ -291,7 +291,7 @@ nix-env -f "<nixpkgs>" -qaP -A emacsPackagesNg.orgPackages (see <xref linkend="sec-declarative-package-mgmt" />). Simply modify your file <filename>configuration.nix</filename> to make it contain: - <example> + <example xml:id="module-services-emacs-configuration-nix"> <title>Custom Emacs in <filename>configuration.nix</filename></title> <programlisting><![CDATA[ { @@ -319,7 +319,7 @@ https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides Emacs only for yourself, you can do so by adding it to your <filename>~/.config/nixpkgs/config.nix</filename> (see <link xlink:href="http://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides">Nixpkgs manual</link>): - <example> + <example xml:id="module-services-emacs-config-nix"> <title>Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename></title> <programlisting><![CDATA[ { @@ -522,7 +522,7 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal The Emacs init file should be changed to load the extension packages at startup: - <example> + <example xml:id="module-services-emacs-package-initialisation"> <title>Package initialization in <filename>.emacs</filename></title> <programlisting><![CDATA[ (require 'package) diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix index 3916c3052e8b..993b59590bb0 100644 --- a/nixos/modules/services/misc/nixos-manual.nix +++ b/nixos/modules/services/misc/nixos-manual.nix @@ -44,7 +44,13 @@ let helpScript = pkgs.writeScriptBin "nixos-help" '' #! ${pkgs.runtimeShell} -e - browser="$BROWSER" + # Finds first executable browser in a colon-separated list. + # (see how xdg-open defines BROWSER) + browser="$( + IFS=: ; for b in $BROWSER; do + [ -n "$(type -P "$b" || true)" ] && echo "$b" && break + done + )" if [ -z "$browser" ]; then browser="$(type -P xdg-open || true)" if [ -z "$browser" ]; then diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 1b87b77f9768..564632a85ae5 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -190,7 +190,8 @@ let nameValuePair "wireguard-${name}" { description = "WireGuard Tunnel - ${name}"; - after = [ "network.target" ]; + requires = [ "network-online.target" ]; + after = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; environment.DEVICE = name; path = with pkgs; [ kmod iproute wireguard-tools ]; @@ -236,7 +237,7 @@ let ${values.postSetup} ''; - preStop = '' + postStop = '' ip link del dev ${name} ${values.postShutdown} ''; diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index c563614caaaf..93a1b13a81dd 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -8,7 +8,12 @@ let addAttributeName = mapAttrs (a: v: v // { text = '' #### Activation script snippet ${a}: + _localstatus=0 ${v.text} + + if (( _localstatus > 0 )); then + printf "Activation script snippet '%s' failed (%s)\n" "${a}" "$_localstatus" + fi ''; }); @@ -71,7 +76,7 @@ in done _status=0 - trap "_status=1" ERR + trap "_status=1 _localstatus=\$?" ERR # Ensure a consistent umask. umask 0022 diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl index ea6e56892cb3..bda6a3136407 100644 --- a/nixos/modules/system/boot/loader/grub/install-grub.pl +++ b/nixos/modules/system/boot/loader/grub/install-grub.pl @@ -248,7 +248,7 @@ if ($grubVersion == 1) { "; if ($splashImage) { copy $splashImage, "$bootPath/background.xpm.gz" or die "cannot copy $splashImage to $bootPath\n"; - $conf .= "splashimage " . $grubBoot->path . "/background.xpm.gz\n"; + $conf .= "splashimage " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background.xpm.gz\n"; } } @@ -289,7 +289,7 @@ else { copy $font, "$bootPath/converted-font.pf2" or die "cannot copy $font to $bootPath\n"; $conf .= " insmod font - if loadfont " . $grubBoot->path . "/converted-font.pf2; then + if loadfont " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/converted-font.pf2; then insmod gfxterm if [ \"\${grub_platform}\" = \"efi\" ]; then set gfxmode=$gfxmodeEfi @@ -317,7 +317,7 @@ else { copy $splashImage, "$bootPath/background$suffix" or die "cannot copy $splashImage to $bootPath\n"; $conf .= " insmod " . substr($suffix, 1) . " - if background_image --mode '$splashMode' " . $grubBoot->path . "/background$suffix; then + if background_image --mode '$splashMode' " . ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/background$suffix; then set color_normal=white/black set color_highlight=black/white else @@ -352,7 +352,7 @@ sub copyToKernelsDir { rename $tmp, $dst or die "cannot rename $tmp to $dst\n"; } $copied{$dst} = 1; - return $grubBoot->path . "/kernels/$name"; + return ($grubBoot->path eq "/" ? "" : $grubBoot->path) . "/kernels/$name"; } sub addEntry { diff --git a/nixos/release.nix b/nixos/release.nix index 1013053b5b3b..17f51d977c98 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -327,7 +327,6 @@ in rec { tests.keymap = callSubTests tests/keymap.nix {}; tests.initrdNetwork = callTest tests/initrd-network.nix {}; tests.kafka = callSubTests tests/kafka.nix {}; - tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {}; tests.kernel-latest = callTest tests/kernel-latest.nix {}; tests.kernel-lts = callTest tests/kernel-lts.nix {}; tests.kubernetes.dns = callSubTestsOnMatchingSystems ["x86_64-linux"] tests/kubernetes/dns.nix {}; diff --git a/nixos/tests/kernel-copperhead.nix b/nixos/tests/kernel-copperhead.nix deleted file mode 100644 index 652fbf055373..000000000000 --- a/nixos/tests/kernel-copperhead.nix +++ /dev/null @@ -1,19 +0,0 @@ -import ./make-test.nix ({ pkgs, ...} : { - name = "kernel-copperhead"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ nequissimus ]; - }; - - machine = { pkgs, ... }: - { - boot.kernelPackages = pkgs.linuxPackages_copperhead_lts; - }; - - testScript = - '' - $machine->succeed("uname -a"); - $machine->succeed("uname -s | grep 'Linux'"); - $machine->succeed("uname -a | grep '${pkgs.linuxPackages_copperhead_lts.kernel.modDirVersion}'"); - $machine->succeed("uname -a | grep 'hardened'"); - ''; -}) diff --git a/nixos/tests/networking.nix b/nixos/tests/networking.nix index ff088ad2621b..02bd4bd98079 100644 --- a/nixos/tests/networking.nix +++ b/nixos/tests/networking.nix @@ -11,6 +11,7 @@ let let vlanIfs = range 1 (length config.virtualisation.vlans); in { + environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules virtualisation.vlans = [ 1 2 3 ]; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; networking = { @@ -320,9 +321,14 @@ let name = "MACVLAN"; nodes.router = router; nodes.client = { pkgs, ... }: with pkgs.lib; { + environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; + firewall.logReversePathDrops = true; # to debug firewall rules + # reverse path filtering rules for the macvlan interface seem + # to be incorrect, causing the test to fail. Disable temporarily. + firewall.checkReversePath = false; firewall.allowPing = true; useDHCP = true; macvlans.macvlan.interface = "eth1"; @@ -341,9 +347,16 @@ let $client->waitUntilSucceeds("ip addr show dev eth1 | grep -q '192.168.1'"); $client->waitUntilSucceeds("ip addr show dev macvlan | grep -q '192.168.1'"); - # Print diagnosting information + # Print lots of diagnostic information + $router->log('**********************************************'); $router->succeed("ip addr >&2"); + $router->succeed("ip route >&2"); + $router->execute("iptables-save >&2"); + $client->log('=============================================='); $client->succeed("ip addr >&2"); + $client->succeed("ip route >&2"); + $client->execute("iptables-save >&2"); + $client->log('##############################################'); # Test macvlan creates routable ips $client->waitUntilSucceeds("ping -c 1 192.168.1.1"); |