diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1903.xml | 15 | ||||
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/programs/bash/bash.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/programs/sway-beta.nix | 33 | ||||
| -rw-r--r-- | nixos/modules/services/mail/rspamd.nix | 79 | ||||
| -rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/services/monitoring/prometheus/default.nix | 29 | ||||
| -rw-r--r-- | nixos/modules/services/networking/consul.nix | 7 | ||||
| -rw-r--r-- | nixos/modules/services/search/solr.nix | 181 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/tomcat.nix | 27 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/amazon-image.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/virtualisation/google-compute-image.nix | 1 | ||||
| -rw-r--r-- | nixos/release.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/rspamd.nix | 77 | ||||
| -rw-r--r-- | nixos/tests/solr.nix | 47 |
15 files changed, 376 insertions, 134 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index 6121d32346cb..189961476b32 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -164,6 +164,14 @@ </listitem> <listitem> <para> + Package <literal>consul-ui</literal> and passthrough <literal>consul.ui</literal> have been removed. + The package <literal>consul</literal> now uses upstream releases that vendor the UI into the binary. + See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/48714#issuecomment-433454834">#48714</link> + for details. + </para> + </listitem> + <listitem> + <para> Slurm introduces the new option <literal>services.slurm.stateSaveLocation</literal>, which is now set to <literal>/var/spool/slurm</literal> by default @@ -182,6 +190,13 @@ options can occour more than once in the configuration. </para> </listitem> + <listitem> + <para> + The <literal>solr</literal> package has been upgraded from 4.10.3 to 7.5.0 and has undergone + some major changes. The <literal>services.solr</literal> module has been updated to reflect + these changes. Please review http://lucene.apache.org/solr/ carefully before upgrading. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 16737efb1856..6e7f0a007bc2 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -333,6 +333,7 @@ lidarr = 306; slurm = 307; kapacitor = 308; + solr = 309; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -626,6 +627,7 @@ lidarr = 306; slurm = 307; kapacitor = 308; + solr = 309; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/programs/bash/bash.nix b/nixos/modules/programs/bash/bash.nix index 0fbc77ea44cf..d325fff6a572 100644 --- a/nixos/modules/programs/bash/bash.nix +++ b/nixos/modules/programs/bash/bash.nix @@ -16,7 +16,7 @@ let # programmable completion. If we do, enable all modules installed in # the system and user profile in obsolete /etc/bash_completion.d/ # directories. Bash loads completions in all - # $XDG_DATA_DIRS/share/bash-completion/completions/ + # $XDG_DATA_DIRS/bash-completion/completions/ # on demand, so they do not need to be sourced here. if shopt -q progcomp &>/dev/null; then . "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh" diff --git a/nixos/modules/programs/sway-beta.nix b/nixos/modules/programs/sway-beta.nix index 04f2e0662b86..e651ea4cca33 100644 --- a/nixos/modules/programs/sway-beta.nix +++ b/nixos/modules/programs/sway-beta.nix @@ -5,6 +5,15 @@ with lib; let cfg = config.programs.sway-beta; swayPackage = cfg.package; + + swayWrapped = pkgs.writeShellScriptBin "sway" '' + ${cfg.extraSessionCommands} + exec ${pkgs.dbus.dbus-launch} --exit-with-session ${swayPackage}/bin/sway + ''; + swayJoined = pkgs.symlinkJoin { + name = "sway-joined"; + paths = [ swayWrapped swayPackage ]; + }; in { options.programs.sway-beta = { enable = mkEnableOption '' @@ -20,13 +29,30 @@ in { ''; }; + extraSessionCommands = mkOption { + type = types.lines; + default = ""; + example = '' + export SDL_VIDEODRIVER=wayland + # needs qt5.qtwayland in systemPackages + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # Fix for some Java AWT applications (e.g. Android Studio), + # use this if they aren't displayed properly: + export _JAVA_AWT_WM_NONREPARENTING=1 + ''; + description = '' + Shell commands executed just before Sway is started. + ''; + }; + extraPackages = mkOption { type = with types; listOf package; default = with pkgs; [ - xwayland dmenu + xwayland rxvt_unicode dmenu ]; defaultText = literalExample '' - with pkgs; [ xwayland dmenu ]; + with pkgs; [ xwayland rxvt_unicode dmenu ]; ''; example = literalExample '' with pkgs; [ @@ -42,7 +68,7 @@ in { }; config = mkIf cfg.enable { - environment.systemPackages = [ swayPackage ] ++ cfg.extraPackages; + environment.systemPackages = [ swayJoined ] ++ cfg.extraPackages; security.pam.services.swaylock = {}; hardware.opengl.enable = mkDefault true; fonts.enableDefaultFonts = mkDefault true; @@ -51,4 +77,3 @@ in { meta.maintainers = with lib.maintainers; [ gnidorah primeos colemickens ]; } - diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index ff01a5dee53d..d83d6f1f750c 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -127,11 +127,15 @@ let options { pidfile = "$RUNDIR/rspamd.pid"; .include "$CONFDIR/options.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/options.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/options.inc" } logging { type = "syslog"; .include "$CONFDIR/logging.inc" + .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/logging.inc" + .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc" } ${concatStringsSep "\n" (mapAttrsToList (name: value: '' @@ -149,6 +153,41 @@ let ${cfg.extraConfig} ''; + rspamdDir = pkgs.linkFarm "etc-rspamd-dir" ( + (mapAttrsToList (name: file: { name = "local.d/${name}"; path = file.source; }) cfg.locals) ++ + (mapAttrsToList (name: file: { name = "override.d/${name}"; path = file.source; }) cfg.overrides) ++ + (optional (cfg.localLuaRules != null) { name = "rspamd.local.lua"; path = cfg.localLuaRules; }) ++ + [ { name = "rspamd.conf"; path = rspamdConfFile; } ] + ); + + configFileModule = prefix: { name, config, ... }: { + options = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether this file ${prefix} should be generated. This + option allows specific ${prefix} files to be disabled. + ''; + }; + + text = mkOption { + default = null; + type = types.nullOr types.lines; + description = "Text of the file."; + }; + + source = mkOption { + type = types.path; + description = "Path of the source file."; + }; + }; + config = { + source = mkIf (config.text != null) ( + let name' = "rspamd-${prefix}-" + baseNameOf name; + in mkDefault (pkgs.writeText name' config.text)); + }; + }; in { @@ -167,6 +206,41 @@ in description = "Whether to run the rspamd daemon in debug mode."; }; + locals = mkOption { + type = with types; loaOf (submodule (configFileModule "locals")); + default = {}; + description = '' + Local configuration files, written into <filename>/etc/rspamd/local.d/{name}</filename>. + ''; + example = literalExample '' + { "redis.conf".source = "/nix/store/.../etc/dir/redis.conf"; + "arc.conf".text = "allow_envfrom_empty = true;"; + } + ''; + }; + + overrides = mkOption { + type = with types; loaOf (submodule (configFileModule "overrides")); + default = {}; + description = '' + Overridden configuration files, written into <filename>/etc/rspamd/override.d/{name}</filename>. + ''; + example = literalExample '' + { "redis.conf".source = "/nix/store/.../etc/dir/redis.conf"; + "arc.conf".text = "allow_envfrom_empty = true;"; + } + ''; + }; + + localLuaRules = mkOption { + default = null; + type = types.nullOr types.path; + description = '' + Path of file to link to <filename>/etc/rspamd/rspamd.local.lua</filename> for local + rules written in Lua + ''; + }; + workers = mkOption { type = with types; attrsOf (submodule workerOpts); description = '' @@ -242,16 +316,17 @@ in gid = config.ids.gids.rspamd; }; - environment.etc."rspamd.conf".source = rspamdConfFile; + environment.etc."rspamd".source = rspamdDir; systemd.services.rspamd = { description = "Rspamd Service"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; + restartTriggers = [ rspamdDir ]; serviceConfig = { - ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f"; + ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c /etc/rspamd/rspamd.conf -f"; Restart = "always"; RuntimeDirectory = "rspamd"; PrivateTmp = true; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index ce1cb6ad37f2..aa72cda70453 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -552,10 +552,9 @@ in { gnupg ]; preStart = '' - ${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/config/gitlab_shell_secret - cp -rf ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db - cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config + rm -rf ${cfg.statePath}/config + mkdir ${cfg.statePath}/config if [ -e ${cfg.statePath}/lib ]; then rm ${cfg.statePath}/lib fi @@ -569,6 +568,8 @@ in { ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb ''} cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION + cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config + ${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/config/gitlab_shell_secret # JSON is a subset of YAML ln -sf ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml diff --git a/nixos/modules/services/monitoring/prometheus/default.nix b/nixos/modules/services/monitoring/prometheus/default.nix index e2ee995cea80..bf4dfc666bb6 100644 --- a/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixos/modules/services/monitoring/prometheus/default.nix @@ -10,6 +10,13 @@ let # Get a submodule without any embedded metadata: _filter = x: filterAttrs (k: v: k != "_module") x; + # a wrapper that verifies that the configuration is valid + promtoolCheck = what: name: file: pkgs.runCommand "${name}-${what}-checked" + { buildInputs = [ cfg.package ]; } '' + ln -s ${file} $out + promtool ${what} $out + ''; + # Pretty-print JSON to a file writePrettyJSON = name: x: pkgs.runCommand name { } '' @@ -19,18 +26,19 @@ let # This becomes the main config file promConfig = { global = cfg.globalConfig; - rule_files = cfg.ruleFiles ++ [ + rule_files = map (promtoolCheck "check-rules" "rules") (cfg.ruleFiles ++ [ (pkgs.writeText "prometheus.rules" (concatStringsSep "\n" cfg.rules)) - ]; + ]); scrape_configs = cfg.scrapeConfigs; }; generatedPrometheusYml = writePrettyJSON "prometheus.yml" promConfig; - prometheusYml = - if cfg.configText != null then + prometheusYml = let + yml = if cfg.configText != null then pkgs.writeText "prometheus.yml" cfg.configText - else generatedPrometheusYml; + else generatedPrometheusYml; + in promtoolCheck "check-config" "prometheus.yml" yml; cmdlineArgs = cfg.extraFlags ++ [ "-storage.local.path=${cfg.dataDir}/metrics" @@ -376,6 +384,15 @@ in { ''; }; + package = mkOption { + type = types.package; + default = pkgs.prometheus; + defaultText = "pkgs.prometheus"; + description = '' + The prometheus package that should be used. + ''; + }; + listenAddress = mkOption { type = types.str; default = "0.0.0.0:9090"; @@ -495,7 +512,7 @@ in { after = [ "network.target" ]; script = '' #!/bin/sh - exec ${pkgs.prometheus}/bin/prometheus \ + exec ${cfg.package}/bin/prometheus \ ${concatStringsSep " \\\n " cmdlineArgs} ''; serviceConfig = { diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix index ab3f81037681..0e90fed788b9 100644 --- a/nixos/modules/services/networking/consul.nix +++ b/nixos/modules/services/networking/consul.nix @@ -6,9 +6,10 @@ let dataDir = "/var/lib/consul"; cfg = config.services.consul; - configOptions = { data_dir = dataDir; } // - (if cfg.webUi then { ui_dir = "${cfg.package.ui}"; } else { }) // - cfg.extraConfig; + configOptions = { + data_dir = dataDir; + ui = cfg.webUi; + } // cfg.extraConfig; configFiles = [ "/etc/consul.json" "/etc/consul-addrs.json" ] ++ cfg.extraConfigFiles; diff --git a/nixos/modules/services/search/solr.nix b/nixos/modules/services/search/solr.nix index 90140a337ed8..7200c40e89f7 100644 --- a/nixos/modules/services/search/solr.nix +++ b/nixos/modules/services/search/solr.nix @@ -6,142 +6,105 @@ let cfg = config.services.solr; - # Assemble all jars needed for solr - solrJars = pkgs.stdenv.mkDerivation { - name = "solr-jars"; - - src = pkgs.fetchurl { - url = http://archive.apache.org/dist/tomcat/tomcat-5/v5.5.36/bin/apache-tomcat-5.5.36.tar.gz; - sha256 = "01mzvh53wrs1p2ym765jwd00gl6kn8f9k3nhdrnhdqr8dhimfb2p"; - }; - - installPhase = '' - mkdir -p $out/lib - cp common/lib/*.jar $out/lib/ - ln -s ${pkgs.ant}/lib/ant/lib/ant.jar $out/lib/ - ln -s ${cfg.solrPackage}/lib/ext/* $out/lib/ - ln -s ${pkgs.jdk.home}/lib/tools.jar $out/lib/ - '' + optionalString (cfg.extraJars != []) '' - for f in ${concatStringsSep " " cfg.extraJars}; do - cp $f $out/lib - done - ''; - }; - -in { +in +{ options = { services.solr = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Enables the solr service. - ''; - }; - - javaPackage = mkOption { - type = types.package; - default = pkgs.jre; - defaultText = "pkgs.jre"; - description = '' - Which Java derivation to use for running solr. - ''; - }; + enable = mkEnableOption "Enables the solr service."; - solrPackage = mkOption { + package = mkOption { type = types.package; default = pkgs.solr; defaultText = "pkgs.solr"; - description = '' - Which solr derivation to use for running solr. - ''; + description = "Which Solr package to use."; }; - extraJars = mkOption { - type = types.listOf types.path; - default = []; - description = '' - List of paths pointing to jars. Jars are copied to commonLibFolder to be available to java/solr. - ''; + port = mkOption { + type = types.int; + default = 8983; + description = "Port on which Solr is ran."; }; - log4jConfiguration = mkOption { - type = types.lines; - default = '' - log4j.rootLogger=INFO, stdout - log4j.appender.stdout=org.apache.log4j.ConsoleAppender - log4j.appender.stdout.Target=System.out - log4j.appender.stdout.layout=org.apache.log4j.PatternLayout - log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n - ''; - description = '' - Contents of the <literal>log4j.properties</literal> used. By default, - everything is logged to stdout (picked up by systemd) with level INFO. - ''; + stateDir = mkOption { + type = types.path; + default = "/var/lib/solr"; + description = "The solr home directory containing config, data, and logging files."; }; - user = mkOption { - type = types.str; - description = '' - The user that should run the solr process and. - the working directories. - ''; + extraJavaOptions = mkOption { + type = types.listOf types.str; + default = []; + description = "Extra command line options given to the java process running Solr."; }; - group = mkOption { + user = mkOption { type = types.str; - description = '' - The group that will own the working directory. - ''; + default = "solr"; + description = "User under which Solr is ran."; }; - solrHome = mkOption { + group = mkOption { type = types.str; - description = '' - The solr home directory. It is your own responsibility to - make sure this directory contains a working solr configuration, - and is writeable by the the user running the solr service. - Failing to do so, the solr will not start properly. - ''; - }; - - extraJavaOptions = mkOption { - type = types.listOf types.str; - default = []; - description = '' - Extra command line options given to the java process running - solr. - ''; - }; - - extraWinstoneOptions = mkOption { - type = types.listOf types.str; - default = []; - description = '' - Extra command line options given to the Winstone, which is - the servlet container hosting solr. - ''; + default = "solr"; + description = "Group under which Solr is ran."; }; }; }; config = mkIf cfg.enable { - services.winstone.solr = { - serviceName = "solr"; - inherit (cfg) user group javaPackage; - warFile = "${cfg.solrPackage}/lib/solr.war"; - extraOptions = [ - "--commonLibFolder=${solrJars}/lib" - "--useJasper" - ] ++ cfg.extraWinstoneOptions; - extraJavaOptions = [ - "-Dsolr.solr.home=${cfg.solrHome}" - "-Dlog4j.configuration=file://${pkgs.writeText "log4j.properties" cfg.log4jConfiguration}" - ] ++ cfg.extraJavaOptions; + environment.systemPackages = [ cfg.package ]; + + systemd.services.solr = { + after = [ "network.target" "remote-fs.target" "nss-lookup.target" "systemd-journald-dev-log.socket" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + SOLR_HOME = "${cfg.stateDir}/data"; + LOG4J_PROPS = "${cfg.stateDir}/log4j2.xml"; + SOLR_LOGS_DIR = "${cfg.stateDir}/logs"; + SOLR_PORT = "${toString cfg.port}"; + }; + path = with pkgs; [ + gawk + procps + ]; + preStart = '' + mkdir -p "${cfg.stateDir}/data"; + mkdir -p "${cfg.stateDir}/logs"; + + if ! test -e "${cfg.stateDir}/data/solr.xml"; then + install -D -m0640 ${cfg.package}/server/solr/solr.xml "${cfg.stateDir}/data/solr.xml" + install -D -m0640 ${cfg.package}/server/solr/zoo.cfg "${cfg.stateDir}/data/zoo.cfg" + fi + + if ! test -e "${cfg.stateDir}/log4j2.xml"; then + install -D -m0640 ${cfg.package}/server/resources/log4j2.xml "${cfg.stateDir}/log4j2.xml" + fi + ''; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStart="${cfg.package}/bin/solr start -f -a \"${concatStringsSep " " cfg.extraJavaOptions}\""; + ExecStop="${cfg.package}/bin/solr stop"; + }; }; + users.users = optionalAttrs (cfg.user == "solr") (singleton + { name = "solr"; + group = cfg.group; + home = cfg.stateDir; + createHome = true; + uid = config.ids.uids.solr; + }); + + users.groups = optionalAttrs (cfg.group == "solr") (singleton + { name = "solr"; + gid = config.ids.gids.solr; + }); + }; } diff --git a/nixos/modules/services/web-servers/tomcat.nix b/nixos/modules/services/web-servers/tomcat.nix index be54e9255c78..68261c50324d 100644 --- a/nixos/modules/services/web-servers/tomcat.nix +++ b/nixos/modules/services/web-servers/tomcat.nix @@ -31,10 +31,26 @@ in ''; }; + purifyOnStart = mkOption { + type = types.bool; + default = false; + description = '' + On startup, the `baseDir` directory is populated with various files, + subdirectories and symlinks. If this option is enabled, these items + (except for the `logs` and `work` subdirectories) are first removed. + This prevents interference from remainders of an old configuration + (libraries, webapps, etc.), so it's recommended to enable this option. + ''; + }; + baseDir = mkOption { type = lib.types.path; default = "/var/tomcat"; - description = "Location where Tomcat stores configuration files, webapplications and logfiles"; + description = '' + Location where Tomcat stores configuration files, web applications + and logfiles. Note that it is partially cleared on each service startup + if `purifyOnStart` is enabled. + ''; }; logDirs = mkOption { @@ -197,6 +213,15 @@ in after = [ "network.target" ]; preStart = '' + ${lib.optionalString cfg.purifyOnStart '' + # Delete most directories/symlinks we create from the existing base directory, + # to get rid of remainders of an old configuration. + # The list of directories to delete is taken from the "mkdir" command below, + # excluding "logs" (because logs are valuable) and "work" (because normally + # session files are there), and additionally including "bin". + rm -rf ${cfg.baseDir}/{conf,virtualhosts,temp,lib,shared/lib,webapps,bin} + ''} + # Create the base directory mkdir -p \ ${cfg.baseDir}/{conf,virtualhosts,logs,temp,lib,shared/lib,webapps,work} diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix index c92570582f20..9015200beead 100644 --- a/nixos/modules/virtualisation/amazon-image.nix +++ b/nixos/modules/virtualisation/amazon-image.nix @@ -53,7 +53,7 @@ let cfg = config.ec2; in # Mount all formatted ephemeral disks and activate all swap devices. # We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options # because the set of devices is dependent on the instance type - # (e.g. "m1.large" has one ephemeral filesystem and one swap device, + # (e.g. "m1.small" has one ephemeral filesystem and one swap device, # while "m1.large" has two ephemeral filesystems and no swap # devices). Also, put /tmp and /var on /disk0, since it has a lot # more space than the root device. Similarly, "move" /nix to /disk0 diff --git a/nixos/modules/virtualisation/google-compute-image.nix b/nixos/modules/virtualisation/google-compute-image.nix index caaf6c0aa59d..795858e5eae2 100644 --- a/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixos/modules/virtualisation/google-compute-image.nix @@ -144,7 +144,6 @@ in path = with pkgs; [ iproute ]; serviceConfig = { ExecStart = "${gce}/bin/google_network_daemon --debug"; - Type = "oneshot"; }; }; diff --git a/nixos/release.nix b/nixos/release.nix index c3a10c9d3300..4647f28be186 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -410,6 +410,7 @@ in rec { tests.slurm = callTest tests/slurm.nix {}; tests.smokeping = callTest tests/smokeping.nix {}; tests.snapper = callTest tests/snapper.nix {}; + tests.solr = callTest tests/solr.nix {}; #tests.statsd = callTest tests/statsd.nix {}; # statsd is broken: #45946 tests.strongswan-swanctl = callTest tests/strongswan-swanctl.nix {}; tests.sudo = callTest tests/sudo.nix {}; diff --git a/nixos/tests/rspamd.nix b/nixos/tests/rspamd.nix index a12622b6aa0b..af765f37b91b 100644 --- a/nixos/tests/rspamd.nix +++ b/nixos/tests/rspamd.nix @@ -27,7 +27,7 @@ let $machine->succeed("id \"rspamd\" >/dev/null"); ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" } sleep 10; - $machine->log($machine->succeed("cat /etc/rspamd.conf")); + $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf")); $machine->log($machine->succeed("systemctl cat rspamd.service")); $machine->log($machine->succeed("curl http://localhost:11334/auth")); $machine->log($machine->succeed("curl http://127.0.0.1:11334/auth")); @@ -55,7 +55,7 @@ in $machine->waitForFile("/run/rspamd.sock"); ${checkSocket "/run/rspamd.sock" "root" "root" "600" } ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" } - $machine->log($machine->succeed("cat /etc/rspamd.conf")); + $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf")); $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat")); $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")); ''; @@ -86,9 +86,80 @@ in $machine->waitForFile("/run/rspamd.sock"); ${checkSocket "/run/rspamd.sock" "root" "root" "600" } ${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" } - $machine->log($machine->succeed("cat /etc/rspamd.conf")); + $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf")); $machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat")); $machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping")); ''; }; + customLuaRules = makeTest { + name = "rspamd-custom-lua-rules"; + machine = { + environment.etc."tests/no-muh.eml".text = '' + From: Sheep1<bah@example.com> + To: Sheep2<mah@example.com> + Subject: Evil cows + + I find cows to be evil don't you? + ''; + environment.etc."tests/muh.eml".text = '' + From: Cow<cow@example.com> + To: Sheep2<mah@example.com> + Subject: Evil cows + + Cows are majestic creatures don't Muh agree? + ''; + services.rspamd = { + enable = true; + locals."groups.conf".text = '' + group "cows" { + symbol { + NO_MUH = { + weight = 1.0; + description = "Mails should not muh"; + } + } + } + ''; + localLuaRules = pkgs.writeText "rspamd.local.lua" '' + local rspamd_logger = require "rspamd_logger" + rspamd_config.NO_MUH = { + callback = function (task) + local parts = task:get_text_parts() + if parts then + for _,part in ipairs(parts) do + local content = tostring(part:get_content()) + rspamd_logger.infox(rspamd_config, 'Found content %s', content) + local found = string.find(content, "Muh"); + rspamd_logger.infox(rspamd_config, 'Found muh %s', tostring(found)) + if found then + return true + end + end + end + return false + end, + score = 5.0, + description = 'Allow no cows', + group = "cows", + } + rspamd_logger.infox(rspamd_config, 'Work dammit!!!') + ''; + }; + }; + testScript = '' + ${initMachine} + $machine->waitForOpenPort(11334); + $machine->log($machine->succeed("cat /etc/rspamd/rspamd.conf")); + $machine->log($machine->succeed("cat /etc/rspamd/rspamd.local.lua")); + $machine->log($machine->succeed("cat /etc/rspamd/local.d/groups.conf")); + ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" } + $machine->log($machine->succeed("curl --unix-socket /run/rspamd/rspamd.sock http://localhost/ping")); + $machine->log($machine->succeed("rspamc -h 127.0.0.1:11334 stat")); + $machine->log($machine->succeed("cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334")); + $machine->log($machine->succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols")); + $machine->waitUntilSucceeds("journalctl -u rspamd | grep -i muh >&2"); + $machine->log($machine->fail("cat /etc/tests/no-muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH")); + $machine->log($machine->succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH")); + ''; + }; } diff --git a/nixos/tests/solr.nix b/nixos/tests/solr.nix new file mode 100644 index 000000000000..9ba3863411ea --- /dev/null +++ b/nixos/tests/solr.nix @@ -0,0 +1,47 @@ +import ./make-test.nix ({ pkgs, lib, ... }: +{ + name = "solr"; + meta.maintainers = [ lib.maintainers.aanderse ]; + + machine = + { config, pkgs, ... }: + { + # Ensure the virtual machine has enough memory for Solr to avoid the following error: + # + # OpenJDK 64-Bit Server VM warning: + # INFO: os::commit_memory(0x00000000e8000000, 402653184, 0) + # failed; error='Cannot allocate memory' (errno=12) + # + # There is insufficient memory for the Java Runtime Environment to continue. + # Native memory allocation (mmap) failed to map 402653184 bytes for committing reserved memory. + virtualisation.memorySize = 2000; + + services.solr.enable = true; + }; + + testScript = '' + startAll; + + $machine->waitForUnit('solr.service'); + $machine->waitForOpenPort('8983'); + $machine->succeed('curl --fail http://localhost:8983/solr/'); + + # adapted from pkgs.solr/examples/films/README.txt + $machine->succeed('sudo -u solr solr create -c films'); + $machine->succeed(q(curl http://localhost:8983/solr/films/schema -X POST -H 'Content-type:application/json' --data-binary '{ + "add-field" : { + "name":"name", + "type":"text_general", + "multiValued":false, + "stored":true + }, + "add-field" : { + "name":"initial_release_date", + "type":"pdate", + "stored":true + } + }')) =~ /"status":0/ or die; + $machine->succeed('sudo -u solr post -c films ${pkgs.solr}/example/films/films.json'); + $machine->succeed('curl http://localhost:8983/solr/films/query?q=name:batman') =~ /"name":"Batman Begins"/ or die; + ''; +}) |