diff options
Diffstat (limited to 'nixos')
22 files changed, 246 insertions, 145 deletions
diff --git a/nixos/doc/manual/installation/installing-usb.xml b/nixos/doc/manual/installation/installing-usb.xml index b97f989d902c..31d51816e39b 100644 --- a/nixos/doc/manual/installation/installing-usb.xml +++ b/nixos/doc/manual/installation/installing-usb.xml @@ -31,7 +31,7 @@ ISO, copy its contents verbatim to your drive, then either: <para>Edit <filename>loader/entries/nixos-livecd.conf</filename> on the drive and change the <literal>root=</literal> field in the <literal>options</literal> line to point to your drive (see the documentation on <literal>root=</literal> - in <link xlink:href="https://www.kernel.org/doc/Documentation/kernel-parameters.txt"> + in <link xlink:href="https://www.kernel.org/doc/Documentation/admin-guide/kernel-parameters.txt"> the kernel documentation</link> for more details).</para> </listitem> <listitem> diff --git a/nixos/lib/make-disk-image.nix b/nixos/lib/make-disk-image.nix index d4b2e338c3ef..9fa848301f60 100644 --- a/nixos/lib/make-disk-image.nix +++ b/nixos/lib/make-disk-image.nix @@ -80,7 +80,7 @@ let truncate -s ${toString diskSize}M $diskImage ${if partitioned then '' - parted $diskImage -- mklabel msdos mkpart primary ext4 1M -1s + parted --script $diskImage -- mklabel msdos mkpart primary ext4 1M -1s offset=$((2048*512)) '' else '' offset=0 diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix index 97278238dcd5..7b36d4f1cbdf 100644 --- a/nixos/modules/config/nsswitch.nix +++ b/nixos/modules/config/nsswitch.nix @@ -18,7 +18,7 @@ let hostArray = [ "files" ] ++ optionals mymachines [ "mymachines" ] - ++ optionals nssmdns [ "mdns_minimal [!UNAVAIL=return]" ] + ++ optionals nssmdns [ "mdns_minimal [NOTFOUND=return]" ] ++ optionals nsswins [ "wins" ] ++ optionals resolved ["resolve [!UNAVAIL=return]"] ++ [ "dns" ] diff --git a/nixos/modules/config/timezone.nix b/nixos/modules/config/timezone.nix index aa030a816d04..b15948f6e2e5 100644 --- a/nixos/modules/config/timezone.nix +++ b/nixos/modules/config/timezone.nix @@ -5,6 +5,9 @@ with lib; let tzdir = "${pkgs.tzdata}/share/zoneinfo"; + nospace = str: filter (c: c == " ") (stringToCharacters str) == []; + timezone = types.nullOr (types.addCheck types.str nospace) + // { description = "null or string without spaces"; }; in @@ -15,7 +18,7 @@ in timeZone = mkOption { default = null; - type = types.nullOr types.str; + type = timezone; example = "America/New_York"; description = '' The time zone used when displaying times and dates. See <link diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 31d48df47f4e..a8cb957ffe21 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -131,8 +131,6 @@ ./security/rtkit.nix ./security/wrappers/default.nix ./security/sudo.nix - ./service-managers/docker.nix - ./service-managers/trivial.nix ./services/admin/salt/master.nix ./services/admin/salt/minion.nix ./services/amqp/activemq/default.nix diff --git a/nixos/modules/service-managers/docker.nix b/nixos/modules/service-managers/docker.nix deleted file mode 100644 index 7effe0e85d46..000000000000 --- a/nixos/modules/service-managers/docker.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.docker-containers; - - containerModule = { - options.script = mkOption { - type = types.lines; - description = "Shell commands executed as the service's main process."; - }; - }; - - toContainer = name: value: pkgs.dockerTools.buildImage { - inherit name; - config = { - Cmd = [ value.script ]; - }; - }; -in { - options.docker-containers = mkOption { - default = {}; - type = with types; attrsOf (types.submodule containerModule); - description = "Definition of docker containers"; - }; - - config.system.build.toplevel-docker = lib.mapAttrs toContainer cfg; -} diff --git a/nixos/modules/service-managers/trivial.nix b/nixos/modules/service-managers/trivial.nix deleted file mode 100644 index 77e615d1e2e2..000000000000 --- a/nixos/modules/service-managers/trivial.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.trivial-services; - - serviceModule.options = { - script = mkOption { - type = types.lines; - description = "Shell commands executed as the service's main process."; - }; - - environment = mkOption { - default = {}; - type = types.attrs; # FIXME - example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; }; - description = "Environment variables passed to the service's processes."; - }; - }; - - launcher = name: value: pkgs.writeScript name '' - #!${pkgs.stdenv.shell} -eu - - ${pkgs.writeScript "${name}-entry" value.script} - ''; -in { - options.trivial-services = mkOption { - default = {}; - type = with types; attrsOf (types.submodule serviceModule); - description = "Definition of trivial services"; - }; - - config.system.build.toplevel-trivial = lib.mapAttrs launcher cfg; -} diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 0fa9e417785f..14c184c3d685 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -581,6 +581,7 @@ in { mkdir -p ${cfg.statePath}/{log,uploads} ln -sf ${cfg.statePath}/log /run/gitlab/log ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads + ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp chown -R ${cfg.user}:${cfg.group} /run/gitlab # Prepare home directory @@ -639,10 +640,10 @@ in { chmod -R ug+rwX,o-rwx ${cfg.statePath}/repositories chmod -R ug-s ${cfg.statePath}/repositories find ${cfg.statePath}/repositories -type d -print0 | xargs -0 chmod g+s - chmod 700 ${cfg.statePath}/uploads + chmod 770 ${cfg.statePath}/uploads chown -R git ${cfg.statePath}/uploads find ${cfg.statePath}/uploads -type f -exec chmod 0644 {} \; - find ${cfg.statePath}/uploads -type d -not -path ${cfg.statePath}/uploads -exec chmod 0700 {} \; + find ${cfg.statePath}/uploads -type d -not -path ${cfg.statePath}/uploads -exec chmod 0770 {} \; ''; serviceConfig = { diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index 68a814b23053..9bd88ca1707b 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -95,18 +95,18 @@ let ip46tables -N nixos-fw-log-refuse ${optionalString cfg.logRefusedConnections '' - ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "rejected connection: " + ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "refused connection: " ''} ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) '' ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \ - -j LOG --log-level info --log-prefix "rejected broadcast: " + -j LOG --log-level info --log-prefix "refused broadcast: " ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \ - -j LOG --log-level info --log-prefix "rejected multicast: " + -j LOG --log-level info --log-prefix "refused multicast: " ''} ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse ${optionalString cfg.logRefusedPackets '' ip46tables -A nixos-fw-log-refuse \ - -j LOG --log-level info --log-prefix "rejected packet: " + -j LOG --log-level info --log-prefix "refused packet: " ''} ip46tables -A nixos-fw-log-refuse -j nixos-fw-refuse diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix index 0216c9771c96..77a3f6b51e80 100644 --- a/nixos/modules/services/scheduling/atd.nix +++ b/nixos/modules/services/scheduling/atd.nix @@ -42,6 +42,8 @@ in config = mkIf cfg.enable { + # Not wrapping "batch" because it's a shell script (kernel drops perms + # anyway) and it's patched to invoke the "at" setuid wrapper. security.wrappers = builtins.listToAttrs ( map (program: { name = "${program}"; value = { source = "${at}/bin/${program}"; @@ -49,7 +51,7 @@ in group = "atd"; setuid = true; setgid = true; - };}) [ "at" "atq" "atrm" "batch" ]); + };}) [ "at" "atq" "atrm" ]); environment.systemPackages = [ at ]; diff --git a/nixos/modules/services/security/hologram-server.nix b/nixos/modules/services/security/hologram-server.nix index 8315c9ea5d61..e267fed27955 100644 --- a/nixos/modules/services/security/hologram-server.nix +++ b/nixos/modules/services/security/hologram-server.nix @@ -23,8 +23,6 @@ let stats = cfg.statsAddress; listen = cfg.listenAddress; }); - - script = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}"; in { options = { services.hologram-server = { @@ -96,15 +94,9 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - inherit script; - }; - - docker-containers.hologram-server = { - inherit script; - }; - - trivial-services.hologram-server = { - inherit script; + serviceConfig = { + ExecStart = "${pkgs.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}"; + }; }; }; } diff --git a/nixos/modules/services/security/sshguard.nix b/nixos/modules/services/security/sshguard.nix index 5a183443f71d..7f09e8893c4d 100644 --- a/nixos/modules/services/security/sshguard.nix +++ b/nixos/modules/services/security/sshguard.nix @@ -89,7 +89,7 @@ in { environment.systemPackages = [ pkgs.sshguard pkgs.iptables pkgs.ipset ]; - environment.etc."sshguard.conf".text = let + environment.etc."sshguard.conf".text = let list_services = ( name: "-t ${name} "); in '' BACKEND="${pkgs.sshguard}/libexec/sshg-fw-ipset" diff --git a/nixos/modules/tasks/encrypted-devices.nix b/nixos/modules/tasks/encrypted-devices.nix index 6bbf335e7db7..da0c9408d891 100644 --- a/nixos/modules/tasks/encrypted-devices.nix +++ b/nixos/modules/tasks/encrypted-devices.nix @@ -36,7 +36,7 @@ let keyFile = mkOption { default = null; - example = "/root/.swapkey"; + example = "/mnt-root/root/.swapkey"; type = types.nullOr types.str; description = "File system location of keyfile. This unlocks the drive after the root has been mounted to <literal>/mnt-root</literal>."; }; @@ -67,7 +67,6 @@ in luks = { devices = map (dev: { name = dev.encrypted.label; device = dev.encrypted.blkDev; } ) keylessEncDevs; - cryptoModules = [ "aes" "sha256" "sha1" "xts" ]; forceLuksSupportInInitrd = true; }; postMountCommands = diff --git a/nixos/modules/virtualisation/brightbox-image.nix b/nixos/modules/virtualisation/brightbox-image.nix index 7f45f0f34f71..08bbcfd9d7c2 100644 --- a/nixos/modules/virtualisation/brightbox-image.nix +++ b/nixos/modules/virtualisation/brightbox-image.nix @@ -33,9 +33,9 @@ in } '' # Create partition table - ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos - ${pkgs.parted}/sbin/parted /dev/vda mkpart primary ext4 1 ${diskSize} - ${pkgs.parted}/sbin/parted /dev/vda print + ${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted --script /dev/vda mkpart primary ext4 1 ${diskSize} + ${pkgs.parted}/sbin/parted --script /dev/vda print . /sys/class/block/vda1/uevent mknod /dev/vda1 b $MAJOR $MINOR diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix index f61d80f55991..125e6b7050bc 100644 --- a/nixos/release-combined.nix +++ b/nixos/release-combined.nix @@ -42,12 +42,11 @@ in rec { name = "nixos-${nixos.channel.version}"; meta = { description = "Release-critical builds for the NixOS channel"; - maintainers = [ pkgs.lib.maintainers.eelco ]; + maintainers = with pkgs.lib.maintainers; [ eelco fpletz ]; }; constituents = let - all = x: map (system: x.${system}) - (supportedSystems ++ limitedSupportedSystems); + all = x: map (system: x.${system}) supportedSystems; in [ nixos.channel (all nixos.dummy) @@ -61,7 +60,7 @@ in rec { nixos.tests.chromium (all nixos.tests.firefox) (all nixos.tests.firewall) - nixos.tests.gnome3.x86_64-linux # FIXME: i686-linux + (all nixos.tests.gnome3) nixos.tests.installer.zfsroot.x86_64-linux # ZFS is 64bit only (all nixos.tests.installer.lvm) (all nixos.tests.installer.luksroot) @@ -80,9 +79,8 @@ in rec { (all nixos.tests.boot.uefiCdrom) (all nixos.tests.boot.uefiUsb) (all nixos.tests.boot-stage1) - nixos.tests.hibernate.x86_64-linux # i686 is flaky, see #23107 + (all nixos.tests.hibernate) nixos.tests.docker - nixos.tests.docker-edge (all nixos.tests.ecryptfs) (all nixos.tests.env) (all nixos.tests.ipv6) @@ -93,7 +91,7 @@ in rec { (all nixos.tests.keymap.dvp) (all nixos.tests.keymap.neo) (all nixos.tests.keymap.qwertz) - nixos.tests.plasma5.x86_64-linux # avoid big build on i686 + (all nixos.tests.plasma5) #(all nixos.tests.lightdm) (all nixos.tests.login) (all nixos.tests.misc) diff --git a/nixos/release.nix b/nixos/release.nix index ee706ff986d4..63f739e8e896 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -214,6 +214,7 @@ in rec { # Run the tests for each platform. You can run a test by doing # e.g. ‘nix-build -A tests.login.x86_64-linux’, or equivalently, # ‘nix-build tests/login.nix -A result’. + tests.atd = callTest tests/atd.nix {}; tests.acme = callTest tests/acme.nix {}; tests.avahi = callTest tests/avahi.nix {}; tests.bittorrent = callTest tests/bittorrent.nix {}; @@ -249,6 +250,7 @@ in rec { tests.firewall = callTest tests/firewall.nix {}; tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; }); #tests.gitlab = callTest tests/gitlab.nix {}; + tests.gitolite = callTest tests/gitolite.nix {}; tests.glance = callTest tests/glance.nix {}; tests.gocd-agent = callTest tests/gocd-agent.nix {}; tests.gocd-server = callTest tests/gocd-server.nix {}; @@ -303,8 +305,10 @@ in rec { #tests.panamax = hydraJob (import tests/panamax.nix { system = "x86_64-linux"; }); tests.peerflix = callTest tests/peerflix.nix {}; tests.postgresql = callSubTests tests/postgresql.nix {}; + tests.postgis = callTest tests/postgis.nix {}; #tests.pgjwt = callTest tests/pgjwt.nix {}; tests.printing = callTest tests/printing.nix {}; + tests.prometheus = callTest tests/prometheus.nix {}; tests.proxy = callTest tests/proxy.nix {}; tests.pumpio = callTest tests/pump.io.nix {}; # tests.quagga = callTest tests/quagga.nix {}; diff --git a/nixos/tests/atd.nix b/nixos/tests/atd.nix new file mode 100644 index 000000000000..c2c0a716e0de --- /dev/null +++ b/nixos/tests/atd.nix @@ -0,0 +1,36 @@ +import ./make-test.nix ({ pkgs, lib, ... }: + +{ + name = "atd"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ bjornfor ]; + }; + + machine = + { config, pkgs, ... }: + { services.atd.enable = true; + users.extraUsers.alice = { isNormalUser = true; }; + }; + + # "at" has a resolution of 1 minute + testScript = '' + startAll; + + $machine->fail("test -f ~root/at-1"); + $machine->fail("test -f ~root/batch-1"); + $machine->fail("test -f ~alice/at-1"); + $machine->fail("test -f ~alice/batch-1"); + + $machine->succeed("echo 'touch ~root/at-1' | at now+1min"); + $machine->succeed("echo 'touch ~root/batch-1' | batch"); + $machine->succeed("su - alice -c \"echo 'touch at-1' | at now+1min\""); + $machine->succeed("su - alice -c \"echo 'touch batch-1' | batch\""); + + $machine->succeed("sleep 1.5m"); + + $machine->succeed("test -f ~root/at-1"); + $machine->succeed("test -f ~root/batch-1"); + $machine->succeed("test -f ~alice/at-1"); + $machine->succeed("test -f ~alice/batch-1"); + ''; +}) diff --git a/nixos/tests/gitolite.nix b/nixos/tests/gitolite.nix new file mode 100644 index 000000000000..643ea4ff03ef --- /dev/null +++ b/nixos/tests/gitolite.nix @@ -0,0 +1,139 @@ +import ./make-test.nix ({ pkgs, ...}: + +let + adminPrivateKey = pkgs.writeText "id_ed25519" '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3gAAAJBJiYxDSYmM + QwAAAAtzc2gtZWQyNTUxOQAAACDu7qxYQAPdAU6RrhB3llk2N1v4PTwcVzcX1oX265uC3g + AAAEDE1W6vMwSEUcF1r7Hyypm/+sCOoDmKZgPxi3WOa1mD2u7urFhAA90BTpGuEHeWWTY3 + W/g9PBxXNxfWhfbrm4LeAAAACGJmb0BtaW5pAQIDBAU= + -----END OPENSSH PRIVATE KEY----- + ''; + + adminPublicKey = pkgs.writeText "id_ed25519.pub" '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7urFhAA90BTpGuEHeWWTY3W/g9PBxXNxfWhfbrm4Le root@client + ''; + + alicePrivateKey = pkgs.writeText "id_ed25519" '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQAAAJAwVQ5VMFUO + VQAAAAtzc2gtZWQyNTUxOQAAACBbeWvHh/AWGWI6EIc1xlSihyXtacNQ9KeztlW/VUy8wQ + AAAEB7lbfkkdkJoE+4TKHPdPQWBKLSx+J54Eg8DaTr+3KoSlt5a8eH8BYZYjoQhzXGVKKH + Je1pw1D0p7O2Vb9VTLzBAAAACGJmb0BtaW5pAQIDBAU= + -----END OPENSSH PRIVATE KEY----- + ''; + + alicePublicKey = pkgs.writeText "id_ed25519.pub" '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFt5a8eH8BYZYjoQhzXGVKKHJe1pw1D0p7O2Vb9VTLzB alice@client + ''; + + bobPrivateKey = pkgs.writeText "id_ed25519" '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMAAAAJDQBmNV0AZj + VQAAAAtzc2gtZWQyNTUxOQAAACCWTaJ1D9Xjxy6759FvQ9oXTes1lmWBciXPkEeqTikBMA + AAAEDM1IYYFUwk/IVxauha9kuR6bbRtT3gZ6ZA0GLb9txb/pZNonUP1ePHLrvn0W9D2hdN + 6zWWZYFyJc+QR6pOKQEwAAAACGJmb0BtaW5pAQIDBAU= + -----END OPENSSH PRIVATE KEY----- + ''; + + bobPublicKey = pkgs.writeText "id_ed25519.pub" '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJZNonUP1ePHLrvn0W9D2hdN6zWWZYFyJc+QR6pOKQEw bob@client + ''; + + gitoliteAdminConfSnippet = '' + repo alice-project + RW+ = alice + ''; +in +{ + name = "gitolite"; + + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ bjornfor ]; + }; + + nodes = { + + server = + { config, pkgs, lib, ... }: + { + services.gitolite = { + enable = true; + adminPubkey = builtins.readFile adminPublicKey; + }; + services.openssh.enable = true; + }; + + client = + { config, pkgs, lib, ... }: + { + environment.systemPackages = [ pkgs.git ]; + programs.ssh.extraConfig = '' + Host * + UserKnownHostsFile /dev/null + StrictHostKeyChecking no + # there's nobody around that can input password + PreferredAuthentications publickey + ''; + users.extraUsers.alice = { isNormalUser = true; }; + users.extraUsers.bob = { isNormalUser = true; }; + }; + + }; + + testScript = '' + startAll; + + subtest "can setup ssh keys on system", sub { + $client->mustSucceed("mkdir -p ~root/.ssh"); + $client->mustSucceed("cp ${adminPrivateKey} ~root/.ssh/id_ed25519"); + $client->mustSucceed("chmod 600 ~root/.ssh/id_ed25519"); + + $client->mustSucceed("sudo -u alice mkdir -p ~alice/.ssh"); + $client->mustSucceed("sudo -u alice cp ${alicePrivateKey} ~alice/.ssh/id_ed25519"); + $client->mustSucceed("sudo -u alice chmod 600 ~alice/.ssh/id_ed25519"); + + $client->mustSucceed("sudo -u bob mkdir -p ~bob/.ssh"); + $client->mustSucceed("sudo -u bob cp ${bobPrivateKey} ~bob/.ssh/id_ed25519"); + $client->mustSucceed("sudo -u bob chmod 600 ~bob/.ssh/id_ed25519"); + }; + + subtest "gitolite server starts", sub { + $server->waitForUnit("gitolite-init.service"); + $server->waitForUnit("sshd.service"); + $client->mustSucceed('ssh gitolite@server info'); + }; + + subtest "admin can clone and configure gitolite-admin.git", sub { + $client->mustSucceed('git clone gitolite@server:gitolite-admin.git'); + $client->mustSucceed("git config --global user.name 'System Administrator'"); + $client->mustSucceed("git config --global user.email root\@domain.example"); + $client->mustSucceed("cp ${alicePublicKey} gitolite-admin/keydir/alice.pub"); + $client->mustSucceed("cp ${bobPublicKey} gitolite-admin/keydir/bob.pub"); + $client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add keys for alice, bob" && git push)'); + $client->mustSucceed("printf '${gitoliteAdminConfSnippet}' >> gitolite-admin/conf/gitolite.conf"); + $client->mustSucceed('(cd gitolite-admin && git add . && git commit -m "Add repo for alice" && git push)'); + }; + + subtest "non-admins cannot clone gitolite-admin.git", sub { + $client->mustFail('sudo -i -u alice git clone gitolite@server:gitolite-admin.git'); + $client->mustFail('sudo -i -u bob git clone gitolite@server:gitolite-admin.git'); + }; + + subtest "non-admins can clone testing.git", sub { + $client->mustSucceed('sudo -i -u alice git clone gitolite@server:testing.git'); + $client->mustSucceed('sudo -i -u bob git clone gitolite@server:testing.git'); + }; + + subtest "alice can clone alice-project.git", sub { + $client->mustSucceed('sudo -i -u alice git clone gitolite@server:alice-project.git'); + }; + + subtest "bob cannot clone alice-project.git", sub { + $client->mustFail('sudo -i -u bob git clone gitolite@server:alice-project.git'); + }; + ''; +}) diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix index c1dae2a34fa3..da9582deec1d 100644 --- a/nixos/tests/installer.nix +++ b/nixos/tests/installer.nix @@ -260,9 +260,9 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary linux-swap 1M 1024M", - "parted /dev/vda -- mkpart primary ext2 1024M -1s", + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M", + "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", "udevadm settle", "mkswap /dev/vda1 -L swap", "swapon -L swap", @@ -277,11 +277,11 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel gpt", - "parted -s /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot - "parted -s /dev/vda -- set 1 boot on", - "parted -s /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB", - "parted -s /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # / + "parted --script /dev/vda mklabel gpt", + "parted --script /dev/vda -- mkpart ESP fat32 1M 50MiB", # /boot + "parted --script /dev/vda -- set 1 boot on", + "parted --script /dev/vda -- mkpart primary linux-swap 50MiB 1024MiB", + "parted --script /dev/vda -- mkpart primary ext2 1024MiB -1MiB", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -300,10 +300,10 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted /dev/vda -- mkpart primary linux-swap 50MB 1024M", - "parted /dev/vda -- mkpart primary ext2 1024M -1s", # / + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot + "parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M", + "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -321,10 +321,10 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted /dev/vda -- mkpart primary linux-swap 50MB 1024M", - "parted /dev/vda -- mkpart primary ext2 1024M -1s", # / + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot + "parted --script /dev/vda -- mkpart primary linux-swap 50MB 1024M", + "parted --script /dev/vda -- mkpart primary ext2 1024M -1s", # / "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -357,9 +357,9 @@ in { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary linux-swap 1M 1024M", - "parted /dev/vda -- mkpart primary 1024M -1s", + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary linux-swap 1M 1024M", + "parted --script /dev/vda -- mkpart primary 1024M -1s", "udevadm settle", "mkswap /dev/vda1 -L swap", @@ -380,11 +380,11 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary 1M 2048M", # PV1 - "parted /dev/vda -- set 1 lvm on", - "parted /dev/vda -- mkpart primary 2048M -1s", # PV2 - "parted /dev/vda -- set 2 lvm on", + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary 1M 2048M", # PV1 + "parted --script /dev/vda -- set 1 lvm on", + "parted --script /dev/vda -- mkpart primary 2048M -1s", # PV2 + "parted --script /dev/vda -- set 2 lvm on", "udevadm settle", "pvcreate /dev/vda1 /dev/vda2", "vgcreate MyVolGroup /dev/vda1 /dev/vda2", @@ -402,10 +402,10 @@ in { luksroot = makeInstallerTest "luksroot" { createPartitions = '' $machine->succeed( - "parted /dev/vda mklabel msdos", - "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot - "parted /dev/vda -- mkpart primary linux-swap 50M 1024M", - "parted /dev/vda -- mkpart primary 1024M -1s", # LUKS + "parted --script /dev/vda mklabel msdos", + "parted --script /dev/vda -- mkpart primary ext2 1M 50MB", # /boot + "parted --script /dev/vda -- mkpart primary linux-swap 50M 1024M", + "parted --script /dev/vda -- mkpart primary 1024M -1s", # LUKS "udevadm settle", "mkswap /dev/vda2 -L swap", "swapon -L swap", @@ -434,7 +434,7 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/vda --" + "parted --script /dev/vda --" . " mklabel msdos" . " mkpart primary ext2 1M 100MB" # /boot . " mkpart extended 100M -1s" @@ -469,9 +469,9 @@ in { { createPartitions = '' $machine->succeed( - "parted /dev/sda mklabel msdos", - "parted /dev/sda -- mkpart primary linux-swap 1M 1024M", - "parted /dev/sda -- mkpart primary ext2 1024M -1s", + "parted --script /dev/sda mklabel msdos", + "parted --script /dev/sda -- mkpart primary linux-swap 1M 1024M", + "parted --script /dev/sda -- mkpart primary ext2 1024M -1s", "udevadm settle", "mkswap /dev/sda1 -L swap", "swapon -L swap", diff --git a/nixos/tests/postgis.nix b/nixos/tests/postgis.nix index 1dba5c363c09..f6ce3fe38ed3 100644 --- a/nixos/tests/postgis.nix +++ b/nixos/tests/postgis.nix @@ -9,15 +9,11 @@ import ./make-test.nix ({ pkgs, ...} : { { pkgs, config, ... }: { - services.postgresql = let mypg = pkgs.postgresql95; in { + services.postgresql = let mypg = pkgs.postgresql100; in { enable = true; package = mypg; - extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_2_1 ]; - initialScript = pkgs.writeText "postgresql-init.sql" - '' - CREATE ROLE postgres WITH superuser login createdb; - ''; - }; + extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }).v_2_4_0 ]; + }; }; }; diff --git a/nixos/tests/prometheus.nix b/nixos/tests/prometheus.nix index ade097597bb8..374fb2d634b4 100644 --- a/nixos/tests/prometheus.nix +++ b/nixos/tests/prometheus.nix @@ -5,9 +5,6 @@ import ./make-test.nix { one = { config, pkgs, ... }: { services.prometheus = { enable = true; - globalConfig = { - labels = { foo = "bar"; }; - }; scrapeConfigs = [{ job_name = "prometheus"; static_configs = [{ diff --git a/nixos/tests/virtualbox.nix b/nixos/tests/virtualbox.nix index a1ab7614871a..c519d7dae8be 100644 --- a/nixos/tests/virtualbox.nix +++ b/nixos/tests/virtualbox.nix @@ -107,8 +107,8 @@ let buildInputs = [ pkgs.utillinux pkgs.perl ]; } '' - ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos - ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s + ${pkgs.parted}/sbin/parted --script /dev/vda mklabel msdos + ${pkgs.parted}/sbin/parted --script /dev/vda -- mkpart primary ext2 1M -1s . /sys/class/block/vda1/uevent mknod /dev/vda1 b $MAJOR $MINOR |