diff options
Diffstat (limited to 'nixos')
28 files changed, 270 insertions, 57 deletions
diff --git a/nixos/doc/manual/administration/declarative-containers.xml b/nixos/doc/manual/administration/declarative-containers.xml index 2a98fb126231..d03dbc4d7055 100644 --- a/nixos/doc/manual/administration/declarative-containers.xml +++ b/nixos/doc/manual/administration/declarative-containers.xml @@ -15,7 +15,7 @@ containers.database = { config = { config, pkgs, ... }: { <xref linkend="opt-services.postgresql.enable"/> = true; - <xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql96; + <xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_9_6; }; }; </programlisting> diff --git a/nixos/doc/manual/configuration/config-file.xml b/nixos/doc/manual/configuration/config-file.xml index 8a1a39c98c10..c77cfe137baa 100644 --- a/nixos/doc/manual/configuration/config-file.xml +++ b/nixos/doc/manual/configuration/config-file.xml @@ -197,10 +197,10 @@ swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; pkgs.emacs ]; -<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql90; +<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_10; </programlisting> The latter option definition changes the default PostgreSQL package used - by NixOS’s PostgreSQL service to 9.0. For more information on packages, + by NixOS’s PostgreSQL service to 10.x. For more information on packages, including how to add new ones, see <xref linkend="sec-custom-packages"/>. </para> </listitem> diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml index 0ddf40acbfcc..8715a05f508b 100644 --- a/nixos/doc/manual/release-notes/rl-1809.xml +++ b/nixos/doc/manual/release-notes/rl-1809.xml @@ -637,6 +637,11 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull' anyways for clarity. </para> </listitem> + <listitem> + <para> + Groups <literal>kvm</literal> and <literal>render</literal> are introduced now, as systemd requires them. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index 77f58b224d7f..7cfe1d27a4ff 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -139,6 +139,21 @@ make sure to update your configuration if you want to keep <literal>proglodyte-wasm</literal> </para> </listitem> + <listitem> + <para> + OpenSMTPD has been upgraded to version 6.4.0p1. This release makes + backwards-incompatible changes to the configuration file format. See + <command>man smtpd.conf</command> for more information on the new file + format. + </para> + </listitem> + <listitem> + <para> + The versioned <varname>postgresql</varname> have been renamed to use + underscore number seperators. For example, <varname>postgresql96</varname> + has been renamed to <varname>postgresql_9_6</varname>. + </para> + </listitem> </itemizedlist> </section> @@ -157,6 +172,15 @@ Matomo version. </para> </listitem> + <listitem> + <para> + The deprecated <literal>truecrypt</literal> package has been removed + and <literal>truecrypt</literal> attribute is now an alias for + <literal>veracrypt</literal>. VeraCrypt is backward-compatible with + TrueCrypt volumes. Note that <literal>cryptsetup</literal> also + supports loading TrueCrypt volumes. + </para> + </listitem> </itemizedlist> </section> </section> diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix index f71e264c3478..5f05b037bdde 100644 --- a/nixos/lib/eval-config.nix +++ b/nixos/lib/eval-config.nix @@ -53,7 +53,8 @@ in rec { inherit prefix check; modules = modules ++ extraModules ++ baseModules ++ [ pkgsModule ]; args = extraArgs; - specialArgs = { modulesPath = ../modules; } // specialArgs; + specialArgs = + { modulesPath = builtins.toString ../modules; } // specialArgs; }) config options; # These are the extra arguments passed to every module. In diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm index a00fe25c2b8e..abcc1c50d4d8 100644 --- a/nixos/lib/test-driver/Machine.pm +++ b/nixos/lib/test-driver/Machine.pm @@ -250,7 +250,8 @@ sub connect { $self->start; local $SIG{ALRM} = sub { die "timed out waiting for the VM to connect\n"; }; - alarm 300; + # 50 minutes -- increased as a test, see #49441 + alarm 3000; readline $self->{socket} or die "the VM quit before connecting\n"; alarm 0; diff --git a/nixos/modules/installer/virtualbox-demo.nix b/nixos/modules/installer/virtualbox-demo.nix index 8ca3592f3800..2e1b4b3998b5 100644 --- a/nixos/modules/installer/virtualbox-demo.nix +++ b/nixos/modules/installer/virtualbox-demo.nix @@ -22,4 +22,42 @@ with lib; powerManagement.enable = false; system.stateVersion = mkDefault "18.03"; + + installer.cloneConfigExtra = '' + # Let demo build as a trusted user. + # nix.trustedUsers = [ "demo" ]; + + # Mount a VirtualBox shared folder. + # This is configurable in the VirtualBox menu at + # Machine / Settings / Shared Folders. + # fileSystems."/mnt" = { + # fsType = "vboxsf"; + # device = "nameofdevicetomount"; + # options = [ "rw" ]; + # }; + + # By default, the NixOS VirtualBox demo image includes SDDM and Plasma. + # If you prefer another desktop manager or display manager, you may want + # to disable the default. + # services.xserver.desktopManager.plasma5.enable = lib.mkForce false; + # services.xserver.displayManager.sddm.enable = lib.mkForce false; + + # Enable GDM/GNOME by uncommenting above two lines and two lines below. + # services.xserver.displayManager.gdm.enable = true; + # services.xserver.desktopManager.gnome3.enable = true; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # List packages installed in system profile. To search, run: + # \$ nix search wget + # environment.systemPackages = with pkgs; [ + # wget vim + # ]; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + system.stateVersion = mkDefault "18.03"; + ''; } diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index bd921f230bd0..660644eade8d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -126,6 +126,7 @@ ./programs/udevil.nix ./programs/venus.nix ./programs/vim.nix + ./programs/wavemon.nix ./programs/way-cooler.nix ./programs/wireshark.nix ./programs/xfs_quota.nix diff --git a/nixos/modules/profiles/clone-config.nix b/nixos/modules/profiles/clone-config.nix index 99d4774584f1..3f669ba7d2e1 100644 --- a/nixos/modules/profiles/clone-config.nix +++ b/nixos/modules/profiles/clone-config.nix @@ -48,6 +48,8 @@ let { imports = [ ${toString config.installer.cloneConfigIncludes} ]; + + ${config.installer.cloneConfigExtra} } ''; @@ -73,6 +75,13 @@ in ''; }; + installer.cloneConfigExtra = mkOption { + default = ""; + description = '' + Extra text to include in the cloned configuration.nix included in this + installer. + ''; + }; }; config = { diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix index 370db2b08452..580ea4a58e5b 100644 --- a/nixos/modules/profiles/installation-device.nix +++ b/nixos/modules/profiles/installation-device.nix @@ -63,7 +63,7 @@ with lib; # Tell the Nix evaluator to garbage collect more aggressively. # This is desirable in memory-constrained environments that don't # (yet) have swap set up. - environment.variables.GC_INITIAL_HEAP_SIZE = "100000"; + environment.variables.GC_INITIAL_HEAP_SIZE = "1M"; # Make the installer more likely to succeed in low memory # environments. The kernel's overcommit heustistics bite us diff --git a/nixos/modules/programs/wavemon.nix b/nixos/modules/programs/wavemon.nix new file mode 100644 index 000000000000..ac665fe4a023 --- /dev/null +++ b/nixos/modules/programs/wavemon.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.wavemon; +in { + options = { + programs.wavemon = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to add wavemon to the global environment and configure a + setcap wrapper for it. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ wavemon ]; + security.wrappers.wavemon = { + source = "${pkgs.wavemon}/bin/wavemon"; + capabilities = "cap_net_admin+ep"; + }; + }; +} diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix index 81e04a44b115..63e00b548120 100644 --- a/nixos/modules/security/rngd.nix +++ b/nixos/modules/security/rngd.nix @@ -20,7 +20,6 @@ with lib; KERNEL=="random", TAG+="systemd" SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service" KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service" - ${if config.services.tcsd.enable then "" else ''KERNEL=="tpm0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"''} ''; systemd.services.rngd = { @@ -30,8 +29,7 @@ with lib; description = "Hardware RNG Entropy Gatherer Daemon"; - serviceConfig.ExecStart = "${pkgs.rng-tools}/sbin/rngd -f -v" + - (if config.services.tcsd.enable then " --no-tpm=1" else ""); + serviceConfig.ExecStart = "${pkgs.rng-tools}/sbin/rngd -f -v"; }; }; } diff --git a/nixos/modules/services/admin/salt/master.nix b/nixos/modules/services/admin/salt/master.nix index 165580b97837..c6b1b0cc0bd8 100644 --- a/nixos/modules/services/admin/salt/master.nix +++ b/nixos/modules/services/admin/salt/master.nix @@ -53,6 +53,9 @@ in Type = "notify"; NotifyAccess = "all"; }; + restartTriggers = [ + config.environment.etc."salt/master".source + ]; }; }; diff --git a/nixos/modules/services/admin/salt/minion.nix b/nixos/modules/services/admin/salt/minion.nix index 9ecefb32cfa8..c8fa9461a209 100644 --- a/nixos/modules/services/admin/salt/minion.nix +++ b/nixos/modules/services/admin/salt/minion.nix @@ -15,7 +15,6 @@ let # Default is in /etc/salt/pki/minion pki_dir = "/var/lib/salt/pki/minion"; } cfg.configuration; - configDir = pkgs.writeTextDir "minion" (builtins.toJSON fullConfig); in @@ -28,15 +27,24 @@ in default = {}; description = '' Salt minion configuration as Nix attribute set. - See <link xlink:href="https://docs.saltstack.com/en/latest/ref/configuration/minion.html"/> - for details. + See <link xlink:href="https://docs.saltstack.com/en/latest/ref/configuration/minion.html"/> + for details. ''; }; }; }; config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ salt ]; + environment = { + # Set this up in /etc/salt/minion so `salt-call`, etc. work. + # The alternatives are + # - passing --config-dir to all salt commands, not just the minion unit, + # - setting aglobal environment variable. + etc."salt/minion".source = pkgs.writeText "minion" ( + builtins.toJSON fullConfig + ); + systemPackages = with pkgs; [ salt ]; + }; systemd.services.salt-minion = { description = "Salt Minion"; wantedBy = [ "multi-user.target" ]; @@ -45,11 +53,14 @@ in utillinux ]; serviceConfig = { - ExecStart = "${pkgs.salt}/bin/salt-minion --config-dir=${configDir}"; + ExecStart = "${pkgs.salt}/bin/salt-minion"; LimitNOFILE = 8192; Type = "notify"; NotifyAccess = "all"; }; + restartTriggers = [ + config.environment.etc."salt/minion".source + ]; }; }; } diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index de2a757196a5..6edb1503c233 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -55,7 +55,7 @@ in package = mkOption { type = types.package; - example = literalExample "pkgs.postgresql96"; + example = literalExample "pkgs.postgresql_9_6"; description = '' PostgreSQL package to use. ''; @@ -118,7 +118,7 @@ in extraPlugins = mkOption { type = types.listOf types.path; default = []; - example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql94; }) ]"; + example = literalExample "[ (pkgs.postgis.override { postgresql = pkgs.postgresql_9_4; }) ]"; description = '' When this list contains elements a new store path is created. PostgreSQL and the elements are symlinked into it. Then pg_config, @@ -167,9 +167,9 @@ in # Note: when changing the default, make it conditional on # ‘system.stateVersion’ to maintain compatibility with existing # systems! - mkDefault (if versionAtLeast config.system.stateVersion "17.09" then pkgs.postgresql96 - else if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql95 - else pkgs.postgresql94); + mkDefault (if versionAtLeast config.system.stateVersion "17.09" then pkgs.postgresql_9_6 + else if versionAtLeast config.system.stateVersion "16.03" then pkgs.postgresql_9_5 + else pkgs.postgresql_9_4); services.postgresql.dataDir = mkDefault (if versionAtLeast config.system.stateVersion "17.09" then "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}" diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index f89f0d653164..14f4d4909bc0 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -27,12 +27,12 @@ <filename>configuration.nix</filename>: <programlisting> <xref linkend="opt-services.postgresql.enable"/> = true; -<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql94; +<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_9_4; </programlisting> Note that you are required to specify the desired version of PostgreSQL - (e.g. <literal>pkgs.postgresql94</literal>). Since upgrading your PostgreSQL - version requires a database dump and reload (see below), NixOS cannot - provide a default value for + (e.g. <literal>pkgs.postgresql_9_4</literal>). Since upgrading your + PostgreSQL version requires a database dump and reload (see below), NixOS + cannot provide a default value for <xref linkend="opt-services.postgresql.package"/> such as the most recent release of PostgreSQL. </para> diff --git a/nixos/modules/services/hardware/upower.nix b/nixos/modules/services/hardware/upower.nix index 2198842a4511..1da47349c077 100644 --- a/nixos/modules/services/hardware/upower.nix +++ b/nixos/modules/services/hardware/upower.nix @@ -56,6 +56,32 @@ in { Type = "dbus"; BusName = "org.freedesktop.UPower"; ExecStart = "@${cfg.package}/libexec/upowerd upowerd"; + Restart = "on-failure"; + # Upstream lockdown: + # Filesystem lockdown + ProtectSystem = "strict"; + # Needed by keyboard backlight support + ProtectKernelTunables = false; + ProtectControlGroups = true; + ReadWritePaths = "/var/lib/upower"; + ProtectHome = true; + PrivateTmp = true; + + # Network + # PrivateNetwork=true would block udev's netlink socket + RestrictAddressFamilies = "AF_UNIX AF_NETLINK"; + + # Execute Mappings + MemoryDenyWriteExecute = true; + + # Modules + ProtectKernelModules = true; + + # Real-time + RestrictRealtime = true; + + # Privilege escalation + NoNewPrivileges = true; }; }; diff --git a/nixos/modules/services/networking/bitlbee.nix b/nixos/modules/services/networking/bitlbee.nix index 46e3b7457610..274b36171608 100644 --- a/nixos/modules/services/networking/bitlbee.nix +++ b/nixos/modules/services/networking/bitlbee.nix @@ -33,7 +33,7 @@ let purple_plugin_path = lib.concatMapStringsSep ":" - (plugin: "${plugin}/lib/pidgin/") + (plugin: "${plugin}/lib/pidgin/:${plugin}/lib/purple-2/") cfg.libpurple_plugins ; diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 508398f03ace..6c733f093ba8 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -46,7 +46,7 @@ let configFile = pkgs.writeText "nginx.conf" '' user ${cfg.user} ${cfg.group}; - error_log stderr; + error_log ${cfg.logError}; daemon off; ${cfg.config} @@ -341,6 +341,35 @@ in "; }; + logError = mkOption { + default = "stderr"; + description = " + Configures logging. + The first parameter defines a file that will store the log. The + special value stderr selects the standard error file. Logging to + syslog can be configured by specifying the “syslog:” prefix. + The second parameter determines the level of logging, and can be + one of the following: debug, info, notice, warn, error, crit, + alert, or emerg. Log levels above are listed in the order of + increasing severity. Setting a certain log level will cause all + messages of the specified and more severe log levels to be logged. + If this parameter is omitted then error is used. + "; + }; + + preStart = mkOption { + type = types.lines; + default = '' + test -d ${cfg.stateDir}/logs || mkdir -m 750 -p ${cfg.stateDir}/logs + test `stat -c %a ${cfg.stateDir}` = "750" || chmod 750 ${cfg.stateDir} + test `stat -c %a ${cfg.stateDir}/logs` = "750" || chmod 750 ${cfg.stateDir}/logs + chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir} + ''; + description = " + Shell commands executed before the service's nginx is started. + "; + }; + config = mkOption { default = ""; description = " @@ -608,9 +637,7 @@ in stopIfChanged = false; preStart = '' - mkdir -p ${cfg.stateDir}/logs - chmod 700 ${cfg.stateDir} - chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir} + ${cfg.preStart} ${cfg.package}/bin/nginx -c ${configFile} -p ${cfg.stateDir} -t ''; serviceConfig = { diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index a1412bc32904..89f8e8153550 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -387,7 +387,7 @@ let logindHandlerType = types.enum [ "ignore" "poweroff" "reboot" "halt" "kexec" "suspend" - "hibernate" "hybrid-sleep" "lock" + "hibernate" "hybrid-sleep" "suspend-then-hibernate" "lock" ]; in @@ -587,6 +587,15 @@ in ''; }; + services.journald.forwardToSyslog = mkOption { + default = config.services.rsyslogd.enable || config.services.syslog-ng.enable; + defaultText = "config.services.rsyslogd.enable || config.services.syslog-ng.enable"; + type = types.bool; + description = '' + Whether to forward log messages to syslog. + ''; + }; + services.logind.extraConfig = mkOption { default = ""; type = types.lines; @@ -754,6 +763,9 @@ in ForwardToConsole=yes TTYPath=${config.services.journald.console} ''} + ${optionalString (config.services.journald.forwardToSyslog) '' + ForwardToSyslog=yes + ''} ${config.services.journald.extraConfig} ''; diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix index 8fe59badd335..572092a2ba94 100644 --- a/nixos/modules/virtualisation/containers.nix +++ b/nixos/modules/virtualisation/containers.nix @@ -606,7 +606,7 @@ in { config = { config, pkgs, ... }: { services.postgresql.enable = true; - services.postgresql.package = pkgs.postgresql96; + services.postgresql.package = pkgs.postgresql_9_6; system.stateVersion = "17.03"; }; diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix index 60048911658c..037c0d2f0d82 100644 --- a/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixos/modules/virtualisation/virtualbox-image.nix @@ -12,7 +12,7 @@ in { virtualbox = { baseImageSize = mkOption { type = types.int; - default = 10 * 1024; + default = 50 * 1024; description = '' The size of the VirtualBox base image in MiB. ''; @@ -61,7 +61,7 @@ in { export HOME=$PWD export PATH=${pkgs.virtualbox}/bin:$PATH - echo "creating VirtualBox pass-through disk wrapper (no copying invovled)..." + echo "creating VirtualBox pass-through disk wrapper (no copying involved)..." VBoxManage internalcommands createrawvmdk -filename disk.vmdk -rawdisk $diskImage echo "creating VirtualBox VM..." @@ -72,9 +72,9 @@ in { --memory ${toString cfg.memorySize} --acpi on --vram 32 \ ${optionalString (pkgs.stdenv.hostPlatform.system == "i686-linux") "--pae on"} \ --nictype1 virtio --nic1 nat \ - --audiocontroller ac97 --audio alsa \ + --audiocontroller ac97 --audio alsa --audioout on \ --rtcuseutc on \ - --usb on --mouse usbtablet + --usb on --usbehci on --mouse usbtablet VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \ --medium disk.vmdk @@ -82,7 +82,7 @@ in { echo "exporting VirtualBox VM..." mkdir -p $out fn="$out/${cfg.vmFileName}" - VBoxManage export "$vmName" --output "$fn" + VBoxManage export "$vmName" --output "$fn" --options manifest rm -v $diskImage diff --git a/nixos/release.nix b/nixos/release.nix index 5412080cca18..51505d6aab9d 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -399,6 +399,7 @@ in rec { tests.radicale = callTest tests/radicale.nix {}; tests.redmine = callTest tests/redmine.nix {}; tests.rspamd = callSubTests tests/rspamd.nix {}; + tests.rsyslogd = callSubTests tests/rsyslogd.nix {}; tests.runInMachine = callTest tests/run-in-machine.nix {}; tests.rxe = callTest tests/rxe.nix {}; tests.samba = callTest tests/samba.nix {}; @@ -467,7 +468,7 @@ in rec { { services.httpd.enable = true; services.httpd.adminAddr = "foo@example.org"; services.postgresql.enable = true; - services.postgresql.package = pkgs.postgresql93; + services.postgresql.package = pkgs.postgresql_9_3; environment.systemPackages = [ pkgs.php ]; }); }; diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix index 2d74b59bca46..0b3da0d59c68 100644 --- a/nixos/tests/home-assistant.nix +++ b/nixos/tests/home-assistant.nix @@ -74,7 +74,6 @@ in { print "$log\n"; # Check that no errors were logged - # The timer can get out of sync due to Hydra's load, so this error is ignored - $hass->fail("cat ${configDir}/home-assistant.log | grep -vF 'Timer got out of sync' | grep -qF ERROR"); + $hass->fail("cat ${configDir}/home-assistant.log | grep -qF ERROR"); ''; }) diff --git a/nixos/tests/opensmtpd.nix b/nixos/tests/opensmtpd.nix index 4c0cbca21010..4d3479168f70 100644 --- a/nixos/tests/opensmtpd.nix +++ b/nixos/tests/opensmtpd.nix @@ -17,11 +17,12 @@ import ./make-test.nix { extraServerArgs = [ "-v" ]; serverConfiguration = '' listen on 0.0.0.0 + action do_relay relay # DO NOT DO THIS IN PRODUCTION! # Setting up authentication requires a certificate which is painful in # a test environment, but THIS WOULD BE DANGEROUS OUTSIDE OF A # WELL-CONTROLLED ENVIRONMENT! - accept from any for any relay + match from any for any action do_relay ''; }; }; @@ -41,8 +42,9 @@ import ./make-test.nix { extraServerArgs = [ "-v" ]; serverConfiguration = '' listen on 0.0.0.0 - accept from any for local deliver to mda \ + action dovecot_deliver mda \ "${pkgs.dovecot}/libexec/dovecot/deliver -d %{user.username}" + match from any for local action dovecot_deliver ''; }; services.dovecot2 = { diff --git a/nixos/tests/plasma5.nix b/nixos/tests/plasma5.nix index eb705536827e..788c8719c8d2 100644 --- a/nixos/tests/plasma5.nix +++ b/nixos/tests/plasma5.nix @@ -26,31 +26,20 @@ import ./make-test.nix ({ pkgs, ...} : services.xserver.displayManager.sddm.theme = "breeze-ocr-theme"; services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.default = "plasma5"; + services.xserver.displayManager.sddm.autoLogin = { + enable = true; + user = "alice"; + }; virtualisation.memorySize = 1024; environment.systemPackages = [ sddm_theme ]; - - # fontconfig-penultimate-0.3.3 -> 0.3.4 broke OCR apparently, but no idea why. - nixpkgs.config.packageOverrides = superPkgs: { - fontconfig-penultimate = superPkgs.fontconfig-penultimate.override { - version = "0.3.3"; - sha256 = "1z76jbkb0nhf4w7fy647yyayqr4q02fgk6w58k0yi700p0m3h4c9"; - }; - }; }; - enableOCR = true; - testScript = { nodes, ... }: let user = nodes.machine.config.users.users.alice; xdo = "${pkgs.xdotool}/bin/xdotool"; in '' startAll; - # Wait for display manager to start - $machine->waitForText(qr/${user.description}/); - $machine->screenshot("sddm"); - - # Log in - $machine->sendChars("${user.password}\n"); + # wait for log in $machine->waitForFile("/home/alice/.Xauthority"); $machine->succeed("xauth merge ~alice/.Xauthority"); diff --git a/nixos/tests/postgis.nix b/nixos/tests/postgis.nix index f8b63c5b6a27..49be0672a8e5 100644 --- a/nixos/tests/postgis.nix +++ b/nixos/tests/postgis.nix @@ -9,7 +9,7 @@ import ./make-test.nix ({ pkgs, ...} : { { pkgs, ... }: { - services.postgresql = let mypg = pkgs.postgresql100; in { + services.postgresql = let mypg = pkgs.postgresql_11; in { enable = true; package = mypg; extraPlugins = [ (pkgs.postgis.override { postgresql = mypg; }) ]; diff --git a/nixos/tests/rsyslogd.nix b/nixos/tests/rsyslogd.nix new file mode 100644 index 000000000000..969d59e0f2c2 --- /dev/null +++ b/nixos/tests/rsyslogd.nix @@ -0,0 +1,38 @@ +{ system ? builtins.currentSystem }: + +with import ../lib/testing.nix { inherit system; }; +with pkgs.lib; +{ + test1 = makeTest { + name = "rsyslogd-test1"; + meta.maintainers = [ maintainers.aanderse ]; + + machine = + { config, pkgs, ... }: + { services.rsyslogd.enable = true; + services.journald.forwardToSyslog = false; + }; + + # ensure rsyslogd isn't receiving messages from journald if explicitly disabled + testScript = '' + $machine->waitForUnit("default.target"); + $machine->fail("test -f /var/log/messages"); + ''; + }; + + test2 = makeTest { + name = "rsyslogd-test2"; + meta.maintainers = [ maintainers.aanderse ]; + + machine = + { config, pkgs, ... }: + { services.rsyslogd.enable = true; + }; + + # ensure rsyslogd is receiving messages from journald + testScript = '' + $machine->waitForUnit("default.target"); + $machine->succeed("test -f /var/log/messages"); + ''; + }; +} |