diff options
Diffstat (limited to 'nixos')
20 files changed, 406 insertions, 78 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 6fa14b553862..17b385242f6f 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -63,6 +63,15 @@ following incompatible changes:</para> pass literal dollar signs through Postfix, double them. </para> </listitem> + <listitem> + <para> + The <literal>postage</literal> package (for web-based PostgreSQL + administration) has been renamed to <literal>pgmanage</literal>. The + corresponding module has also been renamed. To migrate please rename all + <option>services.postage</option> options to + <option>services.pgmanage</option>. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/hardware/opengl.nix b/nixos/modules/hardware/opengl.nix index 486fe7c1cd8f..c2c36f02a143 100644 --- a/nixos/modules/hardware/opengl.nix +++ b/nixos/modules/hardware/opengl.nix @@ -93,7 +93,7 @@ in hardware.opengl.extraPackages = mkOption { type = types.listOf types.package; default = []; - example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]"; + example = literalExample "with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]"; description = '' Additional packages to add to OpenGL drivers. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc. diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index c0df2977856e..7c737e84de0a 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -8,6 +8,7 @@ use File::Basename; use File::Slurp; use File::stat; +umask(0022); sub uniq { my %seen; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 44bcec5aec26..e66a2ba272a1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -185,7 +185,7 @@ ./services/databases/neo4j.nix ./services/databases/openldap.nix ./services/databases/opentsdb.nix - ./services/databases/postage.nix + ./services/databases/pgmanage.nix ./services/databases/postgresql.nix ./services/databases/redis.nix ./services/databases/riak.nix diff --git a/nixos/modules/programs/sway.nix b/nixos/modules/programs/sway.nix index 2934fba96dda..9070722c770b 100644 --- a/nixos/modules/programs/sway.nix +++ b/nixos/modules/programs/sway.nix @@ -10,7 +10,7 @@ let #! ${pkgs.stdenv.shell} ${cfg.extraSessionCommands} PATH="${sway}/bin:$PATH" - exec ${pkgs.dbus.dbus-launch} --exit-with-session "${sway}/bin/sway" + exec ${pkgs.dbus.dbus-launch} --exit-with-session sway-setcap ''; swayJoined = pkgs.symlinkJoin { name = "sway-wrapped"; @@ -53,7 +53,8 @@ in config = mkIf cfg.enable { environment.systemPackages = [ swayJoined ] ++ cfg.extraPackages; security.wrappers.sway = { - source = "${swayJoined}/bin/sway"; + program = "sway-setcap"; + source = "${sway}/bin/sway"; capabilities = "cap_sys_ptrace,cap_sys_tty_config=eip"; owner = "root"; group = "sway"; diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index a40c5ef9ebe1..fb011019f7f5 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -139,6 +139,20 @@ in ''; }; + production = mkOption { + type = types.bool; + default = true; + description = '' + If set to true, use Let's Encrypt's production environment + instead of the staging environment. The main benefit of the + staging environment is to get much higher rate limits. + + See + <literal>https://letsencrypt.org/docs/staging-environment</literal> + for more detail. + ''; + }; + certs = mkOption { default = { }; type = with types; attrsOf (submodule certOpts); @@ -177,7 +191,9 @@ in cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ] ++ optionals (data.email != null) [ "--email" data.email ] ++ concatMap (p: [ "-f" p ]) data.plugins - ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains); + ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains) + ++ (if cfg.production then [] + else ["--server" "https://acme-staging.api.letsencrypt.org/directory"]); acmeService = { description = "Renew ACME Certificate for ${cert}"; after = [ "network.target" "network-online.target" ]; diff --git a/nixos/modules/services/databases/postage.nix b/nixos/modules/services/databases/pgmanage.nix index d49c9a83a46f..86733a3e5a07 100644 --- a/nixos/modules/services/databases/postage.nix +++ b/nixos/modules/services/databases/pgmanage.nix @@ -3,16 +3,16 @@ with lib; let - cfg = config.services.postage; + cfg = config.services.pgmanage; confFile = pkgs.writeTextFile { - name = "postage.conf"; + name = "pgmanage.conf"; text = '' - connection_file = ${postageConnectionsFile} + connection_file = ${pgmanageConnectionsFile} allow_custom_connections = ${builtins.toJSON cfg.allowCustomConnections} - postage_port = ${toString cfg.port} + pgmanage_port = ${toString cfg.port} super_only = ${builtins.toJSON cfg.superOnly} @@ -20,7 +20,7 @@ let login_timeout = ${toString cfg.loginTimeout} - web_root = ${cfg.package}/etc/postage/web_root + web_root = ${cfg.package}/etc/pgmanage/web_root data_root = ${cfg.dataRoot} @@ -33,24 +33,23 @@ let ''; }; - postageConnectionsFile = pkgs.writeTextFile { - name = "postage-connections.conf"; + pgmanageConnectionsFile = pkgs.writeTextFile { + name = "pgmanage-connections.conf"; text = concatStringsSep "\n" (mapAttrsToList (name : conn : "${name}: ${conn}") cfg.connections); }; - postage = "postage"; -in { + pgmanage = "pgmanage"; - options.services.postage = { + pgmanageOptions = { enable = mkEnableOption "PostgreSQL Administration for the web"; package = mkOption { type = types.package; - default = pkgs.postage; - defaultText = "pkgs.postage"; + default = pkgs.pgmanage; + defaultText = "pkgs.pgmanage"; description = '' - The postage package to use. + The pgmanage package to use. ''; }; @@ -62,14 +61,14 @@ in { "mini-server" = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require"; }; description = '' - Postage requires at least one PostgreSQL server be defined. + pgmanage requires at least one PostgreSQL server be defined. </para><para> Detailed information about PostgreSQL connection strings is available at: <link xlink:href="http://www.postgresql.org/docs/current/static/libpq-connect.html"/> </para><para> Note that you should not specify your user name or password. That information will be entered on the login screen. If you specify a - username or password, it will be removed by Postage before attempting to + username or password, it will be removed by pgmanage before attempting to connect to a database. ''; }; @@ -78,7 +77,7 @@ in { type = types.bool; default = false; description = '' - This tells Postage whether or not to allow anyone to use a custom + This tells pgmanage whether or not to allow anyone to use a custom connection from the login screen. ''; }; @@ -87,7 +86,7 @@ in { type = types.int; default = 8080; description = '' - This tells Postage what port to listen on for browser requests. + This tells pgmanage what port to listen on for browser requests. ''; }; @@ -95,7 +94,7 @@ in { type = types.bool; default = true; description = '' - This tells Postage whether or not to set the listening socket to local + This tells pgmanage whether or not to set the listening socket to local addresses only. ''; }; @@ -104,10 +103,10 @@ in { type = types.bool; default = true; description = '' - This tells Postage whether or not to only allow super users to + This tells pgmanage whether or not to only allow super users to login. The recommended value is true and will restrict users who are not super users from logging in to any PostgreSQL instance through - Postage. Note that a connection will be made to PostgreSQL in order to + pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a superuser. ''; }; @@ -116,8 +115,8 @@ in { type = types.nullOr types.str; default = null; description = '' - This tells Postage to only allow users in a certain PostgreSQL group to - login to Postage. Note that a connection will be made to PostgreSQL in + This tells pgmanage to only allow users in a certain PostgreSQL group to + login to pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a member of the login group. ''; }; @@ -133,10 +132,10 @@ in { dataRoot = mkOption { type = types.str; - default = "/var/lib/postage"; + default = "/var/lib/pgmanage"; description = '' - This tells Postage where to put the SQL file history. All tabs are saved - to this location so that if you get disconnected from Postage you + This tells pgmanage where to put the SQL file history. All tabs are saved + to this location so that if you get disconnected from pgmanage you don't lose your work. ''; }; @@ -156,15 +155,15 @@ in { }); default = null; description = '' - These options tell Postage where the TLS Certificate and Key files + These options tell pgmanage where the TLS Certificate and Key files reside. If you use these options then you'll only be able to access - Postage through a secure TLS connection. These options are only - necessary if you wish to connect directly to Postage using a secure TLS - connection. As an alternative, you can set up Postage in a reverse proxy + pgmanage through a secure TLS connection. These options are only + necessary if you wish to connect directly to pgmanage using a secure TLS + connection. As an alternative, you can set up pgmanage in a reverse proxy configuration. This allows your web server to terminate the secure - connection and pass on the request to Postage. You can find help to set + connection and pass on the request to pgmanage. You can find help to set up this configuration in: - <link xlink:href="https://github.com/workflowproducts/postage/blob/master/INSTALL_NGINX.md"/> + <link xlink:href="https://github.com/pgManage/pgManage/blob/master/INSTALL_NGINX.md"/> ''; }; @@ -177,29 +176,47 @@ in { }; }; - config = mkIf cfg.enable { - systemd.services.postage = { - description = "postage - PostgreSQL Administration for the web"; - wants = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - User = postage; - Group = postage; - ExecStart = "${pkgs.postage}/sbin/postage -c ${confFile}" + - optionalString cfg.localOnly " --local-only=true"; - }; - }; - users = { - users."${postage}" = { - name = postage; - group = postage; - home = cfg.dataRoot; - createHome = true; + +in { + + options.services.pgmanage = pgmanageOptions; + + # This is deprecated and should be removed for NixOS-18.03. + options.services.postage = pgmanageOptions; + + config = mkMerge [ + { assertions = [ + { assertion = !config.services.postage.enable; + message = + "services.postage is deprecated in favour of pgmanage. " + + "They have the same options so just substitute postage for pgmanage." ; + } + ]; + } + (mkIf cfg.enable { + systemd.services.pgmanage = { + description = "pgmanage - PostgreSQL Administration for the web"; + wants = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = pgmanage; + Group = pgmanage; + ExecStart = "${pkgs.pgmanage}/sbin/pgmanage -c ${confFile}" + + optionalString cfg.localOnly " --local-only=true"; + }; }; - groups."${postage}" = { - name = postage; + users = { + users."${pgmanage}" = { + name = pgmanage; + group = pgmanage; + home = cfg.dataRoot; + createHome = true; + }; + groups."${pgmanage}" = { + name = pgmanage; + }; }; - }; - }; + }) + ]; } diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 1fef9ac6ec90..867c0ea6761c 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -60,11 +60,11 @@ let manpage_directory = "${pkgs.postfix}/share/man"; html_directory = "${pkgs.postfix}/share/postfix/doc/html"; shlib_directory = false; - relayhost = if cfg.lookupMX || cfg.relayHost == "" - then cfg.relayHost - else - "[${cfg.relayHost}]" - + optionalString (cfg.relayPort != null) ":${toString cfg.relayPort}"; + relayhost = if cfg.relayHost == "" then "" else + if cfg.lookupMX + then "${cfg.relayHost}:${toString cfg.relayPort}" + else "[${cfg.relayHost}]:${toString cfg.relayPort}"; + mail_spool_directory = "/var/spool/mail/"; setgid_group = setgidGroup; } @@ -461,13 +461,10 @@ in }; relayPort = mkOption { - type = types.nullOr types.int; - default = null; - example = 587; + type = types.int; + default = 25; description = " - Specify an optional port for outbound mail relay. (Note: - only used if an explicit <option>relayHost</option> is - defined.) + SMTP port for relay mail relay. "; }; diff --git a/nixos/modules/services/networking/keybase.nix b/nixos/modules/services/networking/keybase.nix index 7c7982ee8eac..a149f16a84cb 100644 --- a/nixos/modules/services/networking/keybase.nix +++ b/nixos/modules/services/networking/keybase.nix @@ -28,7 +28,7 @@ in { description = "Keybase service"; serviceConfig = { ExecStart = '' - ${pkgs.keybase}/bin/keybase -d service --auto-forked + ${pkgs.keybase}/bin/keybase service --auto-forked ''; Restart = "on-failure"; PrivateTmp = true; diff --git a/nixos/modules/services/networking/strongswan.nix b/nixos/modules/services/networking/strongswan.nix index b0eb0460b9ba..3a3f64221c42 100644 --- a/nixos/modules/services/networking/strongswan.nix +++ b/nixos/modules/services/networking/strongswan.nix @@ -32,8 +32,10 @@ let ${caConf} ''; - strongswanConf = {setup, connections, ca, secrets}: toFile "strongswan.conf" '' + strongswanConf = {setup, connections, ca, secrets, managePlugins, enabledPlugins}: toFile "strongswan.conf" '' charon { + ${if managePlugins then "load_modular = no" else ""} + ${if managePlugins then ("load = " + (concatStringsSep " " enabledPlugins)) else ""} plugins { stroke { secrets_file = ${ipsecSecrets secrets} @@ -112,6 +114,25 @@ in file. ''; }; + + managePlugins = mkOption { + type = types.bool; + default = false; + description = '' + If set to true, this option will disable automatic plugin loading and + then tell strongSwan to enable the plugins specified in the + <option>enabledPlugins</option> option. + ''; + }; + + enabledPlugins = mkOption { + type = types.listOf types.str; + default = []; + description = '' + A list of additional plugins to enable if + <option>managePlugins</option> is true. + ''; + }; }; config = with cfg; mkIf enable { @@ -122,7 +143,7 @@ in wants = [ "keys.target" ]; after = [ "network-online.target" "keys.target" ]; environment = { - STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets; }; + STRONGSWAN_CONF = strongswanConf { inherit setup connections ca secrets managePlugins enabledPlugins; }; }; serviceConfig = { ExecStart = "${pkgs.strongswan}/sbin/ipsec start --nofork"; diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index bcce4accdd6e..545ee327d596 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -8,9 +8,9 @@ let stateDir = "/var/lib/unbound"; - access = concatMapStrings (x: " access-control: ${x} allow\n") cfg.allowedAccess; + access = concatMapStringsSep "\n " (x: "access-control: ${x} allow") cfg.allowedAccess; - interfaces = concatMapStrings (x: " interface: ${x}\n") cfg.interfaces; + interfaces = concatMapStringsSep "\n " (x: "interface: ${x}") cfg.interfaces; isLocalAddress = x: substring 0 3 x == "::1" || substring 0 9 x == "127.0.0.1"; diff --git a/nixos/modules/services/x11/desktop-managers/lxqt.nix b/nixos/modules/services/x11/desktop-managers/lxqt.nix index 89ad2882363d..fb907618d35b 100644 --- a/nixos/modules/services/x11/desktop-managers/lxqt.nix +++ b/nixos/modules/services/x11/desktop-managers/lxqt.nix @@ -41,7 +41,7 @@ in name = "lxqt"; bgSupport = true; start = '' - exec ${pkgs.lxqt.lxqt-common}/bin/startlxqt + exec ${pkgs.lxqt.lxqt-session}/bin/startlxqt ''; }; diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 82dfc1c9f1ce..e68bfd860601 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -537,7 +537,7 @@ in type = types.bool; default = false; description = '' - Wether the container is automatically started at boot-time. + Whether the container is automatically started at boot-time. ''; }; @@ -596,6 +596,8 @@ in { config, pkgs, ... }: { services.postgresql.enable = true; services.postgresql.package = pkgs.postgresql96; + + system.stateVersion = "17.03"; }; }; } diff --git a/nixos/release.nix b/nixos/release.nix index d5f59a524e04..28eb76d888e4 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -270,6 +270,10 @@ in rec { tests.plasma5 = callTest tests/plasma5.nix {}; tests.keymap = callSubTests tests/keymap.nix {}; tests.initrdNetwork = callTest tests/initrd-network.nix {}; + tests.kafka_0_9 = callTest tests/kafka_0_9.nix {}; + tests.kafka_0_10 = callTest tests/kafka_0_10.nix {}; + tests.kafka_0_11 = callTest tests/kafka_0_11.nix {}; + tests.kafka_1_0 = callTest tests/kafka_1_0.nix {}; tests.kernel-copperhead = callTest tests/kernel-copperhead.nix {}; tests.kernel-latest = callTest tests/kernel-latest.nix {}; tests.kernel-lts = callTest tests/kernel-lts.nix {}; @@ -306,6 +310,7 @@ in rec { #tests.panamax = hydraJob (import tests/panamax.nix { system = "x86_64-linux"; }); tests.peerflix = callTest tests/peerflix.nix {}; tests.postgresql = callSubTests tests/postgresql.nix {}; + tests.pgmanage = callTest tests/pgmanage.nix {}; tests.postgis = callTest tests/postgis.nix {}; #tests.pgjwt = callTest tests/pgjwt.nix {}; tests.printing = callTest tests/printing.nix {}; @@ -329,7 +334,7 @@ in rec { tests.wordpress = callTest tests/wordpress.nix {}; tests.xfce = callTest tests/xfce.nix {}; tests.xmonad = callTest tests/xmonad.nix {}; - + tests.zookeeper = callTest tests/zookeeper.nix {}; /* Build a bunch of typical closures so that Hydra can keep track of the evolution of closure sizes. */ diff --git a/nixos/tests/kafka_0_10.nix b/nixos/tests/kafka_0_10.nix new file mode 100644 index 000000000000..6e7820f64bc4 --- /dev/null +++ b/nixos/tests/kafka_0_10.nix @@ -0,0 +1,48 @@ +import ./make-test.nix ({ pkgs, lib, ... } : +let + kafkaPackage = pkgs.apacheKafka_0_10; +in { + name = "kafka_0_10"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + nodes = { + zookeeper1 = { config, ... }: { + services.zookeeper = { + enable = true; + }; + + networking.firewall.allowedTCPPorts = [ 2181 ]; + }; + kafka = { config, ... }: { + services.apache-kafka = { + enable = true; + extraProperties = '' + offsets.topic.replication.factor = 1 + ''; + package = kafkaPackage; + zookeeper = "zookeeper1:2181"; + }; + + networking.firewall.allowedTCPPorts = [ 9092 ]; + virtualisation.memorySize = 2048; + }; + }; + + testScript = '' + startAll; + + $zookeeper1->waitForUnit("zookeeper"); + $zookeeper1->waitForUnit("network.target"); + $zookeeper1->waitForOpenPort(2181); + + $kafka->waitForUnit("apache-kafka"); + $kafka->waitForUnit("network.target"); + $kafka->waitForOpenPort(9092); + + $kafka->waitUntilSucceeds("${kafkaPackage}/bin/kafka-topics.sh --create --zookeeper zookeeper1:2181 --partitions 1 --replication-factor 1 --topic testtopic"); + $kafka->mustSucceed("echo 'test 1' | ${kafkaPackage}/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic testtopic"); + $kafka->mustSucceed("${kafkaPackage}/bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic testtopic --from-beginning --max-messages 1 | grep 'test 1'"); + ''; +}) diff --git a/nixos/tests/kafka_0_11.nix b/nixos/tests/kafka_0_11.nix new file mode 100644 index 000000000000..39f9c36bb229 --- /dev/null +++ b/nixos/tests/kafka_0_11.nix @@ -0,0 +1,48 @@ +import ./make-test.nix ({ pkgs, lib, ... } : +let + kafkaPackage = pkgs.apacheKafka_0_11; +in { + name = "kafka_0_11"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + nodes = { + zookeeper1 = { config, ... }: { + services.zookeeper = { + enable = true; + }; + + networking.firewall.allowedTCPPorts = [ 2181 ]; + }; + kafka = { config, ... }: { + services.apache-kafka = { + enable = true; + extraProperties = '' + offsets.topic.replication.factor = 1 + ''; + package = kafkaPackage; + zookeeper = "zookeeper1:2181"; + }; + + networking.firewall.allowedTCPPorts = [ 9092 ]; + virtualisation.memorySize = 2048; + }; + }; + + testScript = '' + startAll; + + $zookeeper1->waitForUnit("zookeeper"); + $zookeeper1->waitForUnit("network.target"); + $zookeeper1->waitForOpenPort(2181); + + $kafka->waitForUnit("apache-kafka"); + $kafka->waitForUnit("network.target"); + $kafka->waitForOpenPort(9092); + + $kafka->waitUntilSucceeds("${kafkaPackage}/bin/kafka-topics.sh --create --zookeeper zookeeper1:2181 --partitions 1 --replication-factor 1 --topic testtopic"); + $kafka->mustSucceed("echo 'test 1' | ${kafkaPackage}/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic testtopic"); + $kafka->mustSucceed("${kafkaPackage}/bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic testtopic --from-beginning --max-messages 1 | grep 'test 1'"); + ''; +}) diff --git a/nixos/tests/kafka_0_9.nix b/nixos/tests/kafka_0_9.nix new file mode 100644 index 000000000000..fee82aba2bda --- /dev/null +++ b/nixos/tests/kafka_0_9.nix @@ -0,0 +1,48 @@ +import ./make-test.nix ({ pkgs, lib, ... } : +let + kafkaPackage = pkgs.apacheKafka_0_9; +in { + name = "kafka_0_9"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + nodes = { + zookeeper1 = { config, ... }: { + services.zookeeper = { + enable = true; + }; + + networking.firewall.allowedTCPPorts = [ 2181 ]; + }; + kafka = { config, ... }: { + services.apache-kafka = { + enable = true; + extraProperties = '' + offsets.topic.replication.factor = 1 + ''; + package = kafkaPackage; + zookeeper = "zookeeper1:2181"; + }; + + networking.firewall.allowedTCPPorts = [ 9092 ]; + virtualisation.memorySize = 2048; + }; + }; + + testScript = '' + startAll; + + $zookeeper1->waitForUnit("zookeeper"); + $zookeeper1->waitForUnit("network.target"); + $zookeeper1->waitForOpenPort(2181); + + $kafka->waitForUnit("apache-kafka"); + $kafka->waitForUnit("network.target"); + $kafka->waitForOpenPort(9092); + + $kafka->waitUntilSucceeds("${kafkaPackage}/bin/kafka-topics.sh --create --zookeeper zookeeper1:2181 --partitions 1 --replication-factor 1 --topic testtopic"); + $kafka->mustSucceed("echo 'test 1' | ${kafkaPackage}/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic testtopic"); + $kafka->mustSucceed("${kafkaPackage}/bin/kafka-console-consumer.sh --zookeeper zookeeper1:2181 --topic testtopic --from-beginning --max-messages 1 | grep 'test 1'"); + ''; +}) diff --git a/nixos/tests/kafka_1_0.nix b/nixos/tests/kafka_1_0.nix new file mode 100644 index 000000000000..936840dbcfdc --- /dev/null +++ b/nixos/tests/kafka_1_0.nix @@ -0,0 +1,48 @@ +import ./make-test.nix ({ pkgs, lib, ... } : +let + kafkaPackage = pkgs.apacheKafka_1_0; +in { + name = "kafka_1_0"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + nodes = { + zookeeper1 = { config, ... }: { + services.zookeeper = { + enable = true; + }; + + networking.firewall.allowedTCPPorts = [ 2181 ]; + }; + kafka = { config, ... }: { + services.apache-kafka = { + enable = true; + extraProperties = '' + offsets.topic.replication.factor = 1 + ''; + package = kafkaPackage; + zookeeper = "zookeeper1:2181"; + }; + + networking.firewall.allowedTCPPorts = [ 9092 ]; + virtualisation.memorySize = 2048; + }; + }; + + testScript = '' + startAll; + + $zookeeper1->waitForUnit("zookeeper"); + $zookeeper1->waitForUnit("network.target"); + $zookeeper1->waitForOpenPort(2181); + + $kafka->waitForUnit("apache-kafka"); + $kafka->waitForUnit("network.target"); + $kafka->waitForOpenPort(9092); + + $kafka->waitUntilSucceeds("${kafkaPackage}/bin/kafka-topics.sh --create --zookeeper zookeeper1:2181 --partitions 1 --replication-factor 1 --topic testtopic"); + $kafka->mustSucceed("echo 'test 1' | ${kafkaPackage}/bin/kafka-console-producer.sh --broker-list localhost:9092 --topic testtopic"); + $kafka->mustSucceed("${kafkaPackage}/bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic testtopic --from-beginning --max-messages 1 | grep 'test 1'"); + ''; +}) diff --git a/nixos/tests/pgmanage.nix b/nixos/tests/pgmanage.nix new file mode 100644 index 000000000000..110cbd5c5b40 --- /dev/null +++ b/nixos/tests/pgmanage.nix @@ -0,0 +1,39 @@ +import ./make-test.nix ({ pkgs, ... } : +let + role = "test"; + password = "secret"; + conn = "local"; +in +{ + name = "pgmanage"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ basvandijk ]; + }; + nodes = { + one = { config, pkgs, ... }: { + services = { + postgresql = { + enable = true; + initialScript = pkgs.writeText "pg-init-script" '' + CREATE ROLE ${role} SUPERUSER LOGIN PASSWORD '${password}'; + ''; + }; + pgmanage = { + enable = true; + connections = { + "${conn}" = "hostaddr=127.0.0.1 port=${toString config.services.postgresql.port} dbname=postgres"; + }; + }; + }; + }; + }; + + testScript = '' + startAll; + $one->waitForUnit("default.target"); + $one->requireActiveUnit("pgmanage.service"); + + # Test if we can log in. + $one->waitUntilSucceeds("curl 'http://localhost:8080/pgmanage/auth' --data 'action=login&connname=${conn}&username=${role}&password=${password}' --fail"); + ''; +}) diff --git a/nixos/tests/zookeeper.nix b/nixos/tests/zookeeper.nix new file mode 100644 index 000000000000..d247654adade --- /dev/null +++ b/nixos/tests/zookeeper.nix @@ -0,0 +1,28 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "zookeeper"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ nequissimus ]; + }; + + nodes = { + server = { pkgs, config, ... }: { + services.zookeeper = { + enable = true; + }; + + networking.firewall.allowedTCPPorts = [ 2181 ]; + }; + }; + + testScript = '' + startAll; + + $server->waitForUnit("zookeeper"); + $server->waitForUnit("network.target"); + $server->waitForOpenPort(2181); + + $server->waitUntilSucceeds("${pkgs.zookeeper}/bin/zkCli.sh -server localhost:2181 create /foo bar"); + $server->waitUntilSucceeds("${pkgs.zookeeper}/bin/zkCli.sh -server localhost:2181 set /foo hello"); + $server->waitUntilSucceeds("${pkgs.zookeeper}/bin/zkCli.sh -server localhost:2181 get /foo | grep hello"); + ''; +}) |